r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash f416977a8d6dfaafb2dbfd0e68b871f8
dfa97bd829b03162de91c80133f2fde69b58a8d2
2c4d0fd1b7a6d398026a4817267adce203429acdd3defa44a879f0d945f392d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C4D0FD1B7A6D398026A4817267ADCE203429ACDD3DEFA44A879F0D945F392D5"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13032
Expires: Mon, 23 Jan 2023 06:51:32 GMT
Date: Mon, 23 Jan 2023 03:14:20 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 0be6cec5607bb65c06dbadd33456aec1
9d13129e936eb5fc82e403931884cdc8c6e6ab92
cb028034340b709ece65e45e8fc1a26a64dd85926beaa542f308d3f1d5ee2c84
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB028034340B709ECE65E45E8FC1A26A64DD85926BEAA542F308D3F1D5EE2C84"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4425
Expires: Mon, 23 Jan 2023 04:28:05 GMT
Date: Mon, 23 Jan 2023 03:14:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 23 Jan 2023 02:34:55 GMT
content-type: application/json
age: 2365
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2296
Expires: Mon, 23 Jan 2023 03:52:36 GMT
Date: Mon, 23 Jan 2023 03:14:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: HO6IMc4/YPd7oqHM0OSJYr1ubvWj9YyJQt9KrjUGaBG56wU4TQbvBSVF8tgKpCFXNHzu2jvmaLgK818SC8BZag==
x-amz-request-id: 7K3MHBTY5WHF3NDB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 23 Jan 2023 02:18:40 GMT
age: 3340
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 23 Jan 2023 03:14:20 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Pragma, Content-Length, Alert, Expires, ETag, Last-Modified, Backoff, Content-Type, Cache-Control
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 23 Jan 2023 02:17:30 GMT
age: 3410
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
200 OK 6.4 kB URL HTTP/1.1 12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
IP
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 4cff8817923f2ba77a4b803d70de28fe
61c5d0306751a8a1e84e82ffb64b8a7e7c6236db
363c75b2d75e0478074a768b4d77144a451480b3484b0014a3a1fa4a6d5748bf
Analyzer Verdict Alert fortinet Malware
GET /down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 471 B IP
Hash 0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1767
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 03:14:21 GMT
Last-Modified: Mon, 23 Jan 2023 02:44:54 GMT
Server: ECS (ska/F711)
X-Cache: HIT
Content-Length: 471
12376.url.tudown.com/template/company/42xz/css/common.css
200 OK 1.9 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/css/common.css
IP
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 625ff65f2c44178957f32d288dd56ddf
cb918d56e4595594c56cab503ed56f84379e862d
2436857c00ba0ab148e7c16f63712844f5bb62e23379751d6dddd82abe667ac5
GET /template/company/42xz/css/common.css HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea53-1ccb"
Expires: Mon, 23 Jan 2023 15:14:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12376.url.tudown.com/js/orsxg5a.script
200 OK 531 B URL HTTP/1.1 12376.url.tudown.com/js/orsxg5a.script
IP
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +9hN7Tcl6aizb6BtHo4sgw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5/yCqb8qyOC8sZFX8wKVhXv2B9M=
12376.url.tudown.com/template/company/42xz/css/soft.css
200 OK 6.6 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/css/soft.css
IP
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 669589d0ffba3898ecf26c242eaed555
f6a564b66491cf102d5961fb95294d84192c9f11
00947ca9960fa7f5ad71c5f5343ded6e595dec626a9da917da58305fdc98e356
GET /template/company/42xz/css/soft.css HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea55-6438"
Expires: Mon, 23 Jan 2023 15:14:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
12376.url.tudown.com/template/company/42xz/js/soft.js
200 OK 3.6 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/js/soft.js
IP
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Hash 67be5352d7d3355ae57faad8a6221355
30f4a9a4a3dede0d2d72725ffa28958f45053e7e
1a59b7c5be683676fa54951bf4129899c3980e78c1f956c287f7cc0c001a857d
Analyzer Verdict Alert fortinet Malware
GET /template/company/42xz/js/soft.js HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea5a-26b2"
Expires: Mon, 23 Jan 2023 15:14:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cf2a2996f924432926abc984b4eb9ecc
9e76a3e44ec16e73be3f92e56910aeb4e7310f87
f301e297cf742b47279e1bf67f833cdb4f9032b4fcf9fbc93f9d3a3e3b865de5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F301E297CF742B47279E1BF67F833CDB4F9032B4FCF9FBC93F9D3A3E3B865DE5"
Last-Modified: Sat, 21 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14736
Expires: Mon, 23 Jan 2023 07:19:57 GMT
Date: Mon, 23 Jan 2023 03:14:21 GMT
Connection: keep-alive
12376.url.tudown.com/uploads/images/logo.png?n=5gmlfzm7r3tlrl7fxcbonfnq42hkp2fox3s2jb7ft646rlvn4ww2nzvaue&w=250
200 OK 3.9 kB URL HTTP/1.1 12376.url.tudown.com/uploads/images/logo.png?n=5gmlfzm7r3tlrl7fxcbonfnq42hkp2fox3s2jb7ft646rlvn4ww2nzvaue&w=250
IP
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash d3ee369e988a8de3e913f53b7430510b
ffd3d5e10f540d8543b0badc6086c284dc0276e0
3cff3ce2b3c9b7fbcf706c87f6420f07062a69233ff887b8f9e1de455dd956c0
GET /uploads/images/logo.png?n=5gmlfzm7r3tlrl7fxcbonfnq42hkp2fox3s2jb7ft646rlvn4ww2nzvaue&w=250 HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
12376.url.tudown.com/uploads/images/228725.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/228725.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/228725.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=750797028,2594088978&fm=253&fmt=auto&app=120&f=PNG?w=1233&h=597
12376.url.tudown.com/uploads/images/906.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/906.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/906.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3841383293,1876079720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=769
12376.url.tudown.com/uploads/images/483155.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/483155.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/483155.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2923166114,2209543007&fm=253&fmt=auto&app=138&f=JPEG?w=893&h=500
12376.url.tudown.com/uploads/images/714676.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/714676.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/714676.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2073552160,1954565564&fm=253&fmt=auto&app=138&f=JPEG?w=507&h=500
12376.url.tudown.com/template/company/42xz/js/jquery.js
200 OK 46 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/js/jquery.js
IP
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (65479), with CRLF line terminators
Hash 49fcb7f2a26c0656e22b75bfe591667f
f277ecd02517fc0f243fd9d882178473d4def06b
9ee94398fbe5a57c715dfdfe1b8d05ea964dd9947dba57dad68ee38ea381a2be
Analyzer Verdict Alert fortinet Malware
GET /template/company/42xz/js/jquery.js HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:21 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea62-1d491"
Expires: Mon, 23 Jan 2023 15:14:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.globalsign.com/gsrsaovsslca2018
200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP
Hash 4edf5ed27a56bafd542c7ff2ba941097
0c33b7fa9d707f23e941a6c2955a4ac5529b75ef
46170a667785bd4c952c1ecae5840bf59706a55e0bc22eb0f2beb6de08a395d6
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1432
Server: nginx
Content-Type: application/ocsp-response
Expires: Fri, 27 Jan 2023 01:08:48 GMT
ETag: "0c33b7fa9d707f23e941a6c2955a4ac5529b75ef"
Last-Modified: Mon, 23 Jan 2023 01:08:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 23 Jan 2023 03:14:22 GMT
Age: 1568
X-Served-By: cache-qpg1274-QPG, cache-bma1680-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 17, 3
X-Timer: S1674443662.186029,VS0,VE0
12376.url.tudown.com/uploads/images/253999.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/253999.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/253999.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2577836852,1200469003&fm=224&app=112&f=JPEG?w=500&h=500
12376.url.tudown.com/uploads/images/409841.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/409841.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/409841.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=294434070,2459652738&fm=224&app=112&f=JPEG?w=500&h=500
12376.url.tudown.com/uploads/images/809070.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/809070.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/809070.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=838643461,1673757458&fm=253&fmt=auto?w=92&h=69
12376.url.tudown.com/uploads/images/175427.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/175427.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/175427.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571
12376.url.tudown.com/uploads/images/113041.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/113041.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/113041.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3645142397,580630835&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
12376.url.tudown.com/uploads/images/432873.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/432873.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/432873.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5397
Expires: Mon, 23 Jan 2023 04:44:19 GMT
Date: Mon, 23 Jan 2023 03:14:22 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5397
Expires: Mon, 23 Jan 2023 04:44:19 GMT
Date: Mon, 23 Jan 2023 03:14:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg
200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c664f89307d9f2cc8170ca0816708ef9
cc010d66fe22fce8e82f9bbc78fc3b836120ff0b
c77d9cae0c4132f2695322b8c33fa875a341948ffb6c3023ddb1d3ef41c9ae23
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3814
x-amzn-requestid: 48468720-0305-4f17-862b-f2f854fdfe41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKq8mEPnIAMFzXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdbeb6-470a030661c749ae0fa14c31;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 22:54:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9hQjtfheswJHTaBL6yZ9UoowbsfqvbNqzUb9EOzaAppGv-fHat8O1A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 23:09:20 GMT
etag: "cc010d66fe22fce8e82f9bbc78fc3b836120ff0b"
content-type: image/jpeg
age: 14702
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/613081.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/613081.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/613081.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1912544577,864651054&fm=224&app=112&f=JPEG?w=500&h=500
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 805711aaab303931f8966bbf73aeda52
2bd02a45c8b407e36a41a482b121ea3e14f7c722
66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K73B093GBbsf85ny_o8fc9oE417nJBFlH0eEdhiifeQk3KG5Q-HHdg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 05:17:02 GMT
age: 79040
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F776639f2-eb42-4725-b2a7-00e94fc28d19.jpeg
200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F776639f2-eb42-4725-b2a7-00e94fc28d19.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b3bb461e2e4e28de0ad024cd421d4b1a
9c67f7af385f0999feb27ab02bb96fb86f74d93d
f430b4b3d325f51ce516a4ab3abae723daffe011f1b1246146a75aedd58c70a7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F776639f2-eb42-4725-b2a7-00e94fc28d19.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8440
x-amzn-requestid: e39ab13e-8072-4c5b-8c3c-5cf627252fdb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKezKFq-IAMFkdw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdab47-3cdf64b20b43bdd705acb62f;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 21:31:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ACOiHqbWw5n9e1-bsH5yof60dWVekQO4OB-v7l1reKanhm9gliFbBg==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:47:59 GMT
age: 19583
etag: "9c67f7af385f0999feb27ab02bb96fb86f74d93d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fed503b-e1a4-456e-b9a4-57ddbb0e7ed2.jpeg
200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fed503b-e1a4-456e-b9a4-57ddbb0e7ed2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a92d48898835ae8afbff3e369127fe13
90491b32adf6a6b7076ac63da4f2ab571f08920c
9060b3c090adc527e575c1d95d836db00a2136eeda09cdbb11e72ee8b4fa6216
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7fed503b-e1a4-456e-b9a4-57ddbb0e7ed2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4093
x-amzn-requestid: 9b314377-5aab-4d4f-9ff8-cf0dd5b0c516
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqthESYoAMF4YA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb57ef-163727d625b0751f61eca87d;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:11:43 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: LcNA7NskVOVIn_eldl9Zo4GTnOoi5eZtmwNnadOwynYKzuzYOmTFIw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 18:33:39 GMT
age: 31243
etag: "90491b32adf6a6b7076ac63da4f2ab571f08920c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg
200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ec35d753b6b816abcd14030255a7b76
a67bd0fa5beb10935442bef246bf4f52ec6e74bd
9adfddc8877a8ea9f1c3bcc0af99548cb11dc4e1d62a706bf9b2a5cc6d72e82f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7982
x-amzn-requestid: 59d91715-b444-445e-bd6b-268fc630024b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKezLExAIAMFSeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdab47-1e12e8f335ea162532ce6aca;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 21:31:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R-9qgCHHj8iD9FEwYhzLoXAQvdrO6D6qRIWAvyQJyfB-LHDGUjvmzA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:47:59 GMT
age: 19583
etag: "a67bd0fa5beb10935442bef246bf4f52ec6e74bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F27144ba0-24e7-4177-b8d9-4121af2315c9.jpeg
200 OK 4.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F27144ba0-24e7-4177-b8d9-4121af2315c9.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3d0dd6e84bd1708aec285a9153eafabc
2d2729ca550ecdca29a502eb76c68f4eed623032
3c0492fc05ab9a35cd8d833a031aa907a473f2ff22fed0732fa331a0c2939660
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F27144ba0-24e7-4177-b8d9-4121af2315c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4085
x-amzn-requestid: 444720ab-9a4d-40f7-a2e2-e574d4e2928d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBP0uEeToAMFepA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9f9b7-113188a040ff40ad479415cc;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 02:17:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wbZuUg06OrIyirTvHtsdGz2ux_OxhbBMbPHy_52LjsmknZIf6bLDBw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 10:24:16 GMT
age: 60606
etag: "2d2729ca550ecdca29a502eb76c68f4eed623032"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/106780.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/106780.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/106780.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2439611237,1433533316&fm=253&app=120&f=JPEG?w=1422&h=800
12376.url.tudown.com/uploads/images/460696.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/460696.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/460696.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500
12376.url.tudown.com/uploads/images/300905.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/300905.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/300905.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3896002923,1659768538&fm=253&fmt=auto&app=138&f=GIF?w=500&h=947
t15.baidu.com/it/u=1912544577,864651054&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 60 kB URL HTTP/1.1 t15.baidu.com/it/u=1912544577,864651054&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 110f9f8aac2fdb84c791c8289bf25733
be7f0ac780ef50e155a80bb01ea1a79cbc7d976f
716ee359abcafa3db6b788ec53bfa9f4ed8f8ef619a44a2ae84be931979ebfe0
GET /it/u=1912544577,864651054&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpeg
Content-Length: 59869
Connection: keep-alive
Expires: Thu, 09 Feb 2023 00:35:21 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 110f9f8aac2fdb84c791c8289bf25733
Age: 970852
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 00:35:20 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache56 [4], wzix91 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 59869
X-Cache-Status: HIT
Timing-Allow-Origin: *
12376.url.tudown.com/uploads/images/772334.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/772334.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/772334.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=628857122,2220823191&fm=253&app=138&f=JPEG?w=500&h=800
t14.baidu.com/it/u=2577836852,1200469003&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 25 kB URL HTTP/1.1 t14.baidu.com/it/u=2577836852,1200469003&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 6aaf07c307ebbe92104a99be32208b67
9959d4b11635d5e49a5a8b63eafac4f17f984f77
ad047ba86d066d651b3a0a6be90fa06b3e665bf872710d9f7ab963e10bf4c60b
GET /it/u=2577836852,1200469003&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpeg
Content-Length: 24923
Connection: keep-alive
Expires: Sat, 04 Feb 2023 15:02:14 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 6aaf07c307ebbe92104a99be32208b67
Age: 971542
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 15:02:14 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache63 [4], suzix86 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 24923
X-Cache-Status: HIT
Timing-Allow-Origin: *
push.zhanzhang.baidu.com/push.js
200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP
ASN #9808 China Mobile Communications Group Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Mon, 23 Jan 2023 03:14:22 GMT
Etag: "4078521116"
Expires: Tue, 23 Jan 2024 03:14:22 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=F58C5F92D73FD94DFC42A39836C001E6:FG=1; max-age=31536000; expires=Tue, 23-Jan-24 03:14:22 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
img2.baidu.com/it/u=2923166114,2209543007&fm=253&fmt=auto&app=138&f=JPEG?w=893&h=500
200 OK 27 kB URL HTTP/2 img2.baidu.com/it/u=2923166114,2209543007&fm=253&fmt=auto&app=138&f=JPEG?w=893&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 893x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fbaa71af2403fd7487d7b62bf9ec5394
adbd725b1d07d6257c4a48cdf9415ab6ea83c295
650416a10266fccdd8abfec85de1934107113e867bb94a490d5fab8607825198
GET /it/u=2923166114,2209543007&fm=253&fmt=auto&app=138&f=JPEG?w=893&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:22 GMT
content-type: image/webp
content-length: 26624
expires: Wed, 01 Feb 2023 01:23:55 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: fbaa71af2403fd7487d7b62bf9ec5394
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 02 Jan 2023 01:23:55 GMT
ohc-cache-hit: dg3ct50 [1], csix115 [4]
ohc-file-size: 26624
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=294434070,2459652738&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 36 kB URL HTTP/1.1 t15.baidu.com/it/u=294434070,2459652738&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e654a286657861c134b8c94bf2e887de
460b73efafbd2eea35ca887397906545d9881c28
4b38d3b41a4fedfc025bbfad0a66f55422044539a8cc5c15190ce79653e55379
GET /it/u=294434070,2459652738&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpeg
Content-Length: 36050
Connection: keep-alive
Expires: Mon, 06 Feb 2023 19:48:35 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: e654a286657861c134b8c94bf2e887de
Age: 972161
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 19:48:35 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache52 [4], qdix123 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 36050
X-Cache-Status: HIT
Timing-Allow-Origin: *
ocsp2.globalsign.com/gsorganizationvalsha2g2
200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
Hash 5fa18e31970ec77ceb15344c2b76b6eb
755887ce9c3b0e7e0cbe6b182444b5071e2d5a53
d8e31e6eaff20039ac899c3d9ce9b89dee92db45b470ea5a3243ff2a9f4f5bcc
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1459
Server: nginx
Content-Type: application/ocsp-response
Expires: Fri, 27 Jan 2023 01:45:57 GMT
ETag: "755887ce9c3b0e7e0cbe6b182444b5071e2d5a53"
Last-Modified: Mon, 23 Jan 2023 01:45:58 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Mon, 23 Jan 2023 03:14:22 GMT
Age: 1670
X-Served-By: cache-qpg1252-QPG, cache-bma1631-BMA
X-Cache: HIT, HIT
X-Cache-Hits: 9, 1
X-Timer: S1674443663.762948,VS0,VE1
12376.url.tudown.com/uploads/images/467813.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/467813.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/467813.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=654333430,648752102&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=2073552160,1954565564&fm=253&fmt=auto&app=138&f=JPEG?w=507&h=500
200 OK 17 kB URL HTTP/2 img0.baidu.com/it/u=2073552160,1954565564&fm=253&fmt=auto&app=138&f=JPEG?w=507&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 507x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2ac71cd28c593700a773e8aff18ddce0
49d83b7ca97a13847152290703d64ddc8664f632
1ddf3fc969c4be1f6ca468f59fd212321519579813c7489146160a8dd502fc94
GET /it/u=2073552160,1954565564&fm=253&fmt=auto&app=138&f=JPEG?w=507&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:22 GMT
content-type: image/webp
content-length: 17150
expires: Wed, 22 Feb 2023 02:55:18 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 2ac71cd28c593700a773e8aff18ddce0
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:55:18 GMT
ohc-cache-hit: fs3ct56 [1], czix99 [2]
ohc-file-size: 17150
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/213195.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/213195.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/213195.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=227173417,3624300079&fm=253&fmt=auto&app=138&f=JPG?w=563&h=500
12376.url.tudown.com/uploads/images/153001.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/153001.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/153001.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=1644546782,1479509311&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=645
12376.url.tudown.com/uploads/images/47840.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/47840.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/47840.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=869611468,2044692533&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
t13.baidu.com/it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 43 kB URL HTTP/1.1 t13.baidu.com/it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 1acddc10580fb36977a99effd7b06e38
b09383fc78e33993fcb468d4be923f0da1a8ec31
18fd68d53e3f40af637c9919ec2754d2a415333786df1e65f8218cbd238c301e
GET /it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpeg
Content-Length: 42991
Connection: keep-alive
Expires: Wed, 08 Feb 2023 02:12:19 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 1acddc10580fb36977a99effd7b06e38
Age: 972532
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 02:12:19 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache62 [1], wzix99 [4]
Ohc-Response-Time: 1 0 0 0 0 3
Ohc-File-Size: 42991
X-Cache-Status: HIT
Timing-Allow-Origin: *
t14.baidu.com/it/u=654333430,648752102&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 46 kB URL HTTP/1.1 t14.baidu.com/it/u=654333430,648752102&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 6cbb38b6a1b6db8f7e91cc86f8705e36
dd615a59d265f3d27bf89e4bcce27ea74f9bd79f
47697bcc338d8a8f5e7eb336b9b7c84caa474473dbca410667e8652230edd6ff
GET /it/u=654333430,648752102&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpeg
Content-Length: 45632
Connection: keep-alive
Expires: Sat, 04 Feb 2023 08:28:12 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 6cbb38b6a1b6db8f7e91cc86f8705e36
Age: 972377
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 08:28:11 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache52 [4], czix150 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 45632
X-Cache-Status: HIT
Timing-Allow-Origin: *
12376.url.tudown.com/uploads/images/454612.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/454612.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/454612.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1234624465,1092783084&fm=253&fmt=auto&app=138&f=JPEG?w=383&h=483
12376.url.tudown.com/uploads/images/913832.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/913832.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/913832.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=422702311,707445998&fm=253&fmt=auto&app=138&f=JPEG?w=380&h=380
img2.baidu.com/it/u=3841383293,1876079720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=769
200 OK 50 kB URL HTTP/2 img2.baidu.com/it/u=3841383293,1876079720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=769
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x769, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 09f63ce2c9138cc1a3fa0d7e65d72b29
13885eaa9cd82220fd414661dde567ac24b4fcea
615a1bd0983ca22209fd4e27115c599106a39839c57c2ea66acebdbce5fb736a
GET /it/u=3841383293,1876079720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=769 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:22 GMT
content-type: image/webp
content-length: 49854
expires: Wed, 01 Feb 2023 11:39:16 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 09f63ce2c9138cc1a3fa0d7e65d72b29
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 02 Jan 2023 11:39:16 GMT
ohc-cache-hit: dg3ct50 [1], csix107 [4]
ohc-file-size: 49854
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=838643461,1673757458&fm=253&fmt=auto?w=92&h=69
200 OK 6.2 kB URL HTTP/2 img0.baidu.com/it/u=838643461,1673757458&fm=253&fmt=auto?w=92&h=69
IP
File type GIF image data, version 89a, 92 x 69\012- data
Hash 294f94c4cbfea42f576157f4473c20e6
f4a0b4c2bf4c0db5e0fac27fba4c8b09288a9636
c0f27a04c32540e2dd1e1bb1b8d636d20b70a7135fef391bcbf8c44ff8fa763d
GET /it/u=838643461,1673757458&fm=253&fmt=auto?w=92&h=69 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:22 GMT
content-type: image/gif
content-length: 6229
expires: Tue, 24 Jan 2023 13:42:51 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 294f94c4cbfea42f576157f4473c20e6
age: 1105610
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 25 Dec 2022 13:42:51 GMT
ohc-cache-hit: fs3ct51 [4], bdix61 [4]
ohc-file-size: 6229
x-cache-status: HIT
X-Firefox-Spdy: h2
js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
200 OK 117 B URL HTTP/1.1 js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
IP
ASN #55992 Beijing Qihu Technology Company Limited
File type HTML document, ASCII text, with no line terminators
Hash 807bb08bf1c51aaff763edb0f02719ef
6e089da63e5751494b32d77031df30ec3c8be067
7eb411ad7be2e6af85645f2a2b6401bf6085fe4e0436d004f33710bb84a7be4e
GET /11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d HTTP/1.1
Host: js.passport.qihucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/
HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 07:43:20 GMT
Cache-Control: max-age=600
Expires: Mon, 23 Jan 2023 03:24:23 GMT
KCS-Via: HIT from w-fc01.hkht;MISS from w-sc01.hkht
Content-Encoding: gzip
12376.url.tudown.com/uploads/images/738974.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/738974.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/738974.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2126028466,889383287&fm=253&app=120&f=JPEG?w=1280&h=800
s6.qhres2.com/static/ab77b6ea7f3fbf79.js
200 OK 478 B URL HTTP/1.1 s6.qhres2.com/static/ab77b6ea7f3fbf79.js
IP
File type ASCII text, with very long lines (478), with no line terminators
Hash 5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a
GET /static/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s6.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 478
Connection: keep-alive
Date: Mon, 26 Sep 2022 01:48:25 GMT
X-QSTATIC-HIT: 1
Last-Modified: Mon, 01 Jan 2018 00:00:00 GMT
ETag: W/"b300475a05992239"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Expires: Thu, 23 Sep 2032 01:48:25 GMT
KCS-Via: HIT from w-fc01.lato;MISS from w-sc02.lato
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: y4V9Tsdbyjz7J-5clWRsR7a_kBGc7-i1mJt3hOsJe_PmwcdhJQzndQ==
Age: 10286758
12376.url.tudown.com/uploads/images/926646.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/926646.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/926646.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2220342772,1234473392&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=264
12376.url.tudown.com/uploads/images/525360.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/525360.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/525360.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1236173300,1297474721&fm=253&fmt=auto?w=1422&h=800
12376.url.tudown.com/uploads/images/961275.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/961275.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/961275.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3067364445,652592929&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
api.share.baidu.com/s.gif?l=http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
IP
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 23 Jan 2023 03:14:23 GMT
img1.baidu.com/it/u=3645142397,580630835&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
200 OK 47 kB URL HTTP/2 img1.baidu.com/it/u=3645142397,580630835&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 75219f9bfd4eabc6335f07034cdf015f
0211ded696286da097a7c3999e9bbeba160160bc
31f32dfb318ddb2ea7e7a25a80056cafae833f65b9d78b3fdf1230a5a845d822
GET /it/u=3645142397,580630835&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 46688
expires: Mon, 20 Feb 2023 07:19:31 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 75219f9bfd4eabc6335f07034cdf015f
age: 157933
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 07:19:31 GMT
ohc-cache-hit: fs3ct51 [4], xaix215 [4]
ohc-file-size: 46688
x-cache-status: HIT
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/526266.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/526266.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/526266.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3469286897,2535966638&fm=253&app=120&f=JPEG?w=1422&h=800
12376.url.tudown.com/template/company/42xz/images/tab_line.png
200 OK 1.2 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/images/tab_line.png
IP
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 190 x 7\012- data
Hash 4c54d42f73e777c70b63b1854b994bb5
6b751c2e611f485d04805ccc3ef84ba5c7868775
b86451a9f18cc0bffd106863661cecbc4abc2364f2898e3bc0796992f3ebbd06
GET /template/company/42xz/images/tab_line.png HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/template/company/42xz/css/soft.css
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/png
Content-Length: 1155
Last-Modified: Thu, 05 Nov 2020 12:04:39 GMT
Connection: keep-alive
ETag: "5fa3ea57-483"
Accept-Ranges: bytes
img0.baidu.com/it/u=1234624465,1092783084&fm=253&fmt=auto&app=138&f=JPEG?w=383&h=483
200 OK 10 kB URL HTTP/2 img0.baidu.com/it/u=1234624465,1092783084&fm=253&fmt=auto&app=138&f=JPEG?w=383&h=483
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 383x483, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cdd6d074f459d6fe6e5febecb86b6116
446e732429234599fe4d8e19ba71aedf4e9fcecd
71fa53066e8df910be558d09180bfaa32b9ad59da5a76b7f9fd242bee4387607
GET /it/u=1234624465,1092783084&fm=253&fmt=auto&app=138&f=JPEG?w=383&h=483 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 10520
expires: Tue, 31 Jan 2023 00:45:07 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: cdd6d074f459d6fe6e5febecb86b6116
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 01 Jan 2023 00:45:07 GMT
ohc-cache-hit: fs3ct59 [1], xiangyix62 [2]
ohc-file-size: 10520
x-cache-status: MISS
X-Firefox-Spdy: h2
s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
200 OK 20 B URL HTTP/2 s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
IP
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /z_stat.php?id=1275003130&web_id=1275003130 HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12376.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Mon, 23 Jan 2023 02:36:23 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Mon, 23 Jan 2023 02:36:23 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1674441383
via: cache68.l2cn1836[0,-1,200-0,H], cache37.l2cn1836[0,0], cache8.cn2205[0,0,200-0,H], cache15.cn2205[0,0]
age: 2280
x-cache: HIT TCP_MEM_HIT dirn:13:787319596
x-swift-savetime: Mon, 23 Jan 2023 02:41:12 GMT
x-swift-cachetime: 3311
timing-allow-origin: *
eagleid: b461fb2b16744436631651765e
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash 625de8f8a16cc07784d9f9929cbd9274
49be24ed0afa8c9bf944555bd4f332a0e3ae38e7
840cd9dee258f1864067abc500d4b4458d1f2b9263e0457adfd4fdb08218f194
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12376.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Mon, 23 Jan 2023 03:14:22 GMT
Etag: 24384936865df5bf0f788f0c4100eb1d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=AEEDB1080C3FD9EF; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
img1.baidu.com/it/u=1644546782,1479509311&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=645
200 OK 23 kB URL HTTP/1.1 img1.baidu.com/it/u=1644546782,1479509311&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=645
IP
ASN #58461 CT-HangZhou-IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x645, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 570c767724565248d27452493192e00d
4198bd615b74cd94a307e932c87f9deb817c7846
254f91aa0be92e57b338926c5d3a68ae7850f97ce5eb99c352731598c6dde372
GET /it/u=1644546782,1479509311&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=645 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/webp
Content-Length: 23208
Connection: keep-alive
Expires: Tue, 24 Jan 2023 11:11:07 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 570c767724565248d27452493192e00d
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 25 Dec 2022 11:11:07 GMT
Ohc-Cache-HIT: shaoxct67 [1], wzix86 [4]
Ohc-File-Size: 23208
X-Cache-Status: MISS
12376.url.tudown.com/template/company/42xz/images/dian1.png
200 OK 1.1 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/images/dian1.png
IP
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 4 x 4\012- data
Hash de5d5d1c8fb00bc14f9512dd323b9ed8
9c7c5df21afb7b686932c96ecf7877e1e6adf243
982f48c65cf01077b0606401f082c15ee15f183903d5170f06d0bb3ae3b9b685
GET /template/company/42xz/images/dian1.png HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/template/company/42xz/css/soft.css
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/png
Content-Length: 1110
Last-Modified: Thu, 05 Nov 2020 12:04:54 GMT
Connection: keep-alive
ETag: "5fa3ea66-456"
Accept-Ranges: bytes
12376.url.tudown.com/template/company/42xz/images/dian2.png
200 OK 1.1 kB URL HTTP/1.1 12376.url.tudown.com/template/company/42xz/images/dian2.png
IP
ASN #137951 Clayer Limited
File type GIF image data, version 89a, 4 x 4\012- data
Hash 3cb1caaf45a919b2028a853add556aa8
c8b93e13049ae31ad5dcb2d267c8b3ee6a4466e8
039b652744162c3c599998f28f50e7154d297ce5028e7e4954f7d7354c5374a1
GET /template/company/42xz/images/dian2.png HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/template/company/42xz/css/soft.css
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/png
Content-Length: 1106
Last-Modified: Thu, 05 Nov 2020 12:04:53 GMT
Connection: keep-alive
ETag: "5fa3ea65-452"
Accept-Ranges: bytes
img1.baidu.com/it/u=628857122,2220823191&fm=253&app=138&f=JPEG?w=500&h=800
200 OK 76 kB URL HTTP/1.1 img1.baidu.com/it/u=628857122,2220823191&fm=253&app=138&f=JPEG?w=500&h=800
IP
ASN #58461 CT-HangZhou-IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x800, components 3\012- data
Hash b1d7b1d03c4e72be4cfd2ba08d48a63a
c4ae4dda25deb94df75f2275ecfc336f4b9662c5
b31893a09a0ae5eb4e467777b4180294772f5804048ac7b09b5201ae09ec0ee2
GET /it/u=628857122,2220823191&fm=253&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpeg
Content-Length: 75870
Connection: keep-alive
Expires: Tue, 31 Jan 2023 11:45:17 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: b1d7b1d03c4e72be4cfd2ba08d48a63a
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 01 Jan 2023 11:45:16 GMT
Ohc-Cache-HIT: shaoxct52 [1], suzix195 [4]
Ohc-File-Size: 75870
X-Cache-Status: MISS
img0.baidu.com/it/u=227173417,3624300079&fm=253&fmt=auto&app=138&f=JPG?w=563&h=500
200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=227173417,3624300079&fm=253&fmt=auto&app=138&f=JPG?w=563&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 563x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5d7f25d462ebc9ea0d77a0f9d2fa0d94
712160f8db06e63dcdb603caf85c44b872ea6e35
f53642887a74a9e07bb7009e4ba13190e3f80656bddfada0ac57578d3d3a7095
GET /it/u=227173417,3624300079&fm=253&fmt=auto&app=138&f=JPG?w=563&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 17864
expires: Tue, 21 Feb 2023 12:35:50 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 5d7f25d462ebc9ea0d77a0f9d2fa0d94
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 12:35:50 GMT
ohc-cache-hit: fs3ct54 [2], czix229 [2]
ohc-file-size: 17864
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/666218.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/666218.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/666218.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2687242963,916685875&fm=253&fmt=auto&app=138&f=JPG?w=265&h=236
img1.baidu.com/it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571
200 OK 30 kB URL HTTP/2 img1.baidu.com/it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x571, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 31cef7688c2367345943c9898a23be6e
6989dbf316a026f35e8796c0259c505f9e100feb
a096e27d64b23a8c8671de2dcd1406071f5eb2c73eccc95c81941df5b337abb1
GET /it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 29738
expires: Fri, 17 Feb 2023 07:29:34 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 31cef7688c2367345943c9898a23be6e
age: 148276
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 07:29:34 GMT
ohc-cache-hit: fs3ct58 [4], suzix115 [4]
ohc-file-size: 29738
x-cache-status: HIT
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/928895.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/928895.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/928895.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2775467936,1104664857&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334
img2.baidu.com/it/u=750797028,2594088978&fm=253&fmt=auto&app=120&f=PNG?w=1233&h=597
200 OK 178 kB URL HTTP/2 img2.baidu.com/it/u=750797028,2594088978&fm=253&fmt=auto&app=120&f=PNG?w=1233&h=597
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1233x597, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 178 kB (178296 bytes)
Hash b3c14982fad5419b8c3c38748658204a
d8132912628b6596a91dff3488d396afaeb586f3
9fc1de95951688d19a83c15b2a92f22a30b89ba1f597d0f15baa9aec54e161d4
GET /it/u=750797028,2594088978&fm=253&fmt=auto&app=120&f=PNG?w=1233&h=597 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:22 GMT
content-type: image/webp
content-length: 178296
expires: Wed, 01 Feb 2023 05:39:35 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: b3c14982fad5419b8c3c38748658204a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 02 Jan 2023 05:39:35 GMT
ohc-cache-hit: dg3ct50 [2], czix194 [3]
ohc-file-size: 178296
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500
200 OK 37 kB URL HTTP/2 img1.baidu.com/it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 571x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 278a867624f15132894c8264f6fb5349
787f1c84523bdf5e335711c1c9a79806b860f448
97f0ac89e773f8c7a1dab7c7e89ee0fb9af264bdbaf510a25b687b3c4ffbcc1c
GET /it/u=928402332,1870921766&fm=253&fmt=auto&app=138&f=JPEG?w=571&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 37282
expires: Sat, 11 Feb 2023 07:14:14 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 278a867624f15132894c8264f6fb5349
age: 423874
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 07:14:14 GMT
ohc-cache-hit: fs3ct60 [4], czix237 [4]
ohc-file-size: 37282
x-cache-status: HIT
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/666554.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/666554.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/666554.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3425393007,2411917707&fm=224&app=112&f=JPEG?w=500&h=500
12376.url.tudown.com/uploads/images/463332.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/463332.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/463332.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3993768417,871944393&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220
t15.baidu.com/it/u=3425393007,2411917707&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 43 kB URL HTTP/1.1 t15.baidu.com/it/u=3425393007,2411917707&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 75x75, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 9cc9f90a9c7a1cd913375ecdffa683b0
e700a99175676bb8b2f473d7ff488423ea874e10
706e39c8b71581ee0739d059a4fe5ed5ff22b87687e7fbc529cf85505608afbc
GET /it/u=3425393007,2411917707&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpeg
Content-Length: 42594
Connection: keep-alive
Expires: Thu, 26 Jan 2023 10:38:21 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 9cc9f90a9c7a1cd913375ecdffa683b0
Age: 971902
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 27 Dec 2022 10:38:20 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache65 [1], xaix194 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 42594
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=2220342772,1234473392&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=264
200 OK 5.0 kB URL HTTP/2 img0.baidu.com/it/u=2220342772,1234473392&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=264
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x264, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0753ea7ecc8de09a4b029274c3090a5d
4ddfe19b824d38a33a51351951c8e6b81d0b4f28
4eb05e10d2bf4dd82f71ca04d107f5e065a2d34b15f2705b731069d0f5c91d67
GET /it/u=2220342772,1234473392&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=264 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 4984
expires: Tue, 24 Jan 2023 04:32:12 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 0753ea7ecc8de09a4b029274c3090a5d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 25 Dec 2022 04:32:12 GMT
ohc-cache-hit: fs3ct51 [1], suzix82 [4]
ohc-file-size: 4984
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2439611237,1433533316&fm=253&app=120&f=JPEG?w=1422&h=800
200 OK 123 kB URL HTTP/1.1 img2.baidu.com/it/u=2439611237,1433533316&fm=253&app=120&f=JPEG?w=1422&h=800
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 123 kB (122782 bytes)
Hash 49dff667e5d56ef46ed438c61e19b6ec
cf70938e733bcb780f9e9ca77fe761b1c39b4486
d23c449080c5a7136c559adc761af807ddf59b7751e98e056c1e2355f44731c9
GET /it/u=2439611237,1433533316&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:22 GMT
Content-Type: image/jpeg
Content-Length: 122782
Connection: keep-alive
Expires: Fri, 27 Jan 2023 11:51:15 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 49dff667e5d56ef46ed438c61e19b6ec
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 28 Dec 2022 11:51:15 GMT
Ohc-Cache-HIT: dg3ct58 [1], czix115 [2]
Ohc-File-Size: 122782
X-Cache-Status: MISS
s.360.cn/so/zz.gif?url=http%3A%2F%2F12376.url.tudown.com%2Fdown%2F%25E8%25B1%2586%25E8%25B1%2586%25E8%25A7%2586%25E9%25A2%2591app%25E5%25AE%2598%25E6%2596%25B9%25E4%25B8%258B%25E8%25BD%25BD%25E5%25AE%2589%25E8%25A3%2585%40291_496406.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a620641609e43_a199b29@05
200 OK 0 B URL HTTP/1.1 s.360.cn/so/zz.gif?url=http%3A%2F%2F12376.url.tudown.com%2Fdown%2F%25E8%25B1%2586%25E8%25B1%2586%25E8%25A7%2586%25E9%25A2%2591app%25E5%25AE%2598%25E6%2596%25B9%25E4%25B8%258B%25E8%25BD%25BD%25E5%25AE%2589%25E8%25A3%2585%40291_496406.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a620641609e43_a199b29@05
IP
ASN #4812 China Telecom Group
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /so/zz.gif?url=http%3A%2F%2F12376.url.tudown.com%2Fdown%2F%25E8%25B1%2586%25E8%25B1%2586%25E8%25A7%2586%25E9%25A2%2591app%25E5%25AE%2598%25E6%2596%25B9%25E4%25B8%258B%25E8%25BD%25BD%25E5%25AE%2589%25E8%25A3%2585%40291_496406.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a620641609e43_a199b29@05 HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Thu, 01 Aug 2019 13:00:35 GMT
Connection: keep-alive
ETag: "5d42e273-0"
Accept-Ranges: bytes
12376.url.tudown.com/uploads/images/232415.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/232415.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/232415.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2716138694,2856481621&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
12376.url.tudown.com/uploads/images/619637.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/619637.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/619637.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2561168887,2321301618&fm=224&app=112&f=JPEG?w=500&h=500
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=879177865&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24412&r=0&ww=1280&u=http%3A%2F%2F12376.url.tudown.com%2Fdown%2F%25E8%25B1%2586%25E8%25B1%2586%25E8%25A7%2586%25E9%25A2%2591app%25E5%25AE%2598%25E6%2596%25B9%25E4%25B8%258B%25E8%25BD%25BD%25E5%25AE%2589%25E8%25A3%2585%40291_496406.exe&tt=%E4%BA%9A%E5%8D%9A%E5%85%A8%E7%AB%99(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD
200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=879177865&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24412&r=0&ww=1280&u=http%3A%2F%2F12376.url.tudown.com%2Fdown%2F%25E8%25B1%2586%25E8%25B1%2586%25E8%25A7%2586%25E9%25A2%2591app%25E5%25AE%2598%25E6%2596%25B9%25E4%25B8%258B%25E8%25BD%25BD%25E5%25AE%2589%25E8%25A3%2585%40291_496406.exe&tt=%E4%BA%9A%E5%8D%9A%E5%85%A8%E7%AB%99(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=879177865&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24412&r=0&ww=1280&u=http%3A%2F%2F12376.url.tudown.com%2Fdown%2F%25E8%25B1%2586%25E8%25B1%2586%25E8%25A7%2586%25E9%25A2%2591app%25E5%25AE%2598%25E6%2596%25B9%25E4%25B8%258B%25E8%25BD%25BD%25E5%25AE%2589%25E8%25A3%2585%40291_496406.exe&tt=%E4%BA%9A%E5%8D%9A%E5%85%A8%E7%AB%99(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12376.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 23 Jan 2023 03:14:23 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=60FCF3440BD5BBD9; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
img1.baidu.com/it/u=3067364445,652592929&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
200 OK 20 kB URL HTTP/2 img1.baidu.com/it/u=3067364445,652592929&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 719cf5b47b782f90f455b0f60053e8c1
898ca109921480311e0cd169fde9be4a3545df19
4f4bca55af31c91117c8adff784ba6bcdf8d7313a8fe63e78ba25ec501a740cf
GET /it/u=3067364445,652592929&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 19760
expires: Sat, 28 Jan 2023 11:44:36 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 719cf5b47b782f90f455b0f60053e8c1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 29 Dec 2022 11:44:36 GMT
ohc-cache-hit: fs3ct54 [1], bdix54 [4]
ohc-file-size: 19760
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=2561168887,2321301618&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 37 kB URL HTTP/1.1 t15.baidu.com/it/u=2561168887,2321301618&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 4b4e9eca1622fff75fe68941d3db4183
c5541dcaa44640e6b98ffe53dd77d9b62e745af3
960d4d2ecdd4fa15c5f569015dd9e9c060d15e761f5e5c9978e67b1e634cafb6
GET /it/u=2561168887,2321301618&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpeg
Content-Length: 37081
Connection: keep-alive
Expires: Mon, 06 Feb 2023 22:24:52 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 4b4e9eca1622fff75fe68941d3db4183
Age: 970960
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 22:24:51 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache64 [2], xaix83 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 37081
X-Cache-Status: HIT
Timing-Allow-Origin: *
12376.url.tudown.com/uploads/images/326205.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/326205.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/326205.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3511940882,8442857&fm=253&app=120&f=JPEG?w=1280&h=800
img0.baidu.com/it/u=2687242963,916685875&fm=253&fmt=auto&app=138&f=JPG?w=265&h=236
200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=2687242963,916685875&fm=253&fmt=auto&app=138&f=JPG?w=265&h=236
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 265x236, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fd7cb1c31c1f4243483099ec4904d2ad
25918768de138b697c451e68654ff4161364755d
202072eaabcbd0fea4cdded104d667cd3542a9bf0379e746191b46f8e89027f7
GET /it/u=2687242963,916685875&fm=253&fmt=auto&app=138&f=JPG?w=265&h=236 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 18060
expires: Fri, 27 Jan 2023 10:42:54 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: fd7cb1c31c1f4243483099ec4904d2ad
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 28 Dec 2022 10:42:54 GMT
ohc-cache-hit: fs3ct55 [1], qdix113 [4]
ohc-file-size: 18060
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/526819.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/526819.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/526819.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1132497384,565619085&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714
img2.baidu.com/it/u=3896002923,1659768538&fm=253&fmt=auto&app=138&f=GIF?w=500&h=947
200 OK 378 kB URL HTTP/2 img2.baidu.com/it/u=3896002923,1659768538&fm=253&fmt=auto&app=138&f=GIF?w=500&h=947
IP
File type GIF image data, version 89a, 500 x 947\012- data
Size 378 kB (377761 bytes)
Hash 0f19317943734cbcaf805be4b5c764f6
df481a4b5351a9661bc0e3298bb27c2bdf6b7eba
f414358a66763232398e235717cefd327c35020f6ddb546b66abd5db37d4d7ad
GET /it/u=3896002923,1659768538&fm=253&fmt=auto&app=138&f=GIF?w=500&h=947 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:22 GMT
content-type: image/gif
content-length: 377761
expires: Mon, 30 Jan 2023 02:39:50 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0f19317943734cbcaf805be4b5c764f6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 31 Dec 2022 02:39:50 GMT
ohc-cache-hit: dg3ct59 [2], wzix87 [2]
ohc-file-size: 377761
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/622944.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/622944.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/622944.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=525106496,3054535634&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
img2.baidu.com/it/u=869611468,2044692533&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
200 OK 18 kB URL HTTP/2 img2.baidu.com/it/u=869611468,2044692533&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9920523f64ec129033ea877614b68215
20401670743c327a7589ee2cf6ee221f08e52d92
f88cb45974e18e4975f18a138c00a8e86c5b672c30f6ac406e1244f565be80a5
GET /it/u=869611468,2044692533&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 17778
expires: Wed, 15 Feb 2023 20:11:45 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9920523f64ec129033ea877614b68215
age: 206603
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 20:11:45 GMT
ohc-cache-hit: dg3ct60 [4], qdix174 [4]
ohc-file-size: 17778
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=422702311,707445998&fm=253&fmt=auto&app=138&f=JPEG?w=380&h=380
200 OK 28 kB URL HTTP/2 img2.baidu.com/it/u=422702311,707445998&fm=253&fmt=auto&app=138&f=JPEG?w=380&h=380
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 380x380, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9a6614405e8f493700174ac84dfe43ad
0fdca8f15424c0fccdc2021e65723bdef76de6e8
38700bbe33d54052b8cc3978b1ed154d3e8cad6aa26ebe5600cb85aeca8a2aa6
GET /it/u=422702311,707445998&fm=253&fmt=auto&app=138&f=JPEG?w=380&h=380 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 27948
expires: Wed, 25 Jan 2023 15:41:12 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 9a6614405e8f493700174ac84dfe43ad
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 26 Dec 2022 15:41:12 GMT
ohc-cache-hit: dg3ct50 [1], bdix151 [4]
ohc-file-size: 27948
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/775449.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/775449.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/775449.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2311397033,368738947&fm=224&app=112&f=JPEG?w=388&h=500&s=F9800698C4474DFD2C207CC90300F090
img2.baidu.com/it/u=2126028466,889383287&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 141 kB URL HTTP/1.1 img2.baidu.com/it/u=2126028466,889383287&fm=253&app=120&f=JPEG?w=1280&h=800
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 141 kB (140907 bytes)
Hash 7beed922634f80744369f1cdc68658cc
933c0efd9e6f65fe2cff217cf9ad52a7824b2f6a
e407123d5cd05c1012a9ac0f37d95fff24d6a81933b2be88a6d58c15d8ae7cee
GET /it/u=2126028466,889383287&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpeg
Content-Length: 140907
Connection: keep-alive
Expires: Tue, 24 Jan 2023 10:12:32 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 7beed922634f80744369f1cdc68658cc
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 25 Dec 2022 10:12:32 GMT
Ohc-Cache-HIT: dg3ct57 [2], bdix244 [4]
Ohc-File-Size: 140907
X-Cache-Status: MISS
img2.baidu.com/it/u=1236173300,1297474721&fm=253&fmt=auto?w=1422&h=800
200 OK 69 kB URL HTTP/2 img2.baidu.com/it/u=1236173300,1297474721&fm=253&fmt=auto?w=1422&h=800
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9ba78b237889958c8165d724dcc6576e
8bd86e33820bc1d536c6c3442cf837b85ccd6882
68f71653307bf8acee80b77d89cd66c65d1792d8d9ff2db99b2e7f0f90fea243
GET /it/u=1236173300,1297474721&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 69248
expires: Mon, 20 Feb 2023 15:52:03 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9ba78b237889958c8165d724dcc6576e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 15:52:03 GMT
ohc-cache-hit: dg3ct56 [1], wzix103 [4]
ohc-file-size: 69248
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2775467936,1104664857&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334
200 OK 18 kB URL HTTP/2 img2.baidu.com/it/u=2775467936,1104664857&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x334, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 384122188fafb95daa47b07fb8a114fe
c51b08d59de85b7f338eca6980c23e0d17cf8f47
e075ccf153a14baf9f4659ed9d272c0e159a3824b33a4a6af6752840b3d72c80
GET /it/u=2775467936,1104664857&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=334 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 18414
expires: Tue, 21 Feb 2023 17:54:13 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 384122188fafb95daa47b07fb8a114fe
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 17:54:13 GMT
ohc-cache-hit: dg3ct50 [2], bdix187 [2]
ohc-file-size: 18414
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2716138694,2856481621&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
200 OK 8.7 kB URL HTTP/2 img1.baidu.com/it/u=2716138694,2856481621&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 280x180, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c4abc1263b626580d1e7ec7a1e7643f3
c29f2fc90f91dd14b9a34378ec4b9d3be4ad4205
12d8a33a986f4153813df8f77331bd5e7bb22b40674e3f95cae2e07906e7b1ec
GET /it/u=2716138694,2856481621&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 8716
expires: Thu, 09 Feb 2023 03:48:34 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: c4abc1263b626580d1e7ec7a1e7643f3
age: 971024
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 03:48:34 GMT
ohc-cache-hit: fs3ct59 [4], csix118 [2]
ohc-file-size: 8716
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3993768417,871944393&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220
200 OK 4.2 kB URL HTTP/2 img1.baidu.com/it/u=3993768417,871944393&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 220x220, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cbf73b227d54f9a0b06ad9bc1d70b870
207d9dff33d93be6c62dd6156fa936cb8ac35ed2
4927a6485c9f8eeecf86098bab69296db0dd4159bce8ed4a093a0743ed138b42
GET /it/u=3993768417,871944393&fm=253&fmt=auto&app=138&f=JPEG?w=220&h=220 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:23 GMT
content-type: image/webp
content-length: 4158
expires: Sun, 19 Feb 2023 13:10:44 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: cbf73b227d54f9a0b06ad9bc1d70b870
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 13:10:44 GMT
ohc-cache-hit: fs3ct50 [2], bdix206 [4]
ohc-file-size: 4158
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/uploads/images/351920.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/351920.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/351920.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2412970578,3182876104&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=583
12376.url.tudown.com/uploads/images/755067.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/755067.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/755067.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2330892267,1431909854&fm=224&app=112&f=JPEG?w=500&h=500&s=CB116486585743FF003768690300E06A
t14.baidu.com/it/u=2311397033,368738947&fm=224&app=112&f=JPEG?w=388&h=500&s=F9800698C4474DFD2C207CC90300F090
200 OK 48 kB URL HTTP/1.1 t14.baidu.com/it/u=2311397033,368738947&fm=224&app=112&f=JPEG?w=388&h=500&s=F9800698C4474DFD2C207CC90300F090
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 388x500, components 3\012- data
Hash 60d917a6caa42d64144d0d0b8f040165
7fb19da449548235f2ef9863d8d103b82004e0ed
2fac1e4836123bfbba49bf20295e28291dda1fe9775270163e66eab34eaf4b3d
GET /it/u=2311397033,368738947&fm=224&app=112&f=JPEG?w=388&h=500&s=F9800698C4474DFD2C207CC90300F090 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpeg
Content-Length: 48169
Connection: keep-alive
Expires: Thu, 09 Feb 2023 02:16:14 GMT
Last-Modified: Sat, 17 Jan 1970 00:00:00 GMT
ETag: 60d917a6caa42d64144d0d0b8f040165
Age: 1032862
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 02:16:14 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache54 [1], suzix161 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 48169
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=3511940882,8442857&fm=253&app=120&f=JPEG?w=1280&h=800
200 OK 86 kB URL HTTP/1.1 img2.baidu.com/it/u=3511940882,8442857&fm=253&app=120&f=JPEG?w=1280&h=800
IP
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Hash 883dc4162a6722646baac6c44848d732
871f91d8a3450f040137e0f21cce89560addd92e
de6f8a69ef853f989d97987a96f2ff0f231f688582aac77117e2ed87afd66427
GET /it/u=3511940882,8442857&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/jpeg
Content-Length: 86217
Connection: keep-alive
Expires: Mon, 06 Feb 2023 19:01:08 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 883dc4162a6722646baac6c44848d732
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 19:01:08 GMT
Ohc-Cache-HIT: dg3ct58 [1], wzix97 [4]
Ohc-File-Size: 86217
X-Cache-Status: MISS
12376.url.tudown.com/uploads/images/591656.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/591656.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/591656.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=835259009,2249229635&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=754
12376.url.tudown.com/uploads/images/34625.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/34625.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/34625.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3617529929,2710815027&fm=253&fmt=auto&app=138&f=PNG?w=229&h=499
t14.baidu.com/it/u=2330892267,1431909854&fm=224&app=112&f=JPEG?w=500&h=500&s=CB116486585743FF003768690300E06A
200 OK 63 kB URL HTTP/1.1 t14.baidu.com/it/u=2330892267,1431909854&fm=224&app=112&f=JPEG?w=500&h=500&s=CB116486585743FF003768690300E06A
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash b30fdb2a5b91212d1d46a99962f693dd
e5823ad1e7d65cce0fe734019abf7abff9609f2a
8caee6381f3723af8426f5c71b7c087513e81e606ed79f80dd00f429f84e7dc6
GET /it/u=2330892267,1431909854&fm=224&app=112&f=JPEG?w=500&h=500&s=CB116486585743FF003768690300E06A HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/jpeg
Content-Length: 62764
Connection: keep-alive
Expires: Wed, 01 Feb 2023 03:13:01 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: b30fdb2a5b91212d1d46a99962f693dd
Age: 971156
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 02 Jan 2023 03:13:01 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache58 [1], bdix163 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 62764
X-Cache-Status: HIT
Timing-Allow-Origin: *
12376.url.tudown.com/uploads/images/411364.jpg
301 Moved Permanently 0 B URL HTTP/1.1 12376.url.tudown.com/uploads/images/411364.jpg
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/411364.jpg HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4088073635,1939663382&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=525106496,3054535634&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
200 OK 31 kB URL HTTP/2 img0.baidu.com/it/u=525106496,3054535634&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x707, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7b24ca47f2b477dfd09863de69459728
751989e8245055c12e2b106a68f6480aa7e1cb1f
ee43419cd51a37f94e29aa057ce6a111283aa5420c2133a3dd5edc7087a74087
GET /it/u=525106496,3054535634&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:24 GMT
content-type: image/webp
content-length: 30708
expires: Tue, 21 Feb 2023 11:37:23 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 7b24ca47f2b477dfd09863de69459728
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 11:37:23 GMT
ohc-cache-hit: fs3ct53 [2], suzix194 [2]
ohc-file-size: 30708
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1132497384,565619085&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714
200 OK 46 kB URL HTTP/2 img1.baidu.com/it/u=1132497384,565619085&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x714, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 462b01651c4a516d55891b0db6d8cd77
82233b2e01c1215de38c22cb9d48010c6d435b63
3538ac2831e17d3fccb844d8678430b9c9c5789b01356f3846ed8bea887a1235
GET /it/u=1132497384,565619085&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:24 GMT
content-type: image/webp
content-length: 45808
expires: Thu, 02 Feb 2023 04:07:05 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 462b01651c4a516d55891b0db6d8cd77
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 03 Jan 2023 04:07:05 GMT
ohc-cache-hit: fs3ct59 [1], csix59 [4]
ohc-file-size: 45808
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2412970578,3182876104&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=583
200 OK 17 kB URL HTTP/1.1 img2.baidu.com/it/u=2412970578,3182876104&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=583
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x583, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash df3d962c77863ad32f6481425c165d53
1f75888eb1b8562d80d707b4a3a8e9099928388a
18f0f810de1d71876d573c4b6f886543f9592e9947bac7feda535ce894e4ce75
GET /it/u=2412970578,3182876104&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=583 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/webp
Content-Length: 17244
Connection: keep-alive
Expires: Mon, 23 Jan 2023 12:59:22 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: df3d962c77863ad32f6481425c165d53
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 24 Dec 2022 12:59:22 GMT
Ohc-Cache-HIT: dg3ct51 [1], czix51 [2]
Ohc-File-Size: 17244
X-Cache-Status: MISS
img1.baidu.com/it/u=3469286897,2535966638&fm=253&app=120&f=JPEG?w=1422&h=800
200 OK 314 kB URL HTTP/1.1 img1.baidu.com/it/u=3469286897,2535966638&fm=253&app=120&f=JPEG?w=1422&h=800
IP
ASN #58461 CT-HangZhou-IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size 314 kB (314327 bytes)
Hash 8b5f05d10564c54c0f870b26e9a4dfe1
77026005c58494002ec35d9549b9cd0621039bb7
043b2b34ca7c2db406436e53af146bdd6c36e52c03f9f4b1d8d35c51387209d0
GET /it/u=3469286897,2535966638&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:23 GMT
Content-Type: image/jpeg
Content-Length: 314327
Connection: keep-alive
Expires: Tue, 24 Jan 2023 10:10:44 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 8b5f05d10564c54c0f870b26e9a4dfe1
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 25 Dec 2022 10:10:44 GMT
Ohc-Cache-HIT: shaoxct72 [2], czix213 [4]
Ohc-File-Size: 314327
X-Cache-Status: MISS
t14.baidu.com/it/u=4088073635,1939663382&fm=224&app=112&f=JPEG?w=500&h=500
200 OK 43 kB URL HTTP/1.1 t14.baidu.com/it/u=4088073635,1939663382&fm=224&app=112&f=JPEG?w=500&h=500
IP
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e93ebd9db5c4b32e653b2174ad5054a9
6c8b5a15559e1b2e811eee7732def816035ca66a
187f563ee6afc53f08fef4e7bb911c979edbe7fce305f8640920685209f60b4a
GET /it/u=4088073635,1939663382&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12376.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/jpeg
Content-Length: 42654
Connection: keep-alive
Expires: Mon, 06 Feb 2023 17:19:52 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: e93ebd9db5c4b32e653b2174ad5054a9
Age: 1283283
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 17:19:52 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache64 [1], qdix64 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 42654
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=835259009,2249229635&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=754
200 OK 26 kB URL HTTP/2 img0.baidu.com/it/u=835259009,2249229635&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=754
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x754, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2d7bdeef240e37b138a1ea01bf480cde
5622350480d395aabe98dc1aa8086900abf8c69f
7e59a0a4d075b1c26028806762414621ae4798bdadc97b08c102b48179b4435c
GET /it/u=835259009,2249229635&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=754 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:24 GMT
content-type: image/webp
content-length: 26062
expires: Tue, 24 Jan 2023 07:49:54 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 2d7bdeef240e37b138a1ea01bf480cde
age: 89557
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 25 Dec 2022 07:49:54 GMT
ohc-cache-hit: fs3ct52 [4], czix147 [2]
ohc-file-size: 26062
x-cache-status: HIT
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3617529929,2710815027&fm=253&fmt=auto&app=138&f=PNG?w=229&h=499
200 OK 13 kB URL HTTP/2 img0.baidu.com/it/u=3617529929,2710815027&fm=253&fmt=auto&app=138&f=PNG?w=229&h=499
IP
File type RIFF (little-endian) data, Web/P image\012- data
Hash ecf496ad73d93bdf6b3d289402c0d139
5d71bb727b8acccdd29d3849e1401407cc198249
a0561b0e84096ad68da16dfe7775dd2a5be48471807b22dbff7ddc0fc2f10bf5
GET /it/u=3617529929,2710815027&fm=253&fmt=auto&app=138&f=PNG?w=229&h=499 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12376.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 03:14:24 GMT
content-type: image/webp
content-length: 12600
expires: Mon, 20 Feb 2023 10:27:45 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: ecf496ad73d93bdf6b3d289402c0d139
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 10:27:45 GMT
ohc-cache-hit: fs3ct55 [2], czix139 [2]
ohc-file-size: 12600
x-cache-status: MISS
X-Firefox-Spdy: h2
12376.url.tudown.com/favicon.ico
200 OK 0 B URL HTTP/1.1 12376.url.tudown.com/favicon.ico
IP
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 12376.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12376.url.tudown.com/down/%E8%B1%86%E8%B1%86%E8%A7%86%E9%A2%91app%E5%AE%98%E6%96%B9%E4%B8%8B%E8%BD%BD%E5%AE%89%E8%A3%85@291_496406.exe
Cookie: __bid_n=185dc368a7349eb2b64207; FPTOKEN=qVkc9EaUcX/RSiWsyoGqv1LjQD4dD42cgJJ5kphdBV7s8mzHiG+b5aIEDn8i1A0p0yoUpzqPgG5dqi8hzTOz1iu3qaq/hkWhFsiXSvZIphK6Y8uqg+mjvgv/I+muaLKfMgW8Z297Ml57D86VYXTCKpY6kegBP/3/2rLycekYOi1Pvm12UqRIdCUcKOzmBdipKlougwO89ChgcMZGw9Iq4kBvsczNQVmcF7olHloAf1PPXeJzU/StxPuWpH+qTZ8I7vWsRKHUzttlqa8QQgYn+JvAypIKK6w8MgU1HYiynZEeQWWSjSplbT560dHnnpvdV8NPB97jH18Bz9/HmKHbOQf2yKsuIX+pYh/53Zx4fkMoV0xst5Ehkb8AyacJeUuzF6AkMkxYenFqNkGnrTbPNg==|QpBv7HQwRCMXeooJGXQCqBdaYtSLnMU4w2BG6KHSRDg=|10|d0a6deae0516c5718a46d4ac5c4afa2b; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1674443662; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1674443662
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 03:14:24 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes
154.218.151.71
182.61.201.93
23.36.76.226
34.160.144.191
93.184.220.29