r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12139
Expires: Sat, 04 Feb 2023 09:09:55 GMT
Date: Sat, 04 Feb 2023 05:47:36 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14310
Expires: Sat, 04 Feb 2023 09:46:06 GMT
Date: Sat, 04 Feb 2023 05:47:36 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 05:43:35 GMT
content-type: application/json
age: 241
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5036
Expires: Sat, 04 Feb 2023 07:11:32 GMT
Date: Sat, 04 Feb 2023 05:47:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 34Vpso3GjIz2oAjRhk9RtbNS6KLcaVjrDcWZRBxy4VoPBEGYvYJQBlq0OPmSVY5odnaGNFcBCOI=
x-amz-request-id: KQ2PBT8G40Z8Z0EP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 04:52:42 GMT
age: 3294
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 05:47:36 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 05:07:19 GMT
age: 2418
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash c44eb8e73c4283619e0fd85cc785dca4
162fcfb1b2496ff9203614dd07a42a4c5a9d68ae
39f22d47322141853c9cff6e446a82e204e247106b3c0fb5eba399606bce8084
Analyzer Verdict Alert fortinet Malware
GET /down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12895
Expires: Sat, 04 Feb 2023 09:22:32 GMT
Date: Sat, 04 Feb 2023 05:47:37 GMT
Connection: keep-alive
push.services.mozilla.com/
54.149.224.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.224.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wLf8zbUs4Z/YTEYqlSRVUw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: qeuSW+9uDkhQIOxuopXe9rRNiAU=
12806.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 531 B URL HTTP/1.1 12806.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12806.url.tudown.com/template/company/955yx/js/searchword.js
154.218.151.71200 OK 1.3 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/js/searchword.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 95c12a0f8944cbd1c05e11f7a72875dd
22430886820419d75b8da5721af251bdeb6811d1
36e33550c0a108df269183b53afe7f8c86316cc7e24a84ee3804e8ae12c627eb
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/searchword.js HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86ff1-fb5"
Expires: Sat, 04 Feb 2023 17:47:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12806.url.tudown.com/template/company/955yx/css/gb.css
154.218.151.71200 OK 47 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/css/gb.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (393), with CRLF line terminators
Hash 50dd1318432db01d440645564e53edc9
ee0cb6adb44f515312f771197c6c08b951cb7689
2b908ce7540ed6b03b07bdec7eb7eb504b76e78b3304474f40af3b8f3afb2135
GET /template/company/955yx/css/gb.css HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-30c0d"
Expires: Sat, 04 Feb 2023 17:47:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12806.url.tudown.com/template/company/955yx/js/week_rank.js
154.218.151.71200 OK 656 B URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/js/week_rank.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with CRLF line terminators
Hash 00ac918b54dd742e0ec507274205038a
6a2976eb86376f33eb4f7b587f71296f07940da5
11624c98f05816c06f80e2ea5ef22376ce5509cb2c076003f9d5f27ac81f4ec9
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/week_rank.js HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: application/javascript
Content-Length: 656
Last-Modified: Tue, 15 Jun 2021 09:16:32 GMT
Connection: keep-alive
ETag: "60c86ff0-290"
Expires: Sat, 04 Feb 2023 17:47:37 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12806.url.tudown.com/template/company/955yx/js/script_index2.js
154.218.151.71200 OK 2.3 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/js/script_index2.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ISO-8859 text, with CRLF line terminators
Hash e3f1b130f72b9756f002c6bbbc284fb7
d51b59da45422005ca5f02b66cb02eaf1b44a8fd
3c0e569d33461414b263a4a7e6602577873e4843bb450d5de979f263d02644c9
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/script_index2.js HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86ff2-1f77"
Expires: Sat, 04 Feb 2023 17:47:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12806.url.tudown.com/template/company/955yx/js/api.js
154.218.151.71200 OK 22 B URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/js/api.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with CRLF line terminators
Hash 143a35d673d243f56603ac04a89d8099
677acddc2a341ec711d74ecfd05bb919208c23df
ab368ffd11e345075f085c40cfdd9254280e0db19ed65e2668c287b17508170f
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/api.js HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: application/javascript
Content-Length: 22
Last-Modified: Tue, 15 Jun 2021 09:16:34 GMT
Connection: keep-alive
ETag: "60c86ff2-16"
Expires: Sat, 04 Feb 2023 17:47:37 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12806.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js
154.218.151.71200 OK 41 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (65483)
Hash aef63d51fe884fe89d488a2abc96381b
ed39edfb824178566b87b08164c7d382a119705b
51826bef0d69d08144d8605e1c56e1602cb1b6f620f854972c31080cf17d11f5
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/jquery-1.8.3.min.js HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:37 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-198c3"
Expires: Sat, 04 Feb 2023 17:47:37 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12806.url.tudown.com/template/company/955yx/js/gb.js
154.218.151.71200 OK 7.7 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/js/gb.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 2a105ecd23c8abe20d0f84a4d10903a7
f3a1339005455be7df05412b2bde5d33ed096da0
9e8e3180840152689c4d7732c3660da6c766645aad88f695c041720ff5ec0a67
Analyzer Verdict Alert fortinet Malware
GET /template/company/955yx/js/gb.js HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-7685"
Expires: Sat, 04 Feb 2023 17:47:38 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fc91044ea257e54846f8dd907b48d29e
6d2231e05dabe5ee55f8dbf8687d7b7a92c25d64
8e77e1a87ab035ed1affd01159d1c899e46d7c247d0bc085dd57d1b1c6fed830
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E77E1A87AB035ED1AFFD01159D1C899E46D7C247D0BC085DD57D1B1C6FED830"
Last-Modified: Thu, 02 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9840
Expires: Sat, 04 Feb 2023 08:31:38 GMT
Date: Sat, 04 Feb 2023 05:47:38 GMT
Connection: keep-alive
s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
54.230.111.4200 OK 478 B URL HTTP/2 s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
IP 54.230.111.4:0
File type ASCII text, with very long lines (478), with no line terminators
Hash 5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a
GET /ssl/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s.ssl.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12806.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 478
date: Fri, 06 Jan 2023 02:40:18 GMT
x-qstatic-hit: 1
last-modified: Mon, 01 Jan 2018 00:00:00 GMT
etag: W/"67d74adaac6d2f43"
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
expires: Mon, 03 Jan 2033 02:40:18 GMT
kcs-via: HIT from w-fc03.lato;MISS from w-sc01.lato
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lgbZ20aMWAITWQiMRIrD9MoifciOTCZSsvs_UuVoTwSHGp4QmjOjZw==
age: 2516840
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/77222.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/77222.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/77222.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1504833,1417680651&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/static/api/http://12806.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465412
154.218.151.71404 Not Found 146 B URL HTTP/1.1 12806.url.tudown.com/static/api/http://12806.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465412
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert fortinet Malware
GET /static/api/http://12806.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465412 HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
12806.url.tudown.com/uploads/images/939345.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/939345.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/939345.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=1536448606,2192798042&fm=253&app=120&f=JPEG?w=800&h=800
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Sat, 04 Feb 2023 07:00:34 GMT
Date: Sat, 04 Feb 2023 05:47:38 GMT
Connection: keep-alive
12806.url.tudown.com/uploads/images/765486.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/765486.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/765486.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=204003843,3125954079&fm=253&app=120&f=JPEG?w=1422&h=800
12806.url.tudown.com/uploads/images/226508.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/226508.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/226508.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1860930349,3399225739&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/962043.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/962043.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/962043.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3548653222,3053677572&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=618
12806.url.tudown.com/template/company/955yx/images/home.png
154.218.151.71200 OK 1.3 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/images/home.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Hash 302b4d0465daebb6a02b59b721d92a41
20d18d0cb9f052ec48b775ec2de2e8ce1a233c1e
a7fa550286b2b0974ab70bbadbe26cfa5b6770da8a71445b3b3f87abd896d3f2
GET /template/company/955yx/images/home.png HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/template/company/955yx/css/gb.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/png
Content-Length: 1270
Last-Modified: Tue, 15 Jun 2021 09:16:32 GMT
Connection: keep-alive
ETag: "60c86ff0-4f6"
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Sat, 04 Feb 2023 07:00:34 GMT
Date: Sat, 04 Feb 2023 05:47:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Sat, 04 Feb 2023 07:00:34 GMT
Date: Sat, 04 Feb 2023 05:47:38 GMT
Connection: keep-alive
12806.url.tudown.com/uploads/images/4585.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/4585.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/4585.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=4022668850,1745216210&fm=253&fmt=auto?w=1280&h=800
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Sat, 04 Feb 2023 07:00:34 GMT
Date: Sat, 04 Feb 2023 05:47:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 27437
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 27437
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 27437
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 27405
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 28841
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 26222
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
push.zhanzhang.baidu.com/push.js
112.34.113.148200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 112.34.113.148:0
ASN #9808 China Mobile Communications Group Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 05:47:38 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 05:47:38 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=52637BCA21655A0F2E6A95CED3918F65:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 05:47:38 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash c45b5d23d78c603a4f679957cc907c55
c0c6131e462224b19bf52c269ffda26be7dcc3ce
7acbb574f2c3ce64da98b8bf9e8af19ba063535e4cbf9fadaf803c34381178dd
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:09:39 GMT
ETag: "c0c6131e462224b19bf52c269ffda26be7dcc3ce"
Last-Modified: Sat, 04 Feb 2023 04:09:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2161
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79411ce14836b4f4-OSL
12806.url.tudown.com/template/company/955yx/images/litterstar.png
154.218.151.71200 OK 1.7 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/images/litterstar.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 73 x 143, 8-bit colormap, non-interlaced\012- data
Hash d130270dc6abd41d1d40acbe01e36739
5dec8c0c88e9c3dfb13cbfc7d1d9818baa7ee96c
8b31f0ef117010f8ad5e5c8c73ede7468072e1cb08f994fce90ada97f461b59b
GET /template/company/955yx/images/litterstar.png HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/template/company/955yx/css/gb.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/png
Content-Length: 1706
Last-Modified: Tue, 15 Jun 2021 09:16:33 GMT
Connection: keep-alive
ETag: "60c86ff1-6aa"
Accept-Ranges: bytes
12806.url.tudown.com/uploads/images/200022.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/200022.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/200022.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/535748.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/535748.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/535748.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2854775334,548318226&fm=253&fmt=auto&app=138&f=JPEG?w=292&h=499
12806.url.tudown.com/uploads/images/116432.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/116432.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/116432.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=574344514,839866552&fm=253&fmt=auto&app=138&f=GIF?w=500&h=429
s.360.cn/so/zz.gif?url=http%3A%2F%2F12806.url.tudown.com%2Fdown%2F%25E8%25B5%259B%25E5%25BE%25B7%25E6%2596%25AF%25E7%2581%25B5%25E5%2588%2583%25E9%25BC%25A0%25E6%25A0%2587%25E9%25A9%25B1%25E5%258A%25A8%40271_243564.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b436f52384522_51f722d@b8
171.8.167.90200 OK 0 B URL HTTP/1.1 s.360.cn/so/zz.gif?url=http%3A%2F%2F12806.url.tudown.com%2Fdown%2F%25E8%25B5%259B%25E5%25BE%25B7%25E6%2596%25AF%25E7%2581%25B5%25E5%2588%2583%25E9%25BC%25A0%25E6%25A0%2587%25E9%25A9%25B1%25E5%258A%25A8%40271_243564.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b436f52384522_51f722d@b8
IP 171.8.167.90:0
ASN #137687 Luoyang, Henan Province, P.R.China.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /so/zz.gif?url=http%3A%2F%2F12806.url.tudown.com%2Fdown%2F%25E8%25B5%259B%25E5%25BE%25B7%25E6%2596%25AF%25E7%2581%25B5%25E5%2588%2583%25E9%25BC%25A0%25E6%25A0%2587%25E9%25A9%25B1%25E5%258A%25A8%40271_243564.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b436f52384522_51f722d@b8 HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Tue, 23 Jul 2019 07:36:18 GMT
Connection: keep-alive
ETag: "5d36b8f2-0"
Accept-Ranges: bytes
12806.url.tudown.com/index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675489692890
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12806.url.tudown.com/index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675489692890
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash ae079f1b3e2218d50446614a5c8a2188
d86872c9a9a7d5a282f9c32e7477b2c359ed6065
e4ea55be495c8f6f3d192ec6f1fbbeeca194d9b067c46a87f14050adc49e2d6a
GET /index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675489692890 HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12806.url.tudown.com/uploads/images/482100.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/482100.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/482100.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=873952665,163800013&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/859828.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/859828.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/859828.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4086952716,113174875&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=399
12806.url.tudown.com/uploads/images/207612.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/207612.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/207612.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1749118008,3053599938&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/345195.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/345195.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/345195.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=1789229862,2249112147&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
12806.url.tudown.com/template/company/955yx/images/bgs.png
154.218.151.71200 OK 101 kB URL HTTP/1.1 12806.url.tudown.com/template/company/955yx/images/bgs.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 500 x 900, 8-bit/color RGBA, non-interlaced\012- data
Size 101 kB (101362 bytes)
Hash 1621ecee9c5f80ff96ab42e1ee259f58
5867acc872a638e86b981dbd81632c219a8093ec
f7809c07dbf542cc134fa715f678d4fba323bffdc649c9fb85a866b55b0c47f9
GET /template/company/955yx/images/bgs.png HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/template/company/955yx/css/gb.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:38 GMT
Content-Type: image/png
Content-Length: 101362
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Connection: keep-alive
ETag: "60c86fef-18bf2"
Accept-Ranges: bytes
12806.url.tudown.com/api.php?op=digg&action=show&id=23038
154.218.151.71404 Not Found 146 B URL HTTP/1.1 12806.url.tudown.com/api.php?op=digg&action=show&id=23038
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /api.php?op=digg&action=show&id=23038 HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
12806.url.tudown.com/uploads/images/613149.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/613149.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/613149.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4120760857,2778925354&fm=253&fmt=auto&app=138&f=JPEG?w=448&h=600
12806.url.tudown.com/uploads/images/102131.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/102131.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/102131.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1039606715,3013122277&fm=253&fmt=auto?w=640&h=337
api.share.baidu.com/s.gif?l=http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
182.61.240.101200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
IP 182.61.240.101:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 05:47:39 GMT
12806.url.tudown.com/uploads/images/492421.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/492421.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/492421.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3590412129,1792499520&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/237843.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/237843.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/237843.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=918100495,307202898&fm=253&fmt=auto?w=1280&h=800
12806.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12806.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash 79a95556629e6ab1e71db067f50e3b79
f5a53e17e359ecca46dfab0e690fa4073b7d4575
25e1f4527aa08b40f41d8bfb184c7d43a18f419747a8b5a5f991a45e7caa5823
GET /index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16 HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12806.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12806.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Hash b0d167e4d8b1557653b25062095dc922
ed2c2855fd84e0b5c26506c1755447c51dae2832
d5c602cd0d1783416aeb0d43910ccd3c492937a38f9428555d8606e23b1084a5
GET /index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16 HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12806.url.tudown.com/uploads/images/273036.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/273036.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/273036.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
12806.url.tudown.com/uploads/images/126793.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/126793.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/126793.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3861262588,1680878316&fm=224&app=112&f=JPEG?w=500&h=500
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 888e4fedb363ffdeee9b00420301931d
f0c9e9f53be89c340c22f54db373a2f7dc59ffeb
1c4b3010de4f3d3bbba8f609121c9f710423445b8d00758acd7f663b7e5f2762
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12806.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 05:47:39 GMT
Etag: 8282515e57ca8b204e907e5886088ea4
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=DFCB82BD403C057B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
img2.baidu.com/it/u=1789229862,2249112147&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
125.74.40.35200 OK 45 kB URL HTTP/1.1 img2.baidu.com/it/u=1789229862,2249112147&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x667, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d7a93d97607a239165e167d460ef779d
b7733590192fb7d574e24ec5ebdfe34410670ea2
a501b9005454807bb7ca0157f51f8ea4996e0b70eb50a97f62cfde218cffa359
GET /it/u=1789229862,2249112147&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/webp
Content-Length: 44780
Connection: keep-alive
Expires: Tue, 14 Feb 2023 03:48:20 GMT
Last-Modified: Sun, 04 Jan 1970 00:00:00 GMT
ETag: d7a93d97607a239165e167d460ef779d
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 03:48:20 GMT
Ohc-Cache-HIT: plct73 [1], xiangyix138 [4]
Ohc-File-Size: 44780
X-Cache-Status: MISS
img2.baidu.com/it/u=1536448606,2192798042&fm=253&app=120&f=JPEG?w=800&h=800
125.74.40.35200 OK 75 kB URL HTTP/1.1 img2.baidu.com/it/u=1536448606,2192798042&fm=253&app=120&f=JPEG?w=800&h=800
IP 125.74.40.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4, height=0, orientation=[*0*], width=0], baseline, precision 8, 800x800, components 3\012- data
Hash dad246cb80802131e6976ddf9baeaea1
6f95e6d21d67b4ff1ab3881f4a4aa2b3674663ac
7244c7bddc7160e743c04e5b877cbeae580cc86314ab022bd9a4388ddaac84c3
GET /it/u=1536448606,2192798042&fm=253&app=120&f=JPEG?w=800&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 75292
Connection: keep-alive
Expires: Wed, 08 Feb 2023 09:37:14 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: dad246cb80802131e6976ddf9baeaea1
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 09:37:14 GMT
Ohc-Cache-HIT: plct68 [1], xaix156 [4]
Ohc-File-Size: 75292
X-Cache-Status: MISS
12806.url.tudown.com/uploads/images/97795.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/97795.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/97795.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=392474778,3692542720&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220
t15.baidu.com/it/u=3590412129,1792499520&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 34 kB URL HTTP/1.1 t15.baidu.com/it/u=3590412129,1792499520&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 37179a6b402c2a6be38d598124776922
402ec9d4ebc613bdae014f770057c35255e8461d
acf600d2a5a06eb049eedd9ad2bad297445b10efed58f752d440023aaae1fc2a
GET /it/u=3590412129,1792499520&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 33790
Connection: keep-alive
Expires: Wed, 22 Feb 2023 13:16:39 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 37179a6b402c2a6be38d598124776922
Age: 698628
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 13:16:39 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache60 [1], csix60 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33790
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=873952665,163800013&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 52 kB URL HTTP/1.1 t15.baidu.com/it/u=873952665,163800013&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e5cf0a1076f0e91cd6819b3bbc4d815e
343ab64cad20ffb7aaaf9173f7e09596f2825075
c540d3c41802eec7b70cf59aa125baa5ddc6b5a65d44a358a406add5745d246b
GET /it/u=873952665,163800013&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 51718
Connection: keep-alive
Expires: Mon, 06 Feb 2023 12:14:13 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: e5cf0a1076f0e91cd6819b3bbc4d815e
Age: 2016594
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 12:14:13 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache60 [2], bdix82 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51718
X-Cache-Status: HIT
Timing-Allow-Origin: *
12806.url.tudown.com/uploads/images/475380.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/475380.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/475380.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=780295886,840243858&fm=253&fmt=auto&app=138&f=JPEG?w=1127&h=500
t15.baidu.com/it/u=1504833,1417680651&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 49 kB URL HTTP/1.1 t15.baidu.com/it/u=1504833,1417680651&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash a7fd84dfe1cf7ad6ca269442170e0b8b
7b4c479361f5c78f08af376fabc8a7f3958c5bb3
17337bb00dfe1fa538553924689165920aec6a7a1e1a7983285dd0a5b1d0bce9
GET /it/u=1504833,1417680651&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 48764
Connection: keep-alive
Expires: Tue, 07 Feb 2023 03:49:33 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: a7fd84dfe1cf7ad6ca269442170e0b8b
Age: 2017477
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 03:49:33 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache51 [4], czix98 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 48764
X-Cache-Status: HIT
Timing-Allow-Origin: *
12806.url.tudown.com/uploads/images/844606.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/844606.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/844606.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2444798690,3218566265&fm=253&fmt=auto&app=138&f=JPEG?w=430&h=483
img0.baidu.com/it/u=204003843,3125954079&fm=253&app=120&f=JPEG?w=1422&h=800
175.6.243.35200 OK 104 kB URL HTTP/1.1 img0.baidu.com/it/u=204003843,3125954079&fm=253&app=120&f=JPEG?w=1422&h=800
IP 175.6.243.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 104 kB (104247 bytes)
Hash 5e1adc1d1e31fec7ff854788cbeeb0d8
0e5262f21f843e314b421e506ec4ea74cdea51b7
1bda8ec3ceb368c7593985958a88254b1714d426515dbd4d42de9b56161eb310
GET /it/u=204003843,3125954079&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:39 GMT
Content-Type: image/jpeg
Content-Length: 104247
Connection: keep-alive
Expires: Fri, 10 Feb 2023 05:49:44 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: 5e1adc1d1e31fec7ff854788cbeeb0d8
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 05:49:44 GMT
Ohc-Cache-HIT: hengyct64 [1], bdix190 [2]
Ohc-File-Size: 104247
X-Cache-Status: MISS
t15.baidu.com/it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 53 kB URL HTTP/1.1 t15.baidu.com/it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d029f82b46f0bfb3246b512b09f6d250
1cb5ca0dda851e98767de910cfd53c574ce715f4
c386112dc1486bb5ccf3b322e2b514813e80cf17513de32f792b0880750f1e90
GET /it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 53286
Connection: keep-alive
Expires: Sat, 11 Feb 2023 22:37:31 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d029f82b46f0bfb3246b512b09f6d250
Age: 1852738
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 22:37:30 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache63 [1], qdix100 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53286
X-Cache-Status: HIT
Timing-Allow-Origin: *
12806.url.tudown.com/uploads/images/327902.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/327902.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/327902.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2559938697,3240970908&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
12806.url.tudown.com/uploads/images/174006.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/174006.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/174006.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
t14.baidu.com/it/u=1749118008,3053599938&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 22 kB URL HTTP/1.1 t14.baidu.com/it/u=1749118008,3053599938&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 57a29153cf378e75b9a4fa5fe7fafecf
7ae595969aa163637af301ac0749946f9c3c88cb
e93ab3151130f1adb1db284b1eb956509d631ec88dbcb5ff28a4871231e62163
GET /it/u=1749118008,3053599938&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 21911
Connection: keep-alive
Expires: Wed, 22 Feb 2023 18:12:58 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 57a29153cf378e75b9a4fa5fe7fafecf
Age: 980115
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 18:12:58 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache55 [1], xaix55 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 21911
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=1860930349,3399225739&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 22 kB URL HTTP/1.1 t14.baidu.com/it/u=1860930349,3399225739&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e78289340cf93859432867118dac4423
fa0f8825fe97391d43001249fd66a9abca1f1adb
e0f9c95bb8cd161b9e3f34dfa78c645e408bdc4e7cfe42107ced9c352d6f1a50
GET /it/u=1860930349,3399225739&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 21489
Connection: keep-alive
Expires: Sun, 05 Feb 2023 13:08:01 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: e78289340cf93859432867118dac4423
Age: 353883
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 13:08:01 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache59 [1], czix137 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 21489
X-Cache-Status: HIT
Timing-Allow-Origin: *
12806.url.tudown.com/uploads/images/87218.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/87218.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/87218.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=4184227501,502237567&fm=253&app=120&f=JPEG?w=1280&h=800
img1.baidu.com/it/u=4022668850,1745216210&fm=253&fmt=auto?w=1280&h=800
118.180.40.35200 OK 126 kB URL HTTP/1.1 img1.baidu.com/it/u=4022668850,1745216210&fm=253&fmt=auto?w=1280&h=800
IP 118.180.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 126 kB (125524 bytes)
Hash 1196198161dc8da258cbe000704886fc
42c39932a41299e3caa8646694a81929a130e6b2
e0fa30be86eae1254489e0b7bf056268fd47d1eb3657b5849e6498e5a6fec4e1
GET /it/u=4022668850,1745216210&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/webp
Content-Length: 125524
Connection: keep-alive
Expires: Wed, 22 Feb 2023 02:43:49 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 1196198161dc8da258cbe000704886fc
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 02:43:49 GMT
Ohc-Cache-HIT: lz5ct52 [1], qdix105 [2]
Ohc-File-Size: 125524
X-Cache-Status: MISS
img2.baidu.com/it/u=918100495,307202898&fm=253&fmt=auto?w=1280&h=800
125.74.40.35200 OK 43 kB URL HTTP/2 img2.baidu.com/it/u=918100495,307202898&fm=253&fmt=auto?w=1280&h=800
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d3fd93e74fd4ca7b35adb0953f1e2a2e
51833657ba34ec47a01f1f9b14e66991be27f335
ec99451d83229faf764082a54e1114f9a15f6bcf69f8560be17e1b2cff6a51fa
GET /it/u=918100495,307202898&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 43296
expires: Mon, 20 Feb 2023 13:23:59 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: d3fd93e74fd4ca7b35adb0953f1e2a2e
age: 353631
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 13:23:59 GMT
ohc-cache-hit: plct65 [4], qdix79 [2]
ohc-file-size: 43296
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3548653222,3053677572&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=618
125.74.40.35200 OK 45 kB URL HTTP/2 img2.baidu.com/it/u=3548653222,3053677572&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=618
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x618, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f51c2f8e427b50d81a902b2185c2755a
9dfcddf2134fb224b34d2505649e5deb85e2244f
ce080caebaef956aac16f47732c16bf614446e9de5085af9fca03f48ee961830
GET /it/u=3548653222,3053677572&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=618 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 45360
expires: Sat, 11 Feb 2023 17:17:05 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: f51c2f8e427b50d81a902b2185c2755a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 17:17:05 GMT
ohc-cache-hit: plct65 [1], xaix243 [2]
ohc-file-size: 45360
x-cache-status: MISS
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0<=1675489695&rnd=387697430&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=21885&r=0&ww=1280&u=http%3A%2F%2F12806.url.tudown.com%2Fdown%2F%25E8%25B5%259B%25E5%25BE%25B7%25E6%2596%25AF%25E7%2581%25B5%25E5%2588%2583%25E9%25BC%25A0%25E6%25A0%2587%25E9%25A9%25B1%25E5%258A%25A8%40271_243564.exe&tt=%E7%9C%9F%E4%BA%BA%E5%A8%B1%E4%B9%90%E7%BD%91%E7%AB%99-APP%E6%96%B0%E7%89%88%E6%9C%AC%E4%B8%8B%E8%BD%BDV9564.79858_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0<=1675489695&rnd=387697430&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=21885&r=0&ww=1280&u=http%3A%2F%2F12806.url.tudown.com%2Fdown%2F%25E8%25B5%259B%25E5%25BE%25B7%25E6%2596%25AF%25E7%2581%25B5%25E5%2588%2583%25E9%25BC%25A0%25E6%25A0%2587%25E9%25A9%25B1%25E5%258A%25A8%40271_243564.exe&tt=%E7%9C%9F%E4%BA%BA%E5%A8%B1%E4%B9%90%E7%BD%91%E7%AB%99-APP%E6%96%B0%E7%89%88%E6%9C%AC%E4%B8%8B%E8%BD%BDV9564.79858_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0<=1675489695&rnd=387697430&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=21885&r=0&ww=1280&u=http%3A%2F%2F12806.url.tudown.com%2Fdown%2F%25E8%25B5%259B%25E5%25BE%25B7%25E6%2596%25AF%25E7%2581%25B5%25E5%2588%2583%25E9%25BC%25A0%25E6%25A0%2587%25E9%25A9%25B1%25E5%258A%25A8%40271_243564.exe&tt=%E7%9C%9F%E4%BA%BA%E5%A8%B1%E4%B9%90%E7%BD%91%E7%AB%99-APP%E6%96%B0%E7%89%88%E6%9C%AC%E4%B8%8B%E8%BD%BDV9564.79858_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12806.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 05:47:40 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=2B9332884D59012F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img0.baidu.com/it/u=574344514,839866552&fm=253&fmt=auto&app=138&f=GIF?w=500&h=429
175.6.243.35200 OK 95 kB URL HTTP/2 img0.baidu.com/it/u=574344514,839866552&fm=253&fmt=auto&app=138&f=GIF?w=500&h=429
IP 175.6.243.35:0
File type GIF image data, version 89a, 500 x 429\012- data
Hash d734f974e0e9e28f7ae691cd4b207452
7d6d8dc9486cdf8d668883ca3d52e60ed0594a8b
9e748bbad34920f3428ccd2e1b1bfad4af0c3526bb56657abf16b0e90236b701
GET /it/u=574344514,839866552&fm=253&fmt=auto&app=138&f=GIF?w=500&h=429 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/gif
content-length: 94618
expires: Fri, 24 Feb 2023 23:03:40 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: d734f974e0e9e28f7ae691cd4b207452
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 23:03:40 GMT
ohc-cache-hit: hengyct87 [1], xaix87 [4]
ohc-file-size: 94618
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2854775334,548318226&fm=253&fmt=auto&app=138&f=JPEG?w=292&h=499
175.6.243.35200 OK 10 kB URL HTTP/2 img0.baidu.com/it/u=2854775334,548318226&fm=253&fmt=auto&app=138&f=JPEG?w=292&h=499
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 292x499, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 62e8f512d5047e708be656c6cd7afdc0
49bad9b95a8696f9a2f2452dd91ba09105c600d6
3cedd3c9d1518da0b69042700e40ada152c74f6b86c3f5bcb0875ce485b0c677
GET /it/u=2854775334,548318226&fm=253&fmt=auto&app=138&f=JPEG?w=292&h=499 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 10340
expires: Mon, 20 Feb 2023 10:49:16 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 62e8f512d5047e708be656c6cd7afdc0
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 10:49:16 GMT
ohc-cache-hit: hengyct54 [1], bdix124 [4]
ohc-file-size: 10340
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=4086952716,113174875&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=399
175.6.243.35200 OK 19 kB URL HTTP/2 img0.baidu.com/it/u=4086952716,113174875&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=399
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x399, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 359227e2d36225c56e42eabd18e71915
cd6bb7ef588f7952a2fcd8a07258a37838792885
3b0d656c795b7a935912d8635ceb0136253efb8765ee29f5ccbf874bceed5934
GET /it/u=4086952716,113174875&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=399 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 18982
expires: Thu, 16 Feb 2023 01:46:31 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 359227e2d36225c56e42eabd18e71915
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 01:46:31 GMT
ohc-cache-hit: hengyct51 [1], qdix157 [4]
ohc-file-size: 18982
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1039606715,3013122277&fm=253&fmt=auto?w=640&h=337
175.6.243.35200 OK 17 kB URL HTTP/2 img0.baidu.com/it/u=1039606715,3013122277&fm=253&fmt=auto?w=640&h=337
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x337, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2efc2110541ccf212976248eacfc744a
6dd4db7ec40fac2ebe7fa6297ccb2acd29f40cca
12ac2bb2332ba32de68b287f7d6c305888467627ce5d927072b237384cffc2e5
GET /it/u=1039606715,3013122277&fm=253&fmt=auto?w=640&h=337 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 17112
expires: Sun, 05 Feb 2023 04:46:20 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 2efc2110541ccf212976248eacfc744a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 04:46:20 GMT
ohc-cache-hit: hengyct77 [1], suzix185 [4]
ohc-file-size: 17112
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
175.6.243.35200 OK 43 kB URL HTTP/2 img1.baidu.com/it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x699, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b51278d62b15849f870278cc2ff4e802
39d5624a6f113803937b1362c7d89f98e3ff3596
1334f698f5ddd5fc0e640faf434f8c30af2e14171112edfd6994b6c9c1309f43
GET /it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 42942
expires: Wed, 22 Feb 2023 12:25:17 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: b51278d62b15849f870278cc2ff4e802
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 12:25:17 GMT
ohc-cache-hit: hengyct56 [1], qdix103 [2]
ohc-file-size: 42942
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=392474778,3692542720&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220
125.74.40.35200 OK 2.8 kB URL HTTP/2 img2.baidu.com/it/u=392474778,3692542720&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 220x220, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3cea815fefcdf2b1a2ab42808aff5ae1
ded87301ee04efce0041da3c3d87cd3b144dc6f1
2584e509961f2881f92f49cfcc24bdb5d285d943248714085dd61e0185602c14
GET /it/u=392474778,3692542720&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 2840
expires: Mon, 06 Mar 2023 05:47:22 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 3cea815fefcdf2b1a2ab42808aff5ae1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 05:47:22 GMT
ohc-cache-hit: plct65 [1], suzix225 [2]
ohc-file-size: 2840
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/721942.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/721942.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/721942.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=351874518,1407849051&fm=253&fmt=auto&app=138&f=JPEG?w=410&h=410
12806.url.tudown.com/uploads/images/455494.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/455494.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/455494.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=851298591,1721123262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=675
12806.url.tudown.com/uploads/images/913567.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/913567.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/913567.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2872720924,538520020&fm=253&fmt=auto&app=138&f=PNG?w=422&h=601
12806.url.tudown.com/uploads/images/377979.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/377979.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/377979.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676
img1.baidu.com/it/u=4184227501,502237567&fm=253&app=120&f=JPEG?w=1280&h=800
118.180.40.35200 OK 88 kB URL HTTP/1.1 img1.baidu.com/it/u=4184227501,502237567&fm=253&app=120&f=JPEG?w=1280&h=800
IP 118.180.40.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 2d00dcbc8dfde435e49a58a9f42820bf
2ae0549463b8e7ecd0b1c3f54e6c199ab4a1e438
b28c848ca0fbba2a55f93fcdf55a8af24c0775a0c232cd7b54851c4c23bceb75
GET /it/u=4184227501,502237567&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpeg
Content-Length: 88526
Connection: keep-alive
Expires: Fri, 10 Feb 2023 16:59:55 GMT
Last-Modified: Mon, 12 Jan 1970 00:00:00 GMT
ETag: 2d00dcbc8dfde435e49a58a9f42820bf
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 16:59:55 GMT
Ohc-Cache-HIT: lz5ct68 [1], xaix68 [4]
Ohc-File-Size: 88526
X-Cache-Status: MISS
img2.baidu.com/it/u=2559938697,3240970908&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
125.74.40.35200 OK 37 kB URL HTTP/2 img2.baidu.com/it/u=2559938697,3240970908&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6f2ef551d2d37239c880d62ee93ea5d6
dce31b07d5e82d5bbd6964e5593d648dcaeee534
9ca9cd8f2cfdca9fcf22233302a2e0230e5a29d7d84275deb0aada56e4594de1
GET /it/u=2559938697,3240970908&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 36786
expires: Mon, 20 Feb 2023 01:23:48 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6f2ef551d2d37239c880d62ee93ea5d6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 01:23:48 GMT
ohc-cache-hit: plct58 [1], xaix106 [4]
ohc-file-size: 36786
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/639709.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/639709.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/639709.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3126374884,1465348808&fm=253&fmt=auto&app=138&f=JPG?w=500&h=501
12806.url.tudown.com/uploads/images/258545.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/258545.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/258545.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:40 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1910389554,3497051872&fm=224&app=112&f=JPEG?w=500&h=500
img1.baidu.com/it/u=780295886,840243858&fm=253&fmt=auto&app=138&f=JPEG?w=1127&h=500
175.6.243.35200 OK 50 kB URL HTTP/2 img1.baidu.com/it/u=780295886,840243858&fm=253&fmt=auto&app=138&f=JPEG?w=1127&h=500
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1127x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 24acc13f9398b339652ac96611002bec
91e6c28ae0c82d743e4c83ad7fa78a2188084811
798a62df2a2f682c764d5d2b6751ba4957abcef8fde5179a9f8af729a6977ed9
GET /it/u=780295886,840243858&fm=253&fmt=auto&app=138&f=JPEG?w=1127&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 49976
expires: Mon, 06 Mar 2023 04:32:51 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 24acc13f9398b339652ac96611002bec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 04:32:51 GMT
ohc-cache-hit: hengyct76 [1], csix76 [4]
ohc-file-size: 49976
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2444798690,3218566265&fm=253&fmt=auto&app=138&f=JPEG?w=430&h=483
175.6.243.35200 OK 40 kB URL HTTP/2 img0.baidu.com/it/u=2444798690,3218566265&fm=253&fmt=auto&app=138&f=JPEG?w=430&h=483
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 430x483, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 45131c270ebf657c4b944fa358d9717a
e3e15f0991c0ff3ffbd38e4a4ce638b2dffd41b7
ee0155940fb836bbb04f50c068e5a16c20f1fc4350800f87d66c88ba5dc3c537
GET /it/u=2444798690,3218566265&fm=253&fmt=auto&app=138&f=JPEG?w=430&h=483 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 40066
expires: Tue, 21 Feb 2023 09:29:26 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 45131c270ebf657c4b944fa358d9717a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 09:29:26 GMT
ohc-cache-hit: hengyct73 [1], bdix203 [4]
ohc-file-size: 40066
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=1910389554,3497051872&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 34 kB URL HTTP/1.1 t15.baidu.com/it/u=1910389554,3497051872&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 6aa7d2d3f1475f540e983bf66298ae28
bd9483efb727f0bf9ef7a178b2d9ba190473df4f
e1cdbb2f6de96000e8012d021d5f0241a97056d9c3a460c245b652b2e1435bab
GET /it/u=1910389554,3497051872&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpeg
Content-Length: 33662
Connection: keep-alive
Expires: Sun, 12 Feb 2023 08:01:44 GMT
Last-Modified: Fri, 16 Jan 1970 00:00:00 GMT
ETag: 6aa7d2d3f1475f540e983bf66298ae28
Age: 1850314
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 08:01:44 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache55 [4], czix244 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33662
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
175.6.243.35200 OK 46 kB URL HTTP/2 img0.baidu.com/it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 75267b8758347ce0a64418b3ca458308
c8f40ab25950608e7988eb466195da589eedf9b3
34f0cbbfe7c18e0196df95adc695b9d204c17cc6cee7a6cdc63740d1cc0018c6
GET /it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:40 GMT
content-type: image/webp
content-length: 46040
expires: Mon, 06 Mar 2023 03:51:54 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 75267b8758347ce0a64418b3ca458308
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 03:51:54 GMT
ohc-cache-hit: hengyct67 [2], xiangyix67 [4]
ohc-file-size: 46040
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=351874518,1407849051&fm=253&fmt=auto&app=138&f=JPEG?w=410&h=410
175.6.243.35200 OK 16 kB URL HTTP/2 img0.baidu.com/it/u=351874518,1407849051&fm=253&fmt=auto&app=138&f=JPEG?w=410&h=410
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 410x410, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2da9b609bcf711a1c9974613f06cb529
925f67f2d5810d47154268606ed1c2464548932c
39fed08f2097f4b50e2f88c16fd1f09143f83aae514f180da634f75655003d18
GET /it/u=351874518,1407849051&fm=253&fmt=auto&app=138&f=JPEG?w=410&h=410 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 15754
expires: Tue, 28 Feb 2023 09:05:55 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 2da9b609bcf711a1c9974613f06cb529
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 09:05:55 GMT
ohc-cache-hit: hengyct61 [1], czix248 [4]
ohc-file-size: 15754
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/409653.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/409653.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/409653.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2747446029,2658154098&fm=253&app=120&f=JPEG?w=1280&h=800
12806.url.tudown.com/uploads/images/46058.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/46058.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/46058.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800
12806.url.tudown.com/uploads/images/961228.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/961228.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/961228.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=494206292,3107245631&fm=253&fmt=auto&app=138&f=JPEG?w=212&h=300
12806.url.tudown.com/uploads/images/343155.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/343155.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/343155.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
img1.baidu.com/it/u=851298591,1721123262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=675
175.6.243.35200 OK 28 kB URL HTTP/2 img1.baidu.com/it/u=851298591,1721123262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=675
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x675, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c30dfe63b78ca64364cba64a50adeb18
34be36aa96c5b871ff7362e8c290c6fb2bc6554a
fb976e972cba743a53739a894718129a856ffe46530eb5be8d7a68fa896dd0ea
GET /it/u=851298591,1721123262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=675 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 27476
expires: Mon, 20 Feb 2023 02:59:01 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: c30dfe63b78ca64364cba64a50adeb18
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 02:59:01 GMT
ohc-cache-hit: hengyct76 [1], bdix218 [2]
ohc-file-size: 27476
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/128779.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/128779.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/128779.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2268711550,455125604&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
12806.url.tudown.com/uploads/images/576411.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/576411.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/576411.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4216800448,2368484262&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
t13.baidu.com/it/u=3861262588,1680878316&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 44 kB URL HTTP/1.1 t13.baidu.com/it/u=3861262588,1680878316&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 15826f9a3865325d3efbb85ecdfa904b
af0caeaa87e1b38468b4268a4306fa7824549ae8
ae45807f151149f56cd05fd49ec5bb016f0b04e48e925b48c67d7ccb7f071033
GET /it/u=3861262588,1680878316&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpeg
Content-Length: 44304
Connection: keep-alive
Expires: Wed, 22 Feb 2023 20:44:59 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 15826f9a3865325d3efbb85ecdfa904b
Age: 404518
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 20:44:59 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache54 [4], bdix77 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44304
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=3126374884,1465348808&fm=253&fmt=auto&app=138&f=JPG?w=500&h=501
175.6.243.35200 OK 32 kB URL HTTP/2 img0.baidu.com/it/u=3126374884,1465348808&fm=253&fmt=auto&app=138&f=JPG?w=500&h=501
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4e22e308a33b009044145a00de7899b8
97595e007bb11ac0ae072bd8fc8c4a93b293cfda
6b81f621705ae192fc3611bb25fb1309547c207ef17a556b92e1dac63e194f22
GET /it/u=3126374884,1465348808&fm=253&fmt=auto&app=138&f=JPG?w=500&h=501 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 31958
expires: Sat, 04 Mar 2023 06:11:06 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 4e22e308a33b009044145a00de7899b8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 06:11:06 GMT
ohc-cache-hit: hengyct53 [1], csix109 [4]
ohc-file-size: 31958
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=494206292,3107245631&fm=253&fmt=auto&app=138&f=JPEG?w=212&h=300
125.74.40.35200 OK 17 kB URL HTTP/2 img2.baidu.com/it/u=494206292,3107245631&fm=253&fmt=auto&app=138&f=JPEG?w=212&h=300
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 212x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 43529e55719786c0e3244895053c0c0c
06ea271330b7f9edc0c94a33481a53c869194bef
09832639ee7cabe33b0397e12ad3601f8be610e6f0cd49e48f0cbc14e75974d6
GET /it/u=494206292,3107245631&fm=253&fmt=auto&app=138&f=JPEG?w=212&h=300 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 17430
expires: Tue, 21 Feb 2023 15:53:12 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 43529e55719786c0e3244895053c0c0c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 15:53:12 GMT
ohc-cache-hit: plct61 [1], xaix79 [2]
ohc-file-size: 17430
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800
175.6.243.35200 OK 51 kB URL HTTP/2 img0.baidu.com/it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ffaf3f25bcc613fc1a7d72dbc4987311
aa63a937ab38ed27de33715a0144dfb314728355
642353541b3a3e215024a44fef740d491e88a53719cec5558ec58e1a703ae8cc
GET /it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 50684
expires: Mon, 20 Feb 2023 08:55:54 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: ffaf3f25bcc613fc1a7d72dbc4987311
age: 347821
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 08:55:54 GMT
ohc-cache-hit: hengyct72 [4], bdix173 [2]
ohc-file-size: 50684
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2872720924,538520020&fm=253&fmt=auto&app=138&f=PNG?w=422&h=601
175.6.243.35200 OK 97 kB URL HTTP/2 img1.baidu.com/it/u=2872720924,538520020&fm=253&fmt=auto&app=138&f=PNG?w=422&h=601
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 422x601, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a4ca8795433857b67b8ddc396988f52a
d4cc985bdf58dbeabb94cb697fc7bb42171ca9ef
0fa36788a958bc23208c4d542bb3da020271774e8b3f6f6c1266a940dae2c920
GET /it/u=2872720924,538520020&fm=253&fmt=auto&app=138&f=PNG?w=422&h=601 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 97044
expires: Tue, 14 Feb 2023 01:22:04 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: a4ca8795433857b67b8ddc396988f52a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 01:22:04 GMT
ohc-cache-hit: hengyct62 [1], suzix198 [4]
ohc-file-size: 97044
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
175.6.243.35200 OK 12 kB URL HTTP/2 img1.baidu.com/it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x333, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dc17696cbc6c4d651def930c39fc3504
b8a8e770ccd344e2bc10cfbad1b51d5149bad346
fefe7d705c2a40e19b256f12c023906f5ceb718e1ff31c2a81fcdc5360b94577
GET /it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 12518
expires: Wed, 22 Feb 2023 01:33:45 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: dc17696cbc6c4d651def930c39fc3504
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 01:33:45 GMT
ohc-cache-hit: hengyct78 [1], xaix192 [2]
ohc-file-size: 12518
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/632748.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/632748.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/632748.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3790630467,1131415604&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=489
12806.url.tudown.com/uploads/images/logo.png?n=5cq2d2mywps3raxfv23olbnx42oi3zmkuhslrlpfx6bq&w=250
154.218.151.71200 OK 3.8 kB URL HTTP/1.1 12806.url.tudown.com/uploads/images/logo.png?n=5cq2d2mywps3raxfv23olbnx42oi3zmkuhslrlpfx6bq&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 9f2417fde66d0b999f60bf490197f88e
6c124bc080531415137153b914b1e985feea8881
f0cfa789d5b1b508e07f6ceb442aa45fb8730e57305234412bcae8537dfd777e
GET /uploads/images/logo.png?n=5cq2d2mywps3raxfv23olbnx42oi3zmkuhslrlpfx6bq&w=250 HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
12806.url.tudown.com/uploads/images/64619.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/64619.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/64619.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281
12806.url.tudown.com/uploads/images/457587.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/457587.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/457587.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1929866692,191978410&fm=253&fmt=auto?w=1280&h=800
img1.baidu.com/it/u=4120760857,2778925354&fm=253&fmt=auto&app=138&f=JPEG?w=448&h=600
175.6.243.35200 OK 52 kB URL HTTP/2 img1.baidu.com/it/u=4120760857,2778925354&fm=253&fmt=auto&app=138&f=JPEG?w=448&h=600
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 448x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ac23a3b0e8e7c317dc74af81c1e3b133
ca9677911e0b6ef09504cf0854b2fcda5b7ffe7a
d43d71e8fbd9dd77d88dd82b69f6b1adb62e33ef935f060afcb4c778d9c106f2
GET /it/u=4120760857,2778925354&fm=253&fmt=auto&app=138&f=JPEG?w=448&h=600 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 51494
expires: Tue, 21 Feb 2023 12:37:44 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ac23a3b0e8e7c317dc74af81c1e3b133
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 12:37:44 GMT
ohc-cache-hit: hengyct64 [1], bdix240 [4]
ohc-file-size: 51494
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676
175.6.243.35200 OK 129 kB URL HTTP/2 img1.baidu.com/it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image\012- data
Size 129 kB (128726 bytes)
Hash a45151baf4bdf6ac477de8dbdb6eea12
a9bc1c2a413c56b52f661b2c3819007f318eadd0
f71a055da3db54f46b3855d27ca4a6972346fa746e5a2ca99c73ccf5fad58fbc
GET /it/u=162976163,2845049117&fm=253&fmt=auto&app=138&f=PNG?w=500&h=676 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 128726
expires: Tue, 21 Feb 2023 05:23:00 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: a45151baf4bdf6ac477de8dbdb6eea12
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:23:00 GMT
ohc-cache-hit: hengyct87 [1], bdix158 [4]
ohc-file-size: 128726
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2268711550,455125604&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
175.6.243.35200 OK 43 kB URL HTTP/2 img0.baidu.com/it/u=2268711550,455125604&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 402338ee415c6163594365d8fb43a3d5
adf8eb271f044bb884d4e1906e476abd581546d0
7b1a27ae83e6b8327aa0890beb910b10dd80474bc3fb4482b7dfcd7aa964386d
GET /it/u=2268711550,455125604&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 43112
expires: Sun, 12 Feb 2023 18:24:03 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 402338ee415c6163594365d8fb43a3d5
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 18:24:03 GMT
ohc-cache-hit: hengyct76 [1], xiangyix160 [4]
ohc-file-size: 43112
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/63377.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/63377.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/63377.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1372934033,177804130&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688
img0.baidu.com/it/u=4216800448,2368484262&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
175.6.243.35200 OK 17 kB URL HTTP/2 img0.baidu.com/it/u=4216800448,2368484262&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5ca3f0201050977b2c11d719c7e70f4e
329a407e3fdcf8ee9f3ea069e8489dc968b28ca4
4617451b3528da70f02fe13d65a9ae260a8a8e79418731026b4b8a3ba79e503f
GET /it/u=4216800448,2368484262&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 17004
expires: Sun, 12 Feb 2023 22:01:49 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 5ca3f0201050977b2c11d719c7e70f4e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 22:01:49 GMT
ohc-cache-hit: hengyct54 [1], xiangyix54 [4]
ohc-file-size: 17004
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/974307.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/974307.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/974307.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2764745597,3481327853&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=289
img2.baidu.com/it/u=2747446029,2658154098&fm=253&app=120&f=JPEG?w=1280&h=800
125.74.40.35200 OK 140 kB URL HTTP/1.1 img2.baidu.com/it/u=2747446029,2658154098&fm=253&app=120&f=JPEG?w=1280&h=800
IP 125.74.40.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 140 kB (139887 bytes)
Hash 745227cbf81a90ad0580af58a0f6f1aa
35be28edbe11f53fc27ca815b6ee400ed6af1e3f
30e7e553c91e2402f8beedb865c91f768e6fd3f77640e2cde367ef76b6470f88
GET /it/u=2747446029,2658154098&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpeg
Content-Length: 139887
Connection: keep-alive
Expires: Wed, 01 Mar 2023 12:02:47 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 745227cbf81a90ad0580af58a0f6f1aa
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 30 Jan 2023 12:02:47 GMT
Ohc-Cache-HIT: plct74 [2], czix153 [2]
Ohc-File-Size: 139887
X-Cache-Status: MISS
img1.baidu.com/it/u=1929866692,191978410&fm=253&fmt=auto?w=1280&h=800
175.6.243.35200 OK 44 kB URL HTTP/2 img1.baidu.com/it/u=1929866692,191978410&fm=253&fmt=auto?w=1280&h=800
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0b52cee6e8651eb0f3319a52a3869c72
e8742e89ff58ddf65a5d378004482e796c0b4636
e7a7570baa3c4ce845e05608559ba78be335a62c28c349a62e7f723166052964
GET /it/u=1929866692,191978410&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 43490
expires: Fri, 17 Feb 2023 19:00:29 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0b52cee6e8651eb0f3319a52a3869c72
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 19:00:29 GMT
ohc-cache-hit: hengyct73 [1], czix73 [4]
ohc-file-size: 43490
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/248923.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/248923.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/248923.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2560403813,2834548357&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
12806.url.tudown.com/uploads/images/102710.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/102710.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/102710.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1453158479,240512326&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/445881.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/445881.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/445881.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2443564631,3437854628&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=499
12806.url.tudown.com/uploads/images/708460.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/708460.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/708460.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:41 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3984150993,2743414016&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=3790630467,1131415604&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=489
175.6.243.35200 OK 12 kB URL HTTP/2 img0.baidu.com/it/u=3790630467,1131415604&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=489
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x489, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 01f3a0548774be456d0fa4fd57c04970
b088114ecaf37a109c097b67dbbeb09a7034906d
700cfddd621f89be74b29c77da8f8e6817ae8ec450eda8ba467e2118720b9919
GET /it/u=3790630467,1131415604&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=489 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 11982
expires: Sun, 19 Feb 2023 10:49:07 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 01f3a0548774be456d0fa4fd57c04970
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 10:49:07 GMT
ohc-cache-hit: hengyct89 [1], qdix102 [4]
ohc-file-size: 11982
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281
125.74.40.35200 OK 24 kB URL HTTP/2 img2.baidu.com/it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x281, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9b2ba0020723f2839267a1ed6c71882d
36a1e8d7504e207c284d47e653882ec871687fa5
3b08ef96670093c7afd0c587813471bbf7acefee7ebe0904c1ab3d7c7b2962fb
GET /it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:41 GMT
content-type: image/webp
content-length: 24470
expires: Mon, 20 Feb 2023 06:23:21 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9b2ba0020723f2839267a1ed6c71882d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:23:21 GMT
ohc-cache-hit: plct73 [1], bdix148 [2]
ohc-file-size: 24470
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=1372934033,177804130&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688
125.74.40.35200 OK 17 kB URL HTTP/2 img2.baidu.com/it/u=1372934033,177804130&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x688, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 13dd34285ba362e7b373803c7822df88
d39eb353eb650ecceeba75889a74142a3c5f7e88
e599df08bcd1a12068362f51c39d984176e88fbf9f850ab585b50b06825ce1ff
GET /it/u=1372934033,177804130&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 16620
expires: Tue, 21 Feb 2023 11:17:32 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 13dd34285ba362e7b373803c7822df88
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 11:17:31 GMT
ohc-cache-hit: plct56 [1], suzix175 [4]
ohc-file-size: 16620
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/632828.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/632828.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/632828.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3712127688,2426154858&fm=224&app=112&f=JPEG?w=500&h=500
img2.baidu.com/it/u=2764745597,3481327853&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=289
125.74.40.35200 OK 22 kB URL HTTP/2 img2.baidu.com/it/u=2764745597,3481327853&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=289
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x289, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ae267cbc52dceaf849dd6724b10006af
3ef0976b2bf623720a96bd4c6cbc6262ec8f5e63
cc08f8c5105d6a204474637a798012a9f7aed15b18b0c9cd2889fa8b92282855
GET /it/u=2764745597,3481327853&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=289 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 22226
expires: Sun, 19 Feb 2023 00:57:03 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ae267cbc52dceaf849dd6724b10006af
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 00:57:03 GMT
ohc-cache-hit: plct51 [1], bdix155 [4]
ohc-file-size: 22226
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=3984150993,2743414016&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 33 kB URL HTTP/1.1 t14.baidu.com/it/u=3984150993,2743414016&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 2cd9de878e81ede8582ed31aa8a69db9
3b320a59fdd784c4735e20b2f65b075c04ebc1bd
6b3b585ea5e768431dab5f101192ce1a75e93e38302ca0b36e3cdf35617ec7ad
GET /it/u=3984150993,2743414016&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpeg
Content-Length: 32657
Connection: keep-alive
Expires: Thu, 09 Feb 2023 14:29:00 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 2cd9de878e81ede8582ed31aa8a69db9
Age: 2022849
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 14:29:00 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache56 [4], xiangyix108 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 32657
X-Cache-Status: HIT
Timing-Allow-Origin: *
12806.url.tudown.com/uploads/images/480515.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/480515.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/480515.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=627587985,1353151265&fm=224&app=112&f=JPEG?w=500&h=500
t14.baidu.com/it/u=3712127688,2426154858&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 22 kB URL HTTP/1.1 t14.baidu.com/it/u=3712127688,2426154858&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 01c205727bb81523d8bd79351f732743
c129018e892f4698c26f1f822124de84aebfc44a
99700b45ec38ecbe1f2a5552851564f55dc2689364cb7cdb90fe785ed327af59
GET /it/u=3712127688,2426154858&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpeg
Content-Length: 21724
Connection: keep-alive
Expires: Thu, 09 Feb 2023 02:16:02 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 01c205727bb81523d8bd79351f732743
Age: 2050685
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 02:16:02 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache51 [1], bdix122 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 21724
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=2443564631,3437854628&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=499
175.6.243.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=2443564631,3437854628&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=499
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 353x499, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b6d42f6b674bdd016974ffb373f7eefd
b1377ecebc9e08e03acc4fa3502228e0dd036cdf
cd8e05c18d8c1f4aa124931c572d275db5da2c930dc89adb2e01d5455e93cc12
GET /it/u=2443564631,3437854628&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=499 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 17568
expires: Sat, 18 Feb 2023 06:59:13 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: b6d42f6b674bdd016974ffb373f7eefd
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 06:59:13 GMT
ohc-cache-hit: hengyct54 [1], bdix134 [4]
ohc-file-size: 17568
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2560403813,2834548357&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
175.6.243.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=2560403813,2834548357&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x313, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 336d17137e6fd268a4ef35fe4a1e1243
e17961f6086b941efdaf2f2f0e766eba3d0adf5f
acbbc34a1d2e10020df7b108dd906eb6d44fcc111b6b9c91994fbdb9c2e61ab0
GET /it/u=2560403813,2834548357&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 18272
expires: Mon, 06 Mar 2023 05:47:42 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 336d17137e6fd268a4ef35fe4a1e1243
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 05:47:42 GMT
ohc-cache-hit: hengyct78 [1], xiangyix185 [2]
ohc-file-size: 18272
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/uploads/images/465013.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/465013.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/465013.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3724292413,2824285438&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312
12806.url.tudown.com/uploads/images/527581.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/527581.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/527581.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3366687841,3140455535&fm=224&app=112&f=JPEG?w=500&h=500
12806.url.tudown.com/uploads/images/133815.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/133815.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/133815.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2953553867,856548141&fm=253&fmt=auto?w=800&h=500
12806.url.tudown.com/uploads/images/330209.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/330209.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/330209.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=847914434,3338338522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
t13.baidu.com/it/u=627587985,1353151265&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 30 kB URL HTTP/1.1 t13.baidu.com/it/u=627587985,1353151265&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 255db11f306f6934ede2ba73ce80aa10
c3701b2411f0f363ceb7ef20e40ca2ea2f38fa0e
e55cd2a0649bc00eee8ea4ecc70924a0240731169e67102f7080f443a4a13107
GET /it/u=627587985,1353151265&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpeg
Content-Length: 29609
Connection: keep-alive
Expires: Sun, 26 Feb 2023 04:02:39 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 255db11f306f6934ede2ba73ce80aa10
Age: 184085
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 04:02:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache59 [4], xaix114 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 29609
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=3366687841,3140455535&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 35 kB URL HTTP/1.1 t13.baidu.com/it/u=3366687841,3140455535&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 35a447237d41da5cf9886991fcfa4fa6
8a166d16586d9e8d7a5de1d8449276ad75094fc4
972d2d8b564dfe9f8d5d4d7cd5f613f437a826802b27ad421fa04980a727693d
GET /it/u=3366687841,3140455535&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpeg
Content-Length: 35127
Connection: keep-alive
Expires: Sun, 05 Feb 2023 02:43:27 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 35a447237d41da5cf9886991fcfa4fa6
Age: 349281
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 02:43:27 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache53 [1], qdix133 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 35127
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=1453158479,240512326&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 86 kB URL HTTP/1.1 t13.baidu.com/it/u=1453158479,240512326&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 46e53831665f11e265cc74d6c82e7036
52f7b28ba1dbef452a9e241fe1499309cc831a98
711e3029b4a5ba337f0f78d54646ee5766b3f67170b16f6cbc88371cdfd0d367
GET /it/u=1453158479,240512326&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12806.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpeg
Content-Length: 85473
Connection: keep-alive
Expires: Fri, 24 Feb 2023 08:02:25 GMT
Last-Modified: Sat, 03 Jan 1970 00:00:00 GMT
ETag: 46e53831665f11e265cc74d6c82e7036
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 08:02:25 GMT
Ohc-Upstream-Trace: 58.20.204.59
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache70 [4], xaix211 [3]
Ohc-Response-Time: 1 0 0 12 277 278
Ohc-File-Size: 85473
X-Cache-Status: MISS
12806.url.tudown.com/uploads/images/852706.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12806.url.tudown.com/uploads/images/852706.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/852706.jpg HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:47:42 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3253125022,3201464799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=851
img1.baidu.com/it/u=3724292413,2824285438&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312
175.6.243.35200 OK 35 kB URL HTTP/2 img1.baidu.com/it/u=3724292413,2824285438&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x312, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2abd7d70b8ea2f4fc79f0539ffba5625
9fc90835c213034b7d0c1673b11fdad2674b9c5a
28de019519d0f83fc02f16264dab2dc46d3253e9aee76da03b9406637b623250
GET /it/u=3724292413,2824285438&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 34972
expires: Fri, 17 Feb 2023 07:44:31 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 2abd7d70b8ea2f4fc79f0539ffba5625
age: 851970
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 07:44:31 GMT
ohc-cache-hit: hengyct86 [4], qdix228 [2]
ohc-file-size: 34972
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=847914434,3338338522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
125.74.40.35200 OK 11 kB URL HTTP/2 img2.baidu.com/it/u=847914434,3338338522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 879fb956f2d88856be6292f212aa6d9e
a21a019fa5ffc0c39c89af6e1d7673c9323f8d42
0964d7a1b931faf632125c10210b03317da151768ffae079aab061ff573da969
GET /it/u=847914434,3338338522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 11196
expires: Mon, 20 Feb 2023 12:21:45 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 879fb956f2d88856be6292f212aa6d9e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:21:45 GMT
ohc-cache-hit: plct68 [1], xaix100 [4]
ohc-file-size: 11196
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2953553867,856548141&fm=253&fmt=auto?w=800&h=500
125.74.40.35200 OK 42 kB URL HTTP/2 img2.baidu.com/it/u=2953553867,856548141&fm=253&fmt=auto?w=800&h=500
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash adcf980119058b53f2936a787aa53003
c2e29752286f6e11fd33a8a1cd60a2672b33caa3
47078cde84f87f6689e68bef000a3adbfb060e9b8044333261c2ca8c78022f36
GET /it/u=2953553867,856548141&fm=253&fmt=auto?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 41740
expires: Tue, 21 Feb 2023 03:29:58 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: adcf980119058b53f2936a787aa53003
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 03:29:58 GMT
ohc-cache-hit: plct58 [1], suzix143 [2]
ohc-file-size: 41740
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3253125022,3201464799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=851
125.74.40.35200 OK 20 kB URL HTTP/2 img2.baidu.com/it/u=3253125022,3201464799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=851
IP 125.74.40.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x851, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d7e4a1919f681b8f3fc0a15035ee836f
be18bba7aedd2a0c1113c5143d34f12a7409d40a
42d5b4c34ac42e70b2e70a4483729099390bc3e89a38de04f8f52647360a7542
GET /it/u=3253125022,3201464799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=851 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12806.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:47:42 GMT
content-type: image/webp
content-length: 19490
expires: Mon, 20 Feb 2023 09:14:15 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: d7e4a1919f681b8f3fc0a15035ee836f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 09:14:15 GMT
ohc-cache-hit: plct73 [1], czix226 [2]
ohc-file-size: 19490
x-cache-status: MISS
X-Firefox-Spdy: h2
12806.url.tudown.com/favicon.ico
154.218.151.71200 OK 0 B URL HTTP/1.1 12806.url.tudown.com/favicon.ico
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 12806.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12806.url.tudown.com/down/%E8%B5%9B%E5%BE%B7%E6%96%AF%E7%81%B5%E5%88%83%E9%BC%A0%E6%A0%87%E9%A9%B1%E5%8A%A8@271_243564.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675484107,1675489695; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675489695
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:47:43 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba
54.230.111.87200 OK 0 B URL HTTP/2 jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba
IP 54.230.111.87:0
GET /11.0.1.js?d182b3f28525f2db83acfaaf6e696dba HTTP/1.1
Host: jspassport.ssl.qhimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12806.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Wed, 28 Nov 2018 07:43:20 GMT
kcs-via: HIT from w-fc01.lato;REVALIDATED from w-sc01.lato
date: Sat, 04 Feb 2023 05:39:20 GMT
cache-control: max-age=600
expires: Sat, 04 Feb 2023 05:48:32 GMT
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Knc_dlxT4qatGNAlsdRcCZnHzj8l7V8s7ym_8Lm9m7WEqUGl-9G3_A==
age: 545
X-Firefox-Spdy: h2