r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5067
Expires: Sat, 04 Feb 2023 09:46:41 GMT
Date: Sat, 04 Feb 2023 08:22:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2888
Expires: Sat, 04 Feb 2023 09:10:22 GMT
Date: Sat, 04 Feb 2023 08:22:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 07:43:37 GMT
content-type: application/json
age: 2317
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20622
Expires: Sat, 04 Feb 2023 14:05:56 GMT
Date: Sat, 04 Feb 2023 08:22:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Td0APaIDW/cl2AIWay6b7qBw5tFJeOhAnnCdgyu6MaYPNP+Jt3xDO3fzzHWbaMQIBTx/i8zJuYb/eB8k/DbNQA==
x-amz-request-id: 6VYK1MDT962BNTS8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 07:52:45 GMT
age: 1769
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 08:22:14 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 08:07:19 GMT
age: 896
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3659
Expires: Sat, 04 Feb 2023 09:23:14 GMT
Date: Sat, 04 Feb 2023 08:22:15 GMT
Connection: keep-alive
12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
154.218.151.71200 OK 17 kB URL HTTP/1.1 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash d6e05ce289f59a1ebf64344c0220a276
cb57b5bb2bec4170e68a2ec6ebafed08c47517df
6c4ff568062f501fe7a6694d948b47c229de452b1b00d28121337bf7ee6b38e1
Analyzer Verdict Alert fortinet Malware
GET /down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
52.39.49.137101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.39.49.137:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uu6rQlSFCha3JlrZmYfdkA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: AXJjUm+xjcmIk5poR1z+8mdYY2g=
12732.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 531 B URL HTTP/1.1 12732.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:15 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/teach.css
154.218.151.71200 OK 4.1 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/teach.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (499)
Hash 16ca38b11b525a142c6086c2c2802545
88ed9d1c7088344b24f18132ad025ed63623bb7e
c7d5eef240fb383c039b0141854336a78a07597b0bff022ae71514e913351d7a
GET /template/company/duote-xiazai/css/teach.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e70-503f"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 952b2841668e8303c2ee8bc817394790
1e7d159d8d75df0112f06eedab3ecd62b7075a52
51c463da96c71adce2a234968d1e46949fa82804f680861cb6562da84239e209
GET /template/company/duote-xiazai/css/soft.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6e-a090"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/news.css
154.218.151.71200 OK 1.5 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/news.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 4d5f155ee78bab18dd989f8fedda8ebc
d3e3353e7a3da786e2a1342ca13407fd432e3398
6754cc7b30008e41d53b0ebfb6b52a0c59712348880d235a77a07c3af02d9886
GET /template/company/duote-xiazai/css/news.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-16fd"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/message.css
154.218.151.71200 OK 1.6 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/message.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 90d699f8127fe2e7210c0f31f0b90bb0
245191b7026614b76c7234e8e82724d463d4adf1
50d4eaf1d089edb739f43068f78330d22700b47f9ea8acb14fa5606637aeaf23
GET /template/company/duote-xiazai/css/message.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-17a8"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
154.218.151.71200 OK 353 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 6fc35ccb15b461bc6b549a85ea398894
21581ad4fc3db4acc99bb2fb4ed2fde1dfa50049
8d88f6d1d76a2cf300e9378742dc29f48060c9747cfdeb6b05050cf25cc5ebfb
GET /template/company/duote-xiazai/css/scrollbar.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Content-Length: 353
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Connection: keep-alive
ETag: "63676e6e-161"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
154.218.151.71200 OK 37 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d4e282e0e1e69d378568eac0d45bfd24
8b62528373788e473676aa025a72aae45ec17d01
b5bbdf5ae69bfc2b39919ac018f41b27efac22f98ab92848db65022eb03dfd12
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/jquery.min.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-16f44"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
154.218.151.71404 Not Found 146 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/company/duote-xiazai/css/scrollStyle.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
12732.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
154.218.151.71200 OK 8.9 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (29165), with CRLF line terminators
Hash fd0bdc561b4f37fa8e4539d86c5fd0e4
663b932af8ef82dff4cfeb56351bd32853e54804
98161b22bc6e6613ecf1c230ff9664ba032c3abfe8d6a4079263f9daeb1829db
GET /template/company/duote-xiazai/css/jquery-ui.min.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-7d6e"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
154.218.151.71200 OK 799 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash ac93d373f5090fbc3e8a7152aab7170d
160c0bc3072bccced250979b7999ae060941eb06
e15e1cefcdcd40db68eecbd7a02af32a8a97e5749791b07b434f8454408c1570
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/duotecommon_top.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-a0b"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/css/global.css
154.218.151.71200 OK 7.6 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/global.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (710)
Hash b2502d4c36bc519e47bce519ffb3a295
d252dd5c34dbd231f5c120d8f45ded16e0aa3f4c
10bec4c97bde3cac4a43e4d86604e1ff2c54926ec350419e404435f0616d1a1a
GET /template/company/duote-xiazai/css/global.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6b-935f"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 08:22:16 GMT
Ali-Swift-Global-Savetime: 1675498936
Via: cache3.l2de2[5,5,200-0,M], cache3.l2de2[6,0], cache8.se1[27,27,200-0,M], cache8.se1[29,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 08:22:16 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9c16754989366863176e
12732.url.tudown.com/template/company/duote-xiazai/css/index.css
154.218.151.71200 OK 3.6 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/css/index.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash fbfd831dee308c5094076e0b4022a222
fa69c04bf3f0c911d2b1697717e05706362f0c57
ab5a9d33745256917eb22abecd3d8ed4790e612720f2a743206d00b85aa5ff4f
GET /template/company/duote-xiazai/css/index.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6c-42b3"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17026
Expires: Sat, 04 Feb 2023 13:06:02 GMT
Date: Sat, 04 Feb 2023 08:22:16 GMT
Connection: keep-alive
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 08:22:16 GMT
Ali-Swift-Global-Savetime: 1675498936
Via: cache15.l2de2[188,188,200-0,M], cache15.l2de2[189,0], cache8.se1[211,210,200-0,M], cache8.se1[212,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 08:22:16 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9c16754989366863174e
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 08:22:16 GMT
Ali-Swift-Global-Savetime: 1675498936
Via: cache4.l2de2[194,193,200-0,M], cache4.l2de2[195,0], cache4.se1[216,215,200-0,M], cache4.se1[218,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 08:22:16 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9816754989366886976e
bdcode.2345.com/source/g/common/by/ht_jy_qx.js
42.81.8.130200 OK 2.2 kB URL HTTP/1.1 bdcode.2345.com/source/g/common/by/ht_jy_qx.js
IP 42.81.8.130:0
File type ASCII text, with very long lines (5410), with no line terminators
Hash d7db82729d06ef72724418fc0598ca0b
c5e606a55739aa52bebf060872542b28e40d9c2e
778d3c67f80d6ddd88e2ae455ca8b2608c909dfe49170a8aaf93c1ff1fc650de
Analyzer Verdict Alert fortinet Malware
GET /source/g/common/by/ht_jy_qx.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2207
Connection: keep-alive
Cache-Control: max-age=14400
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 12:22:16 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c2033238904a37e5-143
Server: yunjiasu
bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
42.81.8.130200 OK 2.2 kB URL HTTP/1.1 bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
IP 42.81.8.130:0
File type ASCII text, with very long lines (5409), with no line terminators
Hash d19bdae2e7e260cf8d073f646b1327b1
f11ad6bbb5854b91f30ae1d1d9e40b0735648a49
db04653da94f0ab49ba4af223faa764d36bdd60a1aa1dcb1fc773512d100bce5
Analyzer Verdict Alert fortinet Malware
GET /common/xsoa-r/openjs/pu/ao.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2200
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:22:16 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c2033238dacb37e4-143
Server: yunjiasu
12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
154.218.151.71200 OK 741 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (1844)
Hash 64d8d6bbbe2129e883c5af163b76600d
5c0f7df223f7f0ca25cc5c8247ae8b8f0cae4805
66f01728ee43d433d4fd4c0409354667cc543ae51cd362376d3f053da321369b
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/super_slider.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-763"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/js/index.js
154.218.151.71200 OK 2.3 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/index.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (8638)
Hash a1f3815ea981db7480ca3c4d5d54aac6
f3961cccb17dc2190e2a8c249d936d0b1185fd7e
7adb4d2ea2856125d829deeabfc70e92f87a5e50f84187ed8d570b810c807d6f
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/index.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e97-223b"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
154.218.151.71200 OK 1.4 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 33db5499343abb12f6c7d980cfdf5af0
ca9f7d2be1dd0f229f709b2effd22d57413fc7d4
3ca1208b56597372cccafd9817375f08e7e85ab84b310cb882ff8a76bac1c388
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/soft_comment.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-f1c"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
154.218.151.71200 OK 577 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d2fd0ff89c3e773f8cfb6e5e57ae2909
537114b9b969f30770ba619a17d217bb69efb759
9665a3c5c2aa7e032819815b24dccc0dd5fbfbbef8876d7d42dfe2751e06d8f7
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/clickdown_stat_ajax.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-57a"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 08:22:16 GMT
Ali-Swift-Global-Savetime: 1675498937
Via: cache6.l2de2[316,315,200-0,M], cache6.l2de2[318,0], cache5.se1[338,338,200-0,M], cache5.se1[339,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 08:22:17 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9916754989366871233e
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4326
Expires: Sat, 04 Feb 2023 09:34:23 GMT
Date: Sat, 04 Feb 2023 08:22:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4326
Expires: Sat, 04 Feb 2023 09:34:23 GMT
Date: Sat, 04 Feb 2023 08:22:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4326
Expires: Sat, 04 Feb 2023 09:34:23 GMT
Date: Sat, 04 Feb 2023 08:22:17 GMT
Connection: keep-alive
12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js
154.218.151.71200 OK 592 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 232fd4a41f68cb95c02a365b6aca84e9
4d17747184f32abc1b922759c510bdbab4eccedd
0d50c1f4db8f330ef99775e40dadb29b531eb33314540560567b1f2623d4885e
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/new_global.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9d-685"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/images/stars.png
154.218.151.71200 OK 409 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/stars.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/stars.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/global.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:35 GMT
Connection: keep-alive
ETag: "63676e8f-199"
Accept-Ranges: bytes
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:30:47 GMT
age: 28290
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: 6a8c6487-6069-47d1-afa1-648626f85439
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyDqqGg5oAMFV-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd7fdd-0a772cde1e6fba6d7da97435;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:42:53 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: CHWhIpyzhoPtMUplzh1430Q9FfCM1wkTc_hQsgQk6InM9tYBPGYnNg==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:44 GMT
age: 36993
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 06:20:04 GMT
age: 7333
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: aKr85ooofBPeKkeJIDO5W_X5Rn6xnJlRHmVrs8tgBMYe3HQhobsm3w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:56:07 GMT
age: 37570
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f926cd4f39b1a10b152e5959b28ae29e
2b1982d21321071394e363888e007598e968fb35
a51b246a9aa5a2583cae7fd4f0a3bdf73f0b318b7838828d36ea5674a5f26753
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13309
x-amzn-requestid: f6a3f0f3-d91b-4f4d-8265-0f87742ba5d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFeBFX4oAMFfpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd82bf-5808ceec265756c702d212dc;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:55:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WWjzs8W8GmSAM0-Uc8XBTxz67RJJCIzp3fBYhkoIWZ26UrobmZV8mw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:14:12 GMT
etag: "2b1982d21321071394e363888e007598e968fb35"
content-type: image/jpeg
age: 36485
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jBxNmhfAeUgxg8w4XpQHZ1QoN9GatdUV7V7r2tHd7YePJYPHpesd2Q==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:05:21 GMT
age: 37016
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.2345.com/js/index/activity/20171111/widget.min.js
47.246.44.206301 Moved Permanently 262 B URL HTTP/1.1 www.2345.com/js/index/activity/20171111/widget.min.js
IP 47.246.44.206:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 72fa0fca20c82853e6dbbc1f13c78100
4e9b01e3ad0b56c9409bb02e5700430792fecacd
4555de589ff9b307e20c708d6f112bc47bb377df29ff0a5914f8fb0932926887
GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: text/html
Content-Length: 262
Connection: keep-alive
Location: https://www.2345.com/js/index/activity/20171111/widget.min.js
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Via: cache8.se1[,0]
Timing-Allow-Origin: *
EagleId: 2ff62c9c16754989371663714e
img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
180.101.198.208200 OK 895 B URL HTTP/2 img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Hash f8f676d38231dad63dfc1144b4739051
978c21f9675780eb755412efc1ddc8fe098c5d7f
2ab62b8459e616fbc36456facba7af14984e90a3a5522a317d46cdb6f133f871
GET /duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/x-javascript
content-length: 895
date: Tue, 03 Jan 2023 08:39:42 GMT
x-oss-request-id: 63B3E9CEF01BDA30320260CE
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "4C7F46FF62D37B2CC7456F8F9EB96611"
last-modified: Thu, 10 Sep 2020 02:00:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13670043018340852857
x-oss-storage-class: Standard
x-oss-meta-mode: 33188
x-oss-meta-mtime: 1599017058
x-oss-expiration: expiry-date="Fri, 11 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
vary: Accept-Encoding
content-md5: TH9G/2LTeyzHRW+PnrlmEQ==
x-oss-server-time: 22
content-encoding: gzip
ali-swift-global-savetime: 1672735182
via: cache7.l2cn3055[0,19,200-0,H], cache51.l2cn3055[23,0], vcache27.cn4732[0,2,200-0,H], vcache6.cn4732[4,0]
age: 2763755
x-cache: HIT TCP_HIT dirn:9:20475925
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 12980011
timing-allow-origin: *
eagleid: b465c61a16754989370502882e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/2.gif
180.101.198.208200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/2.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash daaa6d71e871eec644788b703b718bd8
8fadc0f0070931b2f807159e87b82bc2269b467a
6d31802a2485e9ff603aa0ec2528c96590e9d4c5ac8961ddf8a9c3fe3bb5c0b8
GET /duoteimg/zhuanti/comment/images/2.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1668
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3EE37C83934296313
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "DAAA6D71E871EEC644788B703B718BD8"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17840225992830112301
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 2qptcehx7sZEeItwO3GL2A==
x-oss-server-time: 101
ali-swift-global-savetime: 1675307171
via: cache51.l2cn3055[128,127,200-0,M], cache71.l2cn3055[129,0], vcache3.cn4732[0,0,200-0,H], vcache6.cn4732[3,0]
age: 191766
x-cache: HIT TCP_HIT dirn:11:35063887
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370542886e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/4.gif
180.101.198.208200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/4.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 9429cb260cbf87e528d14cf6baaf2b5b
eb067540c3b93c515efbc46b5a1cb4c7bcb16ff7
4cce9443159a3c082fbf59610efbf5ef9b92d5422bce4bbe8ef43d1bcc8d0475
GET /duoteimg/zhuanti/comment/images/4.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1706
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3DFFFCE35347F52A3
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "9429CB260CBF87E528D14CF6BAAF2B5B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 875222251737355829
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: lCnLJgy/h+Uo0Uz2uq8rWw==
x-oss-server-time: 88
ali-swift-global-savetime: 1675307171
via: cache5.l2cn3055[137,136,200-0,M], cache34.l2cn3055[138,0], vcache5.cn4732[0,0,200-0,H], vcache6.cn4732[2,0]
age: 191766
x-cache: HIT TCP_HIT dirn:9:233318430
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370552888e
X-Firefox-Spdy: h2
12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
154.218.151.71200 OK 63 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with no line terminators
Hash 827609f4f6b6dbef37e7bbb2c6cb8535
09929f83133df43c4ec28623065e3af7647a1f11
f7f82084b7a593e189a56487ea3179a61e6d8c93ec6ffdfada18e8c5e8863375
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/keyword_new.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: application/javascript
Content-Length: 63
Last-Modified: Sun, 06 Nov 2022 08:21:47 GMT
Connection: keep-alive
ETag: "63676e9b-3f"
Expires: Sat, 04 Feb 2023 20:22:17 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 2d1a15af936b883451dbf3d75568f863
fc4961b5f0041dc198464c6dda01183cb07ef0ae
b85ef4c0fe7a48d851368152ecd1cf3f17611ed52c2a11936e5d3ae01d932e9d
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:50:17 GMT
ETag: "fc4961b5f0041dc198464c6dda01183cb07ef0ae"
Last-Modified: Sat, 04 Feb 2023 04:50:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2303
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ff668ab3b506-OSL
12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
154.218.151.71200 OK 738 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (1755)
Hash 941e223b206b2f389ba88e5c62146e05
1ea47333441413a3afd2fbc6e335810513cd3b5f
c0034343dbd842fc5ba9dfae6be7145ec000eb017fc0ca9a7fd6e245811df660
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/scrollbar.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9e-707"
Expires: Sat, 04 Feb 2023 20:22:17 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 08:04:31 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=592963,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941e55dd96a6937-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675497871
via: cache2.l2de2[30,29,304-0,M], cache14.l2de2[31,0], cache3.se1[0,0,200-0,H], cache5.se1[1,0], cache2.se1[2,0]
age: 1066
x-cache: HIT TCP_MEM_HIT dirn:2:202814286
x-swift-savetime: Sat, 04 Feb 2023 08:04:31 GMT
x-swift-cachetime: 1800
timing-allow-origin: *, *
eagleid: 2ff62c9616754989373872500e, 2ff62c9616754989373872500e
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 08:04:31 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=592963,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941e55dd96a6937-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675497871
via: cache2.l2de2[0,0,304-0,H], cache19.l2de2[1,0], cache5.se1[20,19,200-0,C], cache5.se1[21,0], cache4.se1[24,0]
age: 1066
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 08:22:17 GMT
x-swift-cachetime: 734
timing-allow-origin: *, *
eagleid: 2ff62c9816754989373887579e, 2ff62c9816754989373887579e
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 08:04:31 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=592963,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941e55dd96a6937-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675497871
via: cache2.l2de2[0,0,304-0,H], cache19.l2de2[1,0], cache5.se1[20,20,200-0,H], cache5.se1[22,0], cache1.se1[24,0]
age: 1066
x-cache: HIT TCP_REFRESH_HIT dirn:1:202927463
x-swift-savetime: Sat, 04 Feb 2023 08:22:17 GMT
x-swift-cachetime: 734
timing-allow-origin: *, *
eagleid: 2ff62c9516754989373876764e, 2ff62c9516754989373876764e
img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
180.101.198.208200 OK 2.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash a7bff4f63a973a68e2d98ee780d9e29e
4c87d92faf82347bb122c2ad0e74e166aec5c567
18e82892f579e1f63d003f7e8404754b775542d72ea2d677f61d8ed3c7dfd21c
GET /duoteimg/zhuanti/comment/images/5.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2768
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3F1D5B233305BE7E5
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "A7BFF4F63A973A68E2D98EE780D9E29E"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 11302870927342222426
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: p7/09jqXOmji2Y7ngNning==
x-oss-server-time: 127
ali-swift-global-savetime: 1675307171
via: cache51.l2cn3055[157,156,200-0,M], cache47.l2cn3055[159,0], vcache1.cn4732[0,0,200-0,H], vcache6.cn4732[1,0]
age: 191766
x-cache: HIT TCP_HIT dirn:10:284702017
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370562890e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
180.101.198.208200 OK 3.5 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash eb575dd556470ae55acfa8350f63f3ab
5ded8852598c3cb4ff9130d24b1b7b03c558d14e
0be355d4a20f70a41fef403a817d2d27a1c5122fa1b58ef04dc884fb9a12ed7a
GET /duoteimg/zhuanti/comment/images/6.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3468
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3C428EB3630F276FE
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "EB575DD556470AE55ACFA8350F63F3AB"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17858666986198953545
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 61dd1VZHCuVaz6g1D2Pzqw==
x-oss-server-time: 117
ali-swift-global-savetime: 1675307171
via: cache12.l2cn3055[156,156,200-0,M], cache36.l2cn3055[158,0], vcache7.cn4732[0,0,200-0,H], vcache6.cn4732[2,0]
age: 191766
x-cache: HIT TCP_HIT dirn:9:53898126
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370562891e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
180.101.198.208200 OK 1.5 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 56bd697fdac1de3dbe8d4dd53e309a9b
215d4fead2dbf7bf6aeea1136749675cc5034f9e
7acdc1e69fd8d2c578ccf122054b7dab5a58a59caa255cd5585d45956136f4a3
GET /duoteimg/zhuanti/comment/images/7.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1495
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3E3631F36348B9DE4
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "56BD697FDAC1DE3DBE8D4DD53E309A9B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6398064933782332215
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Vr1pf9rB3j2+jU3VPjCamw==
x-oss-server-time: 88
ali-swift-global-savetime: 1675307171
via: cache25.l2cn3055[109,109,200-0,M], cache76.l2cn3055[111,0], vcache25.cn4732[0,0,200-0,H], vcache6.cn4732[2,0]
age: 191766
x-cache: HIT TCP_HIT dirn:11:237709296
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370562893e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/1.gif
180.101.198.208200 OK 1.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/1.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 26df8be954a888cd2b29429bcc7d91de
2fa6246adde0616962ed672907c5da94893ce35e
9c73781c61d66f4af9043f08da67a47653fe9662e0aabd4cfa133cfbe55eaa76
GET /duoteimg/zhuanti/comment/images/1.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1771
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3AEF36B303982E532
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "26DF8BE954A888CD2B29429BCC7D91DE"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7119512290700278717
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Jt+L6VSoiM0rKUKbzH2R3g==
x-oss-server-time: 72
ali-swift-global-savetime: 1675307171
via: cache12.l2cn3055[131,130,200-0,M], cache52.l2cn3055[132,0], vcache16.cn4732[0,10,200-0,H], vcache6.cn4732[12,0]
age: 191766
x-cache: HIT TCP_HIT dirn:9:360338099
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370572894e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/3.gif
180.101.198.208200 OK 3.0 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/3.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 2ea694cf637a163c094f4e88ae235ec7
8c80f708bc2b9ade2838743d1ec2f779662054e4
8824766f185db8f093dabd01f47636740f26f1a0340b8ed170e4268f36488a44
GET /duoteimg/zhuanti/comment/images/3.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3011
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A39A01B13931D7DCBD
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "2EA694CF637A163C094F4E88AE235EC7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8455495457239003797
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: LqaUz2N6FjwJT06IriNexw==
x-oss-server-time: 156
ali-swift-global-savetime: 1675307171
via: cache63.l2cn3055[195,194,200-0,M], cache28.l2cn3055[196,0], vcache25.cn4732[0,20,200-0,H], vcache6.cn4732[21,0]
age: 191766
x-cache: HIT TCP_HIT dirn:9:14742749
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989370552887e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/8.gif
180.101.198.208200 OK 1.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/8.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 15c10a442a7bd8384cd17ed420cf21e9
477ba29d0b04ec0a2950d715b58abe2db4d68cdd
153b9c74c5a92e7ec480365537cd43c9973840f3b6c72dad3032f5aeb0a4d30e
GET /duoteimg/zhuanti/comment/images/8.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1788
date: Wed, 04 Jan 2023 12:19:30 GMT
x-oss-request-id: 63B56ED2565BBE303154AA8D
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "15C10A442A7BD8384CD17ED420CF21E9"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10105978504471775518
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: FcEKRCp72DhM0X7UIM8h6Q==
x-oss-server-time: 68
ali-swift-global-savetime: 1672834770
via: cache16.l2cn3055[0,0,200-0,H], cache43.l2cn3055[1,0], vcache26.cn4732[0,0,200-0,H], vcache6.cn4732[3,0]
age: 2664167
x-cache: HIT TCP_HIT dirn:9:299037609
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 13079599
timing-allow-origin: *
eagleid: b465c61a16754989373213245e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
180.101.198.208200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 52c2ef213baaff54c731557b999a0bf7
804e7ac80e4255b27247350265bbc92ce8d075bb
6bc6cc4739fbf0b9257b84549097c06651f82bcb2edef386710f4bb88e5b1676
GET /duoteimg/zhuanti/comment/images/9.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1733
date: Tue, 03 Jan 2023 11:51:50 GMT
x-oss-request-id: 63B416D62B654B3335D3555D
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "52C2EF213BAAFF54C731557B999A0BF7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7207152638915174298
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: UsLvITuq/1THMVV7mZoL9w==
x-oss-server-time: 135
ali-swift-global-savetime: 1672746710
via: cache4.l2cn3055[0,0,200-0,H], cache34.l2cn3055[1,0], vcache5.cn4732[0,0,200-0,H], vcache6.cn4732[3,0]
age: 2752227
x-cache: HIT TCP_HIT dirn:9:233693268
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 12991539
timing-allow-origin: *
eagleid: b465c61a16754989373213246e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
180.101.198.208200 OK 2.1 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 8535863eee1ae5dfffa4f25a79cffa10
ae60588f804b611794c725429927f1a37c31a6e5
13fd5ae010e7d97dc637a2ec0537a28a8d74dac1f1480fa87279ae226e13e535
GET /duoteimg/zhuanti/comment/images/10.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2105
date: Tue, 03 Jan 2023 14:51:52 GMT
x-oss-request-id: 63B44108DA57CC3430E71280
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8535863EEE1AE5DFFFA4F25A79CFFA10"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 720901678692586227
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: hTWGPu4a5d//pPJaec/6EA==
x-oss-server-time: 80
ali-swift-global-savetime: 1672757512
via: cache79.l2cn3055[0,0,200-0,H], cache51.l2cn3055[2,0], vcache18.cn4732[0,0,200-0,H], vcache6.cn4732[3,0]
age: 2741425
x-cache: HIT TCP_HIT dirn:10:213188726
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 13002341
timing-allow-origin: *
eagleid: b465c61a16754989373213250e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/11.gif
180.101.198.208200 OK 7.0 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/11.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 0dfec8a688ee97162d852f42a0fa2a23
a6bc13493b4f2471b72b9d9e8474a9889ad2f4cb
bfef5124ff15cc50ba2eb8e6c605541b642bb5c8c18a4c618ed248522f8d44e0
GET /duoteimg/zhuanti/comment/images/11.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 6979
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3EEC7423138E2BAB0
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "0DFEC8A688EE97162D852F42A0FA2A23"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5501157311881781066
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Df7IpojulxYthS9CoPoqIw==
x-oss-server-time: 166
ali-swift-global-savetime: 1675307171
via: cache60.l2cn3055[198,198,200-0,M], cache67.l2cn3055[199,0], vcache27.cn4732[0,0,200-0,H], vcache6.cn4732[4,0]
age: 191766
x-cache: HIT TCP_HIT dirn:10:25434270
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989373213252e
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/7141.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/7141.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/7141.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=789363319,708748853&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
154.218.151.71200 OK 80 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (32074), with CRLF line terminators
Hash e81ec1034a64ade1aa8b290326108e91
67aa74b0a4d0039f59acacca2ee6eee5ebaa312e
825cd708c0562c4b038d007351af36e0c4b34a32c0a1e8fd5852206417cbf94e
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/jquery-ui.min.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:16 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-3def1"
Expires: Sat, 04 Feb 2023 20:22:16 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12732.url.tudown.com/uploads/images/logo.png?n=4s5lhznxt3s3raxjusiotjno46xkdz4qq3syrnxjqcqolduc&w=250
154.218.151.71200 OK 3.5 kB URL HTTP/1.1 12732.url.tudown.com/uploads/images/logo.png?n=4s5lhznxt3s3raxjusiotjno46xkdz4qq3syrnxjqcqolduc&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 5bd398e884eb29fa286d97d44052760f
c4c02d36c85181ee3fe926e780cef62eda41394f
9e77b68e1646a5fa8bba77da8c7167685e16b1401b2cbbc441add22cd02bf8b0
GET /uploads/images/logo.png?n=4s5lhznxt3s3raxjusiotjno46xkdz4qq3syrnxjqcqolduc&w=250 HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
12732.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
154.218.151.71200 OK 409 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/soft-down.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:32 GMT
Connection: keep-alive
ETag: "63676e8c-199"
Accept-Ranges: bytes
12732.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
154.218.151.71200 OK 409 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/softfastdownbtn.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:33 GMT
Connection: keep-alive
ETag: "63676e8d-199"
Accept-Ranges: bytes
12732.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
154.218.151.71200 OK 1.2 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash cc3e19fad8a144bf1e7bf400678f99cb
6ac3ec9a26fdec416640a98d24564ddee9886999
1725f9122ad4ec5075cd0967aef3ef5aff312d90e17a33b854d71434f7cbba4c
GET /template/company/duote-xiazai/images/icon-sprites.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 1160
Last-Modified: Sun, 06 Nov 2022 08:21:18 GMT
Connection: keep-alive
ETag: "63676e7e-488"
Accept-Ranges: bytes
union2.50bang.org/js/duoteall
180.101.190.124200 OK 370 B URL HTTP/1.1 union2.50bang.org/js/duoteall
IP 180.101.190.124:0
ASN #138950 Jiangsu Wuxi International IDC network
File type ASCII text, with very long lines (370), with no line terminators
Hash 79fe6d815588e18cda76929ca908545a
3542b5465113d14f8c20c4f20ca58e17205b7c88
82af38435cf6714f9a436a479f60d776fe4ca03a6ff536fd056719b820e81567
GET /js/duoteall HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Length: 370
img4.duote.com/duoteimg/js/front_ad.js
180.101.198.208200 OK 0 B URL HTTP/2 img4.duote.com/duoteimg/js/front_ad.js
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /duoteimg/js/front_ad.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 0
date: Mon, 30 Jan 2023 14:45:14 GMT
x-oss-request-id: 63D7D7FA375B533033D1ED45
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D41D8CD98F00B204E9800998ECF8427E"
last-modified: Wed, 02 Sep 2020 01:55:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 0
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 03 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 1B2M2Y8AsgTpgAmY7PhCfg==
ali-swift-global-savetime: 1675089914
via: cache29.l2cn2641[0,0,200-0,H], cache20.l2cn2641[1,0], vcache2.cn4732[0,0,200-0,H], vcache6.cn4732[4,0]
age: 409023
x-cache: HIT TCP_HIT dirn:11:22325687
x-swift-savetime: Fri, 03 Feb 2023 10:18:49 GMT
x-swift-cachetime: 15222385
timing-allow-origin: *
eagleid: b465c61a16754989373213258e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/12.gif
180.101.198.208200 OK 2.6 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/12.gif
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type GIF image data, version 89a, 24 x 24\012- data
Hash 74dc1aa4f1e4f7219da7ad597c91b8e7
bfda85aaa1fd81b79b792ee83cd448cd2cde5005
733f3dc6aa38aaad278d72cbef942326c77b0f872727e5971cc8fb9b3b683efe
GET /duoteimg/zhuanti/comment/images/12.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2575
date: Tue, 03 Jan 2023 14:51:52 GMT
x-oss-request-id: 63B44108E8761339321255DD
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "74DC1AA4F1E4F7219DA7AD597C91B8E7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17001896356624891276
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: dNwapPHk9yGdp61ZfJG45w==
x-oss-server-time: 66
ali-swift-global-savetime: 1672757512
via: cache35.l2cn3055[0,0,200-0,H], cache31.l2cn3055[1,0], vcache9.cn4732[0,0,200-0,H], vcache6.cn4732[4,0]
age: 2741425
x-cache: HIT TCP_HIT dirn:9:354643125
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 13002341
timing-allow-origin: *
eagleid: b465c61a16754989373213254e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
180.101.198.208200 OK 361 B URL HTTP/2 img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type HTML document text\012- HTML document, ASCII text, with very long lines (361), with no line terminators
Hash d7877f2308efe72c7913b65816859daa
755606b601ae85ebcbf0dd47660fb028d1bf30d7
3af5e226f01cd0faf44433ba44517cc6b0fe9596de061a613c8d719227cc2c1a
GET /duoteimg/dtnew_recom_img/duoteself/softdown_1.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 361
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3BDCDCF3936A08917
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D7877F2308EFE72C7913B65816859DAA"
last-modified: Wed, 04 Jan 2023 09:53:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13587884656729146177
x-oss-storage-class: Standard
x-oss-meta-mtime: 1672826010
x-oss-expiration: expiry-date="Thu, 05 Jan 2023 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVxiBgMCnu.bwqxgiIGMwYmRlOGE3NDQ3MjQxYmY4Y2NiYWYyOWExMzU2Zjdi
content-md5: 14d/Iwjv5yx5E7ZYFoWdqg==
x-oss-server-time: 43
ali-swift-global-savetime: 1675307171
via: cache36.l2cn3055[57,57,200-0,M], cache30.l2cn3055[58,0], vcache5.cn4732[0,0,200-0,H], vcache6.cn4732[4,0]
age: 191766
x-cache: HIT TCP_HIT dirn:9:196091996
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c61a16754989373213260e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/js/baidu_js_push.js
180.101.198.208200 OK 359 B URL HTTP/2 img4.duote.com/duoteimg/js/baidu_js_push.js
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type ASCII text, with CRLF line terminators
Hash f63ef5e096ef52af0cb95b8d2f3fda32
8d6dcc307c816618f7b26e1482d16d447f382e51
e0679eaf3f94f9353f167a1ebe1a8424c61631cc9be2d5a5445ba35e77f58932
GET /duoteimg/js/baidu_js_push.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 359
date: Tue, 03 Jan 2023 12:52:52 GMT
x-oss-request-id: 63B42524A2FF263437FD44EA
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "F63EF5E096EF52AF0CB95B8D2F3FDA32"
last-modified: Tue, 21 Jun 2022 08:41:11 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2603761381065918884
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Wed, 22 Jun 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQUxiBgID4uNiVjBgiIDdjODgyMTExYzA2OTQ5NmU4NjMxZTI4MDZmMTc2NGEx
content-md5: 9j714JbvUq8MuVuNLz/aMg==
x-oss-server-time: 6
ali-swift-global-savetime: 1672750372
via: cache41.l2cn3055[0,0,200-0,H], cache65.l2cn3055[1,0], vcache24.cn4732[0,0,200-0,H], vcache6.cn4732[1,0]
age: 2748565
x-cache: HIT TCP_HIT dirn:9:136430831
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 12995201
timing-allow-origin: *
eagleid: b465c61a16754989373503301e
X-Firefox-Spdy: h2
12732.url.tudown.com/template/company/duote-xiazai/images/like.png
154.218.151.71200 OK 409 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/like.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/like.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:22 GMT
Connection: keep-alive
ETag: "63676e82-199"
Accept-Ranges: bytes
12732.url.tudown.com/template/company/duote-xiazai/images/dislike.png
154.218.151.71200 OK 295 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/dislike.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash a23e4dc6044953a149d0eb87aa9df5a4
48ab906d07b8d3265c0de7255d41d5352df29b9d
0342c264fcaac6c9fb4c0ea801d56145043dcd37613bddc633a6333c783eb2b9
GET /template/company/duote-xiazai/images/dislike.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 295
Last-Modified: Sun, 06 Nov 2022 08:21:09 GMT
Connection: keep-alive
ETag: "63676e75-127"
Accept-Ranges: bytes
s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
180.97.251.250200 OK 20 B URL HTTP/2 s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
IP 180.97.251.250:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /z_stat.php?id=1277770517&web_id=1277770517 HTTP/1.1
Host: s5.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 07:36:54 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 07:36:54 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675496214
via: cache6.l2ea120-8[51,50,200-0,M], cache24.l2ea120-8[52,0], cache9.cn2205[0,0,200-0,H], cache8.cn2205[2,0]
age: 2723
x-cache: HIT TCP_MEM_HIT dirn:12:763376962
x-swift-savetime: Sat, 04 Feb 2023 07:36:54 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb1c16754989377262034e
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/87240.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/87240.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/87240.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=669373584,1842169601&fm=253&app=120&f=JPEG?w=1280&h=800
12732.url.tudown.com/uploads/images/823865.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/823865.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/823865.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2355861806,4060656560&fm=253&fmt=auto&app=138&f=JPEG?w=78&h=236
12732.url.tudown.com/uploads/images/429763.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/429763.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/429763.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=606438239,3425156179&fm=224&app=112&f=JPEG?w=500&h=500
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
180.101.199.215404 Not Found 146 B URL HTTP/2 img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP 180.101.199.215:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 08:22:17 GMT
ali-swift-global-savetime: 1675498937
via: cache48.l2cn3037[21,20,404-1280,M], cache13.l2cn3037[21,0], cache13.l2cn3037[22,0], vcache19.cn4733[24,23,404-1280,M], vcache28.cn4733[25,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 08:22:17 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: b465c73016754989375762209e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
180.101.198.208200 OK 1.0 kB URL HTTP/2 img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
IP 180.101.198.208:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Hash 8c6a6de562181b71d2867e2711f31df9
6e3aed7b36431b15293f6a3a1c66567a6fec5334
f65233dc7f87033f78a736238467c78ce1973af259b67f932c285a0f180174ee
GET /duoteimg/dtnew_assets/pc/js/soft/auto_complete.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 1015
date: Wed, 19 Oct 2022 03:08:25 GMT
vary: Accept-Encoding
x-oss-request-id: 634F6A297AA92E33352FF6B9
x-oss-cdn-auth: success
last-modified: Wed, 19 Oct 2022 02:15:25 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3181168464323094172
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 20 Oct 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVRiBgICaq4y4nxgiIDJjNjljMDkwMWY0MjQ4N2JhZTA2NmEwOWJkZmNhMWYx
content-md5: 5qfmF/GrELbus726BAkyLQ==
x-oss-server-time: 29
content-encoding: gzip
ali-swift-global-savetime: 1666148905
via: cache25.l2cn3047[0,0,200-0,H], cache49.l2cn3047[1,0], vcache10.cn4732[0,0,200-0,H], vcache6.cn4732[2,0]
age: 9350032
x-cache: HIT TCP_HIT dirn:11:361348434
x-swift-savetime: Wed, 19 Oct 2022 04:31:53 GMT
x-swift-cachetime: 15546992
timing-allow-origin: *
eagleid: b465c61a16754989378273982e
X-Firefox-Spdy: h2
12732.url.tudown.com/common/ipnotice/
154.218.151.71200 OK 17 kB URL HTTP/1.1 12732.url.tudown.com/common/ipnotice/
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 6948d9672729c7412d773968d62b07c0
1404694676e02143d906bbb276482a7c610e179f
5a96cdee350894228e56ebef1c3efc91157ba0dbec4f053ffe43bcf2225723aa
Analyzer Verdict Alert fortinet Malware
GET /common/ipnotice/ HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
12732.url.tudown.com/template/company/duote-xiazai/images/right.png
154.218.151.71200 OK 409 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/right.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/right.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:30 GMT
Connection: keep-alive
ETag: "63676e8a-199"
Accept-Ranges: bytes
12732.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
154.218.151.71200 OK 1.3 kB URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 178 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 7e22e63af128066b4d249bec71934fa7
09313b9c9717d049883d7c82b3b87f1a4af28408
ea827b6f53f2f091eb1a9ab83c5f53c5f4215e5a14721037af0b50dc47ffe5b0
GET /template/company/duote-xiazai/images/newbtnbg.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 1308
Last-Modified: Sun, 06 Nov 2022 08:21:23 GMT
Connection: keep-alive
ETag: "63676e83-51c"
Accept-Ranges: bytes
12732.url.tudown.com/template/company/duote-xiazai/images/left.png
154.218.151.71200 OK 409 B URL HTTP/1.1 12732.url.tudown.com/template/company/duote-xiazai/images/left.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/left.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:20 GMT
Connection: keep-alive
ETag: "63676e80-199"
Accept-Ranges: bytes
bdcode.2345.com/awycyrm.js
42.81.8.130200 OK 38 kB URL HTTP/1.1 bdcode.2345.com/awycyrm.js
IP 42.81.8.130:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 5fbb10e03d1f57d1cc8b11f6733f05e9
6c5795f7e16e68be43e5416cf63e509a6caa58b8
550493b918a5548592ae1a76018c938f3ff7e9f64fe5af1dfcf91839e7270bd8
Analyzer Verdict Alert fortinet Malware
GET /awycyrm.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:17 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 38255
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:22:17 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c2033242906437e5-143
Server: yunjiasu
12732.url.tudown.com/uploads/images/370469.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/370469.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/370469.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4011060722,843054821&fm=253&fmt=auto&app=138&f=GIF?w=552&h=368
12732.url.tudown.com/uploads/images/990981.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/990981.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/990981.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1642185003,63784084&fm=253&app=120&f=JPEG?w=1280&h=800
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
180.101.199.215404 Not Found 146 B URL HTTP/2 img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP 180.101.199.215:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 08:22:18 GMT
ali-swift-global-savetime: 1675498938
via: cache48.l2cn3037[20,20,404-1280,M], cache78.l2cn3037[22,0], cache78.l2cn3037[22,0], vcache19.cn4733[25,24,404-1280,M], vcache28.cn4733[28,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 08:22:18 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: b465c73016754989382463644e
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/138369.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/138369.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/138369.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3604242839,613879849&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/892355.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/892355.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/892355.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
12732.url.tudown.com/uploads/images/895577.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/895577.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/895577.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280
12732.url.tudown.com/uploads/images/48366.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/48366.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/48366.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3812374175,3831305008&fm=253&fmt=auto&app=138&f=JPEG?w=260&h=380
static.mediav.com/js/mvf_g2.js
104.192.110.245200 OK 9.0 kB URL HTTP/1.1 static.mediav.com/js/mvf_g2.js
IP 104.192.110.245:0
ASN #55992 Beijing Qihu Technology Company Limited
File type ASCII text, with very long lines (25539), with no line terminators
Hash 1baf9fc7116527b1a41307a6653030ca
f854953834e70e842d0d3fe6c8966ffb38e16744
d601207a5fa9a6b11008bc0a5a295c46ed62707d4a4b7b04a276eef33c3dcbd3
GET /js/mvf_g2.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:41 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 13:22:18 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc02.lato;EXPIRED from w-sc03.bjmd
12732.url.tudown.com/uploads/images/734077.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/734077.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/734077.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1741498888,4080828000&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/300711.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/300711.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/300711.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3381341551,3311585524&fm=253&fmt=auto&app=138&f=JPEG?w=630&h=223
static.mediav.com/js/mvf_pm_slider.js
104.192.110.245200 OK 40 kB URL HTTP/1.1 static.mediav.com/js/mvf_pm_slider.js
IP 104.192.110.245:0
ASN #55992 Beijing Qihu Technology Company Limited
File type ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash b23b60a7adefb62f50583079ed66f03b
965ea6506ea6c004b1135f23c10c67484fc0d238
987d03cb317bd411589ab916be6ea0e5aaabf8de0e94a2de7712beff577a62f8
GET /js/mvf_pm_slider.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:42 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 13:22:18 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc01.lato;HIT from w-sc02.lyct
www.2345.com/js/index/activity/20171111/widget.min.js
47.246.44.206200 OK 5.1 kB URL HTTP/2 www.2345.com/js/index/activity/20171111/widget.min.js
IP 47.246.44.206:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (19539), with no line terminators
Hash 0f3e4bc5daaab3a5eff5fdc6c278e694
42951b908e4730076d029e5ce9b96ec5418f52aa
c1dcac723d57116508517a76e21d18444f65101bb6f7dc896b0148f86b69dbbe
GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
strict-transport-security: max-age=5184000
date: Sat, 04 Feb 2023 08:22:17 GMT
last-modified: Wed, 06 Nov 2019 08:19:39 GMT
etag: W/"5dc2821b-4c53"
vary: Accept-Encoding, Accept-Encoding
expires: Tue, 22 Nov 2022 14:45:06 GMT
cache-control: max-age=600
ali-swift-global-savetime: 1675498937
via: cache1.l2de2[431,430,304-0,M], cache26.l2de2[431,0], cache8.se1[513,513,200-0,H], cache5.se1[515,0]
age: 0
x-cache: HIT TCP_REFRESH_HIT dirn:11:214559958
x-swift-savetime: Sat, 04 Feb 2023 08:22:17 GMT
x-swift-cachetime: 600
content-encoding: br
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
timing-allow-origin: *
eagleid: 2ff62c9916754989372461763e
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/454085.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/454085.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/454085.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4064744641,1826405714&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/249509.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/249509.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/249509.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=856904635,2460205970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
12732.url.tudown.com/uploads/images/808047.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/808047.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/808047.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3231943741,2348903165&fm=224&app=112&f=JPEG?w=500&h=500
union2.50bang.org/web/duoteall?uId2=VUTSSUXTQV&r=&fBL=1280*1024
180.101.190.124200 OK 0 B URL HTTP/1.1 union2.50bang.org/web/duoteall?uId2=VUTSSUXTQV&r=&fBL=1280*1024
IP 180.101.190.124:0
ASN #138950 Jiangsu Wuxi International IDC network
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/duoteall?uId2=VUTSSUXTQV&r=&fBL=1280*1024 HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: uidFlag=1; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uUid=BD7263DE15BA000DF06155DC0008; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTL=1; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTT=1675498938; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8
12732.url.tudown.com/uploads/images/644689.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/644689.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/644689.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400
12732.url.tudown.com/uploads/images/239804.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/239804.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/239804.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2274914024,3403176763&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=376
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash fd85c457807ba420192d9fdb1e3b2e76
1309191996088c5e1bce3f6d5ca5b8ea2ff489ad
7d1c4dba2f7a95c9ec75b4f5abeb2b9d66abc8650424b896152f4d27fd3b4a8c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 06:27:25 GMT
ETag: "1309191996088c5e1bce3f6d5ca5b8ea2ff489ad"
Last-Modified: Sat, 04 Feb 2023 06:27:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 626
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ff71cfbfb51b-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash fd85c457807ba420192d9fdb1e3b2e76
1309191996088c5e1bce3f6d5ca5b8ea2ff489ad
7d1c4dba2f7a95c9ec75b4f5abeb2b9d66abc8650424b896152f4d27fd3b4a8c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 06:27:25 GMT
ETag: "1309191996088c5e1bce3f6d5ca5b8ea2ff489ad"
Last-Modified: Sat, 04 Feb 2023 06:27:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 626
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ff71cb68b4f4-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash fd85c457807ba420192d9fdb1e3b2e76
1309191996088c5e1bce3f6d5ca5b8ea2ff489ad
7d1c4dba2f7a95c9ec75b4f5abeb2b9d66abc8650424b896152f4d27fd3b4a8c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 06:27:25 GMT
ETag: "1309191996088c5e1bce3f6d5ca5b8ea2ff489ad"
Last-Modified: Sat, 04 Feb 2023 06:27:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 626
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ff71cc72b500-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash fd85c457807ba420192d9fdb1e3b2e76
1309191996088c5e1bce3f6d5ca5b8ea2ff489ad
7d1c4dba2f7a95c9ec75b4f5abeb2b9d66abc8650424b896152f4d27fd3b4a8c
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 06:27:25 GMT
ETag: "1309191996088c5e1bce3f6d5ca5b8ea2ff489ad"
Last-Modified: Sat, 04 Feb 2023 06:27:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 626
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ff71ca9ab4ed-OSL
12732.url.tudown.com/uploads/images/812368.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/812368.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/812368.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2870645954,2169879125&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280
push.zhanzhang.baidu.com/push.js
182.61.201.93200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.201.93:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 08:22:19 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 08:22:19 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=2E2EFB0618EA0F26CAF7E3EAD836ED5E:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 08:22:19 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
12732.url.tudown.com/uploads/images/537399.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/537399.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/537399.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
12732.url.tudown.com/uploads/images/732225.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/732225.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/732225.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800
12732.url.tudown.com/uploads/images/350124.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/350124.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/350124.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=918570398,3600746276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash eceaa87d9a3316ee0dcad3fa5f444ee7
74afece1d64ad7c63136ffcd5d58ad1d15a764df
fb586a5f0f8968e29212268bb4bd746eae9cc20b4eda7fc41f1420482c74b3b9
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 08:22:19 GMT
last-modified: Thu, 02 Feb 2023 04:39:52 GMT
expires: Thu, 09 Feb 2023 04:39:51 GMT
etag: "74afece1d64ad7c63136ffcd5d58ad1d15a764df"
cache-control: max-age=442131,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb3
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 7941ff727c1ebbd9-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675498939
via: cache9.l2de2[30,29,304-0,M], cache23.l2de2[32,0], cache8.se1[113,113,200-0,H], cache5.se1[116,0], cache2.se1[117,0]
age: 0
x-cache: HIT TCP_REFRESH_HIT dirn:11:214561354
x-swift-savetime: Sat, 04 Feb 2023 08:22:19 GMT
x-swift-cachetime: 1800
timing-allow-origin: *, *
eagleid: 2ff62c9616754989391724278e, 2ff62c9616754989391724278e
img2.baidu.com/it/u=669373584,1842169601&fm=253&app=120&f=JPEG?w=1280&h=800
175.6.243.35200 OK 85 kB URL HTTP/1.1 img2.baidu.com/it/u=669373584,1842169601&fm=253&app=120&f=JPEG?w=1280&h=800
IP 175.6.243.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 0898c3cb6daab167bdecde95ee86c2d7
c2a800510a26c9702b79dd0c041605e4548792c1
716c509907b852e6002e8262701775497b77b3bb3e33e81f4ecc04b4f63eca06
GET /it/u=669373584,1842169601&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:18 GMT
Content-Type: image/jpeg
Content-Length: 84925
Connection: keep-alive
Expires: Tue, 14 Feb 2023 13:07:29 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 0898c3cb6daab167bdecde95ee86c2d7
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 13:07:29 GMT
Ohc-Cache-HIT: hengyct57 [1], qdix114 [4]
Ohc-File-Size: 84925
X-Cache-Status: MISS
12732.url.tudown.com/uploads/images/494043.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/494043.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/494043.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2873043159,1307328718&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
12732.url.tudown.com/uploads/images/211711.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/211711.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/211711.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3495358435,1441212105&fm=253&fmt=auto&app=138&f=PNG?w=500&h=877
12732.url.tudown.com/uploads/images/612277.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/612277.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/612277.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2590705306,3028558589&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/626032.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/626032.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/626032.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=236083974,2566692211&fm=253&fmt=auto&app=138&f=JPEG?w=486&h=669
12732.url.tudown.com/uploads/images/574014.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/574014.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/574014.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3583748342,3312993036&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/23319.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/23319.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/23319.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=61074404,2081814455&fm=253&fmt=auto&app=120&f=JPEG?w=640&h=1136
img1.baidu.com/it/u=856904635,2460205970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
182.106.158.35200 OK 56 kB URL HTTP/2 img1.baidu.com/it/u=856904635,2460205970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ff60ba40e5bbbb123be8b19fb35e3e14
b79adcdf3e477b75fc58ac2bc6a441934abd57d4
569afaf1be4b94ee8dae405c552e38b3532f9ca5c012585b32f065507fdb273b
GET /it/u=856904635,2460205970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 55880
expires: Sat, 18 Feb 2023 03:31:40 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: ff60ba40e5bbbb123be8b19fb35e3e14
age: 150486
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 03:31:40 GMT
ohc-cache-hit: jjct63 [4], bdix240 [4]
ohc-file-size: 55880
x-cache-status: HIT
X-Firefox-Spdy: h2
cpro.baidustatic.com/cpro/ui/pr.js
220.169.152.35200 OK 191 B URL HTTP/1.1 cpro.baidustatic.com/cpro/ui/pr.js
IP 220.169.152.35:0
File type ASCII text, with CRLF line terminators
Hash 48bbe750b892850b181762bf739e10dd
716574fe9afcde8faef513b16d6867cb07afe626
e538c894cae59538764a334e2cf2bc02e53fa6a9e4efebcd251bc5da82fa2158
GET /cpro/ui/pr.js HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 04 Feb 2023 09:10:44 GMT
Last-Modified: Thu, 15 Dec 2022 11:35:46 GMT
ETag: "639b0692-ff"
Cache-Control: max-age=3600
Content-Encoding: gzip
Age: 695
Accept-Ranges: bytes
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 08:10:44 GMT
Ohc-Cache-HIT: yy2ct64 [2], wzix64 [2]
Ohc-File-Size: 191
X-Cache-Status: HIT
t13.baidu.com/it/u=2590705306,3028558589&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=2590705306,3028558589&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 93c0d19263eb3e38926f5a754eb35c89
a7625469056cd5bedbee773bc8aeee0c8d3a02c5
6bbace6eb32096403c4c17fa325e8f9c15d663c645fad191ad245400750ffd51
GET /it/u=2590705306,3028558589&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 51697
Connection: keep-alive
Expires: Mon, 06 Mar 2023 07:20:53 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 93c0d19263eb3e38926f5a754eb35c89
Age: 3529
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 07:20:53 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache54 [1], xaix226 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51697
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=3604242839,613879849&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=3604242839,613879849&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 74f6a4d56b4a74bc178ebbe2dde7eb3a
44986a26f3d131f0349e4eddb6c7a40ec92e80f1
8b3ed97c7d979a16195a1ce254093662dbaad63c6a6fdcae13b28b2b51104b55
GET /it/u=3604242839,613879849&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 52443
Connection: keep-alive
Expires: Thu, 02 Mar 2023 14:36:51 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 74f6a4d56b4a74bc178ebbe2dde7eb3a
Age: 17718
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 14:36:51 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache55 [1], csix67 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 52443
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=3583748342,3312993036&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 56 kB URL HTTP/1.1 t15.baidu.com/it/u=3583748342,3312993036&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 021edbf896dad2f216fb766f18867926
2720ae79bb9eeb16205c470511224f783e79c3a6
3178cc403033a54afd9d82d0cda6f73dcf54ddd0531489db73c66888f2ca760e
GET /it/u=3583748342,3312993036&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 55829
Connection: keep-alive
Expires: Sun, 12 Feb 2023 18:59:50 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 021edbf896dad2f216fb766f18867926
Age: 1862549
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 18:59:50 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache53 [1], xaix213 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55829
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=1741498888,4080828000&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 52 kB URL HTTP/1.1 t15.baidu.com/it/u=1741498888,4080828000&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash b7ef6bbd4dd5fdbaac6498ed63fc3d41
fc5abb7029fb11ce36dd74fa9aa72aedad83ce68
4e391c810f5893b30ae1bedc8c366565b5478e18afb0cf1ea771aea0922686b7
GET /it/u=1741498888,4080828000&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 51842
Connection: keep-alive
Expires: Sun, 05 Feb 2023 15:48:40 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: b7ef6bbd4dd5fdbaac6498ed63fc3d41
Age: 2088133
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 15:48:40 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache58 [1], czix109 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51842
X-Cache-Status: HIT
Timing-Allow-Origin: *
12732.url.tudown.com/uploads/images/310843.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/310843.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/310843.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2268037314,386023463&fm=253&fmt=auto&app=138&f=JPEG?w=625&h=500
12732.url.tudown.com/uploads/images/838610.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/838610.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/838610.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2291875450,3107605844&fm=224&app=112&f=JPEG?w=500&h=500
t14.baidu.com/it/u=4064744641,1826405714&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 44 kB URL HTTP/1.1 t14.baidu.com/it/u=4064744641,1826405714&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 69bc0635ad28e10527732a8dc0cc5525
8308d39e0f8915c9be1e3613a55b0858e877f822
640e4b7757c855d5624bda477445d5e97f58722536f96754704db4bbb2070b7a
GET /it/u=4064744641,1826405714&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 44014
Connection: keep-alive
Expires: Tue, 07 Feb 2023 04:25:26 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 69bc0635ad28e10527732a8dc0cc5525
Age: 2027364
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 04:25:26 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache54 [1], suzix146 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44014
X-Cache-Status: HIT
Timing-Allow-Origin: *
e2.2345.com/news/module2/js/newsModule-v2.js
180.101.199.215200 OK 54 kB URL HTTP/2 e2.2345.com/news/module2/js/newsModule-v2.js
IP 180.101.199.215:0
Hash 9f84a5e22bcc5294b1b7028dcee597dc
940997c6d2438f853bafe832e5f91e52bd3624d0
83738fe165e3c3b907ccd1dd7ca493ca2027bcb414927e99c46f5d3325ed5807
GET /news/module2/js/newsModule-v2.js HTTP/1.1
Host: e2.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
date: Sat, 04 Feb 2023 08:03:50 GMT
etag: W/"5f35e38f-cacf"
last-modified: Fri, 14 Aug 2020 01:06:23 GMT
vary: Accept-Encoding, Accept-Encoding
ali-swift-global-savetime: 1675497830
via: cache59.l2cn3037[0,0,304-0,H], cache29.l2cn3037[0,0], cache29.l2cn3037[0,0], vcache20.cn4733[0,0,200-0,H], vcache28.cn4733[1,0]
age: 1107
x-cache: HIT TCP_MEM_HIT dirn:10:456437127
x-swift-savetime: Sat, 04 Feb 2023 08:03:51 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b465c73016754989375732197e
content-encoding: gzip
X-Firefox-Spdy: h2
t14.baidu.com/it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400
185.10.104.124200 OK 47 kB URL HTTP/1.1 t14.baidu.com/it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 400x400, components 3\012- data
Hash 3bdad709eac831aafb548e9b7751ebb7
b65c347000e2647f8632d118c8edf8c88d640bec
94c9628d601ed3a00688a7f594c96acb4d3147d03c50d338afa7653c89d8cd3f
GET /it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 47226
Connection: keep-alive
Expires: Fri, 24 Feb 2023 19:24:11 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 3bdad709eac831aafb548e9b7751ebb7
Age: 711678
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 19:24:11 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache52 [1], xiangyix102 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 47226
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800
175.6.243.35200 OK 73 kB URL HTTP/1.1 img2.baidu.com/it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800
IP 175.6.243.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 6d56ccfce206848e626c3b134e5b4c93
c6cd62b23680dc983376bf9d1a5f340d0dd73cfb
d34e8b4c4b304a00dfb024c1f3685c4cceee19d79ca8509b06b821a1c6147d1e
GET /it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 72608
Connection: keep-alive
Expires: Sun, 05 Mar 2023 11:20:57 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 6d56ccfce206848e626c3b134e5b4c93
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 11:20:57 GMT
Ohc-Cache-HIT: hengyct89 [2], wzix89 [4]
Ohc-File-Size: 72608
X-Cache-Status: MISS
12732.url.tudown.com/uploads/images/441416.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/441416.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/441416.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3894290059,2196267291&fm=253&fmt=auto&app=138&f=JPEG?w=393&h=554
12732.url.tudown.com/uploads/images/530665.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/530665.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/530665.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=700058651,4013023672&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/287305.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/287305.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/287305.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1230461209,213394661&fm=224&app=112&f=JPEG?w=500&h=500
t13.baidu.com/it/u=700058651,4013023672&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 19 kB URL HTTP/1.1 t13.baidu.com/it/u=700058651,4013023672&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 8645600c5ab10289c3fb26e4127dfbf2
6d13f033f40221d804a66c459cf49067620294e0
10b360f6eadbc04992ecedbab57182ed3aa76d6b6f090c1ee44292c2ab8bc559
GET /it/u=700058651,4013023672&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 19041
Connection: keep-alive
Expires: Wed, 08 Feb 2023 08:34:17 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 8645600c5ab10289c3fb26e4127dfbf2
Age: 328797
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 08:34:17 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache55 [1], bdix55 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 19041
X-Cache-Status: HIT
Timing-Allow-Origin: *
12732.url.tudown.com/uploads/images/5193.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/5193.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/5193.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500
bdcode.2345.com/swtqusc.js
42.81.8.130200 OK 4.0 kB URL HTTP/1.1 bdcode.2345.com/swtqusc.js
IP 42.81.8.130:0
File type ASCII text, with very long lines (11438), with no line terminators
Hash 4927ec7cf61077c3cb553d1e91fbe407
81cecb6db2e670675c9bdac9c8c9225b987262cc
439bad0c6b3cec8c27d7bd369cf89917af4deec831c07836e4e1d265113a641c
Analyzer Verdict Alert fortinet Malware
GET /swtqusc.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 4034
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 09:22:19 GMT
Last-Modified: Fri, 04 Nov 2022 03:16:18 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c2033257909337e5-143
Server: yunjiasu
t15.baidu.com/it/u=1230461209,213394661&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 33 kB URL HTTP/1.1 t15.baidu.com/it/u=1230461209,213394661&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 2464839e57407a657b1ebbe45afd61ad
6ce8666ba5ba7fabc714434403173b64c9e7d2c0
88deb218db4d101240a1ec67fec56cedb7d423ff8aeb66806b471660e9ca5663
GET /it/u=1230461209,213394661&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 33163
Connection: keep-alive
Expires: Sun, 26 Feb 2023 21:42:58 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 2464839e57407a657b1ebbe45afd61ad
Age: 360264
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 21:42:58 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache58 [1], czix225 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33163
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=789363319,708748853&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
182.106.158.35200 OK 5.6 kB URL HTTP/2 img1.baidu.com/it/u=789363319,708748853&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6dea252b9ecb18100ca6c273df8d5332
8c15668059f71dc2dcedb495beccdd34f6df65b8
178bb6c493516c42ead6b6c1e2a5a75aa5f22dbf098db6cdc9d34a2268477053
GET /it/u=789363319,708748853&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 5594
expires: Thu, 23 Feb 2023 12:36:19 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6dea252b9ecb18100ca6c273df8d5332
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 12:36:19 GMT
ohc-cache-hit: jjct69 [1], czix209 [4]
ohc-file-size: 5594
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=606438239,3425156179&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 54 kB URL HTTP/1.1 t15.baidu.com/it/u=606438239,3425156179&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 45099a60585865153e822a22049b1c10
3bba87f78b29fe5c042d5cfda68b11622f95e8eb
66b48c9a927c66ea67c9701e188ba40db9c536c5d79a680d51446922adc1a5db
GET /it/u=606438239,3425156179&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 54307
Connection: keep-alive
Expires: Sun, 05 Mar 2023 17:08:59 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 45099a60585865153e822a22049b1c10
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 17:08:58 GMT
Ohc-Upstream-Trace: 58.20.204.50
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache50 [4], xaix178 [4]
Ohc-Response-Time: 1 0 0 0 252 252
Ohc-File-Size: 54307
X-Cache-Status: MISS
Timing-Allow-Origin: *
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash a5be326ff79df3e308ad1e9d68f0c387
de605fcafe74bbd97a8fbd2ec6d640c0c9a4cd6a
1283e0858cd3f3349b3bd67f695716e9c570bca5648cfebc9bb1dd75abd7cdf6
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 08:22:19 GMT
Etag: 7352765b3d3c5ce63834673b049eb08a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=5A8C6C49C2B7732B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
img1.baidu.com/it/u=4011060722,843054821&fm=253&fmt=auto&app=138&f=GIF?w=552&h=368
182.106.158.35200 OK 112 kB URL HTTP/2 img1.baidu.com/it/u=4011060722,843054821&fm=253&fmt=auto&app=138&f=GIF?w=552&h=368
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type GIF image data, version 89a, 552 x 368\012- data
Size 112 kB (111982 bytes)
Hash 48b5562d83392ac7767e1970e90027ba
cd1acb4a9decc3dc43738e4a172010c9df31c199
935b4fac1a49624d86488cb8b039ba71bedc013f2b5be5a4dcb490006aa751c6
GET /it/u=4011060722,843054821&fm=253&fmt=auto&app=138&f=GIF?w=552&h=368 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/gif
content-length: 111982
expires: Tue, 21 Feb 2023 03:10:02 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 48b5562d83392ac7767e1970e90027ba
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 03:10:02 GMT
ohc-cache-hit: jjct72 [1], czix205 [2]
ohc-file-size: 111982
x-cache-status: MISS
X-Firefox-Spdy: h2
api.share.baidu.com/s.gif?l=http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
182.61.201.93200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
IP 182.61.201.93:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 08:22:20 GMT
t13.baidu.com/it/u=2291875450,3107605844&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 39 kB URL HTTP/1.1 t13.baidu.com/it/u=2291875450,3107605844&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 5ab41322d733b0b4f16bf6c6d8d52e5d
5e984ad301d291288aa0326600e90dc50eb68d51
4842f1716504fc5bbabace3058f7ae93e02276c0749eab8410f05eeac4072e77
GET /it/u=2291875450,3107605844&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 38917
Connection: keep-alive
Expires: Wed, 08 Feb 2023 11:35:30 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 5ab41322d733b0b4f16bf6c6d8d52e5d
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 11:35:29 GMT
Ohc-Upstream-Trace: 58.216.2.60; 58.20.204.60
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache60 [4], czix60 [4]
Ohc-Response-Time: 1 0 0 0 289 289
Ohc-File-Size: 38917
X-Cache-Status: MISS
Timing-Allow-Origin: *
img2.baidu.com/it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280
175.6.243.35200 OK 97 kB URL HTTP/2 img2.baidu.com/it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x1280, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9f7c254f6e2701c08c28ca9ff5213d2c
aa546a68f7b71c61e2e52a1cd4b625a334e6a759
19bd124740c85c912ff1fc4d766fc81b86fb14f8d4f6838c8352c6e156a2c312
GET /it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 96608
expires: Mon, 20 Feb 2023 10:51:57 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9f7c254f6e2701c08c28ca9ff5213d2c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 10:51:57 GMT
ohc-cache-hit: hengyct76 [1], suzix104 [4]
ohc-file-size: 96608
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2873043159,1307328718&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
175.6.243.35200 OK 32 kB URL HTTP/2 img2.baidu.com/it/u=2873043159,1307328718&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cd9d526a0fa0a89b121d2e21095e25bb
bc2c570b81d92c19dbdfdb1cfa5d034529b8fde8
ff7f3f3d616c5a81a58ea5cb2a872e5a95d7368c5445e6423dc4810066e70c71
GET /it/u=2873043159,1307328718&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 32406
expires: Sat, 11 Feb 2023 07:00:54 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: cd9d526a0fa0a89b121d2e21095e25bb
age: 152345
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 07:00:54 GMT
ohc-cache-hit: hengyct77 [4], bdix224 [4]
ohc-file-size: 32406
x-cache-status: HIT
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/163189.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/163189.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/163189.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
12732.url.tudown.com/uploads/images/427225.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/427225.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/427225.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1132929413,3851671781&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
60.190.116.48200 OK 123 kB URL HTTP/1.1 sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
IP 60.190.116.48:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 123 kB (123037 bytes)
Hash c39ed7d28cee6240d44cc5b5c2bbd686
eab7220ff1195b14d9c1c21ae4fcad33315549b5
cd5d1c61337dd6b5a3ddffdc95ed7da921b125c9911aa22eaef8f054a2345459
GET /js/dfxaf3-635b4cd6.js HTTP/1.1
Host: sofire.bdstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 06 Feb 2023 08:39:29 GMT
Last-Modified: Fri, 06 Jan 2023 03:24:00 GMT
ETag: "6c8af00e14f394b624a4b374d18b9b7a"
Content-Encoding: gzip
Age: 85370
Accept-Ranges: bytes
Content-MD5: bIrwDhTzlLYkpLN00Yubeg==
x-bce-content-crc32: 1362413814
x-bce-debug-id: ICLoXEJkzZvZmCft2ehLoRmswzs6B0FB6yI3vRkX/+k2LvlF58f/N6XslyX5jGyekjJcPYJPoeU2guZJYYjGDQ==
x-bce-request-id: 459f8903-1ead-4d78-8de1-9d47d09746a5
x-bce-restore-cache: -
x-bce-restore-tier: -
x-bce-storage-class: STANDARD
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 08:39:29 GMT
Ohc-Cache-HIT: wz2ct56 [2], nb2ctcache51 [2]
Ohc-Response-Time: 1 0 0 0 0 0
img2.baidu.com/it/u=3381341551,3311585524&fm=253&fmt=auto&app=138&f=JPEG?w=630&h=223
175.6.243.35200 OK 20 kB URL HTTP/2 img2.baidu.com/it/u=3381341551,3311585524&fm=253&fmt=auto&app=138&f=JPEG?w=630&h=223
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 630x223, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 079663c7f71c1e5d824365de212ffaa7
04ec370150493be3af8f277b0a8b09a78be93030
68c5c60667bb6d45ec466338b9315f720d2dc2cc20a24fd8984351efb36e8df9
GET /it/u=3381341551,3311585524&fm=253&fmt=auto&app=138&f=JPEG?w=630&h=223 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 20520
expires: Thu, 23 Feb 2023 16:44:00 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 079663c7f71c1e5d824365de212ffaa7
age: 357289
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 16:44:00 GMT
ohc-cache-hit: hengyct77 [4], wzix109 [4]
ohc-file-size: 20520
x-cache-status: HIT
X-Firefox-Spdy: h2
pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=4121337551&s2=1578419141<u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675498973&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675498973&dtm=HTML_POST&tpr=1675498973005&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=dfd93cd7dcada271&fpt=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6&dft=0&ft=1
182.61.200.109200 OK 15 kB URL HTTP/2 pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=4121337551&s2=1578419141<u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675498973&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675498973&dtm=HTML_POST&tpr=1675498973005&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=dfd93cd7dcada271&fpt=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6&dft=0&ft=1
IP 182.61.200.109:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (38901)
Hash 3d3af45e7c11021d5ccb578b3d8cc26f
7ca5466e5d33b9de8dd3c3c44077c492efdf557e
ef899681f175e6d37a09dbc793a1482dbe0070c2b9927684de1a6a1f12421189
GET /s?wid=890&hei=200&di=u5039524&s1=4121337551&s2=1578419141<u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675498973&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675498973&dtm=HTML_POST&tpr=1675498973005&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=dfd93cd7dcada271&fpt=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 08:22:20 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 16:22:20 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=489C4B0D45E3864A0A7F30A5AE52D682:FG=1; expires=Sun, 04-Feb-54 08:22:20 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 14606
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2355861806,4060656560&fm=253&fmt=auto&app=138&f=JPEG?w=78&h=236
175.6.243.35200 OK 7.5 kB URL HTTP/2 img2.baidu.com/it/u=2355861806,4060656560&fm=253&fmt=auto&app=138&f=JPEG?w=78&h=236
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 78x236, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c88096ab6b02501e95cf574d966369f8
9915bb77de862953df1b56c606b3a5052f09e847
dc4083cf3e46625422ac1a0bd67c82589366e848de7afb92be33e511ed5a6915
GET /it/u=2355861806,4060656560&fm=253&fmt=auto&app=138&f=JPEG?w=78&h=236 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 7466
expires: Mon, 20 Feb 2023 06:13:55 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: c88096ab6b02501e95cf574d966369f8
age: 5489
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:13:55 GMT
ohc-cache-hit: hengyct82 [4], suzix195 [4]
ohc-file-size: 7466
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
182.106.158.35200 OK 12 kB URL HTTP/2 img1.baidu.com/it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x333, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dc17696cbc6c4d651def930c39fc3504
b8a8e770ccd344e2bc10cfbad1b51d5149bad346
fefe7d705c2a40e19b256f12c023906f5ceb718e1ff31c2a81fcdc5360b94577
GET /it/u=2775626026,2841150717&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 12518
expires: Wed, 22 Feb 2023 01:33:45 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: dc17696cbc6c4d651def930c39fc3504
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 01:33:45 GMT
ohc-cache-hit: jjct62 [1], xaix192 [4]
ohc-file-size: 12518
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=918570398,3600746276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
182.106.158.35200 OK 38 kB URL HTTP/2 img1.baidu.com/it/u=918570398,3600746276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x707, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2621fc191866d0deb6484c71c0145df4
5c63df6af7dae21a91a339de829d3d42e9a68c29
fd4e9003800fa566f7377c49af61e13ae205be47fa86c8f806472cb28a045fc7
GET /it/u=918570398,3600746276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 38048
expires: Thu, 09 Feb 2023 09:26:50 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 2621fc191866d0deb6484c71c0145df4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 09:26:50 GMT
ohc-cache-hit: jjct62 [1], xiangyix122 [2]
ohc-file-size: 38048
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/106177.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/106177.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/106177.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=298016447,743301110&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
img1.baidu.com/it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
182.106.158.35200 OK 47 kB URL HTTP/2 img1.baidu.com/it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 461ae0a8dce89aa5c4fd199b7865ee6c
1c39ebea6ffa595f49276b3c3b89bd80fde29a86
3c44c54a13869124ee4aed9c09f4347cbaf9cd173ddaa23a80abefb01426113a
GET /it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 46968
expires: Mon, 06 Mar 2023 08:22:19 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 461ae0a8dce89aa5c4fd199b7865ee6c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 08:22:19 GMT
ohc-cache-hit: jjct61 [1], xiangyix238 [2]
ohc-file-size: 46968
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/568934.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/568934.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/568934.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3744774931,2619513868&fm=253&fmt=auto&app=138&f=JPEG?w=581&h=500
12732.url.tudown.com/uploads/images/868806.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/868806.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/868806.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=1981358367,3230027801&fm=253&app=120&f=JPEG?w=1280&h=800
img0.baidu.com/it/u=2274914024,3403176763&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=376
182.106.158.35200 OK 26 kB URL HTTP/2 img0.baidu.com/it/u=2274914024,3403176763&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=376
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x376, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f698359aad75461a0a4df3f3a2c926b2
7ac69b9d2b3bb01ac1918ee2e31f6fc2aabb6292
1aef26ae068002bb71f529b6f6b5aa341d43ce4aee18af0ac9402d43ef4fc543
GET /it/u=2274914024,3403176763&fm=253&fmt=auto&app=120&f=JPEG?w=500&h=376 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 25574
expires: Thu, 16 Feb 2023 04:09:23 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: f698359aad75461a0a4df3f3a2c926b2
age: 177387
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 04:09:23 GMT
ohc-cache-hit: jjct65 [4], xiangyix247 [4]
ohc-file-size: 25574
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2870645954,2169879125&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280
182.106.158.35200 OK 21 kB URL HTTP/2 img0.baidu.com/it/u=2870645954,2169879125&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x280, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dd3667a48c1ced43ce452fe1327285d2
a4c88ba4c61aa1398cd107b408beedf50b8fd1a3
d2ed3d7f8188c06920573e68585939c7ab8c221d3dc0201e99cf053486250f27
GET /it/u=2870645954,2169879125&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=280 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 20640
expires: Tue, 21 Feb 2023 21:12:45 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: dd3667a48c1ced43ce452fe1327285d2
age: 176007
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 21:12:45 GMT
ohc-cache-hit: jjct71 [4], qdix196 [2]
ohc-file-size: 20640
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3812374175,3831305008&fm=253&fmt=auto&app=138&f=JPEG?w=260&h=380
182.106.158.35200 OK 11 kB URL HTTP/2 img0.baidu.com/it/u=3812374175,3831305008&fm=253&fmt=auto&app=138&f=JPEG?w=260&h=380
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 260x380, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e2710e939a637103df325fb6801974f5
d7040969d79ce556c8877eb05f0094cef5358b8e
44e732c9be2597742f4798cb222f028d3d152a978401f631076ff74db1da7f7d
GET /it/u=3812374175,3831305008&fm=253&fmt=auto&app=138&f=JPEG?w=260&h=380 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 11062
expires: Thu, 02 Mar 2023 05:03:18 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: e2710e939a637103df325fb6801974f5
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 05:03:18 GMT
ohc-cache-hit: jjct58 [1], xiangyix178 [4]
ohc-file-size: 11062
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/206488.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/206488.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/206488.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1171590571,3577308064&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560
img1.baidu.com/it/u=3495358435,1441212105&fm=253&fmt=auto&app=138&f=PNG?w=500&h=877
182.106.158.35200 OK 43 kB URL HTTP/2 img1.baidu.com/it/u=3495358435,1441212105&fm=253&fmt=auto&app=138&f=PNG?w=500&h=877
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x877, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 444d414d54c58dec07ae1313b1bbddc3
72facfb9d5b2b96ec1173e41e2f517ed29d5cf0b
9e8183512863ba8838e703fd3f0456e1c11713ce31c8b58338e7864f823842bb
GET /it/u=3495358435,1441212105&fm=253&fmt=auto&app=138&f=PNG?w=500&h=877 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 43082
expires: Sat, 18 Feb 2023 00:10:26 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 444d414d54c58dec07ae1313b1bbddc3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 00:10:26 GMT
ohc-cache-hit: jjct51 [1], czix51 [4]
ohc-file-size: 43082
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=236083974,2566692211&fm=253&fmt=auto&app=138&f=JPEG?w=486&h=669
182.106.158.35200 OK 24 kB URL HTTP/2 img1.baidu.com/it/u=236083974,2566692211&fm=253&fmt=auto&app=138&f=JPEG?w=486&h=669
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 486x669, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6bd7889c6078e7aabcf1447391f2d96b
d47158d4681197d5e23fbd82375086d59d805aa3
6d18e2004ddf26a4248d82ee04df694c34e996a20187232e178e09d8c78889db
GET /it/u=236083974,2566692211&fm=253&fmt=auto&app=138&f=JPEG?w=486&h=669 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 24128
expires: Fri, 24 Feb 2023 14:32:52 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 6bd7889c6078e7aabcf1447391f2d96b
age: 344047
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 14:32:52 GMT
ohc-cache-hit: jjct67 [4], wzix111 [4]
ohc-file-size: 24128
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1642185003,63784084&fm=253&app=120&f=JPEG?w=1280&h=800
182.40.78.35200 OK 146 kB URL HTTP/1.1 img0.baidu.com/it/u=1642185003,63784084&fm=253&app=120&f=JPEG?w=1280&h=800
IP 182.40.78.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 146 kB (145698 bytes)
Hash 779cc1e3722e00d10e4cec5a04864699
ed116d02e3c9d519b0c87795b30954bcb5d1fd8b
8a1b35145fc10570d0407ed670c3e3cdcad55a165ba07b05a083d4e2874bfd09
GET /it/u=1642185003,63784084&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:19 GMT
Content-Type: image/jpeg
Content-Length: 145698
Connection: keep-alive
Expires: Mon, 06 Feb 2023 07:48:13 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 779cc1e3722e00d10e4cec5a04864699
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 07:48:13 GMT
Ohc-Cache-HIT: jn3ct57 [2], xaix161 [2]
Ohc-File-Size: 145698
X-Cache-Status: MISS
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1006156785&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=31165&r=0&ww=1280&u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&tt=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1006156785&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=31165&r=0&ww=1280&u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&tt=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1006156785&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=31165&r=0&ww=1280&u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&tt=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 08:22:20 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=74366609F0D45BCD; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3448647443&s2=1471675828<u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675498973&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675498973&dtm=HTML_POST&tpr=1675498973005&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=dfd93cd7dcada271&fpt=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6&dft=0&ft=1
182.61.200.109200 OK 13 kB URL HTTP/2 pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3448647443&s2=1471675828<u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675498973&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675498973&dtm=HTML_POST&tpr=1675498973005&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=dfd93cd7dcada271&fpt=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6&dft=0&ft=1
IP 182.61.200.109:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7107)
Hash 22d991d74a32b5bb98fe7b287a351c10
a3471dfabfb33cfe79e2f39f72d5ccf1bd6b51f9
ead48e2b6c9c9cfc7a26ab116999e62da33915913e1ae309e2ac28bc563ab1f1
GET /s?wid=910&hei=120&di=u4965894&s1=3448647443&s2=1471675828<u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675498973&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675498973&dtm=HTML_POST&tpr=1675498973005&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=dfd93cd7dcada271&fpt=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 08:22:20 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 16:22:20 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=489C4B0D45E3864A6460B61099F7E4CB:FG=1; expires=Sun, 04-Feb-54 08:22:20 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 13204
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/379110.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/379110.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/379110.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3318619984,3154029059&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/665949.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/665949.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/665949.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505
img0.baidu.com/it/u=61074404,2081814455&fm=253&fmt=auto&app=120&f=JPEG?w=640&h=1136
182.106.158.35200 OK 74 kB URL HTTP/2 img0.baidu.com/it/u=61074404,2081814455&fm=253&fmt=auto&app=120&f=JPEG?w=640&h=1136
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x1136, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f86e4543d0322bd3b206c15d101bed63
a7cf4d066d9874dae991b3b499ab0b679b94c283
3a96aac1c63ed776e22e63e78c905b11835c18667e756c7cd067fad01e52e17b
GET /it/u=61074404,2081814455&fm=253&fmt=auto&app=120&f=JPEG?w=640&h=1136 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 74230
expires: Thu, 02 Mar 2023 02:33:18 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: f86e4543d0322bd3b206c15d101bed63
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 02:33:18 GMT
ohc-cache-hit: jjct56 [1], bdix56 [2]
ohc-file-size: 74230
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2268037314,386023463&fm=253&fmt=auto&app=138&f=JPEG?w=625&h=500
182.106.158.35200 OK 19 kB URL HTTP/2 img1.baidu.com/it/u=2268037314,386023463&fm=253&fmt=auto&app=138&f=JPEG?w=625&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 625x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 37c4f86775096c88f5afd7891835bd37
968ed607212c4739c90d8079ac86c30a67ba12fa
3b95617955b4096993ca2b995d59853a5184cc6e9c5fd0460a6b65bf8a02d08a
GET /it/u=2268037314,386023463&fm=253&fmt=auto&app=138&f=JPEG?w=625&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:19 GMT
content-type: image/webp
content-length: 18966
expires: Wed, 08 Feb 2023 06:46:13 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 37c4f86775096c88f5afd7891835bd37
age: 364449
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 06:46:13 GMT
ohc-cache-hit: jjct66 [4], csix103 [2]
ohc-file-size: 18966
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3894290059,2196267291&fm=253&fmt=auto&app=138&f=JPEG?w=393&h=554
182.106.158.35200 OK 25 kB URL HTTP/2 img1.baidu.com/it/u=3894290059,2196267291&fm=253&fmt=auto&app=138&f=JPEG?w=393&h=554
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 393x554, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash af5c44b41d076be16cc154bcca378d29
ca0d565da11e8f10588b95a5fbca1a50f4b0933e
f657d9efa2fc7d30c1d0ae4b7110acbb8875ac2283998cb1509d2a23f2af749d
GET /it/u=3894290059,2196267291&fm=253&fmt=auto&app=138&f=JPEG?w=393&h=554 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 24744
expires: Sun, 26 Feb 2023 16:13:35 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: af5c44b41d076be16cc154bcca378d29
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 16:13:35 GMT
ohc-cache-hit: jjct66 [1], csix66 [4]
ohc-file-size: 24744
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=3318619984,3154029059&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 40 kB URL HTTP/1.1 t14.baidu.com/it/u=3318619984,3154029059&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 97d96bfdf1b686122ae474d3ac46cdd7
c14ed704f509bb30f5df316b8a6c4c6fb04e3da7
e7a74ac57133a4494e661b39a6f6433ba8b20f24a551d487a754047e087a751b
GET /it/u=3318619984,3154029059&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 40161
Connection: keep-alive
Expires: Thu, 16 Feb 2023 09:53:32 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 97d96bfdf1b686122ae474d3ac46cdd7
Age: 1401523
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 09:53:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache56 [4], xaix157 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 40161
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500
182.106.158.35200 OK 27 kB URL HTTP/2 img1.baidu.com/it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 888x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d8f87db12420fe4355fc07f560cd9f1e
680fa1a55e18f7b8c28b55e18ac33acaa7d10aa1
b0f7c09a1546b9f2f6cc1d45842d123f1a0f21062327500c60bfd4e28abd830e
GET /it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 27354
expires: Tue, 21 Feb 2023 00:42:09 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: d8f87db12420fe4355fc07f560cd9f1e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 00:42:09 GMT
ohc-cache-hit: jjct66 [1], qdix152 [4]
ohc-file-size: 27354
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1132929413,3851671781&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
182.106.158.35200 OK 22 kB URL HTTP/2 img1.baidu.com/it/u=1132929413,3851671781&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x667, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 90c850573c9a7d07e31ab28a05b339e3
109fb82aa76c162546d9877232d650edf8098f03
c3b2741e5bbaac068b125e1d4ca37fa50ee7064d66448fb75f3d3fb66ce64b1a
GET /it/u=1132929413,3851671781&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 21936
expires: Wed, 22 Feb 2023 03:27:34 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 90c850573c9a7d07e31ab28a05b339e3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:27:34 GMT
ohc-cache-hit: jjct64 [1], qdix117 [4]
ohc-file-size: 21936
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
182.106.158.35200 OK 12 kB URL HTTP/2 img1.baidu.com/it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0c6d30ecc6ce05d3832b57e04f2962a3
3a5d08a8578e5754bf2a55e45293ffb945a687f1
737fc07ba04023e3bff8c1abce2d6fefc8f2f5475e262568c5573fa6a416313b
GET /it/u=422049887,1292202835&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 11678
expires: Tue, 21 Feb 2023 23:45:55 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0c6d30ecc6ce05d3832b57e04f2962a3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 23:45:55 GMT
ohc-cache-hit: jjct73 [1], bdix210 [2]
ohc-file-size: 11678
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/854187.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/854187.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/854187.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=766170736,2562625558&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
12732.url.tudown.com/uploads/images/341384.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/341384.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/341384.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800
12732.url.tudown.com/uploads/images/784987.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/784987.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/784987.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=922240859,3753075694&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
12732.url.tudown.com/uploads/images/372638.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/372638.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/372638.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
img0.baidu.com/it/u=298016447,743301110&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
182.106.158.35200 OK 58 kB URL HTTP/2 img0.baidu.com/it/u=298016447,743301110&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 862467f8db66b39ff62f69e3eafefac9
3b4106d9086f7772d84ee087df609a39131b0e56
c8f4647a4d8c39c931cf685852e306322be18a6e507b245be237a6dc1c0a59cb
GET /it/u=298016447,743301110&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:20 GMT
content-type: image/webp
content-length: 58116
expires: Thu, 23 Feb 2023 06:58:22 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 862467f8db66b39ff62f69e3eafefac9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 06:58:22 GMT
ohc-cache-hit: jjct56 [1], xiangyix56 [4]
ohc-file-size: 58116
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505
182.40.78.35200 OK 38 kB URL HTTP/1.1 img0.baidu.com/it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505
IP 182.40.78.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x505, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 121886da958ce1337f3ab9e8af293363
6e3f3566c239b33e67b84edc16c29800ddb92363
1292d4aa1308df673cf52fb148ed646ade883e180d684fca51cae7bcc04d7d09
GET /it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/webp
Content-Length: 37826
Connection: keep-alive
Expires: Mon, 20 Feb 2023 13:48:16 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 121886da958ce1337f3ab9e8af293363
Age: 111367
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 13:48:16 GMT
Ohc-Cache-HIT: jn3ct60 [4], xiangyix212 [2]
Ohc-File-Size: 37826
X-Cache-Status: HIT
12732.url.tudown.com/uploads/images/620751.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/620751.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/620751.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=633620658,1642533833&fm=253&app=120&f=JPEG?w=800&h=1280
12732.url.tudown.com/uploads/images/299787.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/299787.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/299787.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=775305491,2886062248&fm=253&fmt=auto?w=120&h=80
img2.baidu.com/it/u=1981358367,3230027801&fm=253&app=120&f=JPEG?w=1280&h=800
175.6.243.35200 OK 167 kB URL HTTP/1.1 img2.baidu.com/it/u=1981358367,3230027801&fm=253&app=120&f=JPEG?w=1280&h=800
IP 175.6.243.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 167 kB (166810 bytes)
Hash 370e0931067754dbc208a25b88240bb6
337b854355f3870a9baf7aa3ea65d01771f40bfd
0b2f4ee5f4d4bee3895cec7445fb7764e313a6bd51b8fc563d6a85f4c033f699
GET /it/u=1981358367,3230027801&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 166810
Connection: keep-alive
Expires: Thu, 02 Mar 2023 13:45:36 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 370e0931067754dbc208a25b88240bb6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 13:45:36 GMT
Ohc-Cache-HIT: hengyct69 [2], csix69 [4]
Ohc-File-Size: 166810
X-Cache-Status: MISS
img1.baidu.com/it/u=922240859,3753075694&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
182.106.158.35200 OK 6.7 kB URL HTTP/2 img1.baidu.com/it/u=922240859,3753075694&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 130x170, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 801e59cf73c8c5f49534eb55726621dd
3f626afecc94dceadec0b993fdb4fd7cf799c59b
7852d9681419601b62e0436b0c8455f450b77f2e54877fdbea4cb397e0257e8c
GET /it/u=922240859,3753075694&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 6712
expires: Tue, 21 Feb 2023 05:17:20 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 801e59cf73c8c5f49534eb55726621dd
age: 348308
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:17:20 GMT
ohc-cache-hit: jjct64 [4], xaix125 [2]
ohc-file-size: 6712
x-cache-status: HIT
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/348848.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/348848.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/348848.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4023397109,1155224407&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/44727.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/44727.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/44727.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3055373092,1578387770&fm=253&app=120&f=JPEG?w=800&h=1422
img1.baidu.com/it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
182.106.158.35200 OK 19 kB URL HTTP/2 img1.baidu.com/it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x667, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1602e0d72b4e23bc8d34f7e51d9fe31e
73e4a65840ccd87557424dcd1095522a56d5eb41
d46cd537c18f72bfed3af1c365cea174903b177103c563e8bde3dd5252b3548a
GET /it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 19106
expires: Tue, 07 Feb 2023 12:45:08 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 1602e0d72b4e23bc8d34f7e51d9fe31e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 12:45:08 GMT
ohc-cache-hit: jjct66 [1], csix114 [4]
ohc-file-size: 19106
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3744774931,2619513868&fm=253&fmt=auto&app=138&f=JPEG?w=581&h=500
182.106.158.35200 OK 8.0 kB URL HTTP/2 img1.baidu.com/it/u=3744774931,2619513868&fm=253&fmt=auto&app=138&f=JPEG?w=581&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 581x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 07f65b2a0ee7cf0b3cf4230e77d39259
fcab9bd6206ed261a7de37fd96bd0f2c86575fb3
3b974b777c4ec93c425facef2106b679a3e91119300d4ba679f437b4e8294757
GET /it/u=3744774931,2619513868&fm=253&fmt=auto&app=138&f=JPEG?w=581&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 8032
expires: Tue, 07 Feb 2023 06:06:26 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 07f65b2a0ee7cf0b3cf4230e77d39259
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 06:06:26 GMT
ohc-cache-hit: jjct53 [1], czix118 [4]
ohc-file-size: 8032
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=766170736,2562625558&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
182.106.158.35200 OK 4.9 kB URL HTTP/2 img0.baidu.com/it/u=766170736,2562625558&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 130x170, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 50dd0a8fdee5649a0a002a5681af1721
96b0af684909459ee4283b9e6ab7bb3ae7828ca1
ae47fa798ef182fc9c07a30b8a5545d4ce3024d6dfb7b0e0ffe5a9c60c03cadd
GET /it/u=766170736,2562625558&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 4896
expires: Fri, 03 Mar 2023 02:28:31 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 50dd0a8fdee5649a0a002a5681af1721
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 02:28:31 GMT
ohc-cache-hit: jjct72 [1], wzix72 [4]
ohc-file-size: 4896
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/512360.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/512360.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/512360.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=329298978,504711808&fm=224&app=112&f=JPEG?w=500&h=498
img0.baidu.com/it/u=1171590571,3577308064&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560
182.106.158.35200 OK 27 kB URL HTTP/2 img0.baidu.com/it/u=1171590571,3577308064&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 420x560, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8652d575622fc4725251214126998a0e
bf2e88f3ba676084f0ece7ded70f1ef910863fd8
ddd01a51903921f70d170666c6f8ea391daf889350b219e94c40c44133c5c84c
GET /it/u=1171590571,3577308064&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 26846
expires: Sun, 26 Feb 2023 04:45:32 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 8652d575622fc4725251214126998a0e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 04:45:32 GMT
ohc-cache-hit: jjct53 [1], bdix164 [4]
ohc-file-size: 26846
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/451100.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/451100.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/451100.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500
t14.baidu.com/it/u=329298978,504711808&fm=224&app=112&f=JPEG?w=500&h=498
185.10.104.124200 OK 27 kB URL HTTP/1.1 t14.baidu.com/it/u=329298978,504711808&fm=224&app=112&f=JPEG?w=500&h=498
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x498, components 3\012- data
Hash 8c7845e94acc385f89fe8a4abad7ba5f
acb2c1d1d4ce691be257e924138277669edc7470
3c28081ee0162d5c25184691606f52c48c05de7441fd0bb5633bca42582b8c95
GET /it/u=329298978,504711808&fm=224&app=112&f=JPEG?w=500&h=498 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpeg
Content-Length: 27007
Connection: keep-alive
Expires: Thu, 02 Mar 2023 09:51:06 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 8c7845e94acc385f89fe8a4abad7ba5f
Age: 190404
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 09:51:06 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache65 [4], xiangyix146 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 27007
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 66 kB URL HTTP/1.1 t15.baidu.com/it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 46644c8d39591d346cd660c7ae63ab3a
1d489700e475d98545c4858a18ef6789cb9f4a93
394021276548b44d66c94f192cdad964c72128568c9165a64ad5dc6c9e3869a8
GET /it/u=4207279856,3562824755&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpeg
Content-Length: 66268
Connection: keep-alive
Expires: Tue, 28 Feb 2023 11:06:23 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 46644c8d39591d346cd660c7ae63ab3a
Age: 368848
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 29 Jan 2023 11:06:23 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache65 [1], qdix184 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 66268
X-Cache-Status: HIT
img0.baidu.com/it/u=775305491,2886062248&fm=253&fmt=auto?w=120&h=80
182.40.78.35200 OK 3.6 kB URL HTTP/1.1 img0.baidu.com/it/u=775305491,2886062248&fm=253&fmt=auto?w=120&h=80
IP 182.40.78.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 120x80, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5bedb19d5c1b1467aead221f3d36f82f
edcc00154c5875e1729dd50812f6f91aecca488f
d5eeab4ccd3a59db381763e9fc8ad1edb706ebbfda331ce7be85dfc279fb88a0
GET /it/u=775305491,2886062248&fm=253&fmt=auto?w=120&h=80 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/webp
Content-Length: 3564
Connection: keep-alive
Expires: Fri, 24 Feb 2023 03:03:33 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 5bedb19d5c1b1467aead221f3d36f82f
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 03:03:33 GMT
Ohc-Cache-HIT: jn3ct65 [1], xaix249 [2]
Ohc-File-Size: 3564
X-Cache-Status: MISS
12732.url.tudown.com/uploads/images/839452.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/839452.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/839452.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=466676461,3600029133&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
bdcode.2345.com/js/logo/css/logo-sm.css
42.81.8.130200 OK 783 B URL HTTP/2 bdcode.2345.com/js/logo/css/logo-sm.css
IP 42.81.8.130:0
File type ASCII text, with very long lines (2128), with no line terminators
Hash 621b3563f1231de3a058fa25980064be
c2575c8110cbaba0c87c543fabf7c592789ad67f
37944a5c3981b16d6a498a7dc9427edcd64c1752e6728c5323525bc400efc8d6
GET /js/logo/css/logo-sm.css HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: text/css
date: Sat, 04 Feb 2023 08:22:21 GMT
etag: W/"639b0691-850"
expires: Sat, 04 Feb 2023 09:22:21 GMT
last-modified: Thu, 15 Dec 2022 11:35:45 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c203326458e737e3-143
content-length: 783
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/750870.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/750870.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/750870.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1978691238,4250498605&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
img2.baidu.com/it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800
175.6.243.35200 OK 129 kB URL HTTP/1.1 img2.baidu.com/it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800
IP 175.6.243.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 129 kB (128727 bytes)
Hash f2d96b96bc5d9b349afbb78d14609317
b83fbbfb5c506747134476e146b2fc7ddf559f47
13275e4934a289b3257e7de5136aa4abdaf483be447655142950c1a806c12756
GET /it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:20 GMT
Content-Type: image/jpeg
Content-Length: 128727
Connection: keep-alive
Expires: Sun, 26 Feb 2023 04:32:02 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: f2d96b96bc5d9b349afbb78d14609317
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 04:32:02 GMT
Ohc-Cache-HIT: hengyct75 [1], czix161 [2]
Ohc-File-Size: 128727
X-Cache-Status: MISS
12732.url.tudown.com/uploads/images/623448.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/623448.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/623448.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4023397109,1155224407&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/852234.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/852234.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/852234.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
t14.baidu.com/it/u=4023397109,1155224407&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 64 kB URL HTTP/1.1 t14.baidu.com/it/u=4023397109,1155224407&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 39x39, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 8ef8e1b9c4de43167c3ef9e6a611474c
cf59e3afa6162515042bbea58644783b3be7595b
d79ae2d8a164624539138964279d613d053f5aad361a99811cfbd4eef5a67dad
GET /it/u=4023397109,1155224407&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpeg
Content-Length: 63777
Connection: keep-alive
Expires: Thu, 02 Mar 2023 17:40:34 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 8ef8e1b9c4de43167c3ef9e6a611474c
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 17:40:34 GMT
Ohc-Upstream-Trace: 113.240.118.67; 58.20.204.54
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache54 [1], csix67 [4]
Ohc-Response-Time: 1 0 0 1 345 346
Ohc-File-Size: 63777
X-Cache-Status: MISS
Timing-Allow-Origin: *
12732.url.tudown.com/uploads/images/205598.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/205598.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/205598.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2768304964,1919222688&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/223402.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/223402.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/223402.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=605626764,3456147288&fm=253&app=138&f=PNG?w=500&h=800
t13.baidu.com/it/u=2768304964,1919222688&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 52 kB URL HTTP/1.1 t13.baidu.com/it/u=2768304964,1919222688&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 34e70b3e70eb93276c69f5348c4bee6e
2de910501e989dffa1396ad8fb24e3e4efbbc205
1f86c76b5b6615b168fe5ee7149ea7c10ec4b99ac71244851d49a4cb37de742a
GET /it/u=2768304964,1919222688&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpeg
Content-Length: 51948
Connection: keep-alive
Expires: Mon, 06 Feb 2023 02:43:20 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 34e70b3e70eb93276c69f5348c4bee6e
Age: 2022647
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 02:43:20 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache62 [2], bdix83 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51948
X-Cache-Status: HIT
Timing-Allow-Origin: *
bdcode.2345.com/js/logo/js/logo.js
42.81.8.130200 OK 42 kB URL HTTP/2 bdcode.2345.com/js/logo/js/logo.js
IP 42.81.8.130:0
Hash 5bc7e9d5be50f5571bf627d0a80ec3eb
b2643f0c7d78200b94977f24cc182c6e81e1c41d
fbb7bea4e53b6e347cb6dec928bb43ae9fedc751a3b494afd8e7e72ffee32e7d
Analyzer Verdict Alert fortinet Malware
GET /js/logo/js/logo.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: application/x-javascript
date: Sat, 04 Feb 2023 08:22:21 GMT
etag: W/"639b0691-371a"
expires: Sat, 04 Feb 2023 09:22:21 GMT
last-modified: Thu, 15 Dec 2022 11:35:45 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c203326458e637e3-143
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/583375.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/583375.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/583375.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3132508640,1612255003&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631
img1.baidu.com/it/u=1978691238,4250498605&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
182.106.158.35200 OK 42 kB URL HTTP/2 img1.baidu.com/it/u=1978691238,4250498605&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash aad5063a162688a56cfcd1a117f8b2f9
96e00c92fda762b69f11e26ea6357ec48e8d5279
73a651ecc5d4d20ff805c4931d8b841d7934f90fba4f4aef99256ed0f70bd89e
GET /it/u=1978691238,4250498605&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 41600
expires: Fri, 17 Feb 2023 03:19:51 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: aad5063a162688a56cfcd1a117f8b2f9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 03:19:51 GMT
ohc-cache-hit: jjct54 [1], xiangyix54 [2]
ohc-file-size: 41600
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/91582.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/91582.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/91582.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422
bdsearch.2345.com/auto_ds?utz=Vv&gjz=_._3xZ_1_ZX_Xw1v&gzj=VvrVv&tgc=u&vtu=v&vogj=vvuuvv&wgk=H6kaBZm89nlJ6dca+qDlDR7GM5PA_neQD3Ecim.ZroqGyN+yG5CHy0N9XKx4AnQkol8iavDB1+14DuPAE-f5JjFXLH_i4iAqwsLn6y3LwhY+.NllFsgCuOAXzk/foXgTDQI5CI1TBI+PSdknHK6I3Jss__0bs2opMv.c+Lx.lmhC545ra0N1TRqmlRzx9oiA5EAI+K+ad.5iJYi8ED3LH/_ul_mp0BJ.mxv/7MXbjIAyGmAku8MZKQpkxen9KP7EdA2et/Y7Y2zFAfnqELdr6ltcI.b28ppNchGhMxf69+CqkcCpN2ywZectDZiRL5Qjb6ja.AFC9/-Da0SrxLs+eOLcNpkyaGrOJJ.ZO22h2_bRNwpG.MJ5mB9jFh2btljg/JS9Cg2Pxx0vgtnj1BhfAK&in=3x3&tyz=v&gj=uru&uij=v&vel=-hZi_cha&ukd=4ONIUDMIHJ&usm=u&ckl=bnnjWx4Ww9Ww9vw1xwWUolfWUno_iqhWUZigWw9_iqhWw9.ircnj_.-_cnilWwz81Wwz4uWwz5yWwz82Wwz41Wwz4xWwz81Wwz23Wwz22Wyuyv2U0xuuyWU-r-&tvt=ON9V2&umz=uWUu&kte=v01zy3231x&gifk=w&twm=u&rr=v&ttv=nlo-&kcd=v01zy3231x<=vw2urvuuw&uts=UUUYXc_oUohcihUZXffYXZe&uzj=u&urz=u&uwk=u&ugk=hih-&kgi=v01zy3231xuuz&riz=w>j=vw02r3x3&llzu=YXz11v-0x3XvuwXv&gjj=vw02rwzz2&ut=y&uz=u&rek=u&ji=vw2urvuwy&uiz=u&mvi=uvw3&kz=sXYi222pcjW81W57W3vW83W4vW5zW81W33W55W8zW57W3zW8zW53W5xW8zW29W5u(W8yW52W47W8zW35W57)W8zW48W32W80W30W53W81W57W3vW81W45W33VcimWw9W8zW48W23W8zW27W3xWw9W80W23W25W80W36W54W81W23W22XjjW8yW52W25W82W57W57Py2v0WU1w21z
42.81.8.129200 OK 78 B URL HTTP/2 bdsearch.2345.com/auto_ds?utz=Vv&gjz=_._3xZ_1_ZX_Xw1v&gzj=VvrVv&tgc=u&vtu=v&vogj=vvuuvv&wgk=H6kaBZm89nlJ6dca+qDlDR7GM5PA_neQD3Ecim.ZroqGyN+yG5CHy0N9XKx4AnQkol8iavDB1+14DuPAE-f5JjFXLH_i4iAqwsLn6y3LwhY+.NllFsgCuOAXzk/foXgTDQI5CI1TBI+PSdknHK6I3Jss__0bs2opMv.c+Lx.lmhC545ra0N1TRqmlRzx9oiA5EAI+K+ad.5iJYi8ED3LH/_ul_mp0BJ.mxv/7MXbjIAyGmAku8MZKQpkxen9KP7EdA2et/Y7Y2zFAfnqELdr6ltcI.b28ppNchGhMxf69+CqkcCpN2ywZectDZiRL5Qjb6ja.AFC9/-Da0SrxLs+eOLcNpkyaGrOJJ.ZO22h2_bRNwpG.MJ5mB9jFh2btljg/JS9Cg2Pxx0vgtnj1BhfAK&in=3x3&tyz=v&gj=uru&uij=v&vel=-hZi_cha&ukd=4ONIUDMIHJ&usm=u&ckl=bnnjWx4Ww9Ww9vw1xwWUolfWUno_iqhWUZigWw9_iqhWw9.ircnj_.-_cnilWwz81Wwz4uWwz5yWwz82Wwz41Wwz4xWwz81Wwz23Wwz22Wyuyv2U0xuuyWU-r-&tvt=ON9V2&umz=uWUu&kte=v01zy3231x&gifk=w&twm=u&rr=v&ttv=nlo-&kcd=v01zy3231x<=vw2urvuuw&uts=UUUYXc_oUohcihUZXffYXZe&uzj=u&urz=u&uwk=u&ugk=hih-&kgi=v01zy3231xuuz&riz=w>j=vw02r3x3&llzu=YXz11v-0x3XvuwXv&gjj=vw02rwzz2&ut=y&uz=u&rek=u&ji=vw2urvuwy&uiz=u&mvi=uvw3&kz=sXYi222pcjW81W57W3vW83W4vW5zW81W33W55W8zW57W3zW8zW53W5xW8zW29W5u(W8yW52W47W8zW35W57)W8zW48W32W80W30W53W81W57W3vW81W45W33VcimWw9W8zW48W23W8zW27W3xWw9W80W23W25W80W36W54W81W23W22XjjW8yW52W25W82W57W57Py2v0WU1w21z
IP 42.81.8.129:0
File type ASCII text, with no line terminators
Hash 9279d602227737f966b6adde39f027d0
146dad1f12eb7c4a733ae74b2546b9b9e87b4c54
57fd49ef04244ee689ab5d270811bd86f0f18c7f8eef9a578091eb515cb0b55a
GET /auto_ds?utz=Vv&gjz=_._3xZ_1_ZX_Xw1v&gzj=VvrVv&tgc=u&vtu=v&vogj=vvuuvv&wgk=H6kaBZm89nlJ6dca+qDlDR7GM5PA_neQD3Ecim.ZroqGyN+yG5CHy0N9XKx4AnQkol8iavDB1+14DuPAE-f5JjFXLH_i4iAqwsLn6y3LwhY+.NllFsgCuOAXzk/foXgTDQI5CI1TBI+PSdknHK6I3Jss__0bs2opMv.c+Lx.lmhC545ra0N1TRqmlRzx9oiA5EAI+K+ad.5iJYi8ED3LH/_ul_mp0BJ.mxv/7MXbjIAyGmAku8MZKQpkxen9KP7EdA2et/Y7Y2zFAfnqELdr6ltcI.b28ppNchGhMxf69+CqkcCpN2ywZectDZiRL5Qjb6ja.AFC9/-Da0SrxLs+eOLcNpkyaGrOJJ.ZO22h2_bRNwpG.MJ5mB9jFh2btljg/JS9Cg2Pxx0vgtnj1BhfAK&in=3x3&tyz=v&gj=uru&uij=v&vel=-hZi_cha&ukd=4ONIUDMIHJ&usm=u&ckl=bnnjWx4Ww9Ww9vw1xwWUolfWUno_iqhWUZigWw9_iqhWw9.ircnj_.-_cnilWwz81Wwz4uWwz5yWwz82Wwz41Wwz4xWwz81Wwz23Wwz22Wyuyv2U0xuuyWU-r-&tvt=ON9V2&umz=uWUu&kte=v01zy3231x&gifk=w&twm=u&rr=v&ttv=nlo-&kcd=v01zy3231x<=vw2urvuuw&uts=UUUYXc_oUohcihUZXffYXZe&uzj=u&urz=u&uwk=u&ugk=hih-&kgi=v01zy3231xuuz&riz=w>j=vw02r3x3&llzu=YXz11v-0x3XvuwXv&gjj=vw02rwzz2&ut=y&uz=u&rek=u&ji=vw2urvuwy&uiz=u&mvi=uvw3&kz=sXYi222pcjW81W57W3vW83W4vW5zW81W33W55W8zW57W3zW8zW53W5xW8zW29W5u(W8yW52W47W8zW35W57)W8zW48W32W80W30W53W81W57W3vW81W45W33VcimWw9W8zW48W23W8zW27W3xWw9W80W23W25W80W36W54W81W23W22XjjW8yW52W25W82W57W57Py2v0WU1w21z HTTP/1.1
Host: bdsearch.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: application/javascript;charset=UTF-8
date: Sat, 04 Feb 2023 08:22:21 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 16:22:21 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: yunjiasu
x-xss-protection: 0
yjs-id: c2033268245e37e8-143
content-length: 78
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
182.106.158.35200 OK 25 kB URL HTTP/2 img0.baidu.com/it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x749, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e7621955b679461529b17c723ee2fee4
234447069f08c5bc410a15d98d44b925199d4297
a5ffcbce975a70b37e9132c0c53a8565a495bb6e53ef76d471fea97c2a6dadb0
GET /it/u=2428433112,1248005970&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 24774
expires: Tue, 21 Feb 2023 09:24:59 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: e7621955b679461529b17c723ee2fee4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 09:24:59 GMT
ohc-cache-hit: jjct54 [1], qdix177 [2]
ohc-file-size: 24774
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/506705.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/506705.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/506705.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1289185477,3733292836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=376
12732.url.tudown.com/uploads/images/414483.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/414483.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/414483.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608
12732.url.tudown.com/uploads/images/26659.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/26659.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/26659.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=136036133,1709189983&fm=224&app=112&f=PNG?w=500&h=500
12732.url.tudown.com/uploads/images/983961.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/983961.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/983961.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3265357047,1735794757&fm=253&fmt=auto&app=138&f=JPEG?w=50&h=50
img1.baidu.com/it/u=3055373092,1578387770&fm=253&app=120&f=JPEG?w=800&h=1422
182.106.158.35200 OK 77 kB URL HTTP/1.1 img1.baidu.com/it/u=3055373092,1578387770&fm=253&app=120&f=JPEG?w=800&h=1422
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x1422, components 3\012- data
Hash a615f69ef7f2b3e1a9d68afd4d36448b
ea046065b3ce59691a8bd6e731d2205b2ccb50a7
61d837241f2c8a61c93fb6bdd2b122c6c6bf1f5a629f79d751807f81752bf6e6
GET /it/u=3055373092,1578387770&fm=253&app=120&f=JPEG?w=800&h=1422 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpeg
Content-Length: 76751
Connection: keep-alive
Expires: Fri, 17 Feb 2023 06:55:38 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: a615f69ef7f2b3e1a9d68afd4d36448b
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 06:55:38 GMT
Ohc-Cache-HIT: jjct72 [1], bdix100 [4]
Ohc-File-Size: 76751
X-Cache-Status: MISS
img0.baidu.com/it/u=3132508640,1612255003&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631
182.106.158.35200 OK 9.3 kB URL HTTP/2 img0.baidu.com/it/u=3132508640,1612255003&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x631, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 826519f3cea525c777db8a88d3402cbd
f4f14317e41bda498b1b48ff6c503ef6c4c2a4c4
138a2f555e565df1fae5f99701728e7363f88888e571f5134c6cb6f993e31c7d
GET /it/u=3132508640,1612255003&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 9304
expires: Sat, 04 Mar 2023 06:31:49 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 826519f3cea525c777db8a88d3402cbd
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 06:31:49 GMT
ohc-cache-hit: jjct68 [2], xiangyix237 [4]
ohc-file-size: 9304
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=136036133,1709189983&fm=224&app=112&f=PNG?w=500&h=500
185.10.104.124200 OK 393 kB URL HTTP/1.1 t14.baidu.com/it/u=136036133,1709189983&fm=224&app=112&f=PNG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size 393 kB (392825 bytes)
Hash dc84978a6150d95ad598382d8757c131
8952fd447afc3cdd06cac78770fd5c844cca688b
0b50a7bfdd6da6f017d67c198a6570c020d66f4376ae724d7a44dc15f8cf2820
GET /it/u=136036133,1709189983&fm=224&app=112&f=PNG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/png
Content-Length: 392825
Connection: keep-alive
Expires: Wed, 01 Mar 2023 04:17:49 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: dc84978a6150d95ad598382d8757c131
Age: 368967
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 30 Jan 2023 04:17:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], bduncache64 [2], suzix64 [3]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 392825
X-Cache-Status: HIT
12732.url.tudown.com/uploads/images/133954.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/133954.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/133954.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4142117824,1967907595&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
img0.baidu.com/it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422
182.106.158.35200 OK 94 kB URL HTTP/2 img0.baidu.com/it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x1422, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 11bcb53531ca8d4f4e01b74408914190
e79aa2d657a5642d09531107897d44c4ee8a81b7
e82b314eb92093e3c3294d37dadde9edc5712fc14485a04e6fc9481bef9e01d7
GET /it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:21 GMT
content-type: image/webp
content-length: 93736
expires: Wed, 22 Feb 2023 12:47:59 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 11bcb53531ca8d4f4e01b74408914190
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 12:47:59 GMT
ohc-cache-hit: jjct58 [1], qdix103 [2]
ohc-file-size: 93736
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/271623.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/271623.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/271623.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2244075199,3396151450&fm=253&fmt=auto?w=1280&h=800
img2.baidu.com/it/u=605626764,3456147288&fm=253&app=138&f=PNG?w=500&h=800
175.6.243.35200 OK 460 kB URL HTTP/1.1 img2.baidu.com/it/u=605626764,3456147288&fm=253&app=138&f=PNG?w=500&h=800
IP 175.6.243.35:0
File type PNG image data, 500 x 800, 8-bit/color RGBA, non-interlaced\012- data
Size 460 kB (459560 bytes)
Hash e3f9adb19eaaa8b1ba1d177d9aec5b8e
6c834503e551c9682a5e52fa9633ce100753666c
7795d032bd528401dbf65026c47a72977b58bf1bd4987b70abbe2b76e1f98dc8
GET /it/u=605626764,3456147288&fm=253&app=138&f=PNG?w=500&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/png
Content-Length: 459560
Connection: keep-alive
Expires: Tue, 28 Feb 2023 21:13:22 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: e3f9adb19eaaa8b1ba1d177d9aec5b8e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 29 Jan 2023 21:13:22 GMT
Ohc-Cache-HIT: hengyct72 [2], suzix214 [4]
Ohc-File-Size: 459560
X-Cache-Status: MISS
cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
220.169.152.35200 OK 4.5 kB URL HTTP/2 cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
IP 220.169.152.35:0
File type PNG image data, 44 x 984, 8-bit colormap, non-interlaced\012- data
Hash 3e2d110dd13ae372eac3c04347687487
666c77091671206a1ee7202bfa821afa63dfed94
4b86aeb9d139835e6517cef965d3442d8efca774abc2d6befc580ec63aace62e
GET /cpro/ui/noexpire/img/2.0.0/native_ad.png HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/png
content-length: 4514
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 01 Apr 2022 07:05:03 GMT
etag: "6246a41f-11a2"
cache-control: max-age=315360000
age: 1578043
accept-ranges: bytes
timing-allow-origin: *
ohc-global-saved-time: Tue, 21 Jun 2022 04:49:12 GMT
ohc-cache-hit: yy2ct60 [2], wzix60 [2]
ohc-file-size: 4514
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3265357047,1735794757&fm=253&fmt=auto&app=138&f=JPEG?w=50&h=50
175.6.243.35200 OK 906 B URL HTTP/2 img2.baidu.com/it/u=3265357047,1735794757&fm=253&fmt=auto&app=138&f=JPEG?w=50&h=50
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 50x50, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3ef8e893af96583d02befc08167ac727
8778db9460644a623eac83b53e8831d75b0acd2b
bd235da0c748458add15faa8eaa230731478ed7dcdaa57ed360fc3676735f1a6
GET /it/u=3265357047,1735794757&fm=253&fmt=auto&app=138&f=JPEG?w=50&h=50 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 906
expires: Wed, 22 Feb 2023 23:33:01 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3ef8e893af96583d02befc08167ac727
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 23:33:01 GMT
ohc-cache-hit: hengyct84 [1], czix163 [4]
ohc-file-size: 906
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/223756.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/223756.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/223756.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3575204787,738378468&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
12732.url.tudown.com/uploads/images/823390.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/823390.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/823390.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/834532.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/834532.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/834532.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
12732.url.tudown.com/uploads/images/401748.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/401748.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/401748.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3432758192,110639038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=788
t13.baidu.com/it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 49 kB URL HTTP/1.1 t13.baidu.com/it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e392236e88a934d1d3cf7066672b0742
ba2d13bce09cc872278b4d3dc7a6702638a00dad
87629ac9c873802166678912690b483a41d679d8d763c37ad613936b862d65ca
GET /it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpeg
Content-Length: 49251
Connection: keep-alive
Expires: Sun, 05 Feb 2023 15:24:07 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: e392236e88a934d1d3cf7066672b0742
Age: 2027175
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 15:24:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache51 [1], wzix86 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 49251
X-Cache-Status: HIT
Timing-Allow-Origin: *
sofire.baidu.com/h5/t/8800
36.110.192.156204 No Content 0 B URL HTTP/2 sofire.baidu.com/h5/t/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://12732.url.tudown.com/
Origin: http://12732.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12732.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 08:22:22 GMT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=633620658,1642533833&fm=253&app=120&f=JPEG?w=800&h=1280
182.106.158.35200 OK 163 kB URL HTTP/1.1 img1.baidu.com/it/u=633620658,1642533833&fm=253&app=120&f=JPEG?w=800&h=1280
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x1280, components 3\012- data
Size 163 kB (162778 bytes)
Hash f42b1cebb5eed50ea83e2a5dd4af8a21
ff5b8545e77646eea5410c3e32372f6e4c1e5951
f4d4fe27d5ce4ba661f56e8bbee2fad57aa6267a107eeee50dbfdbe796c1736b
GET /it/u=633620658,1642533833&fm=253&app=120&f=JPEG?w=800&h=1280 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:21 GMT
Content-Type: image/jpeg
Content-Length: 162778
Connection: keep-alive
Expires: Sun, 12 Feb 2023 10:29:54 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: f42b1cebb5eed50ea83e2a5dd4af8a21
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 10:29:54 GMT
Ohc-Cache-HIT: jjct69 [2], wzix69 [4]
Ohc-File-Size: 162778
X-Cache-Status: MISS
sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675498975192&r=init
36.110.192.156200 OK 0 B URL HTTP/2 sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675498975192&r=init
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675498975192&r=init HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
date: Sat, 04 Feb 2023 08:22:22 GMT
content-length: 0
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/337955.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/337955.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/337955.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2041618182,2767719983&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
12732.url.tudown.com/uploads/images/838077.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/838077.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/838077.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2398767598,3256640471&fm=224&app=112&f=JPEG?w=500&h=500
t13.baidu.com/it/u=2398767598,3256640471&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 35 kB URL HTTP/1.1 t13.baidu.com/it/u=2398767598,3256640471&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 72854a78ef6074a83530e46fbb9d77bf
616344d1cd0ae1c102fb7d05ad0de32e5e8689e1
642c8a61f009c4c884ce68acc94ba8abdbab52a7c89a29aadc7d75113dcd4de8
GET /it/u=2398767598,3256640471&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpeg
Content-Length: 34723
Connection: keep-alive
Expires: Mon, 13 Feb 2023 07:18:23 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 72854a78ef6074a83530e46fbb9d77bf
Age: 1751333
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 14 Jan 2023 07:18:23 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache59 [1], xaix240 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 34723
X-Cache-Status: HIT
Timing-Allow-Origin: *
12732.url.tudown.com/uploads/images/664684.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/664684.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/664684.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2891864615,3769216726&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
12732.url.tudown.com/uploads/images/268987.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/268987.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/268987.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1692452246,529128140&fm=224&app=112&f=JPEG?w=500&h=500
sofire.baidu.com/h5/t/8800
36.110.192.156200 OK 591 B URL HTTP/2 sofire.baidu.com/h5/t/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
File type JSON data\012- , ASCII text, with very long lines (591), with no line terminators
Hash 435833f2c2d58d2bc8f2e26f571b5ee7
49d020ab38f5d0d9e4cdf276e5a3cf07ae486964
2926973f485c097b31dd51fd1478fe7f890aa9cac52834c71cfd920758407e1d
POST /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
X-Bdh5-Pf: 1
Content-Length: 3346
Origin: http://12732.url.tudown.com
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12732.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
content-type: application/json; charset=utf-8
date: Sat, 04 Feb 2023 08:22:22 GMT
content-length: 591
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/236257.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/236257.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/236257.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3440863631,1517191402&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
12732.url.tudown.com/uploads/images/364950.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/364950.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/364950.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1540232351,3414260465&fm=224&app=112&f=JPEG?w=500&h=500
img1.baidu.com/it/u=1289185477,3733292836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=376
182.106.158.35200 OK 28 kB URL HTTP/2 img1.baidu.com/it/u=1289185477,3733292836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=376
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x376, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1e7b22859d266503863c6b0e2375c926
d6842ebfb6f8d2d1782fe6cc61fa1b39d49ea861
9308a5acc281a75152cd7e61d39de3f41ff55646ccec28c78e81f66a3495f7fd
GET /it/u=1289185477,3733292836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=376 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 28002
expires: Thu, 09 Feb 2023 13:15:39 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 1e7b22859d266503863c6b0e2375c926
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 13:15:39 GMT
ohc-cache-hit: jjct67 [1], qdix217 [4]
ohc-file-size: 28002
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=1540232351,3414260465&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 33 kB URL HTTP/1.1 t14.baidu.com/it/u=1540232351,3414260465&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 99fa01a06ba3c56fd9c2af69b561995a
d5590464a2fdf76a621eb6da1b2603ec20319354
64ac40fa4bf9e2ffb67c9bd12bc66c3f9e9a2ddd3e4242445def285987cf603f
GET /it/u=1540232351,3414260465&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpeg
Content-Length: 32678
Connection: keep-alive
Expires: Sat, 11 Feb 2023 02:57:51 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 99fa01a06ba3c56fd9c2af69b561995a
Age: 1862547
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 02:57:51 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache62 [1], wzix106 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 32678
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=3432758192,110639038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=788
182.106.158.35200 OK 28 kB URL HTTP/2 img0.baidu.com/it/u=3432758192,110639038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=788
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x788, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2751fdb4445429aaea70bcfb22e73121
bd91ec5a47116e3962e0dedc03c1344a1f6e19c9
5189a59a03f46066c19c331eedf7b811da6a400e27b67eac8cb78a795c0f4542
GET /it/u=3432758192,110639038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=788 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 28512
expires: Fri, 17 Feb 2023 15:56:14 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 2751fdb4445429aaea70bcfb22e73121
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 15:56:14 GMT
ohc-cache-hit: jjct51 [1], qdix238 [4]
ohc-file-size: 28512
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608
182.106.158.35200 OK 38 kB URL HTTP/2 img0.baidu.com/it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x608, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d56dd2c067cc47ecef1cae20df1436d6
6aaecdec59830fd6f60e4dcfcaa35c7e8c1b2452
7da838befba713f0710ef6473b956e8d9b7f4c618e14ababdc70f346896e1729
GET /it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 38066
expires: Fri, 10 Feb 2023 21:26:49 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: d56dd2c067cc47ecef1cae20df1436d6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 21:26:49 GMT
ohc-cache-hit: jjct71 [1], xiangyix71 [4]
ohc-file-size: 38066
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2244075199,3396151450&fm=253&fmt=auto?w=1280&h=800
182.106.158.35200 OK 83 kB URL HTTP/2 img0.baidu.com/it/u=2244075199,3396151450&fm=253&fmt=auto?w=1280&h=800
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9d2ebe73852723486818db244a177fd5
149ff6b5899b6d64bef878ac76c7a5b37f1df057
eaf89ac2f95a3f67012af645c4d230866ace66f18d48dac0b5774423a27d3cc8
GET /it/u=2244075199,3396151450&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 82680
expires: Mon, 20 Feb 2023 12:14:23 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9d2ebe73852723486818db244a177fd5
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:14:23 GMT
ohc-cache-hit: jjct63 [1], bdix234 [2]
ohc-file-size: 82680
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3575204787,738378468&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
182.106.158.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=3575204787,738378468&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1b016a878e9c2afef1200698d03f9c51
c15904a3b94abc156c09e3391da07a8caf8e3cc2
3da1f5f6588640dd744ee3e62bf8ec0fb012bb1df1a2d321a44ac3db967e9cf4
GET /it/u=3575204787,738378468&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 17480
expires: Fri, 24 Feb 2023 03:01:52 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 1b016a878e9c2afef1200698d03f9c51
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:01:52 GMT
ohc-cache-hit: jjct64 [1], wzix64 [4]
ohc-file-size: 17480
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/554403.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/554403.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/554403.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3181986009,1094391166&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=525
img0.baidu.com/it/u=2041618182,2767719983&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
182.106.158.35200 OK 17 kB URL HTTP/2 img0.baidu.com/it/u=2041618182,2767719983&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x750, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 62c9e717b922b733e1f26b6bbfac0df1
477c8736b7a1431e4b358f2a3b99fe43c1f8b376
3259afc64979bd5ef2f33497c4e3a25d579b6d0fb72ae24539605b9cd30ea2dd
GET /it/u=2041618182,2767719983&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 16984
expires: Fri, 24 Feb 2023 10:08:43 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 62c9e717b922b733e1f26b6bbfac0df1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 10:08:43 GMT
ohc-cache-hit: jjct66 [1], csix86 [4]
ohc-file-size: 16984
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/132758.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/132758.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/132758.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400
img2.baidu.com/it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
175.6.243.35200 OK 41 kB URL HTTP/2 img2.baidu.com/it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 64f1aace12850ab572c08d62ba4e00d0
f47683d2fea52b2b05cd63f476f359062bb4290e
96aae39170ea2c13366dbc6705e63f83c968edb2f9a7ebb96fdd1d95ee4b104c
GET /it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 41042
expires: Sun, 26 Feb 2023 09:38:00 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 64f1aace12850ab572c08d62ba4e00d0
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 09:38:00 GMT
ohc-cache-hit: hengyct83 [1], xiangyix103 [4]
ohc-file-size: 41042
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4142117824,1967907595&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
175.6.243.35200 OK 55 kB URL HTTP/2 img2.baidu.com/it/u=4142117824,1967907595&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 292d75fcf033913401c477f29d7c21ed
e489f597f0ec8bbac1c99fd339e18336da446a6d
df072d2d046b5f2d056490d8411ca0081208122629020f5c2c1da671c2ffe6b1
GET /it/u=4142117824,1967907595&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 54592
expires: Wed, 22 Feb 2023 01:37:14 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 292d75fcf033913401c477f29d7c21ed
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 01:37:14 GMT
ohc-cache-hit: hengyct84 [1], suzix151 [2]
ohc-file-size: 54592
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=2891864615,3769216726&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
182.106.158.35200 OK 14 kB URL HTTP/2 img0.baidu.com/it/u=2891864615,3769216726&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 281x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2002116e9e63c1867ddc202d2c3f53b4
2c18abca639a37566031455216538747315251a9
b6c486ac0224ffd9147c5ab1cecde04bfdda854e25dff105724e111762d59720
GET /it/u=2891864615,3769216726&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 14048
expires: Sun, 05 Feb 2023 07:22:44 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 2002116e9e63c1867ddc202d2c3f53b4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 07:22:44 GMT
ohc-cache-hit: jjct58 [1], czix222 [4]
ohc-file-size: 14048
x-cache-status: MISS
X-Firefox-Spdy: h2
sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=2251&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675498977476&r=lo
36.110.192.156200 OK 0 B URL HTTP/2 sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=2251&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675498977476&r=lo
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=2251&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675498977476&r=lo HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
date: Sat, 04 Feb 2023 08:22:22 GMT
content-length: 0
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3440863631,1517191402&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
182.106.158.35200 OK 5.4 kB URL HTTP/2 img0.baidu.com/it/u=3440863631,1517191402&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 322e2e07a732f74bac9902b253a5fb81
52e2710b7caf17641a120fe64cffa3c50c51678d
cbe715ac3973b6814fd24b5b7c46eb65de553e860aabe63c2e68f5a7d426c0dd
GET /it/u=3440863631,1517191402&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:22 GMT
content-type: image/webp
content-length: 5360
expires: Mon, 20 Feb 2023 12:29:55 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 322e2e07a732f74bac9902b253a5fb81
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:29:55 GMT
ohc-cache-hit: jjct58 [1], bdix129 [2]
ohc-file-size: 5360
x-cache-status: MISS
X-Firefox-Spdy: h2
t13.baidu.com/it/u=1692452246,529128140&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 26 kB URL HTTP/1.1 t13.baidu.com/it/u=1692452246,529128140&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d92d37aff1639188b50a48b81382c84e
3dd59046f623b57a07fc41b052c1486a27381539
ed5721fae285f78360281cf87f2b81f59ce4e196f92cd207d1e69289ba1996c2
GET /it/u=1692452246,529128140&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpeg
Content-Length: 26148
Connection: keep-alive
Expires: Sun, 05 Mar 2023 18:30:21 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d92d37aff1639188b50a48b81382c84e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 18:30:20 GMT
Ohc-Upstream-Trace: 58.20.204.61
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache61 [4], suzix123 [4]
Ohc-Response-Time: 1 0 0 0 330 331
Ohc-File-Size: 26148
X-Cache-Status: MISS
Timing-Allow-Origin: *
12732.url.tudown.com/uploads/images/73342.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/73342.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/73342.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1816905430,2291990798&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/652313.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/652313.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/652313.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952
12732.url.tudown.com/uploads/images/637521.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/637521.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/637521.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3371132568,1767978599&fm=253&fmt=auto&app=138&f=JPEG?w=158&h=500
12732.url.tudown.com/uploads/images/336050.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/336050.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/336050.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3859976073,3025064180&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=450
t15.baidu.com/it/u=1816905430,2291990798&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 41 kB URL HTTP/1.1 t15.baidu.com/it/u=1816905430,2291990798&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 2175d6ee9a8aba2c46f828cfb30a7ca9
08d291d1a165cffb744411cd4b821a57c045ba51
00cb229396e03ad1f0e122bfe969b41e8e0bf8faed3ec03e5d7016933f32d344
GET /it/u=1816905430,2291990798&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpeg
Content-Length: 41358
Connection: keep-alive
Expires: Mon, 06 Feb 2023 10:35:20 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 2175d6ee9a8aba2c46f828cfb30a7ca9
Age: 2027573
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 10:35:20 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache64 [1], xiangyix165 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 41358
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=3181986009,1094391166&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=525
182.106.158.35200 OK 14 kB URL HTTP/2 img1.baidu.com/it/u=3181986009,1094391166&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=525
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x525, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0db3693918945f3f466cc0c4ce16b857
ab6186db03a9bfbb63d2c45f1ed8d5960dbe5c41
972e1afaa1251d2a0340b0a444e7c12635ee7d02b9be487cb9e7e369042cc57d
GET /it/u=3181986009,1094391166&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=525 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 13592
expires: Tue, 21 Feb 2023 02:59:02 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0db3693918945f3f466cc0c4ce16b857
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 02:59:02 GMT
ohc-cache-hit: jjct65 [1], suzix206 [2]
ohc-file-size: 13592
x-cache-status: MISS
X-Firefox-Spdy: h2
sofire.baidu.com/h5/e/8800
36.110.192.156204 No Content 0 B URL HTTP/2 sofire.baidu.com/h5/e/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /h5/e/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://12732.url.tudown.com/
Origin: http://12732.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12732.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 08:22:23 GMT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400
175.6.243.35200 OK 16 kB URL HTTP/2 img2.baidu.com/it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 66977e062032a031f3dda1816ccb8bd4
8cac11d87097e383e22bfb9f46bed652ffcab0a8
d99c6e21fa4a9a2f09fed2b9bacbb8c75c4d907f7b93f01f85107b20b70e8376
GET /it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 16442
expires: Sat, 11 Feb 2023 10:28:35 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 66977e062032a031f3dda1816ccb8bd4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 10:28:35 GMT
ohc-cache-hit: hengyct74 [1], suzix144 [4]
ohc-file-size: 16442
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/172114.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/172114.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/172114.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
12732.url.tudown.com/uploads/images/523215.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/523215.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/523215.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=648896954,2537565643&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
sofire.baidu.com/h5/e/8800
36.110.192.156200 OK 77 B URL HTTP/2 sofire.baidu.com/h5/e/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
File type JSON data\012- , ASCII text, with no line terminators
Hash 3a03fd101565738ee54fa2bd8bc58267
182393541eac71eaa83f1f4dbf8605651a095782
7968a3e2f90cdc0e71640044bf89ca06b73386a89725d5f061e1cd19a2cb58f7
POST /h5/e/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
X-Bdh5-Pf: 1
Origin: http://12732.url.tudown.com
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12732.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
content-type: application/json; charset=utf-8
date: Sat, 04 Feb 2023 08:22:23 GMT
content-length: 77
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3859976073,3025064180&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=450
175.6.243.35200 OK 14 kB URL HTTP/2 img2.baidu.com/it/u=3859976073,3025064180&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=450
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 600x450, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5f80e0c3a2636a94fd33e5d207e57636
2fa739a1e3d43819abb19231fbde501ad3ef2fa1
6a18f8e15af7df71f11dce3bde9d8702c62d945a29e7157f03dc0160b2596c35
GET /it/u=3859976073,3025064180&fm=253&fmt=auto&app=138&f=JPEG?w=600&h=450 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 13528
expires: Wed, 22 Feb 2023 20:46:00 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 5f80e0c3a2636a94fd33e5d207e57636
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 20:46:00 GMT
ohc-cache-hit: hengyct50 [1], qdix120 [4]
ohc-file-size: 13528
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/743656.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/743656.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/743656.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4038494405,1512433704&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350
img2.baidu.com/it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952
175.6.243.35200 OK 32 kB URL HTTP/2 img2.baidu.com/it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x952, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 615a681704246683d939ffdf83f7c391
ebe315d3321780f364ae033e99e7a6a25b28de5c
605bc4f04ae761d4a2c4450ef293d4565daf4ce4193f92f8a2eb21ba741868de
GET /it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 31958
expires: Sat, 11 Feb 2023 13:45:49 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 615a681704246683d939ffdf83f7c391
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 13:45:49 GMT
ohc-cache-hit: hengyct50 [1], suzix123 [2]
ohc-file-size: 31958
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3371132568,1767978599&fm=253&fmt=auto&app=138&f=JPEG?w=158&h=500
182.106.158.35200 OK 14 kB URL HTTP/2 img1.baidu.com/it/u=3371132568,1767978599&fm=253&fmt=auto&app=138&f=JPEG?w=158&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 158x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4d3d6596ff95862dac370469c37b9b45
cd650d82e5b13600f1bdb672f9ba96f7994a4db1
181281917dd3729619c1d7de2e77866c3811f71273922eb0bd52a3871769689a
GET /it/u=3371132568,1767978599&fm=253&fmt=auto&app=138&f=JPEG?w=158&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 13534
expires: Mon, 27 Feb 2023 05:16:27 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 4d3d6596ff95862dac370469c37b9b45
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 28 Jan 2023 05:16:27 GMT
ohc-cache-hit: jjct66 [1], xiangyix141 [2]
ohc-file-size: 13534
x-cache-status: MISS
X-Firefox-Spdy: h2
12732.url.tudown.com/uploads/images/220548.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/220548.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/220548.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2479701200,2263408814&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/813234.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/813234.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/813234.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=954782322,299988182&fm=224&app=112&f=JPEG?w=500&h=500
12732.url.tudown.com/uploads/images/543205.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 12732.url.tudown.com/uploads/images/543205.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/543205.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=NCqgHcsEFtrPCjig+wJrJXDMSBVGdtkWJ9KiosfcxuwM4T+4MBIN46TFaQ3AGtWqurEog1JH7+7AJ0VGKelBPpLaRNdoAoGw2yRtC49R2nb+fTrrLymI0UGa5q/luamZJWOBIO7ZHO+VYjqtNQCO9Pyydd6hy8uvS1fi+R3frsnIBABxg6T7ZXwsrX53FuoGBKGO+Q+gjfBoPboEKJ9RN/d0rdsv6HPfs31/DSahpOG4MsGq0EScQWvq3ktFQVDKjG8kz/bDb85LGltwKRjxCrziOfh8EvvTinMnS3lCF+IwqiIvT842ckizJcoXRBWphCpgfGLIF/eJg6Yx3Ry+kURiTvq4gMxUPPfcU88n8dhXT2vMfSPBsHFpLn8hzrpm/PYFIm8V3361mztp7HnlGQ==|suBpKvC0YiyzqpjFOEHUX0QFl0wMWHoROy/jyiGCNZs=|10|bbf43ff9fb65afddc38f2eaebf184fb6
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:22:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2541942015,912504724&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=684
img2.baidu.com/it/u=648896954,2537565643&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
175.6.243.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=648896954,2537565643&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
IP 175.6.243.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x750, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f0060db004a457d3390ef267fbe93911
d09f525c14c422b7f48c7b0c07b42f45be5101de
3dd4919f8e9f1b63e1a8a7df12dec68736b04cf7f392c5ea4d35be3c76cbd61a
GET /it/u=648896954,2537565643&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 29962
expires: Mon, 20 Feb 2023 06:46:49 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: f0060db004a457d3390ef267fbe93911
age: 65808
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:46:49 GMT
ohc-cache-hit: hengyct50 [4], qdix187 [4]
ohc-file-size: 29962
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
182.106.158.35200 OK 10 kB URL HTTP/2 img0.baidu.com/it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a57a17f2dfb3aed215cb76ba498a0874
5a47d2b9e36bd23faf9b129e19b6155c47ac87e7
529676ffdeb0064834758d70ec1c73ac2b66cf3f54155b99ad05d70f5c9fdd60
GET /it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:22:23 GMT
content-type: image/webp
content-length: 9998
expires: Fri, 17 Feb 2023 15:02:01 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: a57a17f2dfb3aed215cb76ba498a0874
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 15:02:01 GMT
ohc-cache-hit: jjct61 [1], wzix61 [2]
ohc-file-size: 9998
x-cache-status: MISS
X-Firefox-Spdy: h2