r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e717435470c9f4f06b174d7100c6a98f
292150251495b243c384e0c676a258597ba7f4d8
91ce8257662cb8cea9cc3c74cda1d95dba421daa466b0ac231fa433e0c58e6c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "91CE8257662CB8CEA9CC3C74CDA1D95DBA421DAA466B0AC231FA433E0C58E6C6"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2376
Expires: Fri, 30 Dec 2022 03:48:09 GMT
Date: Fri, 30 Dec 2022 03:08:33 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 259d3eba2ac4ea32f0410a59bd01c18a
ab02cd69e6c04e3842ad1778fb0daa6d0e86fddc
0d6ec941dac6d97a0b24c0cf00a5642a4edda68ae5ec8b3019d1ec05f40d2281
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0D6EC941DAC6D97A0B24C0CF00A5642A4EDDA68AE5EC8B3019D1EC05F40D2281"
Last-Modified: Tue, 27 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8514
Expires: Fri, 30 Dec 2022 05:30:27 GMT
Date: Fri, 30 Dec 2022 03:08:33 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Content-Length, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 30 Dec 2022 02:46:55 GMT
content-type: application/json
age: 1298
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 07e619a5a572fa9bcb54fa70de27f0d4
c0499dcc7551831f517f189465812859d0f48ced
2213c856ce4dd64ebe28e4deff34d449b2c08be98565c0405427453ae948fa74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2213C856CE4DD64EBE28E4DEFF34D449B2C08BE98565C0405427453AE948FA74"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2740
Expires: Fri, 30 Dec 2022 03:54:13 GMT
Date: Fri, 30 Dec 2022 03:08:33 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b1fcd419a4245617397846e8d17233f6
2a037ce244587640b27ead9a0ec2af4f862d91b2
e059b6d834c06e58494c43fb2ff42acbc27c1a1d8f7f30e2f32ca0e167599e2f
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-08-14-47-57.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: j4pmXyYqeeeW09xdejCINy23FWGWg7rRTAYoPVDdXc0QVm+otHkQTyugjbLEj4PyYaIgHnsJRao=
x-amz-request-id: 7PFTDYQA1ZQMH90Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 30 Dec 2022 02:59:00 GMT
age: 573
last-modified: Tue, 20 Dec 2022 14:47:58 GMT
etag: "b1fcd419a4245617397846e8d17233f6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 30 Dec 2022 03:08:33 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
154.218.151.71200 OK 8.1 kB URL HTTP/1.1 16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (480), with CRLF, LF line terminators
Hash 4ad82393fb5b9389b1867d528621756c
5e7c2296379f706c476c05c256955e54de8593b0
3b2164e5d3c1a9b1f665d501d184b0a4c1fdc9ccdcd84909495a4237eb6d9165
Analyzer Verdict Alert fortinet Malware
GET /xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:33 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 30 Dec 2022 03:08:08 GMT
age: 25
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0a08dc71eb7ba3512abb4d29505eb034
e66404bda80b355bae30b0d4db3daa193a6e4276
357891f99263d30eaded85985217d9627cd60369ee8d01a7eacdb2d0f2d8b2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 303
Cache-Control: max-age=108196
Content-Type: application/ocsp-response
Date: Fri, 30 Dec 2022 03:08:34 GMT
Etag: "63ad58a7-1d7"
Expires: Sat, 31 Dec 2022 09:11:50 GMT
Last-Modified: Thu, 29 Dec 2022 09:06:47 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
16693.url.tudown.com/template/company/1014xiazai/css/base.css
154.218.151.71200 OK 3.2 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/css/base.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash b752c4d83249982bcbcd13a723247bc0
1ccb18e4440bb1209190670ad392ceb8418d6b01
cbdadd44ddee5bd601b32c82c1946469bb2fe3bb6f99167a0a59ed2d2ebb4d0d
GET /template/company/1014xiazai/css/base.css HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: text/css
Last-Modified: Wed, 14 Oct 2020 04:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86806a-29c1"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 529 B URL HTTP/1.1 16693.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 4dcf8e22b7902e127827b902b672a6ef
c91a1dc33f6f3580eb18fd7ea36bb8fd0b91de11
9db33b0a9eae4a7b643d516ed1824929c538ce0578ee224b3ff996975e411860
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
54.69.181.45101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.69.181.45:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IsxbtNQa/iuJWhHNJ5ZwSw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: EUKH3qpe9/OeRhpQmlAaOiTc0A4=
16693.url.tudown.com/template/company/1014xiazai/css/style3500.css
154.218.151.71200 OK 12 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/css/style3500.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (1113)
Hash caee2cfa3291c35837be265cfc3e168c
2abdd423b8b6351b26d52da1faa5517fc76c1730
0f7482f2f6732e4b7f55fdd2eb6e41acb5864a53f19c404728652eabe9923dea
GET /template/company/1014xiazai/css/style3500.css HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: text/css
Last-Modified: Wed, 14 Oct 2020 04:36:58 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86806a-c99c"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/template/company/1014xiazai/js/jquery.uploadify.min.js
154.218.151.71200 OK 548 B URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/jquery.uploadify.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
Analyzer Verdict Alert fortinet Malware
NIDS Severity Alert suricata medium ETPRO HUNTING HTTP 200 Stat Code with 404 in Body
GET /template/company/1014xiazai/js/jquery.uploadify.min.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Content-Length: 548
Last-Modified: Wed, 14 Oct 2020 04:37:19 GMT
Connection: keep-alive
ETag: "5f86807f-224"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
16693.url.tudown.com/template/company/1014xiazai/js/member.js
154.218.151.71200 OK 12 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/member.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, Unicode text, UTF-8 text, with very long lines (364), with CRLF line terminators
Hash a95b815530baa4c6efdad8929348d846
fb59238a8fa4c6e4b25dbd8956a7a4b4f8bdbff3
e0ac53257204eb74bc8c9c87b8fcbd55037c972324f10b1904d0610db932b555
Analyzer Verdict Alert fortinet Malware
GET /template/company/1014xiazai/js/member.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Last-Modified: Wed, 14 Oct 2020 04:37:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868082-ceda"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/template/company/1014xiazai/js/global.js
154.218.151.71200 OK 2.8 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/global.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (345), with CRLF line terminators
Hash 26b58b731bc22007a9514da5788e5639
ff7a2a214e6a44becf3dd6bc1f70cbf3272d0695
7fc9b78cfc935e6eed582efc9002a03bdabeccfa6be21925c960248083b86113
Analyzer Verdict Alert fortinet Malware
GET /template/company/1014xiazai/js/global.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Last-Modified: Wed, 14 Oct 2020 04:37:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86806e-1879"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/template/company/1014xiazai/js/screenshots.js
154.218.151.71200 OK 1.7 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/screenshots.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (3463), with CRLF line terminators
Hash 5f2d7d98f138edb321f4806bfcd16ca8
fac55732cfd8b6536b6ca8c257f3e1d11cfdf199
c9435192fb089165cfec52d7ab8f807a2b8a0fa533014bb9da0f659719e70d08
Analyzer Verdict Alert fortinet Malware
GET /template/company/1014xiazai/js/screenshots.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Last-Modified: Wed, 14 Oct 2020 04:37:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868072-1219"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/template/company/1014xiazai/js/loading.js
154.218.151.71200 OK 1.5 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/loading.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, Unicode text, UTF-8 text, with very long lines (613), with CRLF line terminators
Hash 2422ef78f8b0e865bc47afdacbc60161
f3cb0bf96ba8a395b5587fd8d74243e7572894b7
8ebd398c983e3d9b329d44bcdd9be269243b9838e0fcdbfcd3a814bc1255b39b
Analyzer Verdict Alert fortinet Malware
GET /template/company/1014xiazai/js/loading.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Last-Modified: Wed, 14 Oct 2020 04:37:18 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f86807e-1d0e"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/template/company/1014xiazai/js/plugins.count.js
154.218.151.71200 OK 683 B URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/plugins.count.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (525), with CRLF line terminators
Hash 9279ffdda939f259cbd5bd201b72ab71
12395c3521b33935aee973d761bf424add3a1e36
76fb346f9b8c62f7da6a752511aa20e147069607a28eb98fb843b650a2c6c203
Analyzer Verdict Alert fortinet Malware
GET /template/company/1014xiazai/js/plugins.count.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Last-Modified: Wed, 14 Oct 2020 04:37:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868082-609"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7dc4fb99c7d0bbb1f2f20f55922af6cc
9215662584983742a4c2f195fe07ff857ef6ef78
4315e3914facf24c614eee6a6633cb2da6744f7188a4a8b3f1fd06f3cde4b4d7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4315E3914FACF24C614EEE6A6633CB2DA6744F7188A4A8B3F1FD06F3CDE4B4D7"
Last-Modified: Wed, 28 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9540
Expires: Fri, 30 Dec 2022 05:47:35 GMT
Date: Fri, 30 Dec 2022 03:08:35 GMT
Connection: keep-alive
16693.url.tudown.com/template/company/1014xiazai/js/jquery-1.8.2.min.js
154.218.151.71200 OK 38 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/js/jquery-1.8.2.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (65480)
Hash e96252242dc7d419f1f3d2ca4a1dec5d
b16a288a9bdc1b1050c1bee256dde6de54166b83
f62af873d226a9a37ba6bc7385d50888f03a99785135547f03b4aeec63a81fa1
Analyzer Verdict Alert fortinet Malware
GET /template/company/1014xiazai/js/jquery-1.8.2.min.js HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:34 GMT
Content-Type: application/javascript
Last-Modified: Wed, 14 Oct 2020 04:37:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f868082-16e8c"
Expires: Fri, 30 Dec 2022 15:08:34 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16693.url.tudown.com/uploads/images/902253.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/902253.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/902253.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500
16693.url.tudown.com/uploads/images/95243.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/95243.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/95243.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3198530929,1187444098&fm=253&fmt=auto&app=138&f=JPEG?w=550&h=309
16693.url.tudown.com/uploads/images/981552.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/981552.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/981552.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=412214339,2788339748&fm=224&app=112&f=JPEG?w=500&h=500
16693.url.tudown.com/uploads/images/627340.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/627340.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/627340.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1596461857,3583697763&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
16693.url.tudown.com/uploads/images/729145.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/729145.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/729145.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1765251024,3397208104&fm=224&app=112&f=JPEG?w=500&h=500
16693.url.tudown.com/uploads/images/164005.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/164005.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/164005.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=469229722,1755078829&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=253
16693.url.tudown.com/template/company/1014xiazai/images/icos.png
154.218.151.71200 OK 15 kB URL HTTP/1.1 16693.url.tudown.com/template/company/1014xiazai/images/icos.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 166 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash a4e686563c8daf2f139cc5c6629d2730
ad2a8926a53aa4f3e6de38b4e63a017182f8b514
38b01bc71af931846808835315e85841cd7bd42c640b0656b276cc5aeff018c4
GET /template/company/1014xiazai/images/icos.png HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/template/company/1014xiazai/css/base.css
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/png
Content-Length: 15004
Last-Modified: Wed, 14 Oct 2020 05:48:52 GMT
Connection: keep-alive
ETag: "5f869144-3a9c"
Accept-Ranges: bytes
ocsp.globalsign.com/gsrsaovsslca2018
151.101.2.133200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 151.101.2.133:0
Hash d9ca22eacccca9a277073b0ac86f9f62
12b67ff6a10d74c5987a6a87eacf1b2448c07ba9
31ca7d804e1a34a752666a55d634633610bb21c8349fe1efb80309f8c420dfd3
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Tue, 03 Jan 2023 00:08:47 GMT
ETag: "12b67ff6a10d74c5987a6a87eacf1b2448c07ba9"
Last-Modified: Fri, 30 Dec 2022 00:08:48 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 30 Dec 2022 03:08:35 GMT
Age: 3512
X-Served-By: cache-qpg1274-QPG, cache-bma1625-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 25, 2
X-Timer: S1672369716.712021,VS0,VE0
16693.url.tudown.com/uploads/images/886505.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/886505.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/886505.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=91113681,1250078738&fm=253&fmt=auto?w=456&h=282
16693.url.tudown.com/uploads/images/495041.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/495041.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/495041.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2565126155,1000649&fm=253&fmt=auto?w=500&h=500
16693.url.tudown.com/uploads/images/486798.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/486798.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/486798.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=955257541,2640001409&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=338
16693.url.tudown.com/uploads/images/981952.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/981952.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/981952.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1754256136,1046376279&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Fri, 30 Dec 2022 04:42:44 GMT
Date: Fri, 30 Dec 2022 03:08:35 GMT
Connection: keep-alive
16693.url.tudown.com/uploads/images/772069.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/772069.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/772069.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=653671890,3487319273&fm=253&fmt=auto&app=138&f=JPEG?w=803&h=500
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a9d1857128ab6a237e6854c7a3532b51
702ab1eb38be637f012e1454201b9a7561c29081
48fbf5b5aa1cf66fcdaafe68c72ac073d2ba9b6dedf76ebfaafdc88836fa0fde
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdab5cb9e-53fc-4a70-831a-6d6bd503103e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4833
x-amzn-requestid: 46ef49d7-dadb-4665-84bf-1c331ed8fce6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7ZU2E3IIAMFxAw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae08eb-28af0ab9094d7c21560a60db;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: aiGabD98wdch1q-6CRt4VLbduBsZEJzkku8-bTyF102z9hCpgFhIXg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:02:31 GMT
etag: "702ab1eb38be637f012e1454201b9a7561c29081"
content-type: image/jpeg
age: 18364
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aacfdf9-29e5-4cca-88eb-1d7fb007e520.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aacfdf9-29e5-4cca-88eb-1d7fb007e520.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 51406d6bd4a7322a475fc2a98267154e
9fa03002aa1974d4a9557cedad8bd5d7fefa52ad
a1858d9fd203972f0dc3fe97f36e07796b84f6e2851c9990d406f452793e3454
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4aacfdf9-29e5-4cca-88eb-1d7fb007e520.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11315
x-amzn-requestid: 77dd9348-e3a9-448e-8ae9-499d5d672a41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d4GZpGTRIAMFTUg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63acb770-7dec07d1447e6f10125b8b6f;Sampled=0
x-amzn-remapped-date: Wed, 28 Dec 2022 21:38:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lfojNVZMHGD1YfOqiMgEwTOi_6uPqkVJ_gbQ0PKo5CLFycpcY89T1g==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 21:42:23 GMT
age: 19572
etag: "9fa03002aa1974d4a9557cedad8bd5d7fefa52ad"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Fri, 30 Dec 2022 04:42:44 GMT
Date: Fri, 30 Dec 2022 03:08:35 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Fri, 30 Dec 2022 04:42:44 GMT
Date: Fri, 30 Dec 2022 03:08:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ebe131c7787411178a93d045ba57b5a
40b601b6ad3a3d7738b5b55777981598f4dc0519
68ea133b346bd1f76cd7b4dcf5023d8f987935dff380bacec73dec957effb97e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5684f9da-4da1-47fc-a5ba-8f30a894d588.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11516
x-amzn-requestid: e4e9ceeb-b2e5-454f-9550-d412fc0be82a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7aRLGuqoAMF3JA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae0a6d-6ed43b46144121dc2dd7db2f;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:45:17 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0cLaSIiaQE4WUEG4mML3Nfad-lh-MWyzAQ1bb7XInUIx7Nm8D6rU_w==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:16:00 GMT
age: 17555
etag: "40b601b6ad3a3d7738b5b55777981598f4dc0519"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Fri, 30 Dec 2022 04:42:44 GMT
Date: Fri, 30 Dec 2022 03:08:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe72b12fe-5644-494b-b10d-8740b8a15f96.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe72b12fe-5644-494b-b10d-8740b8a15f96.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d6701d2eb7d93c49d4d1c7b94523c331
1e2625041c966227d21dd23eee9283535c90e9b4
80ead55edbe1dba9906ae4736843cb6febdee918273f252f8717bd6c5d7e09c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe72b12fe-5644-494b-b10d-8740b8a15f96.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10263
x-amzn-requestid: fd07cce8-c8fa-4649-acb0-bc78b4c4204e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d75oMEa1oAMF0Bg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae3c9a-3bc5e5c74b67a92a3d1eab06;Sampled=0
x-amzn-remapped-date: Fri, 30 Dec 2022 01:19:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oDbd7SseTag4IuJBpBbnquhPMTbue7L2zpP9SMBubku1vj3AfrxM2w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 30 Dec 2022 01:33:10 GMT
age: 5725
etag: "1e2625041c966227d21dd23eee9283535c90e9b4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2783127a63c78cb5ac02e1a31631bfca
a26af5a37bbb43d4258282640749ced026ba9560
cfe19d12b6070f9171129591b54bab634d5582e4d8d83e5c1fbe703d873b8366
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CFE19D12B6070F9171129591B54BAB634D5582E4D8D83E5C1FBE703D873B8366"
Last-Modified: Tue, 27 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5649
Expires: Fri, 30 Dec 2022 04:42:44 GMT
Date: Fri, 30 Dec 2022 03:08:35 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c0d5fb3791917c41549447f9de79803
1b2c18e9474133539ec54b2e77112256aefadda8
f81084ebe03cff7659902d1afdd44c0f95ecffa96b880550b6a0b51191348222
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdace6689-97a8-4bcf-90a0-c223ba35cd6d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8071
x-amzn-requestid: 0085b429-3682-43ad-a47b-be03cbe32c53
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7Zx1FOfoAMF-DQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae09a5-450206562924e25e363b1ccc;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:41:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: pK4M65ZWrKfzg_gLVE7nQMdp8dZw8rvWCBbu_E5hIVSfLphlhd8gzw==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 22:16:00 GMT
age: 17555
etag: "1b2c18e9474133539ec54b2e77112256aefadda8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18854f68-aef9-4d81-b114-9ed2612bd9c9.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18854f68-aef9-4d81-b114-9ed2612bd9c9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2a59c2f624bc4bf589dc6c292bf5a719
9b26cec9f7ce4894be40eeee964fade97086c995
5d4fc20840862742744b702215e72ffb277f74d59b45150e35a264ac07851ccd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18854f68-aef9-4d81-b114-9ed2612bd9c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5021
x-amzn-requestid: b0feceb0-61bb-40db-8dfe-d60709b9f3b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: d7a4nHp0oAMF1yQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ae0b6a-2d51181035d281d843f415fc;Sampled=0
x-amzn-remapped-date: Thu, 29 Dec 2022 21:49:30 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BhtCZYuhRBrwEPK0_sVHA0kTCjbhowPL00KB7JwaGP--djKO6Q5-iA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Thu, 29 Dec 2022 23:06:37 GMT
age: 14518
etag: "9b26cec9f7ce4894be40eeee964fade97086c995"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
16693.url.tudown.com/uploads/images/634745.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/634745.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/634745.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3634363658,3686767484&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=360
16693.url.tudown.com/uploads/images/691805.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/691805.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/691805.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1468728362,4221792714&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=380
16693.url.tudown.com/uploads/images/400987.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/400987.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/400987.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=899234704,1790933798&fm=253&app=120&f=JPEG?w=1280&h=800
16693.url.tudown.com/uploads/images/337071.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/337071.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/337071.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=771151479,1032405457&fm=253&fmt=auto&app=138&f=GIF?w=500&h=707
t13.baidu.com/it/u=412214339,2788339748&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 44 kB URL HTTP/1.1 t13.baidu.com/it/u=412214339,2788339748&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash ab1d3a3409d90e7d31615422f1786cb0
f99b86cb3c80b43ba5ca48e8cd893bd914976323
0d190212c68974cec9ce9865f1b977ccfdd0f183ebf817de4289ca9fb9877891
GET /it/u=412214339,2788339748&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpeg
Content-Length: 44026
Connection: keep-alive
Expires: Tue, 10 Jan 2023 12:25:24 GMT
Last-Modified: Mon, 12 Jan 1970 00:00:00 GMT
ETag: ab1d3a3409d90e7d31615422f1786cb0
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 11 Dec 2022 12:25:24 GMT
Ohc-Upstream-Trace: 121.228.171.245; 58.20.204.64
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [1], zhuzuncache64 [1], suzix245 [4]
Ohc-Response-Time: 1 0 0 0 357 357
Ohc-File-Size: 44026
X-Cache-Status: MISS
Timing-Allow-Origin: *
16693.url.tudown.com/uploads/images/209501.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/209501.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/209501.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:35 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=780022277,2952147560&fm=253&app=120&f=JPEG?w=1280&h=800
16693.url.tudown.com/uploads/images/532996.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/532996.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/532996.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=2801185387,1283798726&fm=253&app=120&f=JPEG?w=1422&h=800
img1.baidu.com/it/u=3198530929,1187444098&fm=253&fmt=auto&app=138&f=JPEG?w=550&h=309
113.219.142.35200 OK 18 kB URL HTTP/2 img1.baidu.com/it/u=3198530929,1187444098&fm=253&fmt=auto&app=138&f=JPEG?w=550&h=309
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 550x309, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e165c5ee28a780329e0e70ef894af7b3
2db4e1bc3a6463c42defbc5fc62367a70fb6e65b
e2312971a5dcd3f483017bcdfe9743f71ebebb56aa828803d0c2918cba9664fb
GET /it/u=3198530929,1187444098&fm=253&fmt=auto&app=138&f=JPEG?w=550&h=309 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 18122
expires: Fri, 06 Jan 2023 01:17:51 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: e165c5ee28a780329e0e70ef894af7b3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 07 Dec 2022 01:17:51 GMT
ohc-cache-hit: chenzct63 [1], xaix238 [4]
ohc-file-size: 18122
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500
125.74.42.35200 OK 25 kB URL HTTP/2 img2.baidu.com/it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 524x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f3e676716ac0d96e6f4123c27196b606
e9e646cf27ee8e729bde10eaebea65a89e38e631
8b205d58d94760c2416881fb530c9cec626cc416e4cc451c644a36ac6ed720fd
GET /it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 24978
expires: Mon, 16 Jan 2023 03:20:43 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: f3e676716ac0d96e6f4123c27196b606
age: 67438
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 17 Dec 2022 03:20:43 GMT
ohc-cache-hit: lz3ct73 [4], xaix147 [4]
ohc-file-size: 24978
x-cache-status: HIT
X-Firefox-Spdy: h2
16693.url.tudown.com/uploads/images/logo.png?n=4wi3zzf4u3uljhpfwckoloec422jpzvwuttzjkhfsoa6llvc42oi3zfyvxs37ay&w=250
154.218.151.71200 OK 3.3 kB URL HTTP/1.1 16693.url.tudown.com/uploads/images/logo.png?n=4wi3zzf4u3uljhpfwckoloec422jpzvwuttzjkhfsoa6llvc42oi3zfyvxs37ay&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 2e23879cea87bf50ba0c984232e7535a
a8bbcc867b30cdd2c97fb79cfa11b0c0a70c4f61
323a3172d08b78c88c828f0152309136263ce2c12321230e9a7e7f96b0e3e71a
GET /uploads/images/logo.png?n=4wi3zzf4u3uljhpfwckoloec422jpzvwuttzjkhfsoa6llvc42oi3zfyvxs37ay&w=250 HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
16693.url.tudown.com/uploads/images/875304.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/875304.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/875304.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1836272777,3405045806&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711
16693.url.tudown.com/uploads/images/576319.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/576319.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/576319.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4008707840,4002467664&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
16693.url.tudown.com/uploads/images/833876.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/833876.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/833876.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3473034113,2012984118&fm=253&app=120&f=JPEG?w=1280&h=800
16693.url.tudown.com/uploads/images/902128.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/902128.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/902128.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2662145951,780736403&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
t14.baidu.com/it/u=1765251024,3397208104&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 73 kB URL HTTP/1.1 t14.baidu.com/it/u=1765251024,3397208104&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 25a4bcfd2b1ba724ee342dabe73609f0
56a99e4831a46a1d41cc5097311b0645a6603313
5c40a734f088fe22b917f77c5bced1365763079e3c2322edc3c099d3077f5cb6
GET /it/u=1765251024,3397208104&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 72613
Connection: keep-alive
Expires: Sun, 08 Jan 2023 09:09:06 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 25a4bcfd2b1ba724ee342dabe73609f0
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 09 Dec 2022 09:09:06 GMT
Ohc-Upstream-Trace: 58.20.204.55
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [1], zhuzuncache55 [4], czix100 [2]
Ohc-Response-Time: 1 0 0 0 248 248
Ohc-File-Size: 72613
X-Cache-Status: MISS
Timing-Allow-Origin: *
img1.baidu.com/it/u=1468728362,4221792714&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=380
113.219.142.35200 OK 18 kB URL HTTP/2 img1.baidu.com/it/u=1468728362,4221792714&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=380
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x380, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7c53bf852e00c66d5948cae3852dd906
5b205ee5b2ff20aab5101ad2691060c7d75e1403
14a49580673d90c46d29fdc38b783294f2b7fa895b62eb13b60626f4ea79d554
GET /it/u=1468728362,4221792714&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=380 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 18140
expires: Thu, 19 Jan 2023 18:57:22 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 7c53bf852e00c66d5948cae3852dd906
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 20 Dec 2022 18:57:22 GMT
ohc-cache-hit: chenzct51 [1], suzix217 [4]
ohc-file-size: 18140
x-cache-status: MISS
X-Firefox-Spdy: h2
16693.url.tudown.com/uploads/images/740563.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/740563.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/740563.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=796506120,1467237250&fm=253&fmt=auto&app=138&f=JPEG?w=367&h=500
img2.baidu.com/it/u=91113681,1250078738&fm=253&fmt=auto?w=456&h=282
125.74.42.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=91113681,1250078738&fm=253&fmt=auto?w=456&h=282
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 456x282, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 47a40fde263b0eab6b4aaae5171976df
0db6793d8343f97108cf04ee7d4835b995a394e4
957547633043d1368fe9b1965129542638d6ccd487982bc144e7fcc0ee031873
GET /it/u=91113681,1250078738&fm=253&fmt=auto?w=456&h=282 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 29466
expires: Sun, 22 Jan 2023 22:54:32 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 47a40fde263b0eab6b4aaae5171976df
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 23 Dec 2022 22:54:32 GMT
ohc-cache-hit: lz3ct90 [1], wzix90 [4]
ohc-file-size: 29466
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3634363658,3686767484&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=360
125.74.42.35200 OK 27 kB URL HTTP/2 img2.baidu.com/it/u=3634363658,3686767484&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=360
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x360, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 33c9458ae1082487773d930987db5b23
793074e643a47bc233de02c4d582b6c3234ab779
09f96f2146986b020a90c0c702cc3e8746c17ae97bc6b3a4c6da422a20104214
GET /it/u=3634363658,3686767484&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=360 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 26656
expires: Sat, 21 Jan 2023 13:55:43 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 33c9458ae1082487773d930987db5b23
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 22 Dec 2022 13:55:43 GMT
ohc-cache-hit: lz3ct86 [1], bdix200 [4]
ohc-file-size: 26656
x-cache-status: MISS
X-Firefox-Spdy: h2
16693.url.tudown.com/uploads/images/363314.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/363314.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/363314.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1626717304,3869146611&fm=224&app=112&f=JPEG?w=500&h=500
16693.url.tudown.com/uploads/images/237922.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/237922.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/237922.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3732264950,1045391165&fm=253&app=120&f=JPEG?w=1280&h=800
16693.url.tudown.com/uploads/images/448128.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/448128.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/448128.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=303634163,2907350251&fm=253&fmt=auto&app=138&f=JPEG?w=344&h=500
img2.baidu.com/it/u=1754256136,1046376279&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
125.74.42.35200 OK 4.5 kB URL HTTP/2 img2.baidu.com/it/u=1754256136,1046376279&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 224x224, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ffee779a64d7b60bba4f12a3cb782100
cc88bd3ff961f59d61d2f89211ab64f9c455e250
910263421737a3a34505f7c22f0c3a939975ee3f4c7dffca10a572578d9cb117
GET /it/u=1754256136,1046376279&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 4502
expires: Sat, 21 Jan 2023 04:11:27 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: ffee779a64d7b60bba4f12a3cb782100
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 22 Dec 2022 04:11:27 GMT
ohc-cache-hit: lz3ct71 [1], suzix71 [4]
ohc-file-size: 4502
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1596461857,3583697763&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
125.64.104.35200 OK 42 kB URL HTTP/2 img0.baidu.com/it/u=1596461857,3583697763&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e12dd15aecf429673e70e59e8232c441
c2b09cf8bf53c6240914f26f87babdc0b4b743bf
17cbfbfd52724e705bf1669591124f09b777ca3d29f89b7a97c779bb6c78cbb0
GET /it/u=1596461857,3583697763&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 41648
expires: Sat, 21 Jan 2023 06:29:00 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: e12dd15aecf429673e70e59e8232c441
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 22 Dec 2022 06:29:00 GMT
ohc-cache-hit: dy2ct96 [1], bdix96 [4]
ohc-file-size: 41648
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=653671890,3487319273&fm=253&fmt=auto&app=138&f=JPEG?w=803&h=500
113.219.142.35200 OK 51 kB URL HTTP/2 img1.baidu.com/it/u=653671890,3487319273&fm=253&fmt=auto&app=138&f=JPEG?w=803&h=500
IP 113.219.142.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 803x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e354065101cda681a41e067557e1c28d
df2f6cb278e4251d8897efb63a5c2332ae7b4cee
53c210b3a2a82cc0760a625aeaa69cc3b2032ab2b0875ffe732064bf8afbcc8f
GET /it/u=653671890,3487319273&fm=253&fmt=auto&app=138&f=JPEG?w=803&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 51218
expires: Wed, 18 Jan 2023 12:32:47 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: e354065101cda681a41e067557e1c28d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 19 Dec 2022 12:32:47 GMT
ohc-cache-hit: chenzct57 [1], xaix220 [4]
ohc-file-size: 51218
x-cache-status: MISS
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 1a33c76a1dc4b6745693f9580161d0c8
a75736e2e24b25ca2e5058bcba6f324645cd8fbf
c6609e18d9d4b721a2d78e5427d86f1b23833ab07fb17435491246c051c5db26
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16693.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Fri, 30 Dec 2022 03:08:36 GMT
Etag: 3878420bd2e5c72d2dc12a32250488e8
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=9EF40D157920B099; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
16693.url.tudown.com/uploads/images/178446.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16693.url.tudown.com/uploads/images/178446.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/178446.jpg HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=4270984546,254599256&fm=224&app=112&f=JPEG?w=500&h=333
t15.baidu.com/it/u=4270984546,254599256&fm=224&app=112&f=JPEG?w=500&h=333
185.10.104.124200 OK 34 kB URL HTTP/1.1 t15.baidu.com/it/u=4270984546,254599256&fm=224&app=112&f=JPEG?w=500&h=333
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x333, components 3\012- data
Hash a58436765944b227baf091ae642c4041
16a9b10cc4ffed02dd4c62068644e35d3f10da86
edbf9d70af6142aec3f95494d4106dba96e3014973c4844fb348ca7d2cc9def8
GET /it/u=4270984546,254599256&fm=224&app=112&f=JPEG?w=500&h=333 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 33826
Connection: keep-alive
Expires: Thu, 05 Jan 2023 06:55:08 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: a58436765944b227baf091ae642c4041
Age: 863236
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 06 Dec 2022 06:55:08 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache51 [4], csix113 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33826
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=899234704,1790933798&fm=253&app=120&f=JPEG?w=1280&h=800
125.64.104.35200 OK 94 kB URL HTTP/1.1 img0.baidu.com/it/u=899234704,1790933798&fm=253&app=120&f=JPEG?w=1280&h=800
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 95450e7346397c40a72aae9df5ebd04b
20d44df10ca4f02c8003256efecd20467e36e177
8a379af71b2197b223f4e1b120461e8fa73b86f49fe159854268126566d13b3d
GET /it/u=899234704,1790933798&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 93699
Connection: keep-alive
Expires: Thu, 12 Jan 2023 05:33:57 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 95450e7346397c40a72aae9df5ebd04b
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 13 Dec 2022 05:33:57 GMT
Ohc-Cache-HIT: dy2ct97 [1], bdix176 [2]
Ohc-File-Size: 93699
X-Cache-Status: MISS
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1910464833&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=47581&r=0&ww=1280&u=http%3A%2F%2F16693.url.tudown.com%2Fxiaz%2F%25E6%2597%25A0%25E4%25B8%25BB%25E4%25B9%258B%25E5%259C%25B02%40382_17291.exe&tt=%E4%BA%9A%E7%BE%8E%E4%BD%93%E8%82%B2app%E7%BD%91%E7%AB%99%E5%85%A5%E5%8F%A3(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1910464833&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=47581&r=0&ww=1280&u=http%3A%2F%2F16693.url.tudown.com%2Fxiaz%2F%25E6%2597%25A0%25E4%25B8%25BB%25E4%25B9%258B%25E5%259C%25B02%40382_17291.exe&tt=%E4%BA%9A%E7%BE%8E%E4%BD%93%E8%82%B2app%E7%BD%91%E7%AB%99%E5%85%A5%E5%8F%A3(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1910464833&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=47581&r=0&ww=1280&u=http%3A%2F%2F16693.url.tudown.com%2Fxiaz%2F%25E6%2597%25A0%25E4%25B8%25BB%25E4%25B9%258B%25E5%259C%25B02%40382_17291.exe&tt=%E4%BA%9A%E7%BE%8E%E4%BD%93%E8%82%B2app%E7%BD%91%E7%AB%99%E5%85%A5%E5%8F%A3(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16693.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 30 Dec 2022 03:08:36 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=ABA1D19057A3F60D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
t15.baidu.com/it/u=1626717304,3869146611&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 50 kB URL HTTP/1.1 t15.baidu.com/it/u=1626717304,3869146611&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d84f0c0a5b3733553c2d2202d0a8cf6b
947e14500ded643e62e5fb83dcbbe24e11a24cc6
b954d2a42b0f25240a4f515f94fefe50477d06fcbbf39b014f9d497d0140fba4
GET /it/u=1626717304,3869146611&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:37 GMT
Content-Type: image/jpeg
Content-Length: 50329
Connection: keep-alive
Expires: Fri, 06 Jan 2023 03:47:09 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: d84f0c0a5b3733553c2d2202d0a8cf6b
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 07 Dec 2022 03:47:08 GMT
Ohc-Upstream-Trace: 111.177.6.171; 58.20.204.60
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [1], zhuzuncache60 [1], xiangyix171 [4]
Ohc-Response-Time: 1 0 0 0 280 280
Ohc-File-Size: 50329
X-Cache-Status: MISS
Timing-Allow-Origin: *
img2.baidu.com/it/u=780022277,2952147560&fm=253&app=120&f=JPEG?w=1280&h=800
125.74.42.35200 OK 104 kB URL HTTP/1.1 img2.baidu.com/it/u=780022277,2952147560&fm=253&app=120&f=JPEG?w=1280&h=800
IP 125.74.42.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 104 kB (103509 bytes)
Hash 54c3df39763a2350204be6083f134aa5
97ab2c2068f083531e2a5d979536c50424e26d87
5f8d41ba4900c6356a7057e1b9a83b1c0a9d14effb34c881ffca7f7780a49872
GET /it/u=780022277,2952147560&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 103509
Connection: keep-alive
Expires: Sun, 08 Jan 2023 01:27:47 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 54c3df39763a2350204be6083f134aa5
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 09 Dec 2022 01:27:47 GMT
Ohc-Cache-HIT: lz3ct76 [1], xaix141 [4]
Ohc-File-Size: 103509
X-Cache-Status: MISS
img2.baidu.com/it/u=2565126155,1000649&fm=253&fmt=auto?w=500&h=500
125.74.42.35200 OK 25 kB URL HTTP/2 img2.baidu.com/it/u=2565126155,1000649&fm=253&fmt=auto?w=500&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ecd23d6531b7be4cb5ae7cbbc9755d4c
4ad385902be10968edc416e4ff391c968372b752
cc2208159a4f39475baf6b380e44c2cd7a7a8081fd579f8a20b80b6f4fae68f3
GET /it/u=2565126155,1000649&fm=253&fmt=auto?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 24978
expires: Fri, 06 Jan 2023 13:38:24 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: ecd23d6531b7be4cb5ae7cbbc9755d4c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 07 Dec 2022 13:38:24 GMT
ohc-cache-hit: lz3ct77 [1], wzix77 [4]
ohc-file-size: 24978
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3732264950,1045391165&fm=253&app=120&f=JPEG?w=1280&h=800
113.219.142.35200 OK 46 kB URL HTTP/1.1 img2.baidu.com/it/u=3732264950,1045391165&fm=253&app=120&f=JPEG?w=1280&h=800
IP 113.219.142.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 1e9b92abdc4f71742956f84b8ef54228
cd35a08f452e7a25d1d53f8b9c5a9caecb958ce4
abc890c53b032d4b8c47d4a01db6643fc0bd5e8b0cf441d130bef69fc6423e4c
GET /it/u=3732264950,1045391165&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 46291
Connection: keep-alive
Expires: Thu, 05 Jan 2023 08:46:56 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 1e9b92abdc4f71742956f84b8ef54228
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 06 Dec 2022 08:46:56 GMT
Ohc-Cache-HIT: chenzct53 [1], wzix90 [4]
Ohc-File-Size: 46291
X-Cache-Status: MISS
img0.baidu.com/it/u=771151479,1032405457&fm=253&fmt=auto&app=138&f=GIF?w=500&h=707
125.64.104.35200 OK 203 kB URL HTTP/2 img0.baidu.com/it/u=771151479,1032405457&fm=253&fmt=auto&app=138&f=GIF?w=500&h=707
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type GIF image data, version 89a, 500 x 707\012- data
Size 203 kB (202937 bytes)
Hash cd76878adc29079941ce863977757a10
0e609da93be601d3a522827c796716acf82b6534
1d15c44e0522f5398c982c38bc1fed9f05956e18845c21af3a1028018b84fc6a
GET /it/u=771151479,1032405457&fm=253&fmt=auto&app=138&f=GIF?w=500&h=707 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/gif
content-length: 202937
expires: Sat, 21 Jan 2023 17:28:44 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: cd76878adc29079941ce863977757a10
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 22 Dec 2022 17:28:44 GMT
ohc-cache-hit: dy2ct91 [2], xaix126 [4]
ohc-file-size: 202937
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=469229722,1755078829&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=253
125.64.104.35200 OK 8.3 kB URL HTTP/2 img0.baidu.com/it/u=469229722,1755078829&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=253
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 253x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f72316bce94eadc2e2458b4e15498c19
57a56f971f028b820a671d1dd972fffae5427049
3971af0cf16be15225c8b8e9cb3fe8085389551b706c81c1f945e9340ee15d30
GET /it/u=469229722,1755078829&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=253 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 8314
expires: Thu, 19 Jan 2023 02:24:46 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: f72316bce94eadc2e2458b4e15498c19
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 20 Dec 2022 02:24:46 GMT
ohc-cache-hit: dy2ct56 [1], qdix149 [2]
ohc-file-size: 8314
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=955257541,2640001409&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=338
125.64.104.35200 OK 23 kB URL HTTP/2 img0.baidu.com/it/u=955257541,2640001409&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=338
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x338, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0260d1d0cb9c53bb471f8c862670ea92
73ed100ec809e9a93ce1b62ba72138540a2f90bc
6465bd938c7adc79ef2b83b34f700cf1bde4544f1ab5f0f92978979d80f35c5a
GET /it/u=955257541,2640001409&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=338 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 23094
expires: Mon, 02 Jan 2023 14:59:56 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 0260d1d0cb9c53bb471f8c862670ea92
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 03 Dec 2022 14:59:56 GMT
ohc-cache-hit: dy2ct67 [1], qdix204 [4]
ohc-file-size: 23094
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1836272777,3405045806&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711
125.64.104.35200 OK 26 kB URL HTTP/2 img0.baidu.com/it/u=1836272777,3405045806&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x711, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e438313a917b422686d1afb14b98b84a
03a1dc763d9fa1872db8d6e35690aa7ccc5e601c
255902ff0af1899de5e69f7fdf856ee56ac59eb106fcf9dffe8ce0740a61f507
GET /it/u=1836272777,3405045806&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=711 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 26160
expires: Wed, 18 Jan 2023 05:58:28 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: e438313a917b422686d1afb14b98b84a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 19 Dec 2022 05:58:28 GMT
ohc-cache-hit: dy2ct107 [1], czix134 [2]
ohc-file-size: 26160
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4008707840,4002467664&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
125.74.42.35200 OK 13 kB URL HTTP/2 img2.baidu.com/it/u=4008707840,4002467664&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c647baba444bf3c60a5efe5c7e1c7fd4
e55de94e50dbdb7090e55ae6992cc3e1c89d8ead
4655190ac0112e1c6211edd615a75c21abd58daa42ef707ddb2800b0686867cc
GET /it/u=4008707840,4002467664&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 12972
expires: Sun, 08 Jan 2023 07:09:46 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: c647baba444bf3c60a5efe5c7e1c7fd4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 09 Dec 2022 07:09:46 GMT
ohc-cache-hit: lz3ct54 [1], suzix121 [4]
ohc-file-size: 12972
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=303634163,2907350251&fm=253&fmt=auto&app=138&f=JPEG?w=344&h=500
125.74.42.35200 OK 21 kB URL HTTP/2 img2.baidu.com/it/u=303634163,2907350251&fm=253&fmt=auto&app=138&f=JPEG?w=344&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 344x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 20469c45d38af587354f99700f69dd9b
66e169a7ee25ae0b1c66f662a4bf698428481f2f
0ca4c9c85663aa9e4177c39be7318b3d8285221b3e78da76330fb681c26af5ba
GET /it/u=303634163,2907350251&fm=253&fmt=auto&app=138&f=JPEG?w=344&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:37 GMT
content-type: image/webp
content-length: 20738
expires: Mon, 23 Jan 2023 03:36:35 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 20469c45d38af587354f99700f69dd9b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 24 Dec 2022 03:36:35 GMT
ohc-cache-hit: lz3ct69 [1], czix126 [4]
ohc-file-size: 20738
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2801185387,1283798726&fm=253&app=120&f=JPEG?w=1422&h=800
113.219.142.35200 OK 129 kB URL HTTP/1.1 img1.baidu.com/it/u=2801185387,1283798726&fm=253&app=120&f=JPEG?w=1422&h=800
IP 113.219.142.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 129 kB (129051 bytes)
Hash 4213ee3b23dcbc64164ce071102f22aa
1ad866a35486d22c47c3d978f36079d286cc4712
07af44144cedec168dceac19cbe8cbe1c1aed90f67c7c4eb32880f75c4654098
GET /it/u=2801185387,1283798726&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 129051
Connection: keep-alive
Expires: Fri, 20 Jan 2023 09:06:22 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 4213ee3b23dcbc64164ce071102f22aa
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 21 Dec 2022 09:06:22 GMT
Ohc-Cache-HIT: chenzct63 [1], suzix141 [4]
Ohc-File-Size: 129051
X-Cache-Status: MISS
img0.baidu.com/it/u=2662145951,780736403&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
125.64.104.35200 OK 37 kB URL HTTP/2 img0.baidu.com/it/u=2662145951,780736403&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 091a1564ffe3457a599f526bd4bbf113
2f276a2d24378df6ad7fe86210782d4520f0c995
7b123c201e06421eb961b1575d7231d59bcca35ff62cf801d7624c1c0e028628
GET /it/u=2662145951,780736403&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 36986
expires: Sun, 22 Jan 2023 02:28:03 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 091a1564ffe3457a599f526bd4bbf113
age: 282114
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 23 Dec 2022 02:28:03 GMT
ohc-cache-hit: dy2ct68 [4], wzix68 [4]
ohc-file-size: 36986
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=796506120,1467237250&fm=253&fmt=auto&app=138&f=JPEG?w=367&h=500
125.64.104.35200 OK 13 kB URL HTTP/2 img0.baidu.com/it/u=796506120,1467237250&fm=253&fmt=auto&app=138&f=JPEG?w=367&h=500
IP 125.64.104.35:0
ASN #38283 CHINANET SiChuan Telecom Internet Data Center
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 367x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 69a1e69e37f60a7aef8603921c302079
17d462c79b66dbd79787b354926d2f93e0bf0387
fcd2cd39b68f04d58c0f4a9c4dcb473ca95067e4394e8acd0db89469ce4ed7c5
GET /it/u=796506120,1467237250&fm=253&fmt=auto&app=138&f=JPEG?w=367&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16693.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Fri, 30 Dec 2022 03:08:36 GMT
content-type: image/webp
content-length: 12720
expires: Thu, 26 Jan 2023 09:33:28 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 69a1e69e37f60a7aef8603921c302079
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 27 Dec 2022 09:33:28 GMT
ohc-cache-hit: dy2ct99 [1], bdix99 [4]
ohc-file-size: 12720
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3473034113,2012984118&fm=253&app=120&f=JPEG?w=1280&h=800
113.219.142.35200 OK 114 kB URL HTTP/1.1 img2.baidu.com/it/u=3473034113,2012984118&fm=253&app=120&f=JPEG?w=1280&h=800
IP 113.219.142.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 114 kB (114112 bytes)
Hash d49d02a1c04433d2eb233bfbaeea51d4
22f6088d6dc28040ea4942be511159dfc881daf0
6b3e4cec2f0fd0715e9a341ee731bbf1541f3dedf961de4b927206a0871061ca
GET /it/u=3473034113,2012984118&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16693.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 30 Dec 2022 03:08:36 GMT
Content-Type: image/jpeg
Content-Length: 114112
Connection: keep-alive
Expires: Tue, 24 Jan 2023 00:23:51 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: d49d02a1c04433d2eb233bfbaeea51d4
Age: 8622
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 25 Dec 2022 00:23:51 GMT
Ohc-Cache-HIT: chenzct81 [4], suzix243 [2]
Ohc-File-Size: 114112
X-Cache-Status: HIT
16693.url.tudown.com/favicon.ico
154.218.151.71200 OK 0 B URL HTTP/1.1 16693.url.tudown.com/favicon.ico
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 16693.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16693.url.tudown.com/xiaz/%E6%97%A0%E4%B8%BB%E4%B9%8B%E5%9C%B02@382_17291.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1672369711; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1672369711
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 Dec 2022 03:08:37 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes