r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Sat, 04 Feb 2023 07:36:19 GMT
Date: Sat, 04 Feb 2023 05:13:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16384
Expires: Sat, 04 Feb 2023 09:46:47 GMT
Date: Sat, 04 Feb 2023 05:13:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:36:13 GMT
content-type: application/json
age: 2250
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7012
Expires: Sat, 04 Feb 2023 07:10:35 GMT
Date: Sat, 04 Feb 2023 05:13:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 34Vpso3GjIz2oAjRhk9RtbNS6KLcaVjrDcWZRBxy4VoPBEGYvYJQBlq0OPmSVY5odnaGNFcBCOI=
x-amz-request-id: KQ2PBT8G40Z8Z0EP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 04:52:42 GMT
age: 1261
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 05:13:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 04:49:07 GMT
age: 1477
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
12254.url.tudown.com/down/wbjj_2.81@376_426.exe
154.218.151.71200 OK 6.5 kB URL HTTP/1.1 12254.url.tudown.com/down/wbjj_2.81@376_426.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (303), with CRLF, LF line terminators
Hash 6dcebe8356c577a5d789bb08179bba14
3b5488c258499c3887e7cf119ea49232fe0e6b63
d094fdb8eaa8049306f15503e064d0f33f926128234f66a48089ddf99e0d8797
Analyzer Verdict Alert fortinet Malware
GET /down/wbjj_2.81@376_426.exe HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21379
Expires: Sat, 04 Feb 2023 11:10:03 GMT
Date: Sat, 04 Feb 2023 05:13:44 GMT
Connection: keep-alive
push.services.mozilla.com/
52.26.56.94101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.26.56.94:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SfeZ5WQCACkVwVjujjK+Kg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B3L5yUS3cjIvfSYW1XrhdrV4ofM=
12254.url.tudown.com/template/company/42xz/css/common.css
154.218.151.71200 OK 1.9 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/css/common.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 625ff65f2c44178957f32d288dd56ddf
cb918d56e4595594c56cab503ed56f84379e862d
2436857c00ba0ab148e7c16f63712844f5bb62e23379751d6dddd82abe667ac5
GET /template/company/42xz/css/common.css HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea53-1ccb"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12254.url.tudown.com/template/company/42xz/css/soft.css
154.218.151.71200 OK 6.6 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/css/soft.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 669589d0ffba3898ecf26c242eaed555
f6a564b66491cf102d5961fb95294d84192c9f11
00947ca9960fa7f5ad71c5f5343ded6e595dec626a9da917da58305fdc98e356
GET /template/company/42xz/css/soft.css HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea55-6438"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12254.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 531 B URL HTTP/1.1 12254.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12254.url.tudown.com/template/company/42xz/js/soft.js
154.218.151.71200 OK 3.6 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/js/soft.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 67be5352d7d3355ae57faad8a6221355
30f4a9a4a3dede0d2d72725ffa28958f45053e7e
1a59b7c5be683676fa54951bf4129899c3980e78c1f956c287f7cc0c001a857d
Analyzer Verdict Alert fortinet Malware
GET /template/company/42xz/js/soft.js HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea5a-26b2"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12254.url.tudown.com/uploads/images/554885.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/554885.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/554885.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80
12254.url.tudown.com/uploads/images/183794.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/183794.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/183794.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500
12254.url.tudown.com/uploads/images/967446.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/967446.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/967446.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12254.url.tudown.com/template/company/42xz/images/tab_line.png
154.218.151.71200 OK 1.2 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/images/tab_line.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 190 x 7\012- data
Hash 4c54d42f73e777c70b63b1854b994bb5
6b751c2e611f485d04805ccc3ef84ba5c7868775
b86451a9f18cc0bffd106863661cecbc4abc2364f2898e3bc0796992f3ebbd06
GET /template/company/42xz/images/tab_line.png HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/template/company/42xz/css/soft.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/png
Content-Length: 1155
Last-Modified: Thu, 05 Nov 2020 12:04:39 GMT
Connection: keep-alive
ETag: "5fa3ea57-483"
Accept-Ranges: bytes
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash fc91044ea257e54846f8dd907b48d29e
6d2231e05dabe5ee55f8dbf8687d7b7a92c25d64
8e77e1a87ab035ed1affd01159d1c899e46d7c247d0bc085dd57d1b1c6fed830
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E77E1A87AB035ED1AFFD01159D1C899E46D7C247D0BC085DD57D1B1C6FED830"
Last-Modified: Thu, 02 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8122
Expires: Sat, 04 Feb 2023 07:29:07 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive
12254.url.tudown.com/uploads/images/logo.png?n=5gkknznxt3s3raxgswm6ravs46tzdzukqdsyrnxjqcqolduc&w=250
154.218.151.71200 OK 3.5 kB URL HTTP/1.1 12254.url.tudown.com/uploads/images/logo.png?n=5gkknznxt3s3raxgswm6ravs46tzdzukqdsyrnxjqcqolduc&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash cb93d63fadd85c40af4d089658f71e93
c48c3bd2f56a89707f8d997b94b484c0494a3937
34542b8ff46ed591ded5537eaffe78f76a90f083249cd849ec93c9625eb9d68f
GET /uploads/images/logo.png?n=5gkknznxt3s3raxgswm6ravs46tzdzukqdsyrnxjqcqolduc&w=250 HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
ocsp.globalsign.com/gsrsaovsslca2018
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.20.226:0
Hash c45b5d23d78c603a4f679957cc907c55
c0c6131e462224b19bf52c269ffda26be7dcc3ce
7acbb574f2c3ce64da98b8bf9e8af19ba063535e4cbf9fadaf803c34381178dd
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:09:39 GMT
ETag: "c0c6131e462224b19bf52c269ffda26be7dcc3ce"
Last-Modified: Sat, 04 Feb 2023 04:09:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 127
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940eb3bab4eb509-OSL
12254.url.tudown.com/uploads/images/678448.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/678448.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/678448.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
12254.url.tudown.com/uploads/images/30797.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/30797.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/30797.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500
12254.url.tudown.com/uploads/images/347638.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/347638.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/347638.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800
12254.url.tudown.com/uploads/images/921801.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/921801.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/921801.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500
12254.url.tudown.com/template/company/42xz/js/jquery.js
154.218.151.71200 OK 46 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/js/jquery.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (65479), with CRLF line terminators
Hash 49fcb7f2a26c0656e22b75bfe591667f
f277ecd02517fc0f243fd9d882178473d4def06b
9ee94398fbe5a57c715dfdfe1b8d05ea964dd9947dba57dad68ee38ea381a2be
Analyzer Verdict Alert fortinet Malware
GET /template/company/42xz/js/jquery.js HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea62-1d491"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 25404
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 25372
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 26808
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 25404
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 24189
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 25404
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
12254.url.tudown.com/uploads/images/734015.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/734015.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/734015.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500
12254.url.tudown.com/uploads/images/142300.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/142300.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/142300.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
12254.url.tudown.com/uploads/images/561501.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/561501.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/561501.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800
12254.url.tudown.com/uploads/images/618345.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/618345.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/618345.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
12254.url.tudown.com/uploads/images/601228.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/601228.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/601228.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889
12254.url.tudown.com/uploads/images/684934.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/684934.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/684934.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
push.zhanzhang.baidu.com/push.js
182.61.201.94200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.94:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 05:13:46 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 05:13:46 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=1AA16AB2576358EDA83A816F6C2477DD:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 05:13:46 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
12254.url.tudown.com/uploads/images/819954.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/819954.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/819954.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
12254.url.tudown.com/uploads/images/775736.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/775736.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/775736.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
12254.url.tudown.com/uploads/images/535187.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/535187.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/535187.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
12254.url.tudown.com/uploads/images/332495.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/332495.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/332495.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
12254.url.tudown.com/uploads/images/296953.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/296953.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/296953.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738
12254.url.tudown.com/uploads/images/823236.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/823236.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/823236.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
12254.url.tudown.com/uploads/images/472259.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/472259.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/472259.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
12254.url.tudown.com/uploads/images/559545.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/559545.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/559545.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185
12254.url.tudown.com/uploads/images/24064.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/24064.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/24064.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800
12254.url.tudown.com/uploads/images/591551.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/591551.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/591551.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350
12254.url.tudown.com/uploads/images/415426.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/415426.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/415426.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500
12254.url.tudown.com/uploads/images/685146.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/685146.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/685146.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888
api.share.baidu.com/s.gif?l=http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
182.61.240.101200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
IP 182.61.240.101:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 05:13:46 GMT
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 265996de9b0f944ebdfef273d3f661d8
9d1dbcea0a3ae99571386d5b62c7ca85bbc8f0de
3a8a224564d0318d08540c1f0e1fb5207513c556e1bbe7aa07d689ba4bc296dd
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12254.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 05:13:46 GMT
Etag: 9f5cd0590de2a12de47209c29501544a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=7D781B95C4948015; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
12254.url.tudown.com/uploads/images/39939.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/39939.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/39939.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 3638d10ba38437c046548f36f6705e84
2923c83653a9927b95e5ab32b5d39827756b8a87
2a41ab245dc91b8b6070dda51dae266832c86d0513a7a401da84daeb37270f57
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 02:06:28 GMT
ETag: "2923c83653a9927b95e5ab32b5d39827756b8a87"
Last-Modified: Sat, 04 Feb 2023 02:06:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2510
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940eb452bc5b4f1-OSL
12254.url.tudown.com/template/company/42xz/images/dian2.png
154.218.151.71200 OK 1.1 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/images/dian2.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 4 x 4\012- data
Hash 3cb1caaf45a919b2028a853add556aa8
c8b93e13049ae31ad5dcb2d267c8b3ee6a4466e8
039b652744162c3c599998f28f50e7154d297ce5028e7e4954f7d7354c5374a1
GET /template/company/42xz/images/dian2.png HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/template/company/42xz/css/soft.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/png
Content-Length: 1106
Last-Modified: Thu, 05 Nov 2020 12:04:53 GMT
Connection: keep-alive
ETag: "5fa3ea65-452"
Accept-Ranges: bytes
img2.baidu.com/it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500
58.42.14.35200 OK 32 kB URL HTTP/1.1 img2.baidu.com/it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 54x54, segment length 16, baseline, precision 8, 800x500, components 3\012- data
Hash 5089989d7200a8d19a150590604f43c9
0ad2a79ce9c1492b010b759552fa84a18be6ce58
f555372ff468a451f267ed59495382e0e69835f3b37a6c1a093922c3d40893af
GET /it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 31518
Connection: keep-alive
Expires: Sat, 18 Feb 2023 04:48:42 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 5089989d7200a8d19a150590604f43c9
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 04:48:42 GMT
Ohc-Cache-HIT: gyct62 [1], xiangyix187 [2]
Ohc-File-Size: 31518
X-Cache-Status: MISS
12254.url.tudown.com/template/company/42xz/images/dian1.png
154.218.151.71200 OK 1.1 kB URL HTTP/1.1 12254.url.tudown.com/template/company/42xz/images/dian1.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 4 x 4\012- data
Hash de5d5d1c8fb00bc14f9512dd323b9ed8
9c7c5df21afb7b686932c96ecf7877e1e6adf243
982f48c65cf01077b0606401f082c15ee15f183903d5170f06d0bb3ae3b9b685
GET /template/company/42xz/images/dian1.png HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/template/company/42xz/css/soft.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/png
Content-Length: 1110
Last-Modified: Thu, 05 Nov 2020 12:04:54 GMT
Connection: keep-alive
ETag: "5fa3ea66-456"
Accept-Ranges: bytes
img0.baidu.com/it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889
113.219.142.35200 OK 33 kB URL HTTP/2 img0.baidu.com/it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d3d6c2929d8703357ec570237cec6945
bcadc2a669715232d2a3f36b0614d9f6360cd07e
0f21ac1108a557d9c6760b2418f45ee79d4911c8f08c7ae0911a3060697ae2da
GET /it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 32912
expires: Sat, 04 Feb 2023 11:50:32 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: d3d6c2929d8703357ec570237cec6945
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 05 Jan 2023 11:50:32 GMT
ohc-cache-hit: chenzct58 [1], xaix58 [2]
ohc-file-size: 32912
x-cache-status: MISS
X-Firefox-Spdy: h2
12254.url.tudown.com/uploads/images/558779.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/558779.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/558779.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
img1.baidu.com/it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800
58.42.14.35200 OK 54 kB URL HTTP/2 img1.baidu.com/it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b97692d496f4f007822b09935bf6314c
a0648fd7d513f35a3581d554e206fdcd9281e248
589c3498284fa1fd8ef0fff5b4076f8d04dd1268823028d6e9650385d56fc7b1
GET /it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 53998
expires: Sun, 26 Feb 2023 08:12:31 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: b97692d496f4f007822b09935bf6314c
age: 246455
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 08:12:31 GMT
ohc-cache-hit: gyct59 [4], qdix202 [2]
ohc-file-size: 53998
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
58.42.14.35200 OK 7.1 kB URL HTTP/2 img1.baidu.com/it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bfbab4d4224ac5d371e7fc85cd27a2ee
b01046f0dfba4a2cdd0c02a4b8d119bca18c58b9
12630eb0b118e643e5ff2991501d9854942ea89ad11149e472825e86195f267f
GET /it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 7098
expires: Tue, 21 Feb 2023 04:47:17 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: bfbab4d4224ac5d371e7fc85cd27a2ee
age: 252825
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:47:17 GMT
ohc-cache-hit: gyct58 [4], xaix184 [4]
ohc-file-size: 7098
x-cache-status: HIT
X-Firefox-Spdy: h2
12254.url.tudown.com/uploads/images/21251.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/21251.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/21251.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
12254.url.tudown.com/uploads/images/399703.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/399703.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/399703.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500
img2.baidu.com/it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800
58.42.14.35200 OK 133 kB URL HTTP/1.1 img2.baidu.com/it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 133 kB (132966 bytes)
Hash 6957f2e61e5abf5b2333eb150ad325ad
da2754341b52683c5c459c0d673dea83757f2a58
4bed472fa6e07f18e3c611fa60d5043cb5391dcaf50d423106063af74bea39eb
GET /it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 132966
Connection: keep-alive
Expires: Sun, 26 Feb 2023 09:50:04 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 6957f2e61e5abf5b2333eb150ad325ad
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 09:50:04 GMT
Ohc-Cache-HIT: gyct52 [1], xiangyix238 [4]
Ohc-File-Size: 132966
X-Cache-Status: MISS
img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
58.42.14.35200 OK 111 kB URL HTTP/1.1 img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 111 kB (111157 bytes)
Hash 8f1fb5b2ead96639354dcdcd82a255a6
a587768d2d02dc3404034d2c5abdb53fbec97327
4055c62c892a58617e991a9b5191e28d4d9eabc58ffc3e65db3cdc61b5ea83c3
GET /it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 111157
Connection: keep-alive
Expires: Sun, 26 Feb 2023 11:36:48 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 8f1fb5b2ead96639354dcdcd82a255a6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 11:36:48 GMT
Ohc-Cache-HIT: gyct57 [1], qdix99 [4]
Ohc-File-Size: 111157
X-Cache-Status: MISS
img2.baidu.com/it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
58.42.14.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a6d0fd985e2296b747a1295acf3d5e04
a1428023681174f8ff8c3c67ae6ab9b0aa3a4e40
e90e94664733e2b3d955d2c0f52ce9ad424c94ad0251cf4687746968555265d2
GET /it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 30190
expires: Mon, 20 Feb 2023 03:13:43 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: a6d0fd985e2296b747a1295acf3d5e04
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 03:13:43 GMT
ohc-cache-hit: gyct57 [1], xaix144 [4]
ohc-file-size: 30190
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500
113.219.142.35200 OK 24 kB URL HTTP/2 img0.baidu.com/it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 698x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6c7266bbf7045b415fb295d332ae9360
0a6ccbc39caf20d638c256566ed74ffac87e78c9
ff4e04d02d26661ace6d7b8e8440b3051a876d3dd9f20998e50b97f62b82fb02
GET /it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 24090
expires: Sun, 19 Feb 2023 09:58:01 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6c7266bbf7045b415fb295d332ae9360
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 09:58:01 GMT
ohc-cache-hit: chenzct61 [1], qdix104 [4]
ohc-file-size: 24090
x-cache-status: MISS
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0<=1675487661&rnd=82894070&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=19851&r=0&ww=1280&u=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&tt=%E5%8D%83%E4%BA%BF%E4%BD%93%E8%82%B2%E5%9B%BD%E9%99%85%E7%BD%91%E9%A1%B5%E7%89%88%E5%AE%98%E7%BD%91(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0<=1675487661&rnd=82894070&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=19851&r=0&ww=1280&u=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&tt=%E5%8D%83%E4%BA%BF%E4%BD%93%E8%82%B2%E5%9B%BD%E9%99%85%E7%BD%91%E9%A1%B5%E7%89%88%E5%AE%98%E7%BD%91(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0<=1675487661&rnd=82894070&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=19851&r=0&ww=1280&u=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&tt=%E5%8D%83%E4%BA%BF%E4%BD%93%E8%82%B2%E5%9B%BD%E9%99%85%E7%BD%91%E9%A1%B5%E7%89%88%E5%AE%98%E7%BD%91(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12254.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 05:13:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=AB0BAE3F0CDE5080; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img2.baidu.com/it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
58.42.14.35200 OK 11 kB URL HTTP/2 img2.baidu.com/it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a4aa2ac918ef8fca5c25eb434f3368be
3a7634868662ce04ff34afa847e1e80c402528f4
9193d2181079337551f5f436ab83b4f6a494ea2c476d92014e92f74383f8c3aa
GET /it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 10718
expires: Tue, 28 Feb 2023 02:34:38 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: a4aa2ac918ef8fca5c25eb434f3368be
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 02:34:38 GMT
ohc-cache-hit: gyct55 [1], wzix55 [4]
ohc-file-size: 10718
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
58.42.14.35200 OK 47 kB URL HTTP/2 img2.baidu.com/it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x750, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dfe387bf9df4a75ed5949b20d004ac2c
458cedc789eafe733238ed572ddd0648e994bd5f
22ef144115a5f66d282e8a6fa28de8565891ce86553adeb59fea38a0d9747aee
GET /it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 46982
expires: Fri, 10 Feb 2023 09:53:27 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: dfe387bf9df4a75ed5949b20d004ac2c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 09:53:27 GMT
ohc-cache-hit: gyct53 [1], bdix75 [4]
ohc-file-size: 46982
x-cache-status: MISS
X-Firefox-Spdy: h2
12254.url.tudown.com/uploads/images/643843.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/643843.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/643843.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
12254.url.tudown.com/uploads/images/361278.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/361278.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/361278.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500
12254.url.tudown.com/uploads/images/229011.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/229011.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/229011.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800
12254.url.tudown.com/uploads/images/157561.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/157561.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/157561.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093
12254.url.tudown.com/uploads/images/410222.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/410222.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/410222.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320
12254.url.tudown.com/uploads/images/628013.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/628013.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/628013.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
img2.baidu.com/it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
58.42.14.35200 OK 13 kB URL HTTP/2 img2.baidu.com/it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6d89be96a37685d522e9f1a40d577bd4
b04078465c6ee483d984f363cb96d76129683d89
7da07d8e12970ae589224e3db7814087dd92a37da189b7f670771aaff9572ecb
GET /it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 13402
expires: Mon, 20 Feb 2023 11:49:21 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6d89be96a37685d522e9f1a40d577bd4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 11:49:21 GMT
ohc-cache-hit: gyct53 [1], bdix99 [4]
ohc-file-size: 13402
x-cache-status: MISS
X-Firefox-Spdy: h2
s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
180.97.251.250200 OK 20 B URL HTTP/2 s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
IP 180.97.251.250:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /z_stat.php?id=1275003130&web_id=1275003130 HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12254.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 04:56:36 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 04:56:36 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675486596
via: cache18.l2ea120-8[76,75,200-0,M], cache10.l2ea120-8[77,0], cache8.cn2205[0,0,200-0,H], cache17.cn2205[0,0]
age: 1031
x-cache: HIT TCP_MEM_HIT dirn:13:686460848
x-swift-savetime: Sat, 04 Feb 2023 04:56:36 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb2d16754876274186843e
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738
58.42.14.35200 OK 86 kB URL HTTP/2 img2.baidu.com/it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x738, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3a3ffea956f030d83d9224974ff9ec8d
cc07c6663ab39ed41162f5f6e1b1f4431a699e9d
1c969b90f7ec310d85649f6c1d8095544952fcbe32141a60518e7def28915078
GET /it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 86356
expires: Mon, 20 Feb 2023 16:50:07 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3a3ffea956f030d83d9224974ff9ec8d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 16:50:07 GMT
ohc-cache-hit: gyct55 [1], xaix142 [2]
ohc-file-size: 86356
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
58.42.14.35200 OK 169 kB URL HTTP/2 img1.baidu.com/it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 169 kB (169248 bytes)
Hash 73e1585e5b466e164884416a591e19df
850ef35db0dee44fb574aff2fd57b3ad21c4d48b
1fc4e79fc7375abc9f80b058acd41514abcf0c5b73366ad5c02e5ea2a9c809b4
GET /it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 169248
expires: Mon, 20 Feb 2023 12:47:58 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 73e1585e5b466e164884416a591e19df
age: 508604
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:47:58 GMT
ohc-cache-hit: gyct51 [4], czix51 [2]
ohc-file-size: 169248
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
58.42.14.35200 OK 13 kB URL HTTP/2 img1.baidu.com/it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 501x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6a4e7a1c36f2c0d72d35bb33ec8ac2b2
8a27450a0cbc6d0f3d78744144191fc2d0101096
a24e01b11609b71914b7a8d98501b2ee630bb56fcd505eab18112cd02e3aa037
GET /it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 12764
expires: Wed, 22 Feb 2023 03:01:45 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6a4e7a1c36f2c0d72d35bb33ec8ac2b2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:01:45 GMT
ohc-cache-hit: gyct53 [1], czix122 [4]
ohc-file-size: 12764
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
58.42.14.35200 OK 25 kB URL HTTP/2 img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x709, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f8793bfa2048bf86a6d266ef085b473d
2000c9229d9411a7199adf5dc8a2654194625195
636145cbfc4909793c68b91ab9b6372833f8af6a2f14da0af9c10d4af1dec43f
GET /it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 24992
expires: Wed, 08 Feb 2023 07:42:21 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: f8793bfa2048bf86a6d266ef085b473d
age: 224139
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 07:42:21 GMT
ohc-cache-hit: gyct53 [4], csix105 [4]
ohc-file-size: 24992
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625
58.42.14.35200 OK 24 kB URL HTTP/2 img2.baidu.com/it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x625, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3358e7cad959daf09840a72727c0a620
0df9dc8cd07338258f99a6910205c3c4f379ed5c
67c45221b8481dd7d1dd56eac92bf175a44c6252003b8a40af6aaf65fc3bc369
GET /it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 23800
expires: Tue, 21 Feb 2023 04:05:42 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3358e7cad959daf09840a72727c0a620
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:05:42 GMT
ohc-cache-hit: gyct60 [1], qdix228 [2]
ohc-file-size: 23800
x-cache-status: MISS
X-Firefox-Spdy: h2
12254.url.tudown.com/uploads/images/255396.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/255396.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/255396.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500
12254.url.tudown.com/uploads/images/321562.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/321562.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/321562.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652
img2.baidu.com/it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
58.42.14.35200 OK 37 kB URL HTTP/2 img2.baidu.com/it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 354b71fb910470dd89860138e9a4ca80
b2d13f89b6cb75c45ab42488c0f2d9657f6d1da5
2e6fe270fb65e7c62e2075b08f2c77fc8d3a0b2d9052084399d7c8cde86062aa
GET /it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 37448
expires: Sat, 18 Feb 2023 04:12:58 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 354b71fb910470dd89860138e9a4ca80
age: 503018
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:12:58 GMT
ohc-cache-hit: gyct53 [4], bdix131 [2]
ohc-file-size: 37448
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
58.42.14.35200 OK 78 kB URL HTTP/1.1 img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Hash 3f627da4715c157c0150ba931e0a8d03
3ec5a73fdde813cc012398269f5a37c9ae93579c
802331d20c57ae22f6828d220d430e5e9efea2c65f2024a2175e4e1fe67bc6c4
GET /it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpeg
Content-Length: 77939
Connection: keep-alive
Expires: Thu, 23 Feb 2023 06:18:05 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 3f627da4715c157c0150ba931e0a8d03
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 06:18:05 GMT
Ohc-Cache-HIT: gyct62 [1], suzix117 [4]
Ohc-File-Size: 77939
X-Cache-Status: MISS
12254.url.tudown.com/uploads/images/309462.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/309462.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/309462.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
img1.baidu.com/it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800
58.42.14.35200 OK 201 kB URL HTTP/1.1 img1.baidu.com/it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 201 kB (200623 bytes)
Hash 0d030410dc2819a5b79fa3ce810ab535
6a47c5efbc65b1138e3a23901c14747b7b3dfc2f
8fd8ba6ac2300c1c1f7e3aa5d115839ed794cd87005a4aa555b2448ac209669a
GET /it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 200623
Connection: keep-alive
Expires: Thu, 02 Mar 2023 16:37:38 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 0d030410dc2819a5b79fa3ce810ab535
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 16:37:38 GMT
Ohc-Cache-HIT: gyct57 [1], csix97 [2]
Ohc-File-Size: 200623
X-Cache-Status: MISS
12254.url.tudown.com/uploads/images/424598.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/424598.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/424598.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500
12254.url.tudown.com/uploads/images/407797.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/407797.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/407797.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374
12254.url.tudown.com/uploads/images/25534.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12254.url.tudown.com/uploads/images/25534.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/25534.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
58.42.14.35200 OK 159 kB URL HTTP/2 img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x831, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 159 kB (159164 bytes)
Hash 6e3aa246b3d6e3975ee83e684a6eb956
e2d068e9430752589a9676aaa634d61901e21dd7
8f22dcd63160447b55dfc7b342b55ce13a70ca3574d1872358a0c7376f9c1954
GET /it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 159164
expires: Wed, 01 Mar 2023 12:41:13 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 6e3aa246b3d6e3975ee83e684a6eb956
age: 246672
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 12:41:13 GMT
ohc-cache-hit: gyct59 [4], qdix64 [4]
ohc-file-size: 159164
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
58.42.14.35200 OK 31 kB URL HTTP/2 img2.baidu.com/it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b8069a921bfa89cb9382ebbc4727fb4
c3ceb7c8653ae14230c1314ffcb45116d49ce4b4
b3b6064c928ebd5438b60dfd22a900bfd196ffd1347a3102f04c4e728ce6de0d
GET /it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 31100
expires: Sat, 18 Feb 2023 02:11:49 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 7b8069a921bfa89cb9382ebbc4727fb4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 02:11:49 GMT
ohc-cache-hit: gyct62 [1], xaix210 [4]
ohc-file-size: 31100
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888
58.42.14.35200 OK 46 kB URL HTTP/2 img1.baidu.com/it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x888, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e241dada51193a89a6a63ae7fa156986
b6c14a2c8448ece8ab92b9c1a4dedef2f47b0f16
a17db92fa61772580ee837f8d86ea64c50f5217b173cfdf19779ea6b40f8e058
GET /it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 46162
expires: Sat, 04 Mar 2023 04:10:56 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: e241dada51193a89a6a63ae7fa156986
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 04:10:56 GMT
ohc-cache-hit: gyct60 [1], csix107 [4]
ohc-file-size: 46162
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80
58.42.14.35200 OK 2.9 kB URL HTTP/2 img1.baidu.com/it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 120x80, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f6eb05fb6195170bc9992783b424f690
a598299db282c75a34aaff072aef1f4e61961f6d
4fcff750258ef935f401d1a1abebebb2b7c76fad281e1738e499a9f6a32bc2c2
GET /it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 2898
expires: Tue, 14 Feb 2023 17:53:43 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: f6eb05fb6195170bc9992783b424f690
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 17:53:43 GMT
ohc-cache-hit: gyct59 [1], xaix139 [4]
ohc-file-size: 2898
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185
58.42.14.35200 OK 8.3 kB URL HTTP/2 img1.baidu.com/it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 58ad5a4006ee2b45ccae4ab5edd68029
aed76dfd3b23a3bb35e2ae46786d54958d0cc74a
fc37aa56b42fca4c43330a05f7b6e0915979baf66d6232f70695b1e96e404f9a
GET /it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 8322
expires: Mon, 06 Mar 2023 05:13:47 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 58ad5a4006ee2b45ccae4ab5edd68029
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 05:13:47 GMT
ohc-cache-hit: gyct55 [1], csix73 [2]
ohc-file-size: 8322
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
58.42.14.35200 OK 14 kB URL HTTP/2 img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3994120c8ee26ddd543bb5b842e4e137
fa939c0e7db0a6aa3d216180ecce175a7de4265e
d3c3f03706d10933bfe9500927e5f1bc7f4775b39942a9dc414e977a6e0aeb0d
GET /it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 13528
expires: Mon, 20 Feb 2023 21:52:09 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3994120c8ee26ddd543bb5b842e4e137
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 21:52:09 GMT
ohc-cache-hit: gyct55 [1], czix203 [4]
ohc-file-size: 13528
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320
58.42.14.35200 OK 26 kB URL HTTP/2 img1.baidu.com/it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c24cb4f10d637b41be1d6aef43e5fd7f
c79db2849d25bff62a6481192d21a9230598d35e
a2aede2fba8b39006c3009e090fd013d900483b1e0da0e1f84b22171e952681b
GET /it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 26110
expires: Sun, 19 Feb 2023 02:00:35 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: c24cb4f10d637b41be1d6aef43e5fd7f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 02:00:35 GMT
ohc-cache-hit: gyct55 [1], wzix79 [4]
ohc-file-size: 26110
x-cache-status: MISS
X-Firefox-Spdy: h2
t13.baidu.com/it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350
185.10.104.124200 OK 35 kB URL HTTP/1.1 t13.baidu.com/it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Hash d7ed60a07c0ce5c51176d6b3dca8a50e
a80ccc75f44b586c56eb6994db66700789b84141
514c47821cb0e68ba37a14bc181daacb2a0651b4b62ea79a6e3a6d925d2a512f
GET /it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 34995
Connection: keep-alive
Expires: Sun, 05 Feb 2023 17:42:07 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d7ed60a07c0ce5c51176d6b3dca8a50e
Age: 2014565
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 17:42:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache56 [4], suzix94 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 34995
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800
58.42.14.35200 OK 171 kB URL HTTP/1.1 img2.baidu.com/it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800
IP 58.42.14.35:0
ASN #139203 Guizhou GuiAn IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 171 kB (171181 bytes)
Hash bfe01db57fcab488900f45f01d7c0a53
17f17f4030b44ab9e77a78876c23b2bec902d4a7
48cc0ac10d177811cbde6603c4c90411511b9b7bd908c0b5849cc74aed00dafe
GET /it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpeg
Content-Length: 171181
Connection: keep-alive
Expires: Mon, 27 Feb 2023 12:57:30 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: bfe01db57fcab488900f45f01d7c0a53
Age: 332576
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 12:57:30 GMT
Ohc-Cache-HIT: gyct54 [4], suzix212 [2]
Ohc-File-Size: 171181
X-Cache-Status: HIT
t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
185.10.104.124200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash ee58bc975bdf2da81d2423fa198793db
903380ced71106832c8792c0a57a99dd42ff49d0
7426f646b2d59501b3a598aa5c5d965247bc857253e95fd798f15ac6f1316abd
GET /it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 51923
Connection: keep-alive
Expires: Thu, 23 Feb 2023 21:36:49 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: ee58bc975bdf2da81d2423fa198793db
Age: 874720
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 21:36:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache50 [1], xiangyix218 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51923
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 55 kB URL HTTP/1.1 t13.baidu.com/it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d66b9da71d451b8cf4cfe1c91d8994c7
23a30f1a79f3e6cbfaaab97afde01475a20823c4
e2d68f5ca5ce61e4dc1e2e1512cb1488cf0cadd057c5b8a93cf3f332083d9f7f
GET /it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 55319
Connection: keep-alive
Expires: Thu, 02 Mar 2023 03:29:37 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: d66b9da71d451b8cf4cfe1c91d8994c7
Age: 351851
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 03:29:37 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache56 [1], xiangyix70 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55319
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 40 kB URL HTTP/1.1 t14.baidu.com/it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 54342c7ee310e7e53b4e7f86687e7ecf
9db617b9430cee4bb10df28d24a7b691fedf369d
61ab3c6b8836804a9159bdbb1626e2074dd551183dc18f4d6197789691988f6d
GET /it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 40220
Connection: keep-alive
Expires: Tue, 07 Feb 2023 12:00:40 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 54342c7ee310e7e53b4e7f86687e7ecf
Age: 2015445
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 12:00:40 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache64 [4], xaix188 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 40220
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093
185.10.104.124200 OK 52 kB URL HTTP/1.1 t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 69f46be60272b10aab2918436b83cee9
d1d70dfaf08126eeb5329a29d70a398c50bd9673
c0523ac0b6bd671c82e3d0842b94b42f1a1764e09e8934dd935123f247e38bc4
GET /it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 51976
Connection: keep-alive
Expires: Sun, 12 Feb 2023 08:55:39 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 69f46be60272b10aab2918436b83cee9
Age: 1850868
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 08:55:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache65 [1], suzix207 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51976
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 53 kB URL HTTP/1.1 t13.baidu.com/it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash ad142c8238499d8797688737249cd9d5
3b2787feffbb1e9943937d09bbd94ee23f0d488f
3c82fece0e25eb773ff421de6f2aa8ee8c3d096bd7169d052f63399415bbcb79
GET /it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 53232
Connection: keep-alive
Expires: Fri, 10 Feb 2023 12:06:35 GMT
Last-Modified: Sun, 18 Jan 1970 00:00:00 GMT
ETag: ad142c8238499d8797688737249cd9d5
Age: 2015704
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 12:06:35 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache63 [2], qdix214 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53232
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 52 kB URL HTTP/1.1 t14.baidu.com/it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e1d996c9f866d1e2903825734791f31c
7bb21993554db1834fb12957fb607037de64a6bf
7961500981c8e4199f3a826a409243dd385e4956392c08f60b550c1ff2964d06
GET /it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 52453
Connection: keep-alive
Expires: Fri, 17 Feb 2023 13:35:28 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: e1d996c9f866d1e2903825734791f31c
Age: 1392435
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 13:35:28 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache64 [1], csix89 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 52453
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 54 kB URL HTTP/1.1 t14.baidu.com/it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 8450e5a1e0b31f6c699b13e7e36b542f
1dc410c4ff0c94ecd3729bdeaea8899f1b063ae2
0bd0e6410f5042e5c98db8bb5f77a88ba7e1978ee6414f19c258637d414d3dbc
GET /it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 53620
Connection: keep-alive
Expires: Tue, 21 Feb 2023 02:38:25 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 8450e5a1e0b31f6c699b13e7e36b542f
Age: 358359
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 02:38:25 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache65 [4], qdix122 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53620
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 74 kB URL HTTP/1.1 t13.baidu.com/it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 559e472d04eb1316b2b2d217adf7d505
441141c6a375dfe3e232ace91d34f0d91b9975bb
e8911e4def214849486da58ef8495eb6f5e4e560169409ac06e0e5a017fc6f36
GET /it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 73543
Connection: keep-alive
Expires: Thu, 23 Feb 2023 17:25:32 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 559e472d04eb1316b2b2d217adf7d505
Age: 906496
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 17:25:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], bduncache83 [1], suzix200 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 73543
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 28 kB URL HTTP/1.1 t14.baidu.com/it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 3fc28001dfb6229466c2f702f132da30
5c82d6090de99b8a88efc9d08a37a55cce9be75b
6f5d176f834bcec68c533f0a6652c417abc93d251c5584400e3ca1dbd47435a8
GET /it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 27690
Connection: keep-alive
Expires: Sat, 11 Feb 2023 00:55:15 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 3fc28001dfb6229466c2f702f132da30
Age: 1993761
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 00:55:14 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache51 [4], wzix51 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 27690
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652
113.219.142.35200 OK 44 kB URL HTTP/2 img0.baidu.com/it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x652, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 27b6f8b9467d7822bcc6bf2ebb34e653
6e0dacd474a71c01578e6d8cd9018b68878b4663
a93145ca9501ad7e79918dcb31e71f5d4a941c05283cbcde5a67d914c5aa2d3e
GET /it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 43694
expires: Fri, 24 Feb 2023 12:30:30 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 27b6f8b9467d7822bcc6bf2ebb34e653
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 12:30:29 GMT
ohc-cache-hit: chenzct67 [1], czix132 [4]
ohc-file-size: 43694
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
113.219.142.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0972bc41e7105ea76487b66875289ca1
e6af8771bc789d73c2e4301c4dc948a7b38a0e2a
e71a1ebedea6b9ef20f569101d0e7c589ea4caf1f57f2597e974abf6a93cb013
GET /it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 18538
expires: Wed, 01 Mar 2023 17:24:14 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0972bc41e7105ea76487b66875289ca1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 17:24:14 GMT
ohc-cache-hit: chenzct70 [1], bdix113 [2]
ohc-file-size: 18538
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374
113.219.142.35200 OK 29 kB URL HTTP/2 img0.baidu.com/it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x374, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 82600c0ffe966577d135c700dde4b2fc
beee326947343d8c2ffa21cfa8642a3e8afef04d
a6586ddac57c85e7c13f4ce420ed408a8184815299d7f25f57ca3a182dd60956
GET /it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 28822
expires: Mon, 20 Feb 2023 21:47:39 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 82600c0ffe966577d135c700dde4b2fc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 21:47:39 GMT
ohc-cache-hit: chenzct78 [1], xaix135 [4]
ohc-file-size: 28822
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
113.219.142.35200 OK 48 kB URL HTTP/2 img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 860a3490c3e473908d2e5a561216cf6e
17484c1ad9d5dcd5e2477b4a360765ca747bddb8
e1c95dab56da158e11038817d1322ce0e72cbd3f6d8adceab15418e654f79d73
GET /it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 47814
expires: Fri, 24 Feb 2023 00:59:59 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 860a3490c3e473908d2e5a561216cf6e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 00:59:59 GMT
ohc-cache-hit: chenzct78 [1], bdix214 [2]
ohc-file-size: 47814
x-cache-status: MISS
X-Firefox-Spdy: h2
js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
104.192.110.245200 OK 117 B URL HTTP/1.1 js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
IP 104.192.110.245:0
ASN #55992 Beijing Qihu Technology Company Limited
File type HTML document, ASCII text, with no line terminators
Hash d7c7d923f7e71e0b2a1e52f3f25aee25
8606ce2096c434bbe71f9f1ef0545a8381427c37
db40794d592b2a0f6924d2c38fcabe8901b6f65f59f1bf041d6b5a8f0c4f1cb9
GET /11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d HTTP/1.1
Host: js.passport.qihucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:13:49 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 07:43:20 GMT
Cache-Control: max-age=600
Expires: Sat, 04 Feb 2023 05:23:49 GMT
KCS-Via: HIT from w-fc03.lato;HIT from w-sc01.lato
Content-Encoding: gzip
s5.qhres2.com/static/ab77b6ea7f3fbf79.js
54.230.111.35200 OK 478 B URL HTTP/1.1 s5.qhres2.com/static/ab77b6ea7f3fbf79.js
IP 54.230.111.35:0
File type ASCII text, with very long lines (478), with no line terminators
Hash 5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a
GET /static/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s5.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 478
Connection: keep-alive
Date: Mon, 26 Sep 2022 01:48:25 GMT
X-QSTATIC-HIT: 1
Last-Modified: Mon, 01 Jan 2018 00:00:00 GMT
ETag: W/"b300475a05992239"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Expires: Thu, 23 Sep 2032 01:48:25 GMT
KCS-Via: HIT from w-fc01.lato;MISS from w-sc02.lato
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PWQFW5ne4dKSl8dKsmfXfp0aSnwjed0EinxP5BbHla5tYTKwGDDdTw==
Age: 11330724
12254.url.tudown.com/favicon.ico
154.218.151.71200 OK 0 B URL HTTP/1.1 12254.url.tudown.com/favicon.ico
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776,1675487661; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675487661
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:50 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
s.360.cn/so/zz.gif?url=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a622641_06e733a@91b89.02
171.13.14.66200 OK 0 B URL HTTP/1.1 s.360.cn/so/zz.gif?url=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a622641_06e733a@91b89.02
IP 171.13.14.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /so/zz.gif?url=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a622641_06e733a@91b89.02 HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Sat, 04 Feb 2023 05:13:51 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Thu, 01 Aug 2019 13:00:32 GMT
Connection: keep-alive
ETag: "5d42e270-0"
Accept-Ranges: bytes