Overview

URL16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe
IP 154.218.151.71 (Hong Kong)
ASN#137951 Clayer Limited
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2023-01-25 03:02:14 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (16)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
img1.baidu.com (8) 50158 2021-03-25 12:17:58 UTC 2023-01-23 16:23:51 UTC 110.185.186.35
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2023-01-24 17:12:46 UTC 34.117.237.239
t15.baidu.com (3) 33050 2021-01-09 16:16:17 UTC 2023-01-23 20:20:31 UTC 185.10.104.124
img0.baidu.com (6) 50126 2021-03-25 12:17:59 UTC 2023-01-23 16:23:50 UTC 113.219.142.35
hm.baidu.com (2) 8254 2012-05-26 08:38:45 UTC 2023-01-24 18:38:37 UTC 103.235.46.191
firefox.settings.services.mozilla.com (2) 867 2020-05-25 20:06:39 UTC 2023-01-24 17:12:37 UTC 35.241.9.150
img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2023-01-24 17:36:02 UTC 34.120.237.76
img2.baidu.com (6) 50786 2021-03-25 12:17:58 UTC 2023-01-23 16:23:51 UTC 58.216.66.35
ocsp.globalsign.com (1) 2075 2012-05-25 06:20:55 UTC 2023-01-24 17:19:09 UTC 104.18.20.226
t13.baidu.com (1) 32653 2021-01-09 13:57:25 UTC 2023-01-23 20:16:18 UTC 185.10.104.124
r3.o.lencr.org (10) 344 2020-12-02 08:52:13 UTC 2023-01-24 17:12:25 UTC 95.101.11.115
content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2023-01-24 17:21:06 UTC 34.160.144.191
16693.url.tudown.com (40) 0 2022-12-30 03:08:26 UTC 2023-01-15 05:53:56 UTC 154.218.151.71 Unknown ranking
push.services.mozilla.com (1) 2140 2014-10-24 08:27:06 UTC 2023-01-24 17:21:57 UTC 44.228.217.71
t14.baidu.com (2) 32559 2021-01-22 20:20:42 UTC 2023-01-23 20:16:18 UTC 185.10.104.124
img1.baidu.com (8) 50158 2021-03-25 12:17:58 UTC 2023-01-23 16:23:51 UTC 111.225.213.35

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2023-01-25 2 16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7% (...) Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected

ThreatFox
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 154.218.151.71
Date UQ / IDS / BL URL IP
2023-02-04 15:55:49 +0000 0 - 0 - 1 21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD% (...) 154.218.151.71
2023-02-04 15:55:47 +0000 0 - 0 - 1 12228.url.tudown.com/down/%E7%99%BE%E5%BA%A6% (...) 154.218.151.71
2023-02-04 15:55:46 +0000 0 - 0 - 9 12931.url.tudown.com/down/berrybox%E4%B8%8B%E (...) 154.218.151.71
2023-02-04 15:55:43 +0000 0 - 1 - 8 12684.url.tudown.com/down/AutoCAD2012+x64%E4% (...) 154.218.151.71
2023-02-04 15:48:49 +0000 0 - 0 - 1 url.tudown.com/xiaz/lumion8.3%E4%B8%AD%E6%96% (...) 154.218.151.71


Last 5 reports on ASN: Clayer Limited
Date UQ / IDS / BL URL IP
2023-02-05 17:47:15 +0000 0 - 2 - 0 www.cabiss.com/ci07/?BH7=n983oSDmxmJrwStCxIB3 (...) 155.159.50.62
2023-02-05 08:55:16 +0000 0 - 6 - 0 grahaksatria.com/ 168.206.49.211
2023-02-04 20:13:33 +0000 0 - 0 - 5 hostfaze.com/I6TztQVK42LugI4f/login.php 168.76.138.254
2023-02-04 15:55:49 +0000 0 - 0 - 1 21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD% (...) 154.218.151.71
2023-02-04 15:55:47 +0000 0 - 0 - 1 12228.url.tudown.com/down/%E7%99%BE%E5%BA%A6% (...) 154.218.151.71


Last 5 reports on domain: tudown.com
Date UQ / IDS / BL URL IP
2023-02-04 15:55:49 +0000 0 - 0 - 1 21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD% (...) 154.218.151.71
2023-02-04 15:55:47 +0000 0 - 0 - 1 12228.url.tudown.com/down/%E7%99%BE%E5%BA%A6% (...) 154.218.151.71
2023-02-04 15:55:46 +0000 0 - 0 - 9 12931.url.tudown.com/down/berrybox%E4%B8%8B%E (...) 154.218.151.71
2023-02-04 15:55:43 +0000 0 - 1 - 8 12684.url.tudown.com/down/AutoCAD2012+x64%E4% (...) 154.218.151.71
2023-02-04 15:48:49 +0000 0 - 0 - 1 url.tudown.com/xiaz/lumion8.3%E4%B8%AD%E6%96% (...) 154.218.151.71


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-02-04 15:55:47 +0000 0 - 0 - 1 12228.url.tudown.com/down/%E7%99%BE%E5%BA%A6% (...) 154.218.151.71
2023-02-04 15:48:49 +0000 0 - 0 - 1 url.tudown.com/xiaz/lumion8.3%E4%B8%AD%E6%96% (...) 154.218.151.71
2023-02-04 11:55:18 +0000 0 - 1 - 1 12647.url.tudown.com/down/office2016@418_61474.exe 154.218.151.71
2023-02-04 11:54:04 +0000 0 - 0 - 9 12804.url.tudown.com/down/type34.6.0.0@376_33 (...) 154.218.151.71
2023-02-04 11:54:01 +0000 0 - 1 - 4 12376.url.tudown.com/down/cszmdyrj-v1.0@278_2 (...) 154.218.151.71

JavaScript

Executed Scripts (15)

Executed Evals (0)

Executed Writes (2)
#1 JavaScript::Write (size: 169) - SHA256: e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08
< meta name = "viewport"
content = "width=device-width,initial-scale=1, maximum-scale=1, user-scalable=no" > < style > html, body {
    width: 100 % ;height: 100 % ;margin: 0;padding: 0
} < /style>
#2 JavaScript::Write (size: 310) - SHA256: 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036
< div style = "width: 100%; height: 100%; z-index: 2147483647; position: fixed; top: 0px; left: 0px;" > < iframe src = "https://paragonconsultant.com/"
scrolling = "auto"
style = "width: 100%; height: 100%; left: 1px; top: 1px; border: medium none; background: rgb(255, 255, 255) none repeat scroll 0% 0%;" > < /iframe></div >


HTTP Transactions (90)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0582B6180687DD95C7FD728F1B9DB4495B807151E309B608AD203D69708F9DA6"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5266
Expires: Wed, 25 Jan 2023 04:29:49 GMT
Date: Wed, 25 Jan 2023 03:02:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18860
Expires: Wed, 25 Jan 2023 08:16:23 GMT
Date: Wed, 25 Jan 2023 03:02:03 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8B3B47EA29FC02B8A08EE2A340A05AB23E391F0EB3B8D6BEB17516706BB2E94D"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6237
Expires: Wed, 25 Jan 2023 04:46:00 GMT
Date: Wed, 25 Jan 2023 03:02:03 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Alert, Retry-After, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 25 Jan 2023 02:42:47 GMT
age: 1156
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    dcd75ca6daca51c5e39d431468511793
Sha1:   07f76d3bf23d65c9110d810fa71a994e39e085d3
Sha256: 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: FdNGLlHprNRrH54Dhi6osWwxdnkMKuswjE/LTGT/yRvOPjDtAGp6SAz5BBPWeZy5l2gbqb5Wy4E=
x-amz-request-id: DEKAEZQQCNPJPDBA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 25 Jan 2023 02:48:24 GMT
age: 819
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    7b922915ebf1fa3639b333f994c74f24
Sha1:   144a3f80b98fd0652d4614f24cf6cbbee40f8938
Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 25 Jan 2023 03:02:03 GMT
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 25 Jan 2023 02:48:59 GMT
age: 784
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (478), with CRLF, LF line terminators
Size:   7919
Md5:    8cabe9f78a884d9191264725a5a97457
Sha1:   02461fafe590baccbea2528fe2c1f2d3e73745cd
Sha256: 31a7ae2d2c7f086e689c01030bca79cf91619b1ceb8fd687ee50463eb826a591

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A6F07F7C6A4746ACC25457C726701DF33120628DFB578BC4982448D8EFEE5855"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18269
Expires: Wed, 25 Jan 2023 08:06:33 GMT
Date: Wed, 25 Jan 2023 03:02:04 GMT
Connection: keep-alive

                                        
                                            GET /template/company/1014xiazai/css/base.css HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86806a-29c1"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text
Size:   3163
Md5:    b752c4d83249982bcbcd13a723247bc0
Sha1:   1ccb18e4440bb1209190670ad392ceb8418d6b01
Sha256: cbdadd44ddee5bd601b32c82c1946469bb2fe3bb6f99167a0a59ed2d2ebb4d0d
                                        
                                            GET /js/orsxg5a.script HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, ASCII text, with CRLF line terminators
Size:   531
Md5:    39fd4f4c17d424445d9f437c99c9d40a
Sha1:   84a56ab95c669d43c757a5f9a312d5f3a37f73fa
Sha256: 45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: z1EN3pCV7eFfmhZznth+GA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         44.228.217.71
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: e1xBexjdHkKZewO7800LP8fhvGY=

                                        
                                            GET /template/company/1014xiazai/css/style3500.css HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86806a-c99c"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (1113)
Size:   11804
Md5:    caee2cfa3291c35837be265cfc3e168c
Sha1:   2abdd423b8b6351b26d52da1faa5517fc76c1730
Sha256: 0f7482f2f6732e4b7f55fdd2eb6e41acb5864a53f19c404728652eabe9923dea
                                        
                                            GET /template/company/1014xiazai/js/plugins.count.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:37:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868082-609"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (525), with CRLF line terminators
Size:   683
Md5:    9279ffdda939f259cbd5bd201b72ab71
Sha1:   12395c3521b33935aee973d761bf424add3a1e36
Sha256: 76fb346f9b8c62f7da6a752511aa20e147069607a28eb98fb843b650a2c6c203
                                        
                                            GET /template/company/1014xiazai/js/screenshots.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:37:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868072-1219"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (3463), with CRLF line terminators
Size:   1743
Md5:    5f2d7d98f138edb321f4806bfcd16ca8
Sha1:   fac55732cfd8b6536b6ca8c257f3e1d11cfdf199
Sha256: c9435192fb089165cfec52d7ab8f807a2b8a0fa533014bb9da0f659719e70d08
                                        
                                            GET /template/company/1014xiazai/js/jquery.uploadify.min.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Content-Length: 548
Last-Modified: Wed, 14 Oct 2020 04:37:19 GMT
Connection: keep-alive
ETag: "5f86807f-224"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size:   548
Md5:    370e16c3b7dba286cff055f93b9a94d8
Sha1:   65f3537c3c798f7da146c55aef536f7b5d0cb943
Sha256: d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
                                        
                                            GET /template/company/1014xiazai/js/member.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:37:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868082-ceda"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 text, with very long lines (364), with CRLF line terminators
Size:   11778
Md5:    a95b815530baa4c6efdad8929348d846
Sha1:   fb59238a8fa4c6e4b25dbd8956a7a4b4f8bdbff3
Sha256: e0ac53257204eb74bc8c9c87b8fcbd55037c972324f10b1904d0610db932b555
                                        
                                            GET /template/company/1014xiazai/js/global.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:37:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86806e-1879"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (345), with CRLF line terminators
Size:   2756
Md5:    26b58b731bc22007a9514da5788e5639
Sha1:   ff7a2a214e6a44becf3dd6bc1f70cbf3272d0695
Sha256: 7fc9b78cfc935e6eed582efc9002a03bdabeccfa6be21925c960248083b86113
                                        
                                            GET /template/company/1014xiazai/js/jquery-1.8.2.min.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:37:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868082-16e8c"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (65480)
Size:   37670
Md5:    e96252242dc7d419f1f3d2ca4a1dec5d
Sha1:   b16a288a9bdc1b1050c1bee256dde6de54166b83
Sha256: f62af873d226a9a37ba6bc7385d50888f03a99785135547f03b4aeec63a81fa1
                                        
                                            GET /template/company/1014xiazai/js/loading.js HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:04 GMT
Last-Modified: Wed, 14 Oct 2020 04:37:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86807e-1d0e"
Expires: Wed, 25 Jan 2023 15:02:04 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 text, with very long lines (613), with CRLF line terminators
Size:   1531
Md5:    2422ef78f8b0e865bc47afdacbc60161
Sha1:   f3cb0bf96ba8a395b5587fd8d74243e7572894b7
Sha256: 8ebd398c983e3d9b329d44bcdd9be269243b9838e0fcdbfcd3a814bc1255b39b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8AA1FFED18B6D8689A9FDC4FD5E0C6ABDD21D27EEC4E24B37463BB64A790FD99"
Last-Modified: Tue, 24 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18537
Expires: Wed, 25 Jan 2023 08:11:02 GMT
Date: Wed, 25 Jan 2023 03:02:05 GMT
Connection: keep-alive

                                        
                                            GET /uploads/images/171926.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2964727932,3345021713&fm=253&fmt=auto&app=138&f=JPEG?w=786&h=500

                                        
                                            GET /uploads/images/761168.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3520885336,2242553181&fm=224&app=112&f=JPEG?w=500&h=500

                                        
                                            GET /uploads/images/461068.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3240122246,1921865132&fm=224&app=112&f=JPEG?w=500&h=500

                                        
                                            GET /uploads/images/794868.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1947393586,2998816175&fm=253&fmt=auto&app=120&f=JPEG?w=584&h=365

                                        
                                            GET /uploads/images/208978.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500

                                        
                                            GET /uploads/images/logo.png?n=4wi3zzf4u3uljhpfwckoloec422jpzvwuttzjkhfsoa6llvc42oi3zfyvxs37ay&w=250 HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size:   3343
Md5:    2e23879cea87bf50ba0c984232e7535a
Sha1:   a8bbcc867b30cdd2c97fb79cfa11b0c0a70c4f61
Sha256: 323a3172d08b78c88c828f0152309136263ce2c12321230e9a7e7f96b0e3e71a
                                        
                                            GET /it/u=3240122246,1921865132&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1 
Host: t14.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         185.10.104.124
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:05 GMT
Content-Length: 44274
Connection: keep-alive
Expires: Thu, 02 Feb 2023 04:34:17 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: a38678a58fc6d092b6828e221c2147d4
Age: 1144690
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 03 Jan 2023 04:34:16 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache51 [4], bdix156 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44274
X-Cache-Status: HIT
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   44274
Md5:    a38678a58fc6d092b6828e221c2147d4
Sha1:   7876455dcb8d1e8f530726a76389045c36673a1a
Sha256: 8de5ff55aecd83b311ac700efd3db7f1577019ba00af78d5a9cb9a8691878581
                                        
                                            POST /gsrsaovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.20.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 25 Jan 2023 03:02:05 GMT
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 28 Jan 2023 23:30:15 GMT
ETag: "0ee04028647671e48ad7e2104143d40f29035285"
Last-Modified: Tue, 24 Jan 2023 23:30:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 809
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78edc49cff83b524-OSL


--- Additional Info ---
Magic:  data
Size:   1432
Md5:    e118b4aa46bb3e8a96489e01c5b9a753
Sha1:   0ee04028647671e48ad7e2104143d40f29035285
Sha256: b36318c16c700bbb072f0476b8105cce4174af4c58b54e3c5c9cefb9258e018a
                                        
                                            GET /template/company/1014xiazai/images/icos.png HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/template/company/1014xiazai/css/base.css

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: image/png
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Content-Length: 15004
Last-Modified: Wed, 14 Oct 2020 05:48:52 GMT
Connection: keep-alive
ETag: "5f869144-3a9c"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  PNG image data, 166 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size:   15004
Md5:    a4e686563c8daf2f139cc5c6629d2730
Sha1:   ad2a8926a53aa4f3e6de38b4e63a017182f8b514
Sha256: 38b01bc71af931846808835315e85841cd7bd42c640b0656b276cc5aeff018c4
                                        
                                            GET /uploads/images/399844.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3282216392,167525344&fm=253&fmt=auto&app=138&f=JPEG?w=750&h=500

                                        
                                            GET /uploads/images/150233.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=57841799,4260223041&fm=253&fmt=auto?w=500&h=805

                                        
                                            GET /uploads/images/776168.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3716701316,842787082&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6135
Expires: Wed, 25 Jan 2023 04:44:20 GMT
Date: Wed, 25 Jan 2023 03:02:05 GMT
Connection: keep-alive

                                        
                                            GET /uploads/images/925435.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4167799717,3525246137&fm=253&fmt=auto&app=138&f=JPEG?w=375&h=500

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6135
Expires: Wed, 25 Jan 2023 04:44:20 GMT
Date: Wed, 25 Jan 2023 03:02:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F07f8fda5-486e-4c4b-82f2-d763219f4562.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6715
x-amzn-requestid: c808c9d9-bbbb-43ff-ab15-33074a760093
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e4BO5En_oAMFTzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c648c5-67151eb46f5a10b0732fbd09;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 07:05:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0pvebF903zoRPgzBK2gxMlcYQTurylOzzCfOO07hYCG5aD7wX_fl9g==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 09:51:11 GMT
age: 61854
etag: "298cafecdcac99de25fe5c2c4c993487f73ced6b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6715
Md5:    6fa8338e574e2b8272ad3ca7cd9d1d63
Sha1:   298cafecdcac99de25fe5c2c4c993487f73ced6b
Sha256: f75c20ebc4c0db2df40d958337cd87768714bdf53a48609ad0f97b7129b0b100
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccf5342f-6184-4859-b154-9913ddd9b112.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9091
x-amzn-requestid: c5849f51-8fc6-40c0-a1e3-9deb74e06c59
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fRE7TEzxoAMFmuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d04eae-22d80a0c3e6485dd62f420ef;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 21:33:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: U8Pd9ECOLiB-ZaqU46162mJRnAYfNE3O5Zi_yaYTk_oNNm2xHNgQSQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 21:38:40 GMT
age: 19405
etag: "f6364de0805cf3cfe66d19293085da16a2c2f832"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9091
Md5:    af3ceda828750acf5ac7c837612a6e0f
Sha1:   f6364de0805cf3cfe66d19293085da16a2c2f832
Sha256: baa0cb6e3cec7f840477dfdcea518968f5b72a828dbd346abb09e2d3e3aa3bee
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6135
Expires: Wed, 25 Jan 2023 04:44:20 GMT
Date: Wed, 25 Jan 2023 03:02:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42c8799a-4bfb-409b-9789-78388344ffa6.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7266
x-amzn-requestid: 97a4233c-38fc-461a-afb5-d89b3f25681b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFHVkGsmIAMFqEg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb85bd-634989b11d1b5c7b0e047f57;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 06:27:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: cgsCHmWkKtiMLK9_i-TqXW4dQB2AFgdkZ-U3-5Mpr7YcStQIpAaiGw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 19:56:36 GMT
age: 25529
etag: "f003c2a8a841d70c0c77d28362aa855e5c4826ae"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7266
Md5:    cd550f762800dcbbd86f599c1283050b
Sha1:   f003c2a8a841d70c0c77d28362aa855e5c4826ae
Sha256: f5d669beac28d5dd73b7850b601b965d41a6192d8dc226c65a2eb85bdb5b77e5
                                        
                                            GET /it/u=3520885336,2242553181&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1 
Host: t13.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         185.10.104.124
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:05 GMT
Content-Length: 65055
Connection: keep-alive
Expires: Tue, 14 Feb 2023 19:30:35 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 6d90b3b823ac9ee222733e06736226e0
Age: 522133
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 19:30:35 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache55 [1], czix190 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 65055
X-Cache-Status: HIT
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   65055
Md5:    6d90b3b823ac9ee222733e06736226e0
Sha1:   a1643e30a1672931ad760876aca82df910bfe13a
Sha256: 37edc99f85f4baaedbfa8608309a848e1f328b899ec980e8d6f7441d29978a52
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6135
Expires: Wed, 25 Jan 2023 04:44:20 GMT
Date: Wed, 25 Jan 2023 03:02:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e473b9-0adb-4371-8146-b148ce85cdec.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8252
x-amzn-requestid: a5a39d22-de0e-4b2e-b3e2-aad1d0090881
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqtiHo7oAMFdCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb57f0-0cd78ff23e91baf668276053;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:11:44 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: s8JWGyQ0pTWcaGk0n2PQOpAhjKLuNlbI4wCZAidzoBR5RQreO2rh9g==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 07:38:13 GMT
age: 69832
etag: "c9b86b2b27063e0a58b0f237d451f9cf05b2122d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8252
Md5:    d10114508bd40d76f497fc5b9c064350
Sha1:   c9b86b2b27063e0a58b0f237d451f9cf05b2122d
Sha256: a156bd21bee2fca1d82940fb172a695044321ed432786ae100a7baf3b5e12b3f
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         95.101.11.115
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6135
Expires: Wed, 25 Jan 2023 04:44:20 GMT
Date: Wed, 25 Jan 2023 03:02:05 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K73B093GBbsf85ny_o8fc9oE417nJBFlH0eEdhiifeQk3KG5Q-HHdg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 07:54:32 GMT
age: 68853
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3411
Md5:    805711aaab303931f8966bbf73aeda52
Sha1:   2bd02a45c8b407e36a41a482b121ea3e14f7c722
Sha256: 66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb
                                        
                                            GET /uploads/images/42297.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1961172537,857042196&fm=224&app=112&f=JPEG?w=500&h=500

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd57136f3-3a32-4cb9-be6a-29e47e59a6f9.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5732
x-amzn-requestid: d59f1165-e5c8-4a43-a7be-32f0d9ef2ff1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFK9EFNjIAMF5hQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8b86-1f8d46827f84aa3119e4195c;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 06:51:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: x0-Cy2E3bQp52z6h4jB6wQ4xAEM5vuuVBPc4A6ZNfv_zbgBsbWDbtA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 15:21:30 GMT
age: 42035
etag: "3a5ac9f9831aa4c735d335e7d24e9ccc5e1ee0d4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5732
Md5:    24a73392615d623dc852bdab43c9f133
Sha1:   3a5ac9f9831aa4c735d335e7d24e9ccc5e1ee0d4
Sha256: edc11bdc8b40a513dc62b32f7eff0ba1f80db27208bd80bd16235da3c369157b
                                        
                                            GET /uploads/images/726263.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3232623703,2122411144&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699

                                        
                                            GET /uploads/images/895440.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3204007935,2412746479&fm=253&app=120&f=JPEG?w=1280&h=800

                                        
                                            GET /uploads/images/126617.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3081687039,2677475859&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

                                        
                                            GET /uploads/images/946344.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1239744570,2671672510&fm=224&app=112&f=JPEG?w=500&h=500

                                        
                                            GET /it/u=1239744570,2671672510&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1 
Host: t14.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         185.10.104.124
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:05 GMT
Content-Length: 58130
Connection: keep-alive
Expires: Tue, 21 Feb 2023 01:11:51 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 8753c67fc388d73f5f304433b1444a7f
Age: 150533
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 01:11:51 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache55 [1], xiangyix205 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 58130
X-Cache-Status: HIT
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   58130
Md5:    8753c67fc388d73f5f304433b1444a7f
Sha1:   defffa1ef2684c2c7a36561c076b9605e4574699
Sha256: 4e18382c201ada3be60600402fffa3c553735cceed3282563a700b8741627aec
                                        
                                            GET /it/u=1961172537,857042196&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1 
Host: t15.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         185.10.104.124
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 26714
Connection: keep-alive
Expires: Mon, 30 Jan 2023 10:57:19 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 6fe24e19b0f6369fc494efe1fe0c2f77
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 31 Dec 2022 10:57:18 GMT
Ohc-Upstream-Trace: 121.228.171.187; 58.20.204.52
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [1], zhuzuncache52 [1], suzix187 [4]
Ohc-Response-Time: 1 0 0 0 272 272
Ohc-File-Size: 26714
X-Cache-Status: MISS
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   26714
Md5:    6fe24e19b0f6369fc494efe1fe0c2f77
Sha1:   9d8b029f2ce7d279c5c2bda71db6e1aad2dc44c0
Sha256: c46ee8993e733ddf51921e6509761547689726477353b0540c7b929ba1a3cd51
                                        
                                            GET /uploads/images/424940.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=621734655,761967927&fm=253&fmt=auto&app=138&f=JPEG?w=498&h=500

                                        
                                            GET /uploads/images/159249.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:05 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2117841259,1764709204&fm=224&app=112&f=JPEG?w=500&h=500

                                        
                                            GET /it/u=2117841259,1764709204&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1 
Host: t15.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         185.10.104.124
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 94379
Connection: keep-alive
Expires: Wed, 25 Jan 2023 09:44:26 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 142701c38b7d10a7a0235b6fbf399933
Age: 2246640
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 26 Dec 2022 09:44:26 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache129 [1], suzix199 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 94379
X-Cache-Status: HIT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   94379
Md5:    142701c38b7d10a7a0235b6fbf399933
Sha1:   cf73a22495f05d8d1625d0af26329187b4dcc378
Sha256: d4a634c13f5668699f6163a22eb7a6fb0c06e3081f7dca39f5803a94c0b97698
                                        
                                            GET /it/u=1947393586,2998816175&fm=253&fmt=auto&app=120&f=JPEG?w=584&h=365 HTTP/1.1 
Host: img0.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         113.219.142.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 12022
expires: Fri, 27 Jan 2023 07:05:48 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 83a4ef44eb6574b2b7ee602f3771e013
age: 931
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 28 Dec 2022 07:05:48 GMT
ohc-cache-hit: chenzct56 [4], xiangyix136 [2]
ohc-file-size: 12022
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 584x365, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   12022
Md5:    83a4ef44eb6574b2b7ee602f3771e013
Sha1:   db53476d5b16ed7fa54ca537e202f3a3a785de5c
Sha256: 605b507573e5382e84281595f3db13748d624a7a8d0c5ed286fa9d694b3df1c4
                                        
                                            GET /uploads/images/975307.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1362541264,1232285913&fm=253&fmt=auto&app=138&f=JPEG?w=356&h=500

                                        
                                            GET /uploads/images/668574.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3053061917,372692374&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500

                                        
                                            GET /uploads/images/612791.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=1690274892,2625327171&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=462

                                        
                                            GET /uploads/images/367857.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3602790367,1542241447&fm=253&fmt=auto?w=1280&h=800

                                        
                                            GET /it/u=3282216392,167525344&fm=253&fmt=auto&app=138&f=JPEG?w=750&h=500 HTTP/1.1 
Host: img2.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         58.216.66.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:05 GMT
content-length: 28978
expires: Thu, 26 Jan 2023 08:03:01 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: be0c7956a8afd1cebce0c7e96d0c439a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 27 Dec 2022 08:03:01 GMT
ohc-cache-hit: cz4ct59 [1], qdix154 [4]
ohc-file-size: 28978
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 750x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   28978
Md5:    be0c7956a8afd1cebce0c7e96d0c439a
Sha1:   2495e89748e890b85f9244377e4e614d6a2d5bbb
Sha256: fec3577e351fe7851c53121c325a31f0558bae81d909fc0172620c2b0f7304a0
                                        
                                            GET /uploads/images/795048.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2631872643,539594493&fm=253&fmt=auto&app=138&f=JPEG?w=950&h=500

                                        
                                            GET /uploads/images/750327.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4204260096,1923555828&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=539

                                        
                                            GET /it/u=3081687039,2677475859&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1 
Host: img0.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         113.219.142.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 35570
expires: Mon, 20 Feb 2023 14:09:41 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ec0cddedb1b7ac3d3f9e939b70fdac1f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 14:09:41 GMT
ohc-cache-hit: chenzct85 [1], czix238 [2]
ohc-file-size: 35570
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   35570
Md5:    ec0cddedb1b7ac3d3f9e939b70fdac1f
Sha1:   d04ac53647809df0776171bdce6b9fdced4dd315
Sha256: c71541d614ec600c60f3face200d0a77af7aca7eeadad09b3bc925ad8f9c22a6
                                        
                                            GET /it/u=2964727932,3345021713&fm=253&fmt=auto&app=138&f=JPEG?w=786&h=500 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         111.225.213.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 28450
expires: Wed, 22 Feb 2023 02:16:11 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 3ea3167b92017b6208f72fd72e72b69e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:16:11 GMT
ohc-cache-hit: lf6ct85 [1], wzix103 [4]
ohc-file-size: 28450
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 786x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   28450
Md5:    3ea3167b92017b6208f72fd72e72b69e
Sha1:   f1af1b69ef5a5e5ac26745495c45744000a73f44
Sha256: 8efc1acec0643c46b0ce67f94977d01ba6bd630c20b80121d2b51543186464bc
                                        
                                            GET /it/u=3716701316,842787082&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         111.225.213.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 24708
expires: Thu, 02 Feb 2023 13:43:03 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: f122651d252548a065af656750966246
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 03 Jan 2023 13:43:03 GMT
ohc-cache-hit: lf6ct86 [1], wzix86 [4]
ohc-file-size: 24708
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 281x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   24708
Md5:    f122651d252548a065af656750966246
Sha1:   ced946ac0ebd45ff05be51d40f0a2dfc45090648
Sha256: 514b2780faf2b100e422219bc8d6b335fee08c88402f16edc9167c641fff2c46
                                        
                                            GET /it/u=3232623703,2122411144&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699 HTTP/1.1 
Host: img0.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         113.219.142.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 32398
expires: Tue, 07 Feb 2023 19:50:53 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 207f4100f22f0eef70acc60ddadbbe3e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 19:50:53 GMT
ohc-cache-hit: chenzct51 [1], csix51 [4]
ohc-file-size: 32398
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 500x699, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   32398
Md5:    207f4100f22f0eef70acc60ddadbbe3e
Sha1:   1d4e6a66b109e3273a63461454a67440d3478fcf
Sha256: d7e02ed22d7473bb9fd8349ec9aab673a52b2984ff83a33ea7aa80d53bd8491a
                                        
                                            GET /uploads/images/16306.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3353001573,3703188798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688

                                        
                                            GET /it/u=621734655,761967927&fm=253&fmt=auto&app=138&f=JPEG?w=498&h=500 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         111.225.213.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 30778
expires: Thu, 26 Jan 2023 10:31:48 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 48ffa5a90f8f567e262131837de1de9a
age: 130991
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 27 Dec 2022 10:31:48 GMT
ohc-cache-hit: lf6ct68 [4], wzix68 [4]
ohc-file-size: 30778
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 498x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   30778
Md5:    48ffa5a90f8f567e262131837de1de9a
Sha1:   939bc437e2d57129a29d08f1aabae58046d36e0e
Sha256: 3d90dc4c6b7c6938f8e8f544cf572907c14700a8f3975762c50115b4067ee149
                                        
                                            GET /uploads/images/752788.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=170427542,2244280239&fm=253&app=120&f=JPEG?w=1280&h=800

                                        
                                            GET /uploads/images/499153.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3324626083,3198221996&fm=253&app=120&f=JPEG?w=1280&h=800

                                        
                                            GET /uploads/images/694803.jpg HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe

search
                                         154.218.151.71
HTTP/1.1 301 Moved Permanently
Content-Type: image/jpg; charset=UTF-8
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=968959547,2431699162&fm=224&app=112&f=JPEG?w=500&h=500

                                        
                                            GET /it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500 HTTP/1.1 
Host: img2.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         58.216.66.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:05 GMT
content-length: 121254
expires: Wed, 22 Feb 2023 03:03:27 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: ba14fd72ae318e11cb88b546c117c21e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:03:27 GMT
ohc-cache-hit: cz4ct54 [1], xiangyix105 [2]
ohc-file-size: 121254
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image\012- data
Size:   121254
Md5:    ba14fd72ae318e11cb88b546c117c21e
Sha1:   ed9a3c02274bb2ee853dbe8780467360b80a808f
Sha256: 93941c0d811bbdba3a24a2f189ee77e90434c79be61c57230e9252d2871cdf58
                                        
                                            GET /it/u=1362541264,1232285913&fm=253&fmt=auto&app=138&f=JPEG?w=356&h=500 HTTP/1.1 
Host: img2.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         58.216.66.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 32374
expires: Mon, 06 Feb 2023 08:30:03 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: c77c4c53d5576de26308b06f9b96e095
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 08:30:03 GMT
ohc-cache-hit: cz4ct59 [1], suzix208 [4]
ohc-file-size: 32374
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 356x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   32374
Md5:    c77c4c53d5576de26308b06f9b96e095
Sha1:   ce7012511516905b7ab67cb28273edeb0cc07743
Sha256: 9d56d3f262f64cfda02977e8ccae1cf0e1ba735d6654ba83139a27051b2a101a
                                        
                                            GET /it/u=968959547,2431699162&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1 
Host: t15.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         185.10.104.124
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 28002
Connection: keep-alive
Expires: Wed, 08 Feb 2023 00:41:49 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 394971b8027d37036b26615cf8659243
Age: 1142718
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 00:41:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache51 [4], xiangyix182 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 28002
X-Cache-Status: HIT
Timing-Allow-Origin: *


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size:   28002
Md5:    394971b8027d37036b26615cf8659243
Sha1:   f9cf1766231d40ca15f55a77a1c304c6d536ea6a
Sha256: e4ed4dc5152e41c494afdeefb05f45fb33771197085fdad2f35671b0cb938061
                                        
                                            GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16693.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Date: Wed, 25 Jan 2023 03:02:06 GMT
Etag: 1f3dcbfa9d9def3a04e5a18e48fa52f2
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=14A877B48198CAC6; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800


--- Additional Info ---
Magic:  ASCII text, with very long lines (633)
Size:   11271
Md5:    f340976d19cec208c568e3569c54bb47
Sha1:   3d7baad74ffbf4b48e02ea2dbd98d4a877adf9e8
Sha256: 9b675700fb4bcfe69bd6137b6cb40a4e3f6fffb595da022adad42728243a43cf
                                        
                                            GET /it/u=57841799,4260223041&fm=253&fmt=auto?w=500&h=805 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         111.225.213.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 26840
expires: Sat, 04 Feb 2023 08:11:42 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 05043cf05c62c1a674a11424dcfe842b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 05 Jan 2023 08:11:42 GMT
ohc-cache-hit: lf6ct78 [1], wzix110 [2]
ohc-file-size: 26840
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 500x805, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   26840
Md5:    05043cf05c62c1a674a11424dcfe842b
Sha1:   46fc3edf8d33bf06f3d8c4bd0bd9dbd96c343c45
Sha256: ec6e0580e59609bc9821acf6dd00c361b101d41c850449e74e87f42b9de4feec
                                        
                                            GET /it/u=4167799717,3525246137&fm=253&fmt=auto&app=138&f=JPEG?w=375&h=500 HTTP/1.1 
Host: img0.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         113.219.142.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 29436
expires: Mon, 20 Feb 2023 12:38:46 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ccd89cac3843a72f75cb01e03acb1ced
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:38:46 GMT
ohc-cache-hit: chenzct72 [1], czix72 [2]
ohc-file-size: 29436
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 375x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   29436
Md5:    ccd89cac3843a72f75cb01e03acb1ced
Sha1:   950b28fd56220b98bbecd6f901a8a432976d40b0
Sha256: b06c0406c860de692eee3263fca72fcf9ed9a46c58590b812ca79f5448c0383e
                                        
                                            GET /it/u=2631872643,539594493&fm=253&fmt=auto&app=138&f=JPEG?w=950&h=500 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         111.225.213.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 25794
expires: Wed, 22 Feb 2023 03:01:14 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: abdb1cc083590be2fa9efb6975793925
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:01:14 GMT
ohc-cache-hit: lf6ct57 [1], czix119 [4]
ohc-file-size: 25794
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 950x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   25794
Md5:    abdb1cc083590be2fa9efb6975793925
Sha1:   adc1b843367052300c6c9191a0f90468c3a99aec
Sha256: ed56ec61e1bce16f91a2818529a0ca60c07af7841e4a4b8094010e5cb068c68c
                                        
                                            GET /it/u=3053061917,372692374&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500 HTTP/1.1 
Host: img0.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         113.219.142.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 20170
expires: Mon, 20 Feb 2023 08:17:48 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: c15a720f7109bc5dacbce07f946514c9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 08:17:48 GMT
ohc-cache-hit: chenzct72 [1], czix115 [2]
ohc-file-size: 20170
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 281x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   20170
Md5:    c15a720f7109bc5dacbce07f946514c9
Sha1:   cabf3b7b1d9d53bdc67dcea34f3b54f2705567a7
Sha256: bad362e4f967d3ac9172e2231f0ffa3a0878d0a9e78452302aa443315ce24e9f
                                        
                                            GET /it/u=1690274892,2625327171&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=462 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         110.185.186.35
HTTP/1.1 200 OK
Content-Type: image/webp
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 23810
Connection: keep-alive
Expires: Mon, 30 Jan 2023 14:19:56 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 9665b076aa219b2a8d3f30ccc6ffe9bf
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 31 Dec 2022 14:19:56 GMT
Ohc-Cache-HIT: cd2ct63 [1], csix63 [4]
Ohc-File-Size: 23810
X-Cache-Status: MISS


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 500x462, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   23810
Md5:    9665b076aa219b2a8d3f30ccc6ffe9bf
Sha1:   6e00177e534506da591ee67ebcd7a8340a6e7ab8
Sha256: a869b1fe5f7a2bc2a35be666c9da699205a6bcf657ecbcc3550504eeb63fbfb0
                                        
                                            GET /it/u=3602790367,1542241447&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1 
Host: img2.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         58.216.66.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 41106
expires: Wed, 08 Feb 2023 10:18:42 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 1e11b8ae1ecec72a354bd4ef0fa48b5d
age: 517683
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 10:18:42 GMT
ohc-cache-hit: cz4ct67 [4], csix101 [2]
ohc-file-size: 41106
x-cache-status: HIT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   41106
Md5:    1e11b8ae1ecec72a354bd4ef0fa48b5d
Sha1:   e51fce99e17ad33f0c801289a617bd92367e9195
Sha256: 1f553ea77a97f093cf8c7cf4c4d73f63b778df01dd334771919c330bb8022d18
                                        
                                            GET /it/u=4204260096,1923555828&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=539 HTTP/1.1 
Host: img2.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         58.216.66.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 44782
expires: Wed, 22 Feb 2023 19:09:27 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 1d81cd779ad0c71f0e47fb96ea7f347b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 19:09:27 GMT
ohc-cache-hit: cz4ct68 [1], bdix183 [2]
ohc-file-size: 44782
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 500x539, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   44782
Md5:    1d81cd779ad0c71f0e47fb96ea7f347b
Sha1:   1172c0e7247e5c345206f0352a6d4c2a2a188820
Sha256: ff3a789b5beec7674b2c4fc04d4c85c5bbcd98ae1525d812ab77f403fad62084
                                        
                                            GET /it/u=3353001573,3703188798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688 HTTP/1.1 
Host: img0.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         113.219.142.35
HTTP/2 200 OK
content-type: image/webp
                                        
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 03:02:06 GMT
content-length: 38608
expires: Sun, 19 Feb 2023 20:55:02 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: b34da9f1967d287640bc694e4ab8a586
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 20:55:02 GMT
ohc-cache-hit: chenzct69 [1], suzix111 [4]
ohc-file-size: 38608
x-cache-status: MISS
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 500x688, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   38608
Md5:    b34da9f1967d287640bc694e4ab8a586
Sha1:   d329d067bc17cfd87f77e2efeefb51c2fb6e1fe6
Sha256: 422f3018723bc1e6f81d9a9d5c66e2f12162a5b0eaf1168f522d49702a586097
                                        
                                            GET /it/u=3204007935,2412746479&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         111.225.213.35
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 103302
Connection: keep-alive
Expires: Thu, 26 Jan 2023 07:16:14 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 49f6dd2074ee242bb0da96d5f61a6ecb
Age: 1219157
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 27 Dec 2022 07:16:14 GMT
Ohc-Cache-HIT: lf6ct82 [4], suzix232 [4]
Ohc-File-Size: 103302
X-Cache-Status: HIT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size:   103302
Md5:    49f6dd2074ee242bb0da96d5f61a6ecb
Sha1:   2413fcc31b6445827d274c083460d2a9c3c628fd
Sha256: 915a4bb2b07c576f8c15b5d381ec0030e01ff5c025ccecacb507205cbead59e1
                                        
                                            GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=220566408&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=65405&r=0&ww=1280&u=http%3A%2F%2F16693.url.tudown.com%2Fxiaz%2F%25E8%25B6%2585%25E6%2598%259F%25E5%25AD%25A6%25E4%25B9%25A0%25E9%2580%259A%25E7%2594%25B5%25E8%2584%2591%25E7%2589%2588v3.0%40212_197675.exe&tt=%E5%8F%91%E5%BD%A9%E7%BD%91%E5%BF%AB%E4%B8%89(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD HTTP/1.1 
Host: hm.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16693.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         103.235.46.191
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Date: Wed, 25 Jan 2023 03:02:06 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=8F0450AC9B4C4EBF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    ad4b0f606e0f8465bc4c4c170b37e1a3
Sha1:   50b30fd5f87c85fe5cba2635cb83316ca71250d7
Sha256: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
                                        
                                            GET /it/u=170427542,2244280239&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1 
Host: img1.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         110.185.186.35
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 74151
Connection: keep-alive
Expires: Sat, 11 Feb 2023 11:09:57 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 69af2d29ce689edc06d3fd9650c24cf2
Age: 317586
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 11:09:57 GMT
Ohc-Cache-HIT: cd2ct62 [4], qdix236 [4]
Ohc-File-Size: 74151
X-Cache-Status: HIT


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size:   74151
Md5:    69af2d29ce689edc06d3fd9650c24cf2
Sha1:   a88518fca1ceedf0f28de8a137e5f70a86cc9171
Sha256: 0f1301877495e34923a1dd930be87fc1a52c169052f9e4e63f15d39d6f6300a0
                                        
                                            GET /it/u=3324626083,3198221996&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1 
Host: img2.baidu.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive

search
                                         58.216.66.35
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 03:02:06 GMT
Content-Length: 75055
Connection: keep-alive
Expires: Sun, 05 Feb 2023 07:16:06 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 005afecc616978809d18332cbe82b358
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 07:16:06 GMT
Ohc-Cache-HIT: cz4ct59 [1], qdix59 [2]
Ohc-File-Size: 75055
X-Cache-Status: MISS


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size:   75055
Md5:    005afecc616978809d18332cbe82b358
Sha1:   59e3bf35fb072e2f4f76b352e1189d51e38106c7
Sha256: f5813d9e99e6f30eef70d2445a6937f68f122b0196779fa608102794168c1879
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: 16693.url.tudown.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E8%B6%85%E6%98%9F%E5%AD%A6%E4%B9%A0%E9%80%9A%E7%94%B5%E8%84%91%E7%89%88v3.0@212_197675.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1674615725; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1674615725

search
                                         154.218.151.71
HTTP/1.1 200 OK
Content-Type: image/x-icon
                                        
Server: nginx
Date: Wed, 25 Jan 2023 03:02:07 GMT
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes