r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9737
Expires: Sat, 04 Feb 2023 09:10:22 GMT
Date: Sat, 04 Feb 2023 06:28:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11916
Expires: Sat, 04 Feb 2023 09:46:41 GMT
Date: Sat, 04 Feb 2023 06:28:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 05:43:35 GMT
content-type: application/json
age: 2670
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11579
Expires: Sat, 04 Feb 2023 09:41:04 GMT
Date: Sat, 04 Feb 2023 06:28:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 33e1V+QaQ8digOwfyevs7A+/r6IfWM/aeTLRIM6fe+4aE/tS8kYwiASROoxruiO/rMhLJQEDB9vVjPKQos7gCg==
x-amz-request-id: YY9TRC8DVXN39M3X
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 06:23:53 GMT
age: 252
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 06:28:05 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 06:07:19 GMT
age: 1246
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10508
Expires: Sat, 04 Feb 2023 09:23:14 GMT
Date: Sat, 04 Feb 2023 06:28:06 GMT
Connection: keep-alive
push.services.mozilla.com/
44.226.39.149101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.226.39.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: StgODLGBVcTnPxwk6UtsAg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: x1AyEfqqBawcIDv3WZYyOGL00dY=
16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
154.218.151.71200 OK 17 kB URL HTTP/1.1 16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash c5c96bd93ecfe3aa7dfb0bcb82fda3f4
a9b51423a8d250df52167ab582d05c242ae8902d
1455fe53eab9c5a7c0e6d589a63b0fba28f34b63de817cd67bc71a5466706e14
Analyzer Verdict Alert fortinet Malware
GET /xiaz/wjplcmm-v1.0@277_30253.exe HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:05 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
16436.url.tudown.com/js/orsxg5a.script
154.218.151.71200 OK 531 B URL HTTP/1.1 16436.url.tudown.com/js/orsxg5a.script
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document, ASCII text, with CRLF line terminators
Hash 39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15
Analyzer Verdict Alert fortinet Malware
GET /js/orsxg5a.script HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/teach.css
154.218.151.71200 OK 4.1 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/teach.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (499)
Hash 16ca38b11b525a142c6086c2c2802545
88ed9d1c7088344b24f18132ad025ed63623bb7e
c7d5eef240fb383c039b0141854336a78a07597b0bff022ae71514e913351d7a
GET /template/company/duote-xiazai/css/teach.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e70-503f"
Expires: Sat, 04 Feb 2023 18:28:06 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
154.218.151.71200 OK 8.6 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 952b2841668e8303c2ee8bc817394790
1e7d159d8d75df0112f06eedab3ecd62b7075a52
51c463da96c71adce2a234968d1e46949fa82804f680861cb6562da84239e209
GET /template/company/duote-xiazai/css/soft.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6e-a090"
Expires: Sat, 04 Feb 2023 18:28:06 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/news.css
154.218.151.71200 OK 1.5 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/news.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 4d5f155ee78bab18dd989f8fedda8ebc
d3e3353e7a3da786e2a1342ca13407fd432e3398
6754cc7b30008e41d53b0ebfb6b52a0c59712348880d235a77a07c3af02d9886
GET /template/company/duote-xiazai/css/news.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-16fd"
Expires: Sat, 04 Feb 2023 18:28:06 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/message.css
154.218.151.71200 OK 1.6 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/message.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 90d699f8127fe2e7210c0f31f0b90bb0
245191b7026614b76c7234e8e82724d463d4adf1
50d4eaf1d089edb739f43068f78330d22700b47f9ea8acb14fa5606637aeaf23
GET /template/company/duote-xiazai/css/message.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-17a8"
Expires: Sat, 04 Feb 2023 18:28:06 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
154.218.151.71200 OK 353 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 6fc35ccb15b461bc6b549a85ea398894
21581ad4fc3db4acc99bb2fb4ed2fde1dfa50049
8d88f6d1d76a2cf300e9378742dc29f48060c9747cfdeb6b05050cf25cc5ebfb
GET /template/company/duote-xiazai/css/scrollbar.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: text/css
Content-Length: 353
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Connection: keep-alive
ETag: "63676e6e-161"
Expires: Sat, 04 Feb 2023 18:28:06 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
16436.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
154.218.151.71200 OK 37 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Hash d4e282e0e1e69d378568eac0d45bfd24
8b62528373788e473676aa025a72aae45ec17d01
b5bbdf5ae69bfc2b39919ac018f41b27efac22f98ab92848db65022eb03dfd12
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/jquery.min.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:06 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-16f44"
Expires: Sat, 04 Feb 2023 18:28:06 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
154.218.151.71404 Not Found 146 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /template/company/duote-xiazai/css/scrollStyle.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive
16436.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
154.218.151.71200 OK 8.9 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (29165), with CRLF line terminators
Hash fd0bdc561b4f37fa8e4539d86c5fd0e4
663b932af8ef82dff4cfeb56351bd32853e54804
98161b22bc6e6613ecf1c230ff9664ba032c3abfe8d6a4079263f9daeb1829db
GET /template/company/duote-xiazai/css/jquery-ui.min.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-7d6e"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
154.218.151.71200 OK 799 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash ac93d373f5090fbc3e8a7152aab7170d
160c0bc3072bccced250979b7999ae060941eb06
e15e1cefcdcd40db68eecbd7a02af32a8a97e5749791b07b434f8454408c1570
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/duotecommon_top.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-a0b"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/global.css
154.218.151.71200 OK 7.6 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/global.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (710)
Hash b2502d4c36bc519e47bce519ffb3a295
d252dd5c34dbd231f5c120d8f45ded16e0aa3f4c
10bec4c97bde3cac4a43e4d86604e1ff2c54926ec350419e404435f0616d1a1a
GET /template/company/duote-xiazai/css/global.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6b-935f"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/css/index.css
154.218.151.71200 OK 3.6 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/css/index.css
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash fbfd831dee308c5094076e0b4022a222
fa69c04bf3f0c911d2b1697717e05706362f0c57
ab5a9d33745256917eb22abecd3d8ed4790e612720f2a743206d00b85aa5ff4f
GET /template/company/duote-xiazai/css/index.css HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6c-42b3"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 8b051ecaa1ec17dd8e5563a1a93550b7
7ced547bd54076c7e4242f4bc8501c6e6d3fe3ad
6bb317f453da2286304bd5669a482b7d5ce5b2016ffd49da51f324e670e1c1ad
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 06:28:07 GMT
Last-Modified: Fri, 03 Feb 2023 07:12:33 GMT
ETag: "63dcb3e1-1d7"
Expires: Sun, 05 Feb 2023 07:12:33 GMT
Cache-Control: max-age=89066
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675492087
Via: cache14.l2de2[187,187,200-0,M], cache14.l2de2[189,0], cache1.se1[209,209,200-0,M], cache1.se1[210,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 06:28:07 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9516754920872503773e
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 8b051ecaa1ec17dd8e5563a1a93550b7
7ced547bd54076c7e4242f4bc8501c6e6d3fe3ad
6bb317f453da2286304bd5669a482b7d5ce5b2016ffd49da51f324e670e1c1ad
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 06:28:07 GMT
Ali-Swift-Global-Savetime: 1675492087
Via: cache9.l2de2[279,278,200-0,M], cache9.l2de2[280,0], cache4.se1[303,302,200-0,M], cache4.se1[304,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 06:28:07 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9816754920872517446e
16436.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
154.218.151.71200 OK 741 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (1844)
Hash 64d8d6bbbe2129e883c5af163b76600d
5c0f7df223f7f0ca25cc5c8247ae8b8f0cae4805
66f01728ee43d433d4fd4c0409354667cc543ae51cd362376d3f053da321369b
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/super_slider.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-763"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 8b051ecaa1ec17dd8e5563a1a93550b7
7ced547bd54076c7e4242f4bc8501c6e6d3fe3ad
6bb317f453da2286304bd5669a482b7d5ce5b2016ffd49da51f324e670e1c1ad
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 06:28:07 GMT
Last-Modified: Fri, 03 Feb 2023 07:12:33 GMT
ETag: "63dcb3e1-1d7"
Expires: Sun, 05 Feb 2023 07:12:33 GMT
Cache-Control: max-age=89066
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675492087
Via: cache14.l2de2[314,314,200-0,M], cache14.l2de2[315,0], cache2.se1[337,336,200-0,M], cache2.se1[338,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 06:28:07 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616754920872522123e
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 8b051ecaa1ec17dd8e5563a1a93550b7
7ced547bd54076c7e4242f4bc8501c6e6d3fe3ad
6bb317f453da2286304bd5669a482b7d5ce5b2016ffd49da51f324e670e1c1ad
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 06:28:07 GMT
Ali-Swift-Global-Savetime: 1675492087
Via: cache26.l2de2[319,319,200-0,M], cache26.l2de2[320,0], cache2.se1[343,342,200-0,M], cache2.se1[344,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 06:28:07 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9616754920872512120e
16436.url.tudown.com/template/company/duote-xiazai/js/index.js
154.218.151.71200 OK 2.3 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/index.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type Unicode text, UTF-8 text, with very long lines (8638)
Hash a1f3815ea981db7480ca3c4d5d54aac6
f3961cccb17dc2190e2a8c249d936d0b1185fd7e
7adb4d2ea2856125d829deeabfc70e92f87a5e50f84187ed8d570b810c807d6f
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/index.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e97-223b"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11176
Expires: Sat, 04 Feb 2023 09:34:23 GMT
Date: Sat, 04 Feb 2023 06:28:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11176
Expires: Sat, 04 Feb 2023 09:34:23 GMT
Date: Sat, 04 Feb 2023 06:28:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 29866
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f8fa6a-620a-4d0c-aec7-0863ae11b871.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f8fa6a-620a-4d0c-aec7-0863ae11b871.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83ac46e378ad452aeb212d709ab70232
7514ed93fd2f256e5aad386fdd0ebc723785291b
e199498691268526a6ecfe58abb88ced8661272cd7ad8270811c84fb15dbb547
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f8fa6a-620a-4d0c-aec7-0863ae11b871.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14221
x-amzn-requestid: a74ee3d4-6163-4dec-ab62-97279cf52282
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3ERhIAMFh1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-3e5d4b3d39919497215866df;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3TIbnpwYk9CIeoXeW4T-ouwV7X1y-LgKV7wB4XJwFKSKx248jIJyBQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:39 GMT
age: 29968
etag: "7514ed93fd2f256e5aad386fdd0ebc723785291b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
16436.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
154.218.151.71200 OK 1.4 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 33db5499343abb12f6c7d980cfdf5af0
ca9f7d2be1dd0f229f709b2effd22d57413fc7d4
3ca1208b56597372cccafd9817375f08e7e85ab84b310cb882ff8a76bac1c388
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/soft_comment.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-f1c"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 29866
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 29854
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 99bf0073acf75f9e04b52a96bf47797b
fa68da2c92fa89ed3dafe9915e064fca022af21f
961b77616486483e5767f214d2417275b9c995614128acab3521b6cd2f8866e2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8267
x-amzn-requestid: 8bf1f9c3-4508-489e-9f45-3ce50df74b0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEW0HM6IAMFXog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd80f8-2e7c768d54981cf1634830db;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:47:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: slDJVVNZDwjopU0kXbAvAJw4A0I_hGKXbRf9O15sXxmvu0JXe8yuPA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:17:59 GMT
etag: "fa68da2c92fa89ed3dafe9915e064fca022af21f"
content-type: image/jpeg
age: 29408
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:05 GMT
age: 31202
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
16436.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
154.218.151.71200 OK 577 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d2fd0ff89c3e773f8cfb6e5e57ae2909
537114b9b969f30770ba619a17d217bb69efb759
9665a3c5c2aa7e032819815b24dccc0dd5fbfbbef8876d7d42dfe2751e06d8f7
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/clickdown_stat_ajax.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-57a"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/template/company/duote-xiazai/js/new_global.js
154.218.151.71200 OK 592 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/new_global.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash 232fd4a41f68cb95c02a365b6aca84e9
4d17747184f32abc1b922759c510bdbab4eccedd
0d50c1f4db8f330ef99775e40dadb29b531eb33314540560567b1f2623d4885e
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/new_global.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9d-685"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
www.2345.com/js/index/activity/20171111/widget.min.js
47.246.44.211301 Moved Permanently 262 B URL HTTP/1.1 www.2345.com/js/index/activity/20171111/widget.min.js
IP 47.246.44.211:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 72fa0fca20c82853e6dbbc1f13c78100
4e9b01e3ad0b56c9409bb02e5700430792fecacd
4555de589ff9b307e20c708d6f112bc47bb377df29ff0a5914f8fb0932926887
GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: text/html
Content-Length: 262
Connection: keep-alive
Location: https://www.2345.com/js/index/activity/20171111/widget.min.js
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Via: cache4.se1[,0]
Timing-Allow-Origin: *
EagleId: 2ff62c9816754920876847763e
16436.url.tudown.com/template/company/duote-xiazai/images/stars.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/stars.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/stars.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/global.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:35 GMT
Connection: keep-alive
ETag: "63676e8f-199"
Accept-Ranges: bytes
img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
58.215.47.196200 OK 1.0 kB URL HTTP/2 img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
IP 58.215.47.196:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Hash 8c6a6de562181b71d2867e2711f31df9
6e3aed7b36431b15293f6a3a1c66567a6fec5334
f65233dc7f87033f78a736238467c78ce1973af259b67f932c285a0f180174ee
GET /duoteimg/dtnew_assets/pc/js/soft/auto_complete.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 1015
date: Wed, 19 Oct 2022 10:50:39 GMT
vary: Accept-Encoding
x-oss-request-id: 634FD67F528A2F373455466A
x-oss-cdn-auth: success
last-modified: Wed, 19 Oct 2022 02:15:25 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3181168464323094172
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 20 Oct 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVRiBgICaq4y4nxgiIDJjNjljMDkwMWY0MjQ4N2JhZTA2NmEwOWJkZmNhMWYx
content-md5: 5qfmF/GrELbus726BAkyLQ==
x-oss-server-time: 22
content-encoding: gzip
ali-swift-global-savetime: 1666176639
via: cache58.l2cn3055[0,0,200-0,H], cache52.l2cn3055[2,0], vcache13.cn4730[0,0,200-0,H], vcache13.cn4730[0,0]
age: 9315448
x-cache: HIT TCP_MEM_HIT dirn:9:359604671
x-swift-savetime: Thu, 02 Feb 2023 04:10:48 GMT
x-swift-cachetime: 6417591
timing-allow-origin: *
eagleid: 3ad72f2116754920876285695e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
58.215.47.196200 OK 895 B URL HTTP/2 img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
IP 58.215.47.196:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Hash f8f676d38231dad63dfc1144b4739051
978c21f9675780eb755412efc1ddc8fe098c5d7f
2ab62b8459e616fbc36456facba7af14984e90a3a5522a317d46cdb6f133f871
GET /duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/x-javascript
content-length: 895
date: Thu, 08 Dec 2022 06:30:46 GMT
x-oss-request-id: 63918496AFFD703338923AEB
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "4C7F46FF62D37B2CC7456F8F9EB96611"
last-modified: Thu, 10 Sep 2020 02:00:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13670043018340852857
x-oss-storage-class: Standard
x-oss-meta-mode: 33188
x-oss-meta-mtime: 1599017058
x-oss-expiration: expiry-date="Fri, 11 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
vary: Accept-Encoding
content-md5: TH9G/2LTeyzHRW+PnrlmEQ==
x-oss-server-time: 24
content-encoding: gzip
ali-swift-global-savetime: 1670481046
via: cache8.l2cn3037[0,0,200-0,H], cache72.l2cn3037[1,0], vcache13.cn4730[0,0,200-0,H], vcache13.cn4730[1,0]
age: 5011041
x-cache: HIT TCP_MEM_HIT dirn:9:364955679
x-swift-savetime: Tue, 03 Jan 2023 18:34:40 GMT
x-swift-cachetime: 13262166
timing-allow-origin: *
eagleid: 3ad72f2116754920877155757e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/js/front_ad.js
58.215.47.196200 OK 0 B URL HTTP/2 img4.duote.com/duoteimg/js/front_ad.js
IP 58.215.47.196:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /duoteimg/js/front_ad.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 0
date: Mon, 30 Jan 2023 14:45:14 GMT
x-oss-request-id: 63D7D7FA375B533033D1ED45
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D41D8CD98F00B204E9800998ECF8427E"
last-modified: Wed, 02 Sep 2020 01:55:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 0
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 03 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 1B2M2Y8AsgTpgAmY7PhCfg==
ali-swift-global-savetime: 1675089914
via: cache29.l2cn2641[0,0,200-0,H], cache43.l2cn2641[1,0], vcache18.cn4730[0,0,200-0,H], vcache13.cn4730[3,0]
age: 402173
x-cache: HIT TCP_MEM_HIT dirn:9:300161027
x-swift-savetime: Thu, 02 Feb 2023 03:30:33 GMT
x-swift-cachetime: 15333281
timing-allow-origin: *
eagleid: 3ad72f2116754920877505796e
X-Firefox-Spdy: h2
img4.duote.com/duoteimg/js/baidu_js_push.js
58.215.47.196200 OK 359 B URL HTTP/2 img4.duote.com/duoteimg/js/baidu_js_push.js
IP 58.215.47.196:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type ASCII text, with CRLF line terminators
Hash f63ef5e096ef52af0cb95b8d2f3fda32
8d6dcc307c816618f7b26e1482d16d447f382e51
e0679eaf3f94f9353f167a1ebe1a8424c61631cc9be2d5a5445ba35e77f58932
GET /duoteimg/js/baidu_js_push.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 359
date: Wed, 01 Feb 2023 02:30:12 GMT
x-oss-request-id: 63D9CEB468498337333C47D0
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "F63EF5E096EF52AF0CB95B8D2F3FDA32"
last-modified: Tue, 21 Jun 2022 08:41:11 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2603761381065918884
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Wed, 22 Jun 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQUxiBgID4uNiVjBgiIDdjODgyMTExYzA2OTQ5NmU4NjMxZTI4MDZmMTc2NGEx
content-md5: 9j714JbvUq8MuVuNLz/aMg==
x-oss-server-time: 42
ali-swift-global-savetime: 1675218612
via: cache24.l2cn2641[0,1,200-0,H], cache27.l2cn2641[3,0], vcache27.cn4730[0,0,200-0,H], vcache13.cn4730[1,0]
age: 273475
x-cache: HIT TCP_MEM_HIT dirn:9:63396267
x-swift-savetime: Thu, 02 Feb 2023 03:30:33 GMT
x-swift-cachetime: 15461979
timing-allow-origin: *
eagleid: 3ad72f2116754920877545798e
X-Firefox-Spdy: h2
16436.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
154.218.151.71200 OK 63 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with no line terminators
Hash 827609f4f6b6dbef37e7bbb2c6cb8535
09929f83133df43c4ec28623065e3af7647a1f11
f7f82084b7a593e189a56487ea3179a61e6d8c93ec6ffdfada18e8c5e8863375
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/keyword_new.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Content-Length: 63
Last-Modified: Sun, 06 Nov 2022 08:21:47 GMT
Connection: keep-alive
ETag: "63676e9b-3f"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
16436.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
154.218.151.71200 OK 738 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (1755)
Hash 941e223b206b2f389ba88e5c62146e05
1ea47333441413a3afd2fbc6e335810513cd3b5f
c0034343dbd842fc5ba9dfae6be7145ec000eb017fc0ca9a7fd6e245811df660
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/scrollbar.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9e-707"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
16436.url.tudown.com/uploads/images/logo.png?n=4252rznxt3s3raxhv2q6tamt42oit2mzsdulji7exo56lbnm4wh3q&w=250
154.218.151.71200 OK 3.9 kB URL HTTP/1.1 16436.url.tudown.com/uploads/images/logo.png?n=4252rznxt3s3raxhv2q6tamt42oit2mzsdulji7exo56lbnm4wh3q&w=250
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Hash 8d59557f0de94e86639cae6c91c5223f
2faad82ecf78ea03b11a9828c7a5972be2e82bd0
3b7e1a3ad41d8e9df21ad8243a56320f601387098fea60f0a9b90c50fafee45f
GET /uploads/images/logo.png?n=4252rznxt3s3raxhv2q6tamt42oit2mzsdulji7exo56lbnm4wh3q&w=250 HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
16436.url.tudown.com/uploads/images/661162.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/661162.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/661162.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3495194603,2076237578&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
bdcode.2345.com/source/g/common/by/ht_jy_qx.js
42.81.8.130200 OK 2.2 kB URL HTTP/1.1 bdcode.2345.com/source/g/common/by/ht_jy_qx.js
IP 42.81.8.130:0
File type ASCII text, with very long lines (5414), with no line terminators
Hash 8e252d1ccfc071b47d117776ec9bba1b
72a742f9a3a81db8827b86a28d0bf874437872ba
f50203a11558c1f0fca37ac0151993bc498e04329a157ddc27f68c74743ab6c5
Analyzer Verdict Alert fortinet Malware
GET /source/g/common/by/ht_jy_qx.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2206
Connection: keep-alive
Cache-Control: max-age=14400
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 10:28:07 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c20226afdbd137e3-143
Server: yunjiasu
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 06:02:26 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941328e6b98372c-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675490546
via: cache2.l2de2[0,0,304-0,H], cache23.l2de2[1,0], cache3.se1[0,0,200-0,H], cache5.se1[1,0], cache8.se1[2,0]
age: 1542
x-cache: HIT TCP_MEM_HIT dirn:9:1196935987
x-swift-savetime: Sat, 04 Feb 2023 06:10:56 GMT
x-swift-cachetime: 1290
timing-allow-origin: *, *
eagleid: 2ff62c9c16754920881193006e, 2ff62c9c16754920881193006e
16436.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
154.218.151.71200 OK 80 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type ASCII text, with very long lines (32074), with CRLF line terminators
Hash e81ec1034a64ade1aa8b290326108e91
67aa74b0a4d0039f59acacca2ee6eee5ebaa312e
825cd708c0562c4b038d007351af36e0c4b34a32c0a1e8fd5852206417cbf94e
Analyzer Verdict Alert fortinet Malware
GET /template/company/duote-xiazai/js/jquery-ui.min.js HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:07 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-3def1"
Expires: Sat, 04 Feb 2023 18:28:07 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.21.226:0
Hash 2d1a15af936b883451dbf3d75568f863
fc4961b5f0041dc198464c6dda01183cb07ef0ae
b85ef4c0fe7a48d851368152ecd1cf3f17611ed52c2a11936e5d3ae01d932e9d
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:50:17 GMT
ETag: "fc4961b5f0041dc198464c6dda01183cb07ef0ae"
Last-Modified: Sat, 04 Feb 2023 04:50:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2970
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941582f3aee0b02-OSL
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 06:02:26 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941328e6b98372c-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675490546
via: cache2.l2de2[0,0,304-0,H], cache15.l2de2[1,0], cache5.se1[82,82,200-0,C], cache5.se1[83,0], cache3.se1[85,0]
age: 1542
x-cache: HIT TCP_MEM_HIT dirn:11:181837606
x-swift-savetime: Sat, 04 Feb 2023 06:28:08 GMT
x-swift-cachetime: 258
timing-allow-origin: *, *
eagleid: 2ff62c9716754920881222886e, 2ff62c9716754920881222886e
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 06:02:26 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941328e6b98372c-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675490546
via: cache2.l2de2[0,0,304-0,H], cache15.l2de2[1,0], cache5.se1[82,82,200-0,H], cache5.se1[83,0], cache7.se1[86,0]
age: 1542
x-cache: HIT TCP_REFRESH_HIT dirn:11:181837606
x-swift-savetime: Sat, 04 Feb 2023 06:28:08 GMT
x-swift-cachetime: 258
timing-allow-origin: *, *
eagleid: 2ff62c9b16754920881236602e, 2ff62c9b16754920881236602e
ocsp.trust-provider.cn/
47.246.44.205200 OK 599 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 06:02:26 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=600332,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: EXPIRED
cf-ray: 7941328e6b98372c-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675490546
via: cache2.l2de2[0,0,304-0,H], cache15.l2de2[1,0], cache5.se1[82,79,200-0,C], cache5.se1[81,0], cache1.se1[84,0]
age: 1542
x-cache: HIT TCP_MEM_HIT dirn:11:181837606
x-swift-savetime: Sat, 04 Feb 2023 06:28:08 GMT
x-swift-cachetime: 258
timing-allow-origin: *, *
eagleid: 2ff62c9516754920881244248e, 2ff62c9516754920881244248e
16436.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/soft-down.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:32 GMT
Connection: keep-alive
ETag: "63676e8c-199"
Accept-Ranges: bytes
16436.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/softfastdownbtn.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:33 GMT
Connection: keep-alive
ETag: "63676e8d-199"
Accept-Ranges: bytes
16436.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
154.218.151.71200 OK 1.2 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash cc3e19fad8a144bf1e7bf400678f99cb
6ac3ec9a26fdec416640a98d24564ddee9886999
1725f9122ad4ec5075cd0967aef3ef5aff312d90e17a33b854d71434f7cbba4c
GET /template/company/duote-xiazai/images/icon-sprites.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 1160
Last-Modified: Sun, 06 Nov 2022 08:21:18 GMT
Connection: keep-alive
ETag: "63676e7e-488"
Accept-Ranges: bytes
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash 8b051ecaa1ec17dd8e5563a1a93550b7
7ced547bd54076c7e4242f4bc8501c6e6d3fe3ad
6bb317f453da2286304bd5669a482b7d5ce5b2016ffd49da51f324e670e1c1ad
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 06:28:08 GMT
Ali-Swift-Global-Savetime: 1675492088
Via: cache14.l2de2[1037,1037,200-0,M], cache14.l2de2[1038,0], cache3.se1[1059,1058,200-0,M], cache3.se1[1061,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 06:28:08 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716754920872492316e
16436.url.tudown.com/template/company/duote-xiazai/images/like.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/like.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/like.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:22 GMT
Connection: keep-alive
ETag: "63676e82-199"
Accept-Ranges: bytes
s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
180.97.251.250200 OK 20 B URL HTTP/2 s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
IP 180.97.251.250:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
GET /z_stat.php?id=1277770517&web_id=1277770517 HTTP/1.1
Host: s5.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 05:36:54 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 05:36:54 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675489014
via: cache6.l2ea120-8[58,57,200-0,M], cache75.l2ea120-8[58,0], cache9.cn2205[0,0,200-0,H], cache15.cn2205[1,0]
age: 3074
x-cache: HIT TCP_MEM_HIT dirn:12:746971774
x-swift-savetime: Sat, 04 Feb 2023 05:36:54 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb2b16754920883097057e
X-Firefox-Spdy: h2
16436.url.tudown.com/template/company/duote-xiazai/images/dislike.png
154.218.151.71200 OK 295 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/dislike.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced\012- data
Hash a23e4dc6044953a149d0eb87aa9df5a4
48ab906d07b8d3265c0de7255d41d5352df29b9d
0342c264fcaac6c9fb4c0ea801d56145043dcd37613bddc633a6333c783eb2b9
GET /template/company/duote-xiazai/images/dislike.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 295
Last-Modified: Sun, 06 Nov 2022 08:21:09 GMT
Connection: keep-alive
ETag: "63676e75-127"
Accept-Ranges: bytes
img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
58.215.47.196200 OK 361 B URL HTTP/2 img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
IP 58.215.47.196:0
ASN #23650 AS Number for CHINANET jiangsu province backbone
File type HTML document text\012- HTML document, ASCII text, with very long lines (361), with no line terminators
Hash d7877f2308efe72c7913b65816859daa
755606b601ae85ebcbf0dd47660fb028d1bf30d7
3af5e226f01cd0faf44433ba44517cc6b0fe9596de061a613c8d719227cc2c1a
GET /duoteimg/dtnew_recom_img/duoteself/softdown_1.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 361
date: Wed, 04 Jan 2023 11:04:14 GMT
x-oss-request-id: 63B55D2EC8A4583930BA3DD0
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D7877F2308EFE72C7913B65816859DAA"
last-modified: Wed, 04 Jan 2023 09:53:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13587884656729146177
x-oss-storage-class: Standard
x-oss-meta-mtime: 1672826010
x-oss-expiration: expiry-date="Thu, 05 Jan 2023 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVxiBgMCnu.bwqxgiIGMwYmRlOGE3NDQ3MjQxYmY4Y2NiYWYyOWExMzU2Zjdi
content-md5: 14d/Iwjv5yx5E7ZYFoWdqg==
x-oss-server-time: 9
ali-swift-global-savetime: 1672830254
via: cache7.l2cn2641[0,0,200-0,H], cache17.l2cn2641[0,0], vcache8.cn4730[0,0,200-0,H], vcache13.cn4730[0,0]
age: 2661834
x-cache: HIT TCP_MEM_HIT dirn:9:139960763
x-swift-savetime: Thu, 02 Feb 2023 03:35:18 GMT
x-swift-cachetime: 13073336
timing-allow-origin: *
eagleid: 3ad72f2116754920883516390e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
222.186.17.200200 OK 2.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash a7bff4f63a973a68e2d98ee780d9e29e
4c87d92faf82347bb122c2ad0e74e166aec5c567
18e82892f579e1f63d003f7e8404754b775542d72ea2d677f61d8ed3c7dfd21c
GET /duoteimg/zhuanti/comment/images/5.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2768
date: Mon, 23 Jan 2023 13:58:46 GMT
x-oss-request-id: 63CE9296E81BB23138D23ECC
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "A7BFF4F63A973A68E2D98EE780D9E29E"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 11302870927342222426
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: p7/09jqXOmji2Y7ngNning==
x-oss-server-time: 33
ali-swift-global-savetime: 1674482326
via: cache19.l2cn3037[0,0,304-0,H], cache5.l2cn3037[0,0], ens-vcache22.cn5274[0,0,200-0,H], ens-vcache21.cn5274[2,0]
age: 1009762
x-cache: HIT TCP_MEM_HIT dirn:12:397769530
x-swift-savetime: Mon, 23 Jan 2023 13:59:25 GMT
x-swift-cachetime: 15551961
timing-allow-origin: *
eagleid: deba11a816754920884008353e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
222.186.17.200200 OK 1.7 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 52c2ef213baaff54c731557b999a0bf7
804e7ac80e4255b27247350265bbc92ce8d075bb
6bc6cc4739fbf0b9257b84549097c06651f82bcb2edef386710f4bb88e5b1676
GET /duoteimg/zhuanti/comment/images/9.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1733
date: Fri, 09 Dec 2022 13:25:13 GMT
x-oss-request-id: 63933739960DF237391E4EA8
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "52C2EF213BAAFF54C731557B999A0BF7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7207152638915174298
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: UsLvITuq/1THMVV7mZoL9w==
x-oss-server-time: 46
ali-swift-global-savetime: 1670592313
via: cache35.l2cn3037[0,0,200-0,H], cache42.l2cn3037[0,0], ens-vcache10.cn5274[0,0,200-0,H], ens-vcache21.cn5274[3,0]
age: 4899775
x-cache: HIT TCP_MEM_HIT dirn:11:169240852
x-swift-savetime: Wed, 11 Jan 2023 22:16:34 GMT
x-swift-cachetime: 12668919
timing-allow-origin: *
eagleid: deba11a816754920884008356e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/8.gif
222.186.17.200200 OK 1.8 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/8.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 15c10a442a7bd8384cd17ed420cf21e9
477ba29d0b04ec0a2950d715b58abe2db4d68cdd
153b9c74c5a92e7ec480365537cd43c9973840f3b6c72dad3032f5aeb0a4d30e
GET /duoteimg/zhuanti/comment/images/8.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1788
date: Tue, 18 Oct 2022 05:04:16 GMT
x-oss-request-id: 634E33D0BA82AD3033A4E1BB
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "15C10A442A7BD8384CD17ED420CF21E9"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10105978504471775518
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: FcEKRCp72DhM0X7UIM8h6Q==
x-oss-server-time: 139
ali-swift-global-savetime: 1666069456
via: cache70.l2cn3037[0,0,200-0,H], cache74.l2cn3037[1,0], ens-vcache23.cn5274[0,0,200-0,H], ens-vcache21.cn5274[2,0]
age: 9422632
x-cache: HIT TCP_MEM_HIT dirn:9:110902711
x-swift-savetime: Wed, 11 Jan 2023 22:18:28 GMT
x-swift-cachetime: 8145948
timing-allow-origin: *
eagleid: deba11a816754920884018357e
X-Firefox-Spdy: h2
static.mediav.com/js/mvf_g2.js
104.192.110.245200 OK 9.0 kB URL HTTP/1.1 static.mediav.com/js/mvf_g2.js
IP 104.192.110.245:0
ASN #55992 Beijing Qihu Technology Company Limited
File type ASCII text, with very long lines (25539), with no line terminators
Hash 1baf9fc7116527b1a41307a6653030ca
f854953834e70e842d0d3fe6c8966ffb38e16744
d601207a5fa9a6b11008bc0a5a295c46ed62707d4a4b7b04a276eef33c3dcbd3
GET /js/mvf_g2.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:41 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 11:28:08 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc01.lato;HIT from w-sc02.bjmd
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
222.186.17.196404 Not Found 548 B URL HTTP/2 img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP 222.186.17.196:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 370e16c3b7dba286cff055f93b9a94d8
65f3537c3c798f7da146c55aef536f7b5d0cb943
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090
GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 548
date: Sat, 04 Feb 2023 06:28:08 GMT
ali-swift-global-savetime: 1675492088
via: cache48.l2cn3037[0,0,404-0,H], cache10.l2cn3037[1,0], cache10.l2cn3037[1,0], ens-vcache18.cn5274[54,53,404-1280,M], ens-vcache4.cn5274[56,0]
age: 0
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 06:28:08 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: deba119716754920883398023e
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/465618.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/465618.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/465618.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3407240461,2727833040&fm=253&fmt=auto&app=138&f=JPEG?w=595&h=500
16436.url.tudown.com/uploads/images/188183.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/188183.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/188183.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=4132861193,4120724701&fm=253&app=138&f=JPEG?w=500&h=889
16436.url.tudown.com/common/ipnotice/
154.218.151.71200 OK 17 kB URL HTTP/1.1 16436.url.tudown.com/common/ipnotice/
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 0a8b120f477000cdcad3982e22d01ad1
42428d7bbcfd8b31e4e0b0377b424c64c1c99066
86285fe61ca663fbc07ac72b7eeb1e354ca831b2e47a7d076e6fecd57b6795bc
Analyzer Verdict Alert fortinet Malware
GET /common/ipnotice/ HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
static.mediav.com/js/mvf_pm_slider.js
104.192.110.245200 OK 40 kB URL HTTP/1.1 static.mediav.com/js/mvf_pm_slider.js
IP 104.192.110.245:0
ASN #55992 Beijing Qihu Technology Company Limited
File type ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Hash b23b60a7adefb62f50583079ed66f03b
965ea6506ea6c004b1135f23c10c67484fc0d238
987d03cb317bd411589ab916be6ea0e5aaabf8de0e94a2de7712beff577a62f8
GET /js/mvf_pm_slider.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:42 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 11:28:08 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc01.lato;HIT from w-sc02.lyct
16436.url.tudown.com/uploads/images/811622.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/811622.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/811622.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3617243236,2234237297&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/template/company/duote-xiazai/images/right.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/right.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/right.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:30 GMT
Connection: keep-alive
ETag: "63676e8a-199"
Accept-Ranges: bytes
16436.url.tudown.com/uploads/images/122880.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/122880.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/122880.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=621734655,761967927&fm=253&fmt=auto&app=138&f=JPEG?w=498&h=500
16436.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
154.218.151.71200 OK 1.3 kB URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type PNG image data, 178 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 7e22e63af128066b4d249bec71934fa7
09313b9c9717d049883d7c82b3b87f1a4af28408
ea827b6f53f2f091eb1a9ab83c5f53c5f4215e5a14721037af0b50dc47ffe5b0
GET /template/company/duote-xiazai/images/newbtnbg.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 1308
Last-Modified: Sun, 06 Nov 2022 08:21:23 GMT
Connection: keep-alive
ETag: "63676e83-51c"
Accept-Ranges: bytes
16436.url.tudown.com/template/company/duote-xiazai/images/left.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/left.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/left.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/soft.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:20 GMT
Connection: keep-alive
ETag: "63676e80-199"
Accept-Ranges: bytes
img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
222.186.17.200200 OK 3.5 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash eb575dd556470ae55acfa8350f63f3ab
5ded8852598c3cb4ff9130d24b1b7b03c558d14e
0be355d4a20f70a41fef403a817d2d27a1c5122fa1b58ef04dc884fb9a12ed7a
GET /duoteimg/zhuanti/comment/images/6.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3468
date: Mon, 23 Jan 2023 13:58:46 GMT
x-oss-request-id: 63CE9296F92761343002A8E4
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "EB575DD556470AE55ACFA8350F63F3AB"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17858666986198953545
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 61dd1VZHCuVaz6g1D2Pzqw==
x-oss-server-time: 86
ali-swift-global-savetime: 1674482326
via: cache39.l2cn3037[0,0,304-0,H], cache5.l2cn3037[1,0], ens-vcache13.cn5274[0,0,200-0,H], ens-vcache21.cn5274[2,0]
age: 1009762
x-cache: HIT TCP_MEM_HIT dirn:9:35192425
x-swift-savetime: Mon, 23 Jan 2023 13:59:25 GMT
x-swift-cachetime: 15551961
timing-allow-origin: *
eagleid: deba11a816754920884018360e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
222.186.17.200200 OK 2.1 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 8535863eee1ae5dfffa4f25a79cffa10
ae60588f804b611794c725429927f1a37c31a6e5
13fd5ae010e7d97dc637a2ec0537a28a8d74dac1f1480fa87279ae226e13e535
GET /duoteimg/zhuanti/comment/images/10.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2105
date: Wed, 07 Dec 2022 22:38:17 GMT
x-oss-request-id: 639115D9EBE1D337378BAB5F
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8535863EEE1AE5DFFFA4F25A79CFFA10"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 720901678692586227
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: hTWGPu4a5d//pPJaec/6EA==
x-oss-server-time: 93
ali-swift-global-savetime: 1670452697
via: cache6.l2cn3037[0,0,200-0,H], cache62.l2cn3037[2,0], ens-vcache18.cn5274[0,0,200-0,H], ens-vcache21.cn5274[3,0]
age: 5039391
x-cache: HIT TCP_MEM_HIT dirn:12:35843788
x-swift-savetime: Mon, 02 Jan 2023 06:11:38 GMT
x-swift-cachetime: 13364799
timing-allow-origin: *
eagleid: deba11a816754920884008354e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
222.186.17.200200 OK 1.5 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 56bd697fdac1de3dbe8d4dd53e309a9b
215d4fead2dbf7bf6aeea1136749675cc5034f9e
7acdc1e69fd8d2c578ccf122054b7dab5a58a59caa255cd5585d45956136f4a3
GET /duoteimg/zhuanti/comment/images/7.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1495
date: Mon, 23 Jan 2023 14:04:36 GMT
x-oss-request-id: 63CE93F4A701303430D6A49F
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "56BD697FDAC1DE3DBE8D4DD53E309A9B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6398064933782332215
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Vr1pf9rB3j2+jU3VPjCamw==
x-oss-server-time: 53
ali-swift-global-savetime: 1674482676
via: cache67.l2cn3037[0,0,304-0,H], cache2.l2cn3037[1,0], ens-vcache5.cn5274[0,0,200-0,H], ens-vcache21.cn5274[2,0]
age: 1009412
x-cache: HIT TCP_MEM_HIT dirn:11:18665604
x-swift-savetime: Mon, 23 Jan 2023 14:04:41 GMT
x-swift-cachetime: 15551995
timing-allow-origin: *
eagleid: deba11a816754920884018359e
X-Firefox-Spdy: h2
img1.duote.com/duoteimg/zhuanti/comment/images/3.gif
222.186.17.200200 OK 3.0 kB URL HTTP/2 img1.duote.com/duoteimg/zhuanti/comment/images/3.gif
IP 222.186.17.200:0
File type GIF image data, version 89a, 24 x 24\012- data
Hash 2ea694cf637a163c094f4e88ae235ec7
8c80f708bc2b9ade2838743d1ec2f779662054e4
8824766f185db8f093dabd01f47636740f26f1a0340b8ed170e4268f36488a44
GET /duoteimg/zhuanti/comment/images/3.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3011
date: Mon, 23 Jan 2023 13:58:46 GMT
x-oss-request-id: 63CE92966849833530752F3A
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "2EA694CF637A163C094F4E88AE235EC7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8455495457239003797
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: LqaUz2N6FjwJT06IriNexw==
x-oss-server-time: 40
ali-swift-global-savetime: 1674482326
via: cache74.l2cn3037[0,0,304-0,H], cache72.l2cn3037[1,0], ens-vcache29.cn5274[0,0,200-0,H], ens-vcache21.cn5274[7,0]
age: 1009762
x-cache: HIT TCP_MEM_HIT dirn:9:350515696
x-swift-savetime: Mon, 23 Jan 2023 13:59:25 GMT
x-swift-cachetime: 15551961
timing-allow-origin: *
eagleid: deba11a816754920883998352e
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/62591.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/62591.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/62591.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:08 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2305591158,2094449158&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=353
16436.url.tudown.com/uploads/images/588188.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/588188.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/588188.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500
16436.url.tudown.com/uploads/images/400389.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/400389.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/400389.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3008557979,1855751679&fm=253&fmt=auto&app=138&f=JPEG?w=750&h=500
16436.url.tudown.com/uploads/images/546291.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/546291.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/546291.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3491602710,3547956979&fm=253&app=120&f=JPEG?w=750&h=1334
16436.url.tudown.com/uploads/images/126523.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/126523.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/126523.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2855087744,3676031745&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
16436.url.tudown.com/uploads/images/949941.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/949941.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/949941.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638
16436.url.tudown.com/uploads/images/49301.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/49301.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/49301.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2930783562,1548914756&fm=224&app=112&f=JPEG?w=500&h=500
ocsp.trust-provider.cn/
47.246.44.205200 OK 600 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash eceaa87d9a3316ee0dcad3fa5f444ee7
74afece1d64ad7c63136ffcd5d58ad1d15a764df
fb586a5f0f8968e29212268bb4bd746eae9cc20b4eda7fc41f1420482c74b3b9
POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 06:28:09 GMT
last-modified: Thu, 02 Feb 2023 04:39:52 GMT
expires: Thu, 09 Feb 2023 04:39:51 GMT
etag: "74afece1d64ad7c63136ffcd5d58ad1d15a764df"
cache-control: max-age=597701,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb5
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 794158379be9377c-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675492089
via: cache9.l2de2[30,29,304-0,M], cache2.l2de2[31,0], cache8.se1[113,113,200-0,H], cache5.se1[114,0], cache8.se1[115,0]
age: 0
x-cache: HIT TCP_REFRESH_HIT dirn:1:97856521
x-swift-savetime: Sat, 04 Feb 2023 06:28:09 GMT
x-swift-cachetime: 1800
timing-allow-origin: *, *
eagleid: 2ff62c9c16754920894343901e, 2ff62c9c16754920894343901e
bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
42.81.8.130200 OK 2.2 kB URL HTTP/1.1 bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
IP 42.81.8.130:0
File type ASCII text, with very long lines (5409), with no line terminators
Hash d19bdae2e7e260cf8d073f646b1327b1
f11ad6bbb5854b91f30ae1d1d9e40b0735648a49
db04653da94f0ab49ba4af223faa764d36bdd60a1aa1dcb1fc773512d100bce5
Analyzer Verdict Alert fortinet Malware
GET /common/xsoa-r/openjs/pu/ao.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2200
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 07:28:09 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c20226be39d037e2-143
Server: yunjiasu
16436.url.tudown.com/uploads/images/919934.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/919934.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/919934.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2839564628,3149197491&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=752
16436.url.tudown.com/uploads/images/608769.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/608769.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/608769.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2658501682,2504071862&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/251098.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/251098.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/251098.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=4107956119,2484665248&fm=253&app=120&f=JPEG?w=750&h=1334
16436.url.tudown.com/uploads/images/756077.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/756077.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/756077.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3071123345,2295429321&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300
16436.url.tudown.com/uploads/images/531797.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/531797.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/531797.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3367282228,112003215&fm=253&fmt=auto&app=120&f=JPEG?w=281&h=500
16436.url.tudown.com/uploads/images/691517.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/691517.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/691517.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2531146408,2306822939&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/template/company/duote-xiazai/images/biaoq-icon.png
154.218.151.71200 OK 409 B URL HTTP/1.1 16436.url.tudown.com/template/company/duote-xiazai/images/biaoq-icon.png
IP 154.218.151.71:0
ASN #137951 Clayer Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Hash 513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298
GET /template/company/duote-xiazai/images/biaoq-icon.png HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/template/company/duote-xiazai/css/global.css
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:07 GMT
Connection: keep-alive
ETag: "63676e73-199"
Accept-Ranges: bytes
16436.url.tudown.com/uploads/images/856389.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/856389.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/856389.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2409478391,1921956330&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/807359.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/807359.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/807359.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4066814996,903916700&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
16436.url.tudown.com/uploads/images/472815.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/472815.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/472815.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1707521975,1422702129&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=364
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
222.186.17.196404 Not Found 146 B URL HTTP/2 img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP 222.186.17.196:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 06:28:09 GMT
ali-swift-global-savetime: 1675492089
via: cache48.l2cn3037[16,15,404-1280,M], cache67.l2cn3037[17,0], cache67.l2cn3037[17,0], ens-vcache18.cn5274[76,75,404-1280,M], ens-vcache4.cn5274[77,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 06:28:09 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: deba119716754920898081899e
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/58823.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/58823.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/58823.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3165265658,3938012511&fm=253&app=120&f=JPEG?w=1000&h=800
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash c45b5d23d78c603a4f679957cc907c55
c0c6131e462224b19bf52c269ffda26be7dcc3ce
7acbb574f2c3ce64da98b8bf9e8af19ba063535e4cbf9fadaf803c34381178dd
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:09:39 GMT
ETag: "c0c6131e462224b19bf52c269ffda26be7dcc3ce"
Last-Modified: Sat, 04 Feb 2023 04:09:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 989
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941583b1cb61c06-OSL
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash c45b5d23d78c603a4f679957cc907c55
c0c6131e462224b19bf52c269ffda26be7dcc3ce
7acbb574f2c3ce64da98b8bf9e8af19ba063535e4cbf9fadaf803c34381178dd
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:09:39 GMT
ETag: "c0c6131e462224b19bf52c269ffda26be7dcc3ce"
Last-Modified: Sat, 04 Feb 2023 04:09:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 989
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941583b1ff3b511-OSL
bdcode.2345.com/awycyrm.js
42.81.8.130200 OK 38 kB URL HTTP/1.1 bdcode.2345.com/awycyrm.js
IP 42.81.8.130:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 5fbb10e03d1f57d1cc8b11f6733f05e9
6c5795f7e16e68be43e5416cf63e509a6caa58b8
550493b918a5548592ae1a76018c938f3ff7e9f64fe5af1dfcf91839e7270bd8
Analyzer Verdict Alert fortinet Malware
GET /awycyrm.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:09 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 38255
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 07:28:09 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c20226c1dbd737e3-143
Server: yunjiasu
16436.url.tudown.com/uploads/images/254265.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/254265.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/254265.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=532771002,3100664623&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
img4.runjiapp.com/duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg
58.216.13.242200 OK 41 kB URL HTTP/1.1 img4.runjiapp.com/duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg
IP 58.216.13.242:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 910x86, components 3\012- data
Hash f8f15f37c9961bc7463d1df83059d32c
7b4aa49eaed0106e8722fda960d4f397b78e7811
eb99269720c3ad25a285d1cae14a73f57a45ffe3e1f086f1e0a8351a83e62cc0
GET /duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg HTTP/1.1
Host: img4.runjiapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/jpeg
Content-Length: 41017
Connection: keep-alive
Date: Wed, 04 Jan 2023 09:53:52 GMT
x-oss-request-id: 63B54CB0F7910630375930C3
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "F8F15F37C9961BC7463D1DF83059D32C"
Last-Modified: Fri, 04 Sep 2020 08:59:59 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2768094505068467474
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Sat, 05 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
Content-MD5: +PFfN8mWG8dGPR34MFnTLA==
x-oss-server-time: 12
Ali-Swift-Global-Savetime: 1672826032
Via: cache38.l2cn1816[0,0,200-0,H], cache6.l2cn1816[1,0], vcache18.cn3841[0,0,200-0,H], vcache16.cn3841[3,0]
Age: 2666057
X-Cache: HIT TCP_MEM_HIT dirn:0:420922082
X-Swift-SaveTime: Sat, 14 Jan 2023 09:54:51 GMT
X-Swift-CacheTime: 14687941
Timing-Allow-Origin: *
EagleId: 3ad80da416754920898748279e
16436.url.tudown.com/uploads/images/833327.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/833327.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/833327.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1488594902,3727268786&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
16436.url.tudown.com/uploads/images/830569.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/830569.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/830569.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
16436.url.tudown.com/uploads/images/304152.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/304152.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/304152.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1276282768,2967875449&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/808820.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/808820.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/808820.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2078535656,3630720503&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=370
16436.url.tudown.com/uploads/images/517940.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/517940.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/517940.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3363146563,757254913&fm=253&fmt=auto&app=138&f=JPEG?w=313&h=500
img0.baidu.com/it/u=3495194603,2076237578&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
114.232.92.35200 OK 6.1 kB URL HTTP/2 img0.baidu.com/it/u=3495194603,2076237578&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e254b768e54968a6fc0b327e889dccbd
c363336641b3263c1f92c3b85c5ac4f726765dec
ad6d2ed291cdf87bcb5e686d0365df106b80b5853219df04ca26954968c55ba0
GET /it/u=3495194603,2076237578&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 6058
expires: Tue, 07 Feb 2023 18:54:54 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: e254b768e54968a6fc0b327e889dccbd
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 18:54:54 GMT
ohc-cache-hit: nt2ct74 [1], suzix157 [4]
ohc-file-size: 6058
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=4132861193,4120724701&fm=253&app=138&f=JPEG?w=500&h=889
125.74.42.35200 OK 79 kB URL HTTP/1.1 img1.baidu.com/it/u=4132861193,4120724701&fm=253&app=138&f=JPEG?w=500&h=889
IP 125.74.42.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Hash 556e98adeafe1cf12173f7a68747740a
0307af7aaad98fbaa44ca2f4527112e8fcd1d32b
d82fd4fdcef457f7bc374369edbb256a3eb52d4efecb3fdb46329bdf38bb760f
GET /it/u=4132861193,4120724701&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpeg
Content-Length: 79301
Connection: keep-alive
Expires: Thu, 23 Feb 2023 05:02:54 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: 556e98adeafe1cf12173f7a68747740a
Age: 282762
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 05:02:53 GMT
Ohc-Cache-HIT: lz3ct55 [4], suzix97 [4]
Ohc-File-Size: 79301
X-Cache-Status: HIT
16436.url.tudown.com/uploads/images/183343.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/183343.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/183343.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3550134007,3853935066&fm=253&fmt=auto?w=1280&h=800
img2.baidu.com/it/u=3008557979,1855751679&fm=253&fmt=auto&app=138&f=JPEG?w=750&h=500
182.106.158.35200 OK 87 kB URL HTTP/2 img2.baidu.com/it/u=3008557979,1855751679&fm=253&fmt=auto&app=138&f=JPEG?w=750&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 750x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 50bfca5a7189b682f6f5217785deb470
4f81d07f69eb41d8d58ed371c9bd12d5ab02b141
bd07bc51856f949e6555b908e2b448e79b3894f47221b604f854c7e1d7184548
GET /it/u=3008557979,1855751679&fm=253&fmt=auto&app=138&f=JPEG?w=750&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 87184
expires: Wed, 22 Feb 2023 19:34:20 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 50bfca5a7189b682f6f5217785deb470
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 19:34:20 GMT
ohc-cache-hit: jjct56 [1], czix236 [4]
ohc-file-size: 87184
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3165265658,3938012511&fm=253&app=120&f=JPEG?w=1000&h=800
114.232.92.35200 OK 67 kB URL HTTP/1.1 img0.baidu.com/it/u=3165265658,3938012511&fm=253&app=120&f=JPEG?w=1000&h=800
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1000x800, components 3\012- data
Hash bd561c400f0de2f7e6c508fb9fca587c
2286a4cbc58cd4879e816465f4d62789afd26a43
a781857bf684816d043fb5421dee3e366450dd0593c56e9740cd449f61974719
GET /it/u=3165265658,3938012511&fm=253&app=120&f=JPEG?w=1000&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpeg
Content-Length: 67358
Connection: keep-alive
Expires: Sat, 04 Feb 2023 07:38:38 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: bd561c400f0de2f7e6c508fb9fca587c
Age: 344053
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 07:38:38 GMT
Ohc-Cache-HIT: nt2ct60 [4], csix60 [2]
Ohc-File-Size: 67358
X-Cache-Status: HIT
16436.url.tudown.com/uploads/images/778939.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/778939.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/778939.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2127033273,1269795560&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=275
16436.url.tudown.com/uploads/images/618635.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/618635.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/618635.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2956304572,337122373&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=443
16436.url.tudown.com/uploads/images/625620.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/625620.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/625620.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2146829638,376942415&fm=253&fmt=auto&app=138&f=JPEG?w=854&h=480
16436.url.tudown.com/uploads/images/771463.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/771463.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/771463.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608
img0.baidu.com/it/u=4107956119,2484665248&fm=253&app=120&f=JPEG?w=750&h=1334
114.232.92.35200 OK 95 kB URL HTTP/1.1 img0.baidu.com/it/u=4107956119,2484665248&fm=253&app=120&f=JPEG?w=750&h=1334
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 750x1334, components 3\012- data
Hash 8969060bfa4757c6a144564bdb44a04e
1df6680c2e36b55b26dfa15d5061e703add8b5cc
939b04da6bb77ef3124e71aae10e20a64457c020f5d129ae284d729e1cd9e693
GET /it/u=4107956119,2484665248&fm=253&app=120&f=JPEG?w=750&h=1334 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpeg
Content-Length: 95361
Connection: keep-alive
Expires: Mon, 06 Feb 2023 14:18:51 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 8969060bfa4757c6a144564bdb44a04e
Age: 2451
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 14:18:51 GMT
Ohc-Cache-HIT: nt2ct72 [4], czix156 [2]
Ohc-File-Size: 95361
X-Cache-Status: HIT
16436.url.tudown.com/uploads/images/763973.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/763973.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/763973.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022
push.zhanzhang.baidu.com/push.js
112.34.113.148200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 112.34.113.148:0
ASN #9808 China Mobile Communications Group Co., Ltd.
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 06:28:10 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 06:28:10 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=CBF90DEFAB12B23CB5FD7A70C3986ECD:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 06:28:10 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
img0.baidu.com/it/u=1488594902,3727268786&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
114.232.92.35200 OK 65 kB URL HTTP/2 img0.baidu.com/it/u=1488594902,3727268786&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b8bd198437f8a2b47229447b7d176586
0f239ed89673802c829ed969db6d404f21c32906
bcb5a03b6bedb68844ddce8e7e0a4258e9d0a1244e4b72d32d05559ef2baddf6
GET /it/u=1488594902,3727268786&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 64792
expires: Wed, 22 Feb 2023 12:19:52 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: b8bd198437f8a2b47229447b7d176586
age: 237836
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 12:19:52 GMT
ohc-cache-hit: nt2ct68 [4], qdix131 [2]
ohc-file-size: 64792
x-cache-status: HIT
X-Firefox-Spdy: h2
www.2345.com/js/index/activity/20171111/widget.min.js
47.246.44.211200 OK 32 kB URL HTTP/2 www.2345.com/js/index/activity/20171111/widget.min.js
IP 47.246.44.211:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type ASCII text, with very long lines (19539), with no line terminators
Hash 14b5271c479bbc3187f6545f20398bd9
5a8ce7a3d71cbd6aed44666a330a80ac2c98579f
9326c15a6012dddb83efe896c79b67cac0ca8ed8b6e53fbf15ad53c8e60ce75b
GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
strict-transport-security: max-age=5184000
date: Sat, 04 Feb 2023 06:28:08 GMT
last-modified: Wed, 06 Nov 2019 08:19:39 GMT
etag: W/"5dc2821b-4c53"
vary: Accept-Encoding, Accept-Encoding
expires: Tue, 22 Nov 2022 14:45:06 GMT
cache-control: max-age=600
ali-swift-global-savetime: 1675492088
via: cache1.l2de2[616,616,304-0,M], cache3.l2de2[617,0], cache8.se1[705,705,200-0,H], cache8.se1[708,0]
age: 0
x-cache: HIT TCP_REFRESH_HIT dirn:4:99731148
x-swift-savetime: Sat, 04 Feb 2023 06:28:08 GMT
x-swift-cachetime: 600
content-encoding: br
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
timing-allow-origin: *
eagleid: 2ff62c9c16754920881863054e
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3407240461,2727833040&fm=253&fmt=auto&app=138&f=JPEG?w=595&h=500
182.106.158.35200 OK 61 kB URL HTTP/2 img2.baidu.com/it/u=3407240461,2727833040&fm=253&fmt=auto&app=138&f=JPEG?w=595&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 595x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 19071e61a1e37adf80e0c1a6743910d7
1bbff9665ad7c576b99f49f1a59320121d305da5
17dbdae0cb1c4122377605ea6722ea682e0831a0a84462f888dc4c76bbf962a6
GET /it/u=3407240461,2727833040&fm=253&fmt=auto&app=138&f=JPEG?w=595&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 60624
expires: Fri, 03 Mar 2023 18:45:55 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 19071e61a1e37adf80e0c1a6743910d7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 18:45:55 GMT
ohc-cache-hit: jjct54 [1], csix113 [4]
ohc-file-size: 60624
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/556867.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/556867.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/556867.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2770105821,4236549347&fm=224&app=112&f=JPEG?w=500&h=500
img1.baidu.com/it/u=2855087744,3676031745&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
125.74.42.35200 OK 37 kB URL HTTP/2 img1.baidu.com/it/u=2855087744,3676031745&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash baa8832940f7eece955082b6e244cd44
ae5becd6259f28242da9494f09b3dd0c8e48bbfe
86887dc5049f3664de79e94bc317ff640a72cbaeea56b91046b2655f6a9c95e9
GET /it/u=2855087744,3676031745&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 37062
expires: Thu, 23 Feb 2023 11:38:10 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: baa8832940f7eece955082b6e244cd44
age: 281355
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 11:38:10 GMT
ohc-cache-hit: lz3ct75 [4], wzix75 [4]
ohc-file-size: 37062
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=532771002,3100664623&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
125.74.42.35200 OK 28 kB URL HTTP/2 img1.baidu.com/it/u=532771002,3100664623&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1295dc3fb89bf01827f64b67585d02f2
309b85ce731ce7b564f0908a16c926452931e1d9
dbc386997ba18e35b03e2fc2bffa75223102c85fdc4ffac4cfaae7bbc157a51b
GET /it/u=532771002,3100664623&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 28522
expires: Mon, 20 Feb 2023 18:18:36 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 1295dc3fb89bf01827f64b67585d02f2
age: 708700
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 18:18:36 GMT
ohc-cache-hit: lz3ct57 [4], czix57 [4]
ohc-file-size: 28522
x-cache-status: HIT
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3367282228,112003215&fm=253&fmt=auto&app=120&f=JPEG?w=281&h=500
182.106.158.35200 OK 25 kB URL HTTP/2 img2.baidu.com/it/u=3367282228,112003215&fm=253&fmt=auto&app=120&f=JPEG?w=281&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 281x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 2a2c2c40080ba3b52598cfa0221d61b1
bb409ebc8a0f48737e49a3ccc6d0d97411aeac9c
7a3792719a2f64fda6f59b906c50c6022a3c82e7f9896a09efad62d08d100f33
GET /it/u=3367282228,112003215&fm=253&fmt=auto&app=120&f=JPEG?w=281&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 25196
expires: Mon, 06 Feb 2023 14:24:47 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 2a2c2c40080ba3b52598cfa0221d61b1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 14:24:47 GMT
ohc-cache-hit: jjct63 [1], wzix99 [2]
ohc-file-size: 25196
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3491602710,3547956979&fm=253&app=120&f=JPEG?w=750&h=1334
125.74.42.35200 OK 187 kB URL HTTP/1.1 img1.baidu.com/it/u=3491602710,3547956979&fm=253&app=120&f=JPEG?w=750&h=1334
IP 125.74.42.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 750x1334, components 3\012- data
Size 187 kB (187244 bytes)
Hash f7eae4c648bdcbe12c260efbdb5675ee
c0c1a14b966545cc965f512197664e9681e7c058
3be12c8d0af3212cb0c5400ffac296f73560530a9ab7486ada282e3911f0cbc1
GET /it/u=3491602710,3547956979&fm=253&app=120&f=JPEG?w=750&h=1334 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: image/jpeg
Content-Length: 187244
Connection: keep-alive
Expires: Mon, 20 Feb 2023 04:26:29 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: f7eae4c648bdcbe12c260efbdb5675ee
Age: 379671
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 04:26:29 GMT
Ohc-Cache-HIT: lz3ct86 [4], suzix194 [2]
Ohc-File-Size: 187244
X-Cache-Status: HIT
img0.baidu.com/it/u=4066814996,903916700&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
114.232.92.35200 OK 34 kB URL HTTP/2 img0.baidu.com/it/u=4066814996,903916700&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 55cdbd5ed040dd3490e1d657fa83c3eb
7cde4e5afe9ccdfe31ec067254205bb6f280dd70
be92a9aa1e2c0feb5fc11c0a805a8960e28bfe7ee3da39af8f84aca8934ef205
GET /it/u=4066814996,903916700&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 34412
expires: Wed, 22 Feb 2023 08:33:46 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 55cdbd5ed040dd3490e1d657fa83c3eb
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 08:33:46 GMT
ohc-cache-hit: nt2ct63 [1], suzix87 [4]
ohc-file-size: 34412
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/155188.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/155188.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/155188.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1089538976,1066714642&fm=253&app=120&f=JPEG?w=1280&h=800
16436.url.tudown.com/uploads/images/281579.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/281579.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/281579.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1422047553,3878863965&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/668551.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/668551.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/668551.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3701745270,5465264&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
16436.url.tudown.com/uploads/images/962904.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/962904.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/962904.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=4006431708,1076776729&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1240
img0.baidu.com/it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608
114.232.92.35200 OK 38 kB URL HTTP/2 img0.baidu.com/it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x608, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d56dd2c067cc47ecef1cae20df1436d6
6aaecdec59830fd6f60e4dcfcaa35c7e8c1b2452
7da838befba713f0710ef6473b956e8d9b7f4c618e14ababdc70f346896e1729
GET /it/u=4069119702,3787351208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=608 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 38066
expires: Fri, 10 Feb 2023 21:26:49 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: d56dd2c067cc47ecef1cae20df1436d6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 21:26:49 GMT
ohc-cache-hit: nt2ct71 [1], xiangyix71 [4]
ohc-file-size: 38066
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
182.106.158.35200 OK 3.7 kB URL HTTP/2 img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 138x196, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4705d959457f24b961e4574c59ff0036
56ed22beb312bc3cc29f1c8708a10c17944c472e
0bd08e9d06cc7043563f0d4e625ca4dfd6331f3edc4affb54e8fee7242515edf
GET /it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 3744
expires: Thu, 16 Feb 2023 03:22:43 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 4705d959457f24b961e4574c59ff0036
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 03:22:43 GMT
ohc-cache-hit: jjct56 [1], xiangyix125 [4]
ohc-file-size: 3744
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=3363146563,757254913&fm=253&fmt=auto&app=138&f=JPEG?w=313&h=500
182.106.158.35200 OK 26 kB URL HTTP/2 img2.baidu.com/it/u=3363146563,757254913&fm=253&fmt=auto&app=138&f=JPEG?w=313&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 313x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f71fcae3f86b46570c9c9a520800abff
3ce06736fe34c108479a484a6716bca3aa6cb39a
5c3b7ef7f67bcbc844cf7cef78ac0c1050e9bf4f3b512b2c383cdecd01807310
GET /it/u=3363146563,757254913&fm=253&fmt=auto&app=138&f=JPEG?w=313&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 25992
expires: Sun, 05 Feb 2023 13:59:31 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: f71fcae3f86b46570c9c9a520800abff
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 13:59:31 GMT
ohc-cache-hit: jjct63 [1], csix82 [4]
ohc-file-size: 25992
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2956304572,337122373&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=443
182.106.158.35200 OK 22 kB URL HTTP/2 img2.baidu.com/it/u=2956304572,337122373&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=443
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x443, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e2e5d1c6ee90235798d3f9d027a9bb45
abec7c0e086ad05d81e6b2fd94baaf7d37487cb6
59fac18f39c31e84411fd1ee45925f9dc6a062a9a6a8d5bac12454d5d03c6fe7
GET /it/u=2956304572,337122373&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=443 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 21674
expires: Wed, 22 Feb 2023 00:09:23 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: e2e5d1c6ee90235798d3f9d027a9bb45
age: 705243
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 00:09:23 GMT
ohc-cache-hit: jjct57 [4], czix57 [4]
ohc-file-size: 21674
x-cache-status: HIT
X-Firefox-Spdy: h2
sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
60.190.116.48200 OK 123 kB URL HTTP/1.1 sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
IP 60.190.116.48:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 123 kB (123037 bytes)
Hash c39ed7d28cee6240d44cc5b5c2bbd686
eab7220ff1195b14d9c1c21ae4fcad33315549b5
cd5d1c61337dd6b5a3ddffdc95ed7da921b125c9911aa22eaef8f054a2345459
GET /js/dfxaf3-635b4cd6.js HTTP/1.1
Host: sofire.bdstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:10 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 06 Feb 2023 08:39:29 GMT
Last-Modified: Fri, 06 Jan 2023 03:24:00 GMT
ETag: "6c8af00e14f394b624a4b374d18b9b7a"
Content-Encoding: gzip
Age: 78521
Accept-Ranges: bytes
Content-MD5: bIrwDhTzlLYkpLN00Yubeg==
x-bce-content-crc32: 1362413814
x-bce-debug-id: JT6BkvVLE9azBPO/DzyM7YxGrIXhgA5dvh7eappSaehhbpZwAXTf8t2hHCCbT5PKQBm7He3SXz5sqguLRbgK1Q==
x-bce-request-id: 010843bc-3dd7-4dcd-8bdf-0ab184bc4b71
x-bce-restore-cache: -
x-bce-restore-tier: -
x-bce-storage-class: STANDARD
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 08:39:29 GMT
Ohc-Cache-HIT: wz2ct54 [2], nb2ctcache77 [1]
Ohc-Response-Time: 1 0 0 0 0 0
16436.url.tudown.com/uploads/images/189005.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/189005.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/189005.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3341666169,737467469&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
img0.baidu.com/it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638
114.232.92.35200 OK 29 kB URL HTTP/2 img0.baidu.com/it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x638, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash abe88d977fbbececae72b3167e36966e
abf82fad41c012c9f7684b14eebe05576bc7b339
f05e685b21d7b49464dc2d670124547bdceee1d33058573c0b9fbe041f5f3223
GET /it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 29422
expires: Sat, 18 Feb 2023 04:11:41 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: abe88d977fbbececae72b3167e36966e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:11:41 GMT
ohc-cache-hit: nt2ct52 [1], qdix124 [4]
ohc-file-size: 29422
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2146829638,376942415&fm=253&fmt=auto&app=138&f=JPEG?w=854&h=480
182.106.158.35200 OK 21 kB URL HTTP/2 img2.baidu.com/it/u=2146829638,376942415&fm=253&fmt=auto&app=138&f=JPEG?w=854&h=480
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 854x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d7a697178ae6ee0f634f58955b4b6909
5fc7e00a07b9f5b25ba1c6e892319eba45af3a37
bb5026e93c4ff6cec93dfe8fc7a8f693a1b4aee283481b558cb1fddea65cc669
GET /it/u=2146829638,376942415&fm=253&fmt=auto&app=138&f=JPEG?w=854&h=480 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 20894
expires: Fri, 24 Feb 2023 03:21:19 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: d7a697178ae6ee0f634f58955b4b6909
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:21:19 GMT
ohc-cache-hit: jjct58 [1], bdix58 [4]
ohc-file-size: 20894
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3071123345,2295429321&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300
125.74.42.35200 OK 10 kB URL HTTP/2 img1.baidu.com/it/u=3071123345,2295429321&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d3b1cc5368673b2598ca04fcfa94922b
74c04d2ba2e07084b69b1a28a071972cc2b8e7d7
79349cfd0c35914fa875cf87b02e7d7b0614564731290544426562ec378b34a5
GET /it/u=3071123345,2295429321&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 10442
expires: Tue, 14 Feb 2023 00:15:14 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: d3b1cc5368673b2598ca04fcfa94922b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 00:15:14 GMT
ohc-cache-hit: lz3ct62 [1], xaix190 [2]
ohc-file-size: 10442
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=621734655,761967927&fm=253&fmt=auto&app=138&f=JPEG?w=498&h=500
125.74.42.35200 OK 31 kB URL HTTP/2 img1.baidu.com/it/u=621734655,761967927&fm=253&fmt=auto&app=138&f=JPEG?w=498&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 498x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 48ffa5a90f8f567e262131837de1de9a
939bc437e2d57129a29d08f1aabae58046d36e0e
3d90dc4c6b7c6938f8e8f544cf572907c14700a8f3975762c50115b4067ee149
GET /it/u=621734655,761967927&fm=253&fmt=auto&app=138&f=JPEG?w=498&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 30778
expires: Sat, 25 Feb 2023 10:58:16 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 48ffa5a90f8f567e262131837de1de9a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 26 Jan 2023 10:58:16 GMT
ohc-cache-hit: lz3ct68 [1], wzix68 [4]
ohc-file-size: 30778
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2839564628,3149197491&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=752
182.106.158.35200 OK 49 kB URL HTTP/2 img2.baidu.com/it/u=2839564628,3149197491&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=752
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 440x752, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3614bf0052bfdfa8871674465700c9a4
27f12e70e8a4e0c1aa2c8ef34a2e21206d0b9f52
ff14c416ec3c69977e9bd178e4fddffbef74cee053b77c492fc1556b47c245dc
GET /it/u=2839564628,3149197491&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=752 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 49008
expires: Mon, 20 Feb 2023 11:30:58 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3614bf0052bfdfa8871674465700c9a4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 11:30:58 GMT
ohc-cache-hit: jjct61 [1], xaix133 [4]
ohc-file-size: 49008
x-cache-status: MISS
X-Firefox-Spdy: h2
img1.baidu.com/it/u=1707521975,1422702129&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=364
125.74.42.35200 OK 26 kB URL HTTP/2 img1.baidu.com/it/u=1707521975,1422702129&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=364
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 640x364, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 62f0abb520f61061e77f06758cf0081b
82c1e9cb335b862e02d94dedf243adcc3e650762
c8c35a1513362f8a0276f218d8d21337cb8a49a9db8adf843e9f53c0e931470d
GET /it/u=1707521975,1422702129&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=364 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 25912
expires: Sat, 04 Mar 2023 04:45:51 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 62f0abb520f61061e77f06758cf0081b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 04:45:51 GMT
ohc-cache-hit: lz3ct92 [1], qdix92 [4]
ohc-file-size: 25912
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/418843.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/418843.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/418843.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2454068334,1338437974&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=752
union2.50bang.org/js/duoteall
180.101.190.124200 OK 370 B URL HTTP/1.1 union2.50bang.org/js/duoteall
IP 180.101.190.124:0
ASN #138950 Jiangsu Wuxi International IDC network
File type ASCII text, with very long lines (370), with no line terminators
Hash da3ac37415864c7c5afce285686a19df
0b06e71197babe5dca2340355576ccc3455f2478
ca0ac545712d6f8de4d4b1706d510518c771131671725a12f72db75116b27cea
GET /js/duoteall HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Length: 370
t15.baidu.com/it/u=2770105821,4236549347&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 34 kB URL HTTP/1.1 t15.baidu.com/it/u=2770105821,4236549347&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash e10265ba5aba0e310cb3cf012b4501c3
1b023f61a3e81022796ad528d4aa94bf602f6898
f7683469cafb255187cde50d4ae630d2995c7c34477513e4cf799ad404145c84
GET /it/u=2770105821,4236549347&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 33614
Connection: keep-alive
Expires: Thu, 16 Feb 2023 03:32:25 GMT
Last-Modified: Mon, 12 Jan 1970 00:00:00 GMT
ETag: e10265ba5aba0e310cb3cf012b4501c3
Age: 1377572
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 03:32:25 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache53 [2], suzix125 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33614
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=1276282768,2967875449&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 42 kB URL HTTP/1.1 t15.baidu.com/it/u=1276282768,2967875449&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 28c47b1ea8e30556c5041ed84bbad226
50f55468a5701619011e8a4b4d7f50a4a9667a21
79dabece53a015bf86b38fdc9bd6e3877af9595eedaa49780ec8722132c892c9
GET /it/u=1276282768,2967875449&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 41499
Connection: keep-alive
Expires: Fri, 17 Feb 2023 16:40:29 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: 28c47b1ea8e30556c5041ed84bbad226
Age: 1398322
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 16:40:29 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache62 [4], wzix62 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 41499
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=1422047553,3878863965&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
182.106.158.35200 OK 26 kB URL HTTP/2 img2.baidu.com/it/u=1422047553,3878863965&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e3176510e04d1b2402b28a3e0f7cd551
673e11bb56bb146ebde614d05249ef242cd39939
be099232d110135ca4474fc25aae0a6007e36fd59e334d6ac7c78ed5dd0f2d2a
GET /it/u=1422047553,3878863965&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 25638
expires: Mon, 06 Feb 2023 13:37:24 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: e3176510e04d1b2402b28a3e0f7cd551
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 13:37:24 GMT
ohc-cache-hit: jjct60 [1], suzix60 [4]
ohc-file-size: 25638
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500
185.10.104.124200 OK 8.0 kB URL HTTP/1.1 t15.baidu.com/it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 375x500, components 3\012- data
Hash c64b5c66c6e2e740c15f4727170bf763
07623198df5ee201ae489d4da8c707dd8d73b603
09964d8fd7f7b6911c8f8d5a2edc698a9edb143a6c2129cb240ed211e98768a8
GET /it/u=1009838707,3415849935&fm=224&app=112&f=JPEG?w=375&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 8027
Connection: keep-alive
Expires: Mon, 06 Feb 2023 12:20:48 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: c64b5c66c6e2e740c15f4727170bf763
Age: 2020932
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 12:20:48 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache56 [4], wzix100 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 8027
X-Cache-Status: HIT
Timing-Allow-Origin: *
t15.baidu.com/it/u=3617243236,2234237297&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 27 kB URL HTTP/1.1 t15.baidu.com/it/u=3617243236,2234237297&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d5b7172e1317ad58d9bca4144ad97968
a14b20a3dd7aafe613d22dfde01d45b24957eb7d
dd13414b0f414a8e1a1ed5593e80cf445a531b922220f0eee18bce7bda6bb310
GET /it/u=3617243236,2234237297&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 26902
Connection: keep-alive
Expires: Mon, 06 Feb 2023 18:19:32 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d5b7172e1317ad58d9bca4144ad97968
Age: 2019446
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 18:19:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache51 [4], suzix113 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 26902
X-Cache-Status: HIT
Timing-Allow-Origin: *
t13.baidu.com/it/u=2531146408,2306822939&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 57 kB URL HTTP/1.1 t13.baidu.com/it/u=2531146408,2306822939&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash d4866e4bd9d6c314d9ad2d6b7b4c2138
d0f440ec0d1a97d03ec30e6f5e06434c91d73ae7
f8aa7e0f66ea07f2f9b9b75a5987fc94b369765d2ecd49ed2a564b6b8dbd6a42
GET /it/u=2531146408,2306822939&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 57297
Connection: keep-alive
Expires: Sat, 04 Feb 2023 13:10:42 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: d4866e4bd9d6c314d9ad2d6b7b4c2138
Age: 2020598
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 13:10:42 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache60 [1], wzix106 [4]
Ohc-Response-Time: 1 0 0 0 0 1
Ohc-File-Size: 57297
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=4006431708,1076776729&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1240
125.74.42.35200 OK 61 kB URL HTTP/1.1 img1.baidu.com/it/u=4006431708,1076776729&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1240
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x1240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1dde8c4046d3aff5d0148ddd7404542a
ef1c933cfaede9178ef7aeac7ed5ab776e12ead9
b36eef80f0135db1cca68c959ca2bcbabb41e4390d634ec6e3149ae6f543e8fd
GET /it/u=4006431708,1076776729&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1240 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/webp
Content-Length: 61380
Connection: keep-alive
Expires: Thu, 16 Feb 2023 15:02:01 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 1dde8c4046d3aff5d0148ddd7404542a
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 15:02:01 GMT
Ohc-Cache-HIT: lz3ct59 [1], czix234 [2]
Ohc-File-Size: 61380
X-Cache-Status: MISS
t13.baidu.com/it/u=2930783562,1548914756&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 24 kB URL HTTP/1.1 t13.baidu.com/it/u=2930783562,1548914756&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 098f0a2d9b41559ee0a932f4f1ccd45b
0a9127a08f1aa79709118f0b766a8f24d6e05870
db7027acd4eb8cbae09cd8696ccb7b7de85a3d4735979cdfef953e4a86bab538
GET /it/u=2930783562,1548914756&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 24477
Connection: keep-alive
Expires: Sat, 04 Mar 2023 07:37:39 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 098f0a2d9b41559ee0a932f4f1ccd45b
Age: 157083
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 02 Feb 2023 07:37:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache55 [1], wzix55 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 24477
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=3550134007,3853935066&fm=253&fmt=auto?w=1280&h=800
125.74.42.35200 OK 45 kB URL HTTP/2 img1.baidu.com/it/u=3550134007,3853935066&fm=253&fmt=auto?w=1280&h=800
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3d9acbb36f46418d84f4cc11b5fc7045
ec8b94c20dfbf3566997d0f7450a3370ec1e901d
0eeec06efde8c5106471d1da1d2564fc2fd208fb1f8e57b8360073aaea9fb76e
GET /it/u=3550134007,3853935066&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 44846
expires: Wed, 22 Feb 2023 02:38:27 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3d9acbb36f46418d84f4cc11b5fc7045
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:38:27 GMT
ohc-cache-hit: lz3ct90 [1], bdix190 [4]
ohc-file-size: 44846
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3341666169,737467469&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
114.232.92.35200 OK 6.3 kB URL HTTP/2 img0.baidu.com/it/u=3341666169,737467469&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 280x180, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 68d57016aca2f7afbac70b528a8c7308
4e581fa8ad645c524ba74bbf858dd08eb3e8a2e1
2f7f2afec8f5638da2755a09b03b16762c73090eb7106e511fa803857fecdc35
GET /it/u=3341666169,737467469&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 6348
expires: Tue, 07 Feb 2023 19:52:05 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 68d57016aca2f7afbac70b528a8c7308
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 19:52:05 GMT
ohc-cache-hit: nt2ct71 [1], czix222 [4]
ohc-file-size: 6348
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/381979.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/381979.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/381979.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1243166482,3429621805&fm=253&app=120&f=JPEG?w=1280&h=800
16436.url.tudown.com/uploads/images/472770.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/472770.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/472770.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3078611225,1947741469&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/954437.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/954437.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/954437.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1366327270,1168404415&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=602
16436.url.tudown.com/uploads/images/410141.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/410141.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/410141.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=546679273,1158320852&fm=253&fmt=auto&app=138&f=JPEG?w=328&h=499
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (633)
Hash d8bf07221c2c83344350343dc809f0b1
353cc458c80d81ad6337543be3c0994ce3f91429
cc1ecf865e3c599ade3d5891090348892e6f5c19dcb527c367fa93537e5d0d14
GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 06:28:10 GMT
Etag: 52f2367f1f792b89334e44f841e32eef
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=23E92158301E058F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
16436.url.tudown.com/uploads/images/535648.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/535648.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/535648.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=17594289,4008629817&fm=253&fmt=auto&app=138&f=JPEG?w=86&h=124
img1.baidu.com/it/u=2127033273,1269795560&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=275
125.74.42.35200 OK 12 kB URL HTTP/2 img1.baidu.com/it/u=2127033273,1269795560&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=275
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 253x275, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b9cc1bd02458e669323c2418e4d3bc1a
454f2ab6b8abda5f5a76aa90385fee4648f87ed9
790acce82344d2227bb49bb3471675288f7025e559a21030bc3573438033c416
GET /it/u=2127033273,1269795560&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=275 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 12532
expires: Tue, 21 Feb 2023 02:21:47 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: b9cc1bd02458e669323c2418e4d3bc1a
age: 85861
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 02:21:47 GMT
ohc-cache-hit: lz3ct78 [4], czix197 [4]
ohc-file-size: 12532
x-cache-status: HIT
X-Firefox-Spdy: h2
pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=1748628152&s2=1299277191<u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&dc=3&ti=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675492124&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675492125&dtm=HTML_POST&tpr=1675492124558&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=e68ae01f2890ce28&fpt=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457&dft=0&ft=1
182.61.200.109200 OK 15 kB URL HTTP/2 pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=1748628152&s2=1299277191<u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&dc=3&ti=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675492124&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675492125&dtm=HTML_POST&tpr=1675492124558&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=e68ae01f2890ce28&fpt=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457&dft=0&ft=1
IP 182.61.200.109:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (37451)
Hash 5e3d652b2220456f8df721869aab082e
91978eb25d98826a5e7ef5e9f99c2b4059e81073
beef541a43a91113d7e3d1fbbcd64b4b742fd64911f3ff56baf9fe5bece3fbe5
GET /s?wid=890&hei=200&di=u5039524&s1=1748628152&s2=1299277191<u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&dc=3&ti=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88&ps=2136x34&drs=1&pcs=1268x939&pss=1268x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675492124&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675492125&dtm=HTML_POST&tpr=1675492124558&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=e68ae01f2890ce28&fpt=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 06:28:11 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 14:28:11 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=8C2188EF5C59E9CAEB3E013B96AADC29:FG=1; expires=Sun, 04-Feb-54 06:28:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 14625
X-Firefox-Spdy: h2
api.share.baidu.com/s.gif?l=http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
182.61.201.94200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
IP 182.61.201.94:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 06:28:11 GMT
t13.baidu.com/it/u=2658501682,2504071862&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 50 kB URL HTTP/1.1 t13.baidu.com/it/u=2658501682,2504071862&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash c84070101a45075cbf361879465ab35e
81aba823b1dc0668e5ffa70fab3bf7705cdc8625
d96f37cfcddda6fe8e631aeae5d7e6895c94b124cbed6fc85fcc40c697c7340d
GET /it/u=2658501682,2504071862&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 50219
Connection: keep-alive
Expires: Fri, 10 Feb 2023 20:55:06 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: c84070101a45075cbf361879465ab35e
Age: 2020151
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 20:55:05 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache54 [1], czix108 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 50219
X-Cache-Status: HIT
Timing-Allow-Origin: *
union2.50bang.org/web/duoteall?uId2=QUTSSURKWP&r=&fBL=1280*1024
180.101.190.124200 OK 0 B URL HTTP/1.1 union2.50bang.org/web/duoteall?uId2=QUTSSURKWP&r=&fBL=1280*1024
IP 180.101.190.124:0
ASN #138950 Jiangsu Wuxi International IDC network
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/duoteall?uId2=QUTSSURKWP&r=&fBL=1280*1024 HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: uidFlag=1; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uUid=4CA463DDFAFB0008BFF6C2780000; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTL=1; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTT=1675492091; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Length: 0
Content-Type: text/plain; charset=utf-8
t13.baidu.com/it/u=2409478391,1921956330&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 43 kB URL HTTP/1.1 t13.baidu.com/it/u=2409478391,1921956330&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash c60bb28d978bacc8888b8d6ad408269a
af194acfe38fbb89d9de269d34fa433ae17b6772
cabce0a7f1f2693898c6ccfa461b8ee294cd8ced5fa6e36d904471372145c630
GET /it/u=2409478391,1921956330&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 42669
Connection: keep-alive
Expires: Thu, 23 Feb 2023 06:34:10 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: c60bb28d978bacc8888b8d6ad408269a
Age: 352543
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 06:34:10 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache51 [1], qdix51 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 42669
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=3701745270,5465264&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
125.74.42.35200 OK 36 kB URL HTTP/2 img1.baidu.com/it/u=3701745270,5465264&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9399d09208dd19889f804e0a828dd1b7
78d52e518aec2f976d395d752f7408181e51dc05
5e08fd8f01fcc36423567700d31526110d7de6503588da7ad749b113b7d48a79
GET /it/u=3701745270,5465264&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 36118
expires: Thu, 23 Feb 2023 13:16:35 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 9399d09208dd19889f804e0a828dd1b7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 13:16:35 GMT
ohc-cache-hit: lz3ct87 [1], xiangyix87 [2]
ohc-file-size: 36118
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/473612.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/473612.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/473612.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1200227940,3835408566&fm=224&app=112&f=JPEG?w=500&h=492
t15.baidu.com/it/u=1200227940,3835408566&fm=224&app=112&f=JPEG?w=500&h=492
185.10.104.124200 OK 19 kB URL HTTP/1.1 t15.baidu.com/it/u=1200227940,3835408566&fm=224&app=112&f=JPEG?w=500&h=492
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x492, components 3\012- data
Hash 3dfb25b6a5ff2485a4d056141282ef1d
b7ad601910d0ed92404fbd7d4e80da1c7a782db4
d0fbb65e3f6245f314231aca7d9adaa7950c6f3ed4f42af5430ff7fad68b299f
GET /it/u=1200227940,3835408566&fm=224&app=112&f=JPEG?w=500&h=492 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 19449
Connection: keep-alive
Expires: Sun, 05 Feb 2023 03:43:00 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 3dfb25b6a5ff2485a4d056141282ef1d
Age: 2093207
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 03:43:00 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache56 [4], wzix56 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 19449
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=2454068334,1338437974&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=752
114.232.92.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=2454068334,1338437974&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=752
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x752, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f540ae77c39d61762fd3515aede313d3
b41f4a4e29fdbb6d0766235725b6d6c5048b3af3
6344cd2f4765545f3b558a0d64f8c78e623ef4f76566d320682bfc1e8d8f6d35
GET /it/u=2454068334,1338437974&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=752 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 17616
expires: Mon, 06 Mar 2023 06:28:11 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: f540ae77c39d61762fd3515aede313d3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 06:28:11 GMT
ohc-cache-hit: nt2ct81 [1], xiangyix97 [2]
ohc-file-size: 17616
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=546679273,1158320852&fm=253&fmt=auto&app=138&f=JPEG?w=328&h=499
182.106.158.35200 OK 14 kB URL HTTP/2 img2.baidu.com/it/u=546679273,1158320852&fm=253&fmt=auto&app=138&f=JPEG?w=328&h=499
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 328x499, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 64b8cb7e031ad8fdd3d723a07b8a9885
1dd74bb6ede6bcaf8eff4fa0faca4dcd2ac5444b
c956ea84ca1b12cbc85ca898c98769efa69ad2c04bb521ea71d880904ced53f8
GET /it/u=546679273,1158320852&fm=253&fmt=auto&app=138&f=JPEG?w=328&h=499 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 13796
expires: Fri, 17 Feb 2023 07:41:48 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 64b8cb7e031ad8fdd3d723a07b8a9885
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 07:41:48 GMT
ohc-cache-hit: jjct63 [1], xaix63 [4]
ohc-file-size: 13796
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/482534.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/482534.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/482534.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3635528940,2536455021&fm=253&fmt=auto&app=138&f=JPEG?w=641&h=304
16436.url.tudown.com/uploads/images/448203.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/448203.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/448203.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1595653819,412888096&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=816
16436.url.tudown.com/uploads/images/898237.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/898237.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/898237.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3917054646,421632753&fm=224&app=112&f=PNG?w=500&h=500
16436.url.tudown.com/uploads/images/795641.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/795641.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/795641.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3893129934,3957262186&fm=224&app=112&f=JPEG?w=500&h=500
img1.baidu.com/it/u=17594289,4008629817&fm=253&fmt=auto&app=138&f=JPEG?w=86&h=124
125.74.42.35200 OK 2.4 kB URL HTTP/2 img1.baidu.com/it/u=17594289,4008629817&fm=253&fmt=auto&app=138&f=JPEG?w=86&h=124
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 86x124, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 27f8dd4ff140cbb111ef9453415c0d86
9c6e4581f56236355276143856cd6f86815e9f65
e4324396f4c04a0ade4c205d051960e18f3a0ad579963be3d313c963ae62ea12
GET /it/u=17594289,4008629817&fm=253&fmt=auto&app=138&f=JPEG?w=86&h=124 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 2384
expires: Sun, 19 Feb 2023 18:02:48 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 27f8dd4ff140cbb111ef9453415c0d86
age: 47734
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 18:02:48 GMT
ohc-cache-hit: lz3ct89 [4], czix172 [4]
ohc-file-size: 2384
x-cache-status: HIT
X-Firefox-Spdy: h2
t15.baidu.com/it/u=3893129934,3957262186&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 40 kB URL HTTP/1.1 t15.baidu.com/it/u=3893129934,3957262186&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash fcc784a4a5f0c8ad53a9f10ada2d6104
b8398fa466fe5eadb0626f977d077fcacff2e302
bc60547558a20a8c3ffd8f2e3d0a40e2dc49acec2c3360661a33b1f25f7adcf0
GET /it/u=3893129934,3957262186&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 39770
Connection: keep-alive
Expires: Fri, 17 Feb 2023 14:12:20 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: fcc784a4a5f0c8ad53a9f10ada2d6104
Age: 1394589
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 14:12:19 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache57 [1], qdix240 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39770
X-Cache-Status: HIT
Timing-Allow-Origin: *
img1.baidu.com/it/u=1366327270,1168404415&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=602
125.74.42.35200 OK 32 kB URL HTTP/2 img1.baidu.com/it/u=1366327270,1168404415&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=602
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x602, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ec24ee60f2ff78e1b5a0a86fa92904af
d882ec00fd91467c36322f1a22a3c81deb3740f5
5cc4b497b42811e280019f5983ec5cdcb72f6741977bff9a5f636f211589f4f5
GET /it/u=1366327270,1168404415&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=602 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:11 GMT
content-type: image/webp
content-length: 31918
expires: Sun, 12 Feb 2023 18:36:22 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: ec24ee60f2ff78e1b5a0a86fa92904af
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 18:36:22 GMT
ohc-cache-hit: lz3ct50 [1], suzix248 [4]
ohc-file-size: 31918
x-cache-status: MISS
X-Firefox-Spdy: h2
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1332558839&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24316&r=0&ww=1280&u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&tt=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1332558839&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24316&r=0&ww=1280&u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&tt=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1332558839&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24316&r=0&ww=1280&u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&tt=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 06:28:11 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=48326CABA9C092E4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
16436.url.tudown.com/uploads/images/561117.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/561117.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/561117.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=351198715,1666153154&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753
t15.baidu.com/it/u=3078611225,1947741469&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 49 kB URL HTTP/1.1 t15.baidu.com/it/u=3078611225,1947741469&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 495b11499e74055c774e4f822748d053
2f267d1e4b576b894acae4d681470947d4fddb5f
ba1214e35516dc0f74a97cf861e18a66bf8c1164c29b37c25c93f9bc136a9990
GET /it/u=3078611225,1947741469&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 48975
Connection: keep-alive
Expires: Sat, 04 Feb 2023 13:24:42 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 495b11499e74055c774e4f822748d053
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 13:24:42 GMT
Ohc-Upstream-Trace: 58.216.2.246; 58.20.204.62
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [1], zhuzuncache62 [1], czix246 [4]
Ohc-Response-Time: 1 0 0 0 378 378
Ohc-File-Size: 48975
X-Cache-Status: MISS
Timing-Allow-Origin: *
img0.baidu.com/it/u=1243166482,3429621805&fm=253&app=120&f=JPEG?w=1280&h=800
114.232.92.35200 OK 129 kB URL HTTP/1.1 img0.baidu.com/it/u=1243166482,3429621805&fm=253&app=120&f=JPEG?w=1280&h=800
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 129 kB (129404 bytes)
Hash 0be32fd4735e32663be33b2cd40bd8f8
0f7f82846ca5b42b3a55ba6a9e7f17a22bba8f81
a04c025d2c28156abce693a2a5eafde0b8a2cf48577c1f47b41d1d0069ce8ddf
GET /it/u=1243166482,3429621805&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:11 GMT
Content-Type: image/jpeg
Content-Length: 129404
Connection: keep-alive
Expires: Tue, 14 Feb 2023 12:39:17 GMT
Last-Modified: Fri, 16 Jan 1970 00:00:00 GMT
ETag: 0be32fd4735e32663be33b2cd40bd8f8
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 12:39:17 GMT
Ohc-Cache-HIT: nt2ct63 [1], xaix63 [2]
Ohc-File-Size: 129404
X-Cache-Status: MISS
16436.url.tudown.com/uploads/images/420555.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/420555.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/420555.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2752885440,3125980484&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=2967992880&s2=1792275459<u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&dc=3&ti=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675492124&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675492125&dtm=HTML_POST&tpr=1675492124558&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=e68ae01f2890ce28&fpt=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457&dft=0&ft=1
182.61.200.109200 OK 13 kB URL HTTP/2 pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=2967992880&s2=1792275459<u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&dc=3&ti=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675492124&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675492125&dtm=HTML_POST&tpr=1675492124558&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=e68ae01f2890ce28&fpt=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457&dft=0&ft=1
IP 182.61.200.109:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6856)
Hash 447244b1caf3d61ba58e43fe467da335
05425c9fc26e0fffb3b2e7ff92cd23ecf7c12a25
4b540e973c38912d69c9b2d073c0decae0e749ec61edc658e91ba0ebc09e29a6
GET /s?wid=910&hei=120&di=u4965894&s1=2967992880&s2=1792275459<u=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&dc=3&ti=ag%E5%A8%81%E5%B0%BC%E6%96%AF-%E5%B9%B3%E5%8F%B0%E6%9C%80%E6%96%B0%E4%B8%8B%E8%BD%BD%C2%B7%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0iOS%2F%E5%AE%89%E5%8D%93%E5%AE%98%E6%96%B9%E7%89%88&ps=1802x34&drs=1&pcs=1268x939&pss=1268x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675492124&psr=1280x1024&par=1280x1002&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675492125&dtm=HTML_POST&tpr=1675492124558&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=e68ae01f2890ce28&fpt=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 06:28:11 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 14:28:11 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=8C2188EF5C59E9CAEC2E319FAEF6E0CA:FG=1; expires=Sun, 04-Feb-54 06:28:11 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 13067
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3635528940,2536455021&fm=253&fmt=auto&app=138&f=JPEG?w=641&h=304
114.232.92.35200 OK 24 kB URL HTTP/2 img0.baidu.com/it/u=3635528940,2536455021&fm=253&fmt=auto&app=138&f=JPEG?w=641&h=304
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 641x304, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 56ff51405126934a61f544da946201e5
611dea7c0e26bcfbcb038f4308e69f9cf36ee925
b5cedd63e311eed0caae8ff71a9c7916cf0b841ae2ec9a597bacd6c68f28e6b2
GET /it/u=3635528940,2536455021&fm=253&fmt=auto&app=138&f=JPEG?w=641&h=304 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 23584
expires: Mon, 20 Feb 2023 03:41:12 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 56ff51405126934a61f544da946201e5
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 03:41:12 GMT
ohc-cache-hit: nt2ct83 [1], czix207 [2]
ohc-file-size: 23584
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=1595653819,412888096&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=816
114.232.92.35200 OK 11 kB URL HTTP/2 img0.baidu.com/it/u=1595653819,412888096&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=816
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x816, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 626918cb428a36b5ec20452910eba433
ce3498064db7677c5d2d1578286280fd6405933a
c0c4164cf091a78b43a711a284f066bd6413526104e8caf344ea67a2fa767219
GET /it/u=1595653819,412888096&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=816 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 10820
expires: Sat, 04 Feb 2023 13:24:40 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 626918cb428a36b5ec20452910eba433
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 05 Jan 2023 13:24:40 GMT
ohc-cache-hit: nt2ct51 [1], xaix51 [4]
ohc-file-size: 10820
x-cache-status: MISS
X-Firefox-Spdy: h2
cpro.baidustatic.com/cpro/ui/pr.js
220.169.152.35200 OK 191 B URL HTTP/1.1 cpro.baidustatic.com/cpro/ui/pr.js
IP 220.169.152.35:0
File type ASCII text, with CRLF line terminators
Hash 48bbe750b892850b181762bf739e10dd
716574fe9afcde8faef513b16d6867cb07afe626
e538c894cae59538764a334e2cf2bc02e53fa6a9e4efebcd251bc5da82fa2158
GET /cpro/ui/pr.js HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 04 Feb 2023 07:10:44 GMT
Last-Modified: Wed, 31 Aug 2022 02:55:38 GMT
ETag: "630ecdaa-ff"
Cache-Control: max-age=3600
Content-Encoding: gzip
Age: 1048
Accept-Ranges: bytes
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 06:10:44 GMT
Ohc-Cache-HIT: yy2ct64 [2], wzix64 [1]
Ohc-File-Size: 191
X-Cache-Status: HIT
16436.url.tudown.com/uploads/images/601747.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/601747.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/601747.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2162655386,1343717650&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/609120.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/609120.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/609120.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
16436.url.tudown.com/uploads/images/990113.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/990113.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/990113.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2865566558,2849015564&fm=253&fmt=auto&app=138&f=PNG?w=400&h=265
16436.url.tudown.com/uploads/images/627288.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/627288.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/627288.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=568422565,4041252287&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
t13.baidu.com/it/u=2162655386,1343717650&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 47 kB URL HTTP/1.1 t13.baidu.com/it/u=2162655386,1343717650&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash c3cc02f5c7bc1ef778e8c5f6b23f2032
9787e7675aa9c1b73b97a80dfd098b926cfe8438
4370dc238ccfbf4f5cc17f00fefdd7df2ce0e0af1c996b6a96d0f2cc8284b85e
GET /it/u=2162655386,1343717650&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpeg
Content-Length: 47245
Connection: keep-alive
Expires: Fri, 10 Feb 2023 09:33:21 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: c3cc02f5c7bc1ef778e8c5f6b23f2032
Age: 2025275
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 09:33:21 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache51 [4], bdix106 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 47245
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=351198715,1666153154&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753
182.106.158.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=351198715,1666153154&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x753, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 39eba2d8c55648bfb4518dd4bcf8af5d
24dc3980642e421ee7d1aa8c3c38066af65f7320
873feb7b459d6360c55c1f6556e8090f672000a30a306601de966d59cda1f7c0
GET /it/u=351198715,1666153154&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 29952
expires: Sat, 18 Feb 2023 11:13:41 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 39eba2d8c55648bfb4518dd4bcf8af5d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 11:13:41 GMT
ohc-cache-hit: jjct56 [1], wzix80 [2]
ohc-file-size: 29952
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/663917.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/663917.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/663917.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2656759243,1975335368&fm=224&app=112&f=JPEG?w=350&h=350
img2.baidu.com/it/u=2752885440,3125980484&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
182.106.158.35200 OK 30 kB URL HTTP/2 img2.baidu.com/it/u=2752885440,3125980484&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x667, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c2d96e424f0dddc27e4d7705197cfcb3
b1ddd6d8495c19abce6e2cd6d3730542c440308e
c69cf10dec1efdda55dbce1f24bd7bdbdf895f9d4acf0a772b0086fbabaf4b25
GET /it/u=2752885440,3125980484&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 30222
expires: Mon, 27 Feb 2023 14:52:42 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: c2d96e424f0dddc27e4d7705197cfcb3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 28 Jan 2023 14:52:42 GMT
ohc-cache-hit: jjct50 [1], xaix194 [4]
ohc-file-size: 30222
x-cache-status: MISS
X-Firefox-Spdy: h2
t15.baidu.com/it/u=2656759243,1975335368&fm=224&app=112&f=JPEG?w=350&h=350
185.10.104.124200 OK 23 kB URL HTTP/1.1 t15.baidu.com/it/u=2656759243,1975335368&fm=224&app=112&f=JPEG?w=350&h=350
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Hash feadf5938f423a0331fd442390a8714a
15abfe8ee4b1c3ee800e932f1a6dec407158ece5
6bf29fe250ab4f4de0df04c4380ae0b9d5705a15ce28039b0fabe3b31e1fe057
GET /it/u=2656759243,1975335368&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpeg
Content-Length: 22628
Connection: keep-alive
Expires: Fri, 24 Feb 2023 10:44:08 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: feadf5938f423a0331fd442390a8714a
Age: 706070
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 10:44:08 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache63 [4], czix189 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 22628
X-Cache-Status: HIT
Timing-Allow-Origin: *
16436.url.tudown.com/uploads/images/818908.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/818908.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/818908.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2995719633,3458213901&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375
img0.baidu.com/it/u=1089538976,1066714642&fm=253&app=120&f=JPEG?w=1280&h=800
114.232.92.35200 OK 141 kB URL HTTP/1.1 img0.baidu.com/it/u=1089538976,1066714642&fm=253&app=120&f=JPEG?w=1280&h=800
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 141 kB (140822 bytes)
Hash 8e54f7fb8d7e45693e47a4ffa0b78b49
cc52352aea8ff27aadf47e515dfc80465944b0b8
6ad36af3d6d54b0f31aa5b900f128f32a2f9e720212cddcf9241288848e7d766
GET /it/u=1089538976,1066714642&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpeg
Content-Length: 140822
Connection: keep-alive
Expires: Fri, 10 Feb 2023 07:13:07 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 8e54f7fb8d7e45693e47a4ffa0b78b49
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 07:13:07 GMT
Ohc-Cache-HIT: nt2ct69 [2], bdix116 [2]
Ohc-File-Size: 140822
X-Cache-Status: MISS
bdcode.2345.com/swtqusc.js
42.81.8.130200 OK 4.0 kB URL HTTP/1.1 bdcode.2345.com/swtqusc.js
IP 42.81.8.130:0
File type ASCII text, with very long lines (11438), with no line terminators
Hash 4927ec7cf61077c3cb553d1e91fbe407
81cecb6db2e670675c9bdac9c8c9225b987262cc
439bad0c6b3cec8c27d7bd369cf89917af4deec831c07836e4e1d265113a641c
Analyzer Verdict Alert fortinet Malware
GET /swtqusc.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/
HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 4034
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 07:28:12 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c20226dcdbdb37e3-143
Server: yunjiasu
img2.baidu.com/it/u=568422565,4041252287&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
182.106.158.35200 OK 34 kB URL HTTP/2 img2.baidu.com/it/u=568422565,4041252287&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f981d676c8182524735ef520e6a9abf7
a3a162cb48e87e406310026ee246d4fe0164244c
a8ca670e20600edddcb4255d8f008f54f19101fd9e2f9dec5ecdfa941c0d3284
GET /it/u=568422565,4041252287&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 34242
expires: Tue, 21 Feb 2023 04:42:38 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: f981d676c8182524735ef520e6a9abf7
age: 144255
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:42:38 GMT
ohc-cache-hit: jjct59 [4], qdix93 [4]
ohc-file-size: 34242
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
125.74.42.35200 OK 111 kB URL HTTP/1.1 img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
IP 125.74.42.35:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size 111 kB (111157 bytes)
Hash 8f1fb5b2ead96639354dcdcd82a255a6
a587768d2d02dc3404034d2c5abdb53fbec97327
4055c62c892a58617e991a9b5191e28d4d9eabc58ffc3e65db3cdc61b5ea83c3
GET /it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpeg
Content-Length: 111157
Connection: keep-alive
Expires: Sun, 26 Feb 2023 11:36:48 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 8f1fb5b2ead96639354dcdcd82a255a6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 11:36:48 GMT
Ohc-Cache-HIT: lz3ct88 [1], qdix99 [4]
Ohc-File-Size: 111157
X-Cache-Status: MISS
16436.url.tudown.com/uploads/images/184139.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/184139.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/184139.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=579643621,2404439248&fm=253&fmt=auto&app=138&f=GIF?w=283&h=500
bdcode.2345.com/js/logo/css/logo-sm.css
42.81.8.130200 OK 783 B URL HTTP/2 bdcode.2345.com/js/logo/css/logo-sm.css
IP 42.81.8.130:0
File type ASCII text, with very long lines (2128), with no line terminators
Hash 621b3563f1231de3a058fa25980064be
c2575c8110cbaba0c87c543fabf7c592789ad67f
37944a5c3981b16d6a498a7dc9427edcd64c1752e6728c5323525bc400efc8d6
GET /js/logo/css/logo-sm.css HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: text/css
date: Sat, 04 Feb 2023 06:28:12 GMT
etag: W/"639b0691-850"
expires: Sat, 04 Feb 2023 07:28:12 GMT
last-modified: Thu, 15 Dec 2022 11:35:45 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c20226dd9b5137df-143
content-length: 783
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/147815.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/147815.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/147815.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3341666169,737467469&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
16436.url.tudown.com/uploads/images/865174.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/865174.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/865174.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1420242874,3182614276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
16436.url.tudown.com/uploads/images/327523.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/327523.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/327523.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800
img2.baidu.com/it/u=2865566558,2849015564&fm=253&fmt=auto&app=138&f=PNG?w=400&h=265
182.106.158.35200 OK 10 kB URL HTTP/2 img2.baidu.com/it/u=2865566558,2849015564&fm=253&fmt=auto&app=138&f=PNG?w=400&h=265
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x265, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4a84920b13906b834ae6b5635b14c107
9e9a0e691f7564d1c9b0236f23522f7feac83f5c
d58797d6f6136d97f8c801a7b4f980a98fd7d82e3f8fe75a345b936067b6ea6e
GET /it/u=2865566558,2849015564&fm=253&fmt=auto&app=138&f=PNG?w=400&h=265 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 10528
expires: Sun, 19 Feb 2023 17:50:10 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 4a84920b13906b834ae6b5635b14c107
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 17:50:10 GMT
ohc-cache-hit: jjct68 [1], bdix231 [4]
ohc-file-size: 10528
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022
185.10.104.124200 OK 25 kB URL HTTP/1.1 t14.baidu.com/it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 352x500, components 3\012- data
Hash 2745aff0b40c1ae9b9124ed0e9e1a33e
fb17dbecf7c5f357a0c6872e8ece17f2ced4186b
537aa4a2c3d819025714c5961d488aab38ee24885d08ab1eaa2cfc8e50b4789e
GET /it/u=1352737939,1322848535&fm=224&app=112&f=JPG?w=352&h=500&s=F590CB395102DF4D468461F70300C022 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpeg
Content-Length: 25406
Connection: keep-alive
Expires: Mon, 20 Feb 2023 16:20:45 GMT
Last-Modified: Mon, 19 Jan 1970 00:00:00 GMT
ETag: 2745aff0b40c1ae9b9124ed0e9e1a33e
Age: 1050405
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 16:20:44 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache55 [1], qdix70 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 25406
X-Cache-Status: HIT
Timing-Allow-Origin: *
sofire.baidu.com/h5/t/8800
36.110.192.156204 No Content 0 B URL HTTP/2 sofire.baidu.com/h5/t/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://16436.url.tudown.com/
Origin: http://16436.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://16436.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 06:28:12 GMT
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/372317.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/372317.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/372317.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3356785195,383843606&fm=224&app=112&f=JPEG?w=377&h=500
sofire.baidu.com/h5/e/8800
36.110.192.156204 No Content 0 B URL HTTP/2 sofire.baidu.com/h5/e/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /h5/e/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://16436.url.tudown.com/
Origin: http://16436.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://16436.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 06:28:12 GMT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=2078535656,3630720503&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=370
125.74.42.35200 OK 0 B URL HTTP/2 img1.baidu.com/it/u=2078535656,3630720503&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=370
IP 125.74.42.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /it/u=2078535656,3630720503&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=370 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:10 GMT
content-type: image/webp
content-length: 29896
expires: Fri, 24 Feb 2023 02:52:53 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 3b69265928da377aca55b7ecc1e824e2
age: 3386
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 02:52:53 GMT
ohc-cache-hit: lz3ct57 [4], xaix57 [4]
ohc-file-size: 29896
x-cache-status: HIT
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/278467.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/278467.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/278467.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
182.106.158.35200 OK 4.5 kB URL HTTP/2 cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type PNG image data, 44 x 984, 8-bit colormap, non-interlaced\012- data
Hash 3e2d110dd13ae372eac3c04347687487
666c77091671206a1ee7202bfa821afa63dfed94
4b86aeb9d139835e6517cef965d3442d8efca774abc2d6befc580ec63aace62e
GET /cpro/ui/noexpire/img/2.0.0/native_ad.png HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/png
content-length: 4514
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 01 Apr 2022 07:05:03 GMT
etag: "6246a41f-11a2"
cache-control: max-age=315360000
age: 3654250
accept-ranges: bytes
timing-allow-origin: *
ohc-global-saved-time: Tue, 21 Jun 2022 04:49:12 GMT
ohc-cache-hit: jjct60 [2], wzix60 [2]
ohc-file-size: 4514
x-cache-status: HIT
X-Firefox-Spdy: h2
img1.baidu.com/it/u=579643621,2404439248&fm=253&fmt=auto&app=138&f=GIF?w=283&h=500
125.74.42.35200 OK 79 kB URL HTTP/2 img1.baidu.com/it/u=579643621,2404439248&fm=253&fmt=auto&app=138&f=GIF?w=283&h=500
IP 125.74.42.35:0
File type GIF image data, version 89a, 283 x 500\012- data
Hash fcacab983bc124e51629282dc558c41e
9282042882dbf7b6e4e1d4b137c0d577ddca232b
18ac316b32e4cfeaa1bca64e009822b1b215c99eb64214c3cc0ea53ea3ca9613
GET /it/u=579643621,2404439248&fm=253&fmt=auto&app=138&f=GIF?w=283&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/gif
content-length: 79120
expires: Fri, 24 Feb 2023 03:03:59 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: fcacab983bc124e51629282dc558c41e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:03:59 GMT
ohc-cache-hit: lz3ct77 [1], suzix178 [2]
ohc-file-size: 79120
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/886099.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/886099.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/886099.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2972669789,3054849935&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
16436.url.tudown.com/uploads/images/128956.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/128956.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/128956.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500
16436.url.tudown.com/uploads/images/923981.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/923981.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/923981.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1942069330,4217000948&fm=224&app=112&f=JPEG?w=500&h=500
img0.baidu.com/it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800
114.232.92.35200 OK 51 kB URL HTTP/2 img0.baidu.com/it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ffaf3f25bcc613fc1a7d72dbc4987311
aa63a937ab38ed27de33715a0144dfb314728355
642353541b3a3e215024a44fef740d491e88a53719cec5558ec58e1a703ae8cc
GET /it/u=2968958125,1640617454&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:12 GMT
content-type: image/webp
content-length: 50684
expires: Mon, 20 Feb 2023 08:55:54 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: ffaf3f25bcc613fc1a7d72dbc4987311
age: 161341
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 08:55:54 GMT
ohc-cache-hit: nt2ct72 [4], bdix173 [4]
ohc-file-size: 50684
x-cache-status: HIT
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/586775.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/586775.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/586775.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2429010799,3561828575&fm=253&app=120&f=JPEG?w=800&h=1280
t15.baidu.com/it/u=1942069330,4217000948&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 36 kB URL HTTP/1.1 t15.baidu.com/it/u=1942069330,4217000948&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 44080981f7ebb095e44ade69eecbc136
2372b2fb9cc6325f0cbbefac1f74e309a38d3d06
266d3f79854a4cd4198a69a805381652527596ec2b220b4695b72d356f27ccb2
GET /it/u=1942069330,4217000948&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpeg
Content-Length: 35951
Connection: keep-alive
Expires: Sun, 05 Feb 2023 23:59:39 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 44080981f7ebb095e44ade69eecbc136
Age: 2019270
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 23:59:39 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache53 [4], csix66 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 35951
X-Cache-Status: HIT
Timing-Allow-Origin: *
img2.baidu.com/it/u=2995719633,3458213901&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375
182.106.158.35200 OK 21 kB URL HTTP/1.1 img2.baidu.com/it/u=2995719633,3458213901&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x375, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b194ab16c60fcbceb5e407805b0e4213
f63a36bb798eab4bfda8a76edfeecafbe4ddfab7
39f21f94814b934891631c7d2a1bd12ec0c26ae681ab421901a4175f53c26c8b
GET /it/u=2995719633,3458213901&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/webp
Content-Length: 20690
Connection: keep-alive
Expires: Sat, 04 Feb 2023 08:01:58 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: b194ab16c60fcbceb5e407805b0e4213
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 08:01:57 GMT
Ohc-Cache-HIT: jjct69 [1], bdix69 [4]
Ohc-File-Size: 20690
X-Cache-Status: MISS
t13.baidu.com/it/u=3356785195,383843606&fm=224&app=112&f=JPEG?w=377&h=500
185.10.104.124200 OK 47 kB URL HTTP/1.1 t13.baidu.com/it/u=3356785195,383843606&fm=224&app=112&f=JPEG?w=377&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 377x500, components 3\012- data
Hash 3e941ef0a7800a22d891270af759db2d
f6f7c5a4ed373c9b526a6ffea37410804d3c617b
5baeb01878cfd016f788772691b558e041d4c0795cd210a29aed52e3d7485ba9
GET /it/u=3356785195,383843606&fm=224&app=112&f=JPEG?w=377&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpeg
Content-Length: 46929
Connection: keep-alive
Expires: Sat, 25 Feb 2023 10:30:13 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 3e941ef0a7800a22d891270af759db2d
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 26 Jan 2023 10:30:13 GMT
Ohc-Upstream-Trace: 111.177.6.127; 58.20.204.55
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache55 [2], xiangyix127 [4]
Ohc-Response-Time: 1 0 0 0 273 274
Ohc-File-Size: 46929
X-Cache-Status: MISS
Timing-Allow-Origin: *
sofire.baidu.com/h5/e/8800
36.110.192.156200 OK 77 B URL HTTP/2 sofire.baidu.com/h5/e/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
File type JSON data\012- , ASCII text, with no line terminators
Hash 60734012ded2d8c359f754b97ee72b5c
f0c1e57a4b1349fc50a9f7029c97eb916ee05cfe
2eae4324c4c86164f35558a7165fa1eaee648f94293fa2500ecb15fe137d458a
POST /h5/e/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
X-Bdh5-Pf: 1
Origin: http://16436.url.tudown.com
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://16436.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
content-type: application/json; charset=utf-8
date: Sat, 04 Feb 2023 06:28:13 GMT
content-length: 77
X-Firefox-Spdy: h2
img2.baidu.com/it/u=1420242874,3182614276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
182.106.158.35200 OK 16 kB URL HTTP/2 img2.baidu.com/it/u=1420242874,3182614276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 27fa8dbb7523676be1555ed738a20777
dd185fc6f5bb31b78bcd1b85069da17bed59eaed
10147d6120b881786022fd620a9f6ca9f05d3fb66cd2cc73fab61993ccece5e8
GET /it/u=1420242874,3182614276&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 16042
expires: Fri, 17 Feb 2023 10:41:11 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 27fa8dbb7523676be1555ed738a20777
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 10:41:11 GMT
ohc-cache-hit: jjct70 [1], qdix183 [4]
ohc-file-size: 16042
x-cache-status: MISS
X-Firefox-Spdy: h2
img2.baidu.com/it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
182.106.158.35200 OK 41 kB URL HTTP/2 img2.baidu.com/it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 64f1aace12850ab572c08d62ba4e00d0
f47683d2fea52b2b05cd63f476f359062bb4290e
96aae39170ea2c13366dbc6705e63f83c968edb2f9a7ebb96fdd1d95ee4b104c
GET /it/u=4053669815,654181212&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 41042
expires: Sun, 26 Feb 2023 09:38:00 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 64f1aace12850ab572c08d62ba4e00d0
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 09:38:00 GMT
ohc-cache-hit: jjct70 [1], xiangyix103 [4]
ohc-file-size: 41042
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/750151.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/750151.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/750151.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=102677350,2780529463&fm=253&fmt=auto&app=138&f=JPEG?w=666&h=500
16436.url.tudown.com/uploads/images/475329.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/475329.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/475329.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2735250443,3086793993&fm=253&fmt=auto&app=138&f=JPEG?w=290&h=290
wn.pos.baidu.com/adx.php?c=d25pZD1kMjJhNTJkNWIwNmZiODNlAHM9ZDIyYTUyZDViMDZmYjgzZQB0PTE2NzU0OTIwOTEAc2U9MQBidT00AHByaWNlPVk5MzYtd0FKd2R0N2pFcGdXNUlBOGsteE1QWE1UM1k2QU9aRHNnAGNoYXJnZV9wcmljZT0yNQBzaGFyaW5nX3ByaWNlPTI1MDAwAHdpbl9kc3A9NABjaG1kPTEAYmRpZD0AY3Byb2lkPQB3ZD0xMDIwNTk4NDkAdHU9dTQ5NjU4OTQAYWRjbGFzcz0wAHNyY3Q9MABwb3M9MABsb2M9NQBlaWQ9MABjYmlkPVk5MzYtd0FKd2R0N2pFcGdXNUlBOGsteE1QWE1UM1k2QU9aRHNnAGJjaG1kPTAAdG09MAB2PTEAaT1mMTRlZGU4OA
182.61.62.32200 OK 49 B URL HTTP/1.1 wn.pos.baidu.com/adx.php?c=d25pZD1kMjJhNTJkNWIwNmZiODNlAHM9ZDIyYTUyZDViMDZmYjgzZQB0PTE2NzU0OTIwOTEAc2U9MQBidT00AHByaWNlPVk5MzYtd0FKd2R0N2pFcGdXNUlBOGsteE1QWE1UM1k2QU9aRHNnAGNoYXJnZV9wcmljZT0yNQBzaGFyaW5nX3ByaWNlPTI1MDAwAHdpbl9kc3A9NABjaG1kPTEAYmRpZD0AY3Byb2lkPQB3ZD0xMDIwNTk4NDkAdHU9dTQ5NjU4OTQAYWRjbGFzcz0wAHNyY3Q9MABwb3M9MABsb2M9NQBlaWQ9MABjYmlkPVk5MzYtd0FKd2R0N2pFcGdXNUlBOGsteE1QWE1UM1k2QU9aRHNnAGJjaG1kPTAAdG09MAB2PTEAaT1mMTRlZGU4OA
IP 182.61.62.32:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /adx.php?c=d25pZD1kMjJhNTJkNWIwNmZiODNlAHM9ZDIyYTUyZDViMDZmYjgzZQB0PTE2NzU0OTIwOTEAc2U9MQBidT00AHByaWNlPVk5MzYtd0FKd2R0N2pFcGdXNUlBOGsteE1QWE1UM1k2QU9aRHNnAGNoYXJnZV9wcmljZT0yNQBzaGFyaW5nX3ByaWNlPTI1MDAwAHdpbl9kc3A9NABjaG1kPTEAYmRpZD0AY3Byb2lkPQB3ZD0xMDIwNTk4NDkAdHU9dTQ5NjU4OTQAYWRjbGFzcz0wAHNyY3Q9MABwb3M9MABsb2M9NQBlaWQ9MABjYmlkPVk5MzYtd0FKd2R0N2pFcGdXNUlBOGsteE1QWE1UM1k2QU9aRHNnAGJjaG1kPTAAdG09MAB2PTEAaT1mMTRlZGU4OA HTTP/1.1
Host: wn.pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
Content-Type: image/gif
Date: Sat, 04 Feb 2023 06:28:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: nginx
Set-Cookie: BAIDUID=39B09CFDC1F7B58E4AC53DD69C850171:FG=1; expires=Sun, 04-Feb-24 06:28:13 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
img0.baidu.com/it/u=2972669789,3054849935&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
114.232.92.35200 OK 30 kB URL HTTP/2 img0.baidu.com/it/u=2972669789,3054849935&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 77ae88df11cfd5e3ee0f28c857df7eb8
e8b091b977a4d82e01ca04d704faec757e3f9f85
31daa48d212f3177477a669a81407ef692ae142829707707768b2e54e93a2b0f
GET /it/u=2972669789,3054849935&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 30128
expires: Wed, 22 Feb 2023 06:17:47 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 77ae88df11cfd5e3ee0f28c857df7eb8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 06:17:47 GMT
ohc-cache-hit: nt2ct66 [1], bdix135 [2]
ohc-file-size: 30128
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500
114.232.92.35200 OK 59 kB URL HTTP/2 img0.baidu.com/it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 1379x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 120fd386cdb5658928d783d763f51d51
4d17c05c9fe805d79b77ccba93a0e912cc389154
1780fd0dc02e9881f8656537f281584957e79665b0948e36d2c4ca8eab2b4af8
GET /it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 58656
expires: Wed, 01 Mar 2023 08:34:46 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 120fd386cdb5658928d783d763f51d51
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 08:34:46 GMT
ohc-cache-hit: nt2ct58 [1], wzix117 [2]
ohc-file-size: 58656
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/892671.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/892671.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/892671.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2863989895,2377787208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=600
16436.url.tudown.com/uploads/images/155728.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/155728.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/155728.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3989341614,3146446391&fm=224&app=112&f=JPEG?w=500&h=500
wn.pos.baidu.com/adx.php?c=d25pZD05ZTZlMzAxYzY1ZGIwZWI5AHM9OWU2ZTMwMWM2NWRiMGViOQB0PTE2NzU0OTIwOTEAc2U9MQBidT00AHByaWNlPVk5MzYtd0FGNV9oN2pFcGdXNUlBOHFRUXVMMnU1dk1JV2xaSFlnAGNoYXJnZV9wcmljZT0yAHNoYXJpbmdfcHJpY2U9MjAwMAB3aW5fZHNwPTQAY2htZD0xAGJkaWQ9AGNwcm9pZD0Ad2Q9MTAyMDU5ODQ5AHR1PXU1MDM5NTI0AGFkY2xhc3M9MABzcmN0PTAAcG9zPTAAbG9jPTUAZWlkPTAAY2JpZD1ZOTM2LXdBRjVfaDdqRXBnVzVJQThxUVF1TDJ1NXZNSVdsWkhZZwBiY2htZD0wAHRtPTAAdj0xAGk9ZWUyZGU2NzI
182.61.62.32200 OK 49 B URL HTTP/1.1 wn.pos.baidu.com/adx.php?c=d25pZD05ZTZlMzAxYzY1ZGIwZWI5AHM9OWU2ZTMwMWM2NWRiMGViOQB0PTE2NzU0OTIwOTEAc2U9MQBidT00AHByaWNlPVk5MzYtd0FGNV9oN2pFcGdXNUlBOHFRUXVMMnU1dk1JV2xaSFlnAGNoYXJnZV9wcmljZT0yAHNoYXJpbmdfcHJpY2U9MjAwMAB3aW5fZHNwPTQAY2htZD0xAGJkaWQ9AGNwcm9pZD0Ad2Q9MTAyMDU5ODQ5AHR1PXU1MDM5NTI0AGFkY2xhc3M9MABzcmN0PTAAcG9zPTAAbG9jPTUAZWlkPTAAY2JpZD1ZOTM2LXdBRjVfaDdqRXBnVzVJQThxUVF1TDJ1NXZNSVdsWkhZZwBiY2htZD0wAHRtPTAAdj0xAGk9ZWUyZGU2NzI
IP 182.61.62.32:0
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ed280a0ea3cc38f3cbbc747acfbef47d
6bdcb32ee75e957a5085c010f4dfd0c716bfdadc
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
GET /adx.php?c=d25pZD05ZTZlMzAxYzY1ZGIwZWI5AHM9OWU2ZTMwMWM2NWRiMGViOQB0PTE2NzU0OTIwOTEAc2U9MQBidT00AHByaWNlPVk5MzYtd0FGNV9oN2pFcGdXNUlBOHFRUXVMMnU1dk1JV2xaSFlnAGNoYXJnZV9wcmljZT0yAHNoYXJpbmdfcHJpY2U9MjAwMAB3aW5fZHNwPTQAY2htZD0xAGJkaWQ9AGNwcm9pZD0Ad2Q9MTAyMDU5ODQ5AHR1PXU1MDM5NTI0AGFkY2xhc3M9MABzcmN0PTAAcG9zPTAAbG9jPTUAZWlkPTAAY2JpZD1ZOTM2LXdBRjVfaDdqRXBnVzVJQThxUVF1TDJ1NXZNSVdsWkhZZwBiY2htZD0wAHRtPTAAdj0xAGk9ZWUyZGU2NzI HTTP/1.1
Host: wn.pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 49
Content-Type: image/gif
Date: Sat, 04 Feb 2023 06:28:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: nginx
Set-Cookie: BAIDUID=DB7629848969FB2ECDA24C6536798510:FG=1; expires=Sun, 04-Feb-24 06:28:13 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
16436.url.tudown.com/uploads/images/230958.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/230958.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/230958.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2781183149,676470470&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
16436.url.tudown.com/uploads/images/386118.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/386118.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/386118.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1392016874,2093954953&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=639
img0.baidu.com/it/u=2735250443,3086793993&fm=253&fmt=auto&app=138&f=JPEG?w=290&h=290
114.232.92.35200 OK 10 kB URL HTTP/2 img0.baidu.com/it/u=2735250443,3086793993&fm=253&fmt=auto&app=138&f=JPEG?w=290&h=290
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 290x290, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f52c28b9c8be366be75820efa58fb64a
878c14505338d0317f52f612960a61dbcf109966
123aad2dcf16155d3782b0b7a108e9eb31aef6c7f73e65e0d2e99601cb7db232
GET /it/u=2735250443,3086793993&fm=253&fmt=auto&app=138&f=JPEG?w=290&h=290 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 10192
expires: Mon, 20 Feb 2023 02:01:38 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: f52c28b9c8be366be75820efa58fb64a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 02:01:38 GMT
ohc-cache-hit: nt2ct63 [1], czix104 [2]
ohc-file-size: 10192
x-cache-status: MISS
X-Firefox-Spdy: h2
img0.baidu.com/it/u=102677350,2780529463&fm=253&fmt=auto&app=138&f=JPEG?w=666&h=500
114.232.92.35200 OK 18 kB URL HTTP/2 img0.baidu.com/it/u=102677350,2780529463&fm=253&fmt=auto&app=138&f=JPEG?w=666&h=500
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 666x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 3fe1e48034f4f38dc609e13179d92808
60d1c0d38a9fd29d59daadc763bfc1d4ab8d97e5
f99eca9c80be6deccbfb4719b4c79f9b5706bebb16ec2c165adc2272492e43df
GET /it/u=102677350,2780529463&fm=253&fmt=auto&app=138&f=JPEG?w=666&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 18390
expires: Sun, 19 Feb 2023 19:14:54 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 3fe1e48034f4f38dc609e13179d92808
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 19:14:54 GMT
ohc-cache-hit: nt2ct62 [1], csix62 [2]
ohc-file-size: 18390
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/860703.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/860703.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/860703.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=933824084,3800450290&fm=253&fmt=auto&app=138&f=JPEG?w=379&h=500
16436.url.tudown.com/uploads/images/531726.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/531726.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/531726.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2716894052,2972302306&fm=253&app=138&f=JPEG?w=500&h=634
sofire.baidu.com/h5/t/8800
36.110.192.156200 OK 591 B URL HTTP/2 sofire.baidu.com/h5/t/8800
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
File type JSON data\012- , ASCII text, with very long lines (591), with no line terminators
Hash fbd95690b9f2d77ad8613282afe4aee6
27f7549e02e8c3593f364867e6c89ac208274b25
5545044e6c807896ad0a80a78237b365d201ab53a5b8d4776dc48351ba4c2c94
POST /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: text/plain
X-Bdh5-Pf: 1
Content-Length: 3270
Origin: http://16436.url.tudown.com
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://16436.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
content-type: application/json; charset=utf-8
date: Sat, 04 Feb 2023 06:28:13 GMT
content-length: 591
X-Firefox-Spdy: h2
img2.baidu.com/it/u=2429010799,3561828575&fm=253&app=120&f=JPEG?w=800&h=1280
182.106.158.35200 OK 105 kB URL HTTP/1.1 img2.baidu.com/it/u=2429010799,3561828575&fm=253&app=120&f=JPEG?w=800&h=1280
IP 182.106.158.35:0
ASN #139201 Jiangxi Jiujiang IDC
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x1280, components 3\012- data
Size 105 kB (105364 bytes)
Hash 653f17d07c539e0c556814d66156a9a4
9023921f69544bc9cbc265ab5e718eeb1030e33b
08b3e082f22a657e56d5e18274dbd76f760ba5723f82deba94525aee1140e6de
GET /it/u=2429010799,3561828575&fm=253&app=120&f=JPEG?w=800&h=1280 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpeg
Content-Length: 105364
Connection: keep-alive
Expires: Thu, 23 Feb 2023 11:29:58 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 653f17d07c539e0c556814d66156a9a4
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 11:29:58 GMT
Ohc-Cache-HIT: jjct70 [1], wzix70 [2]
Ohc-File-Size: 105364
X-Cache-Status: MISS
img0.baidu.com/it/u=2863989895,2377787208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=600
114.232.92.35200 OK 67 kB URL HTTP/2 img0.baidu.com/it/u=2863989895,2377787208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=600
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 500x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e285d275e8176bddadf574ecdaffe6b6
c0ca9c3bda8f84aa80839198ca2bae6b6207aaa5
9af568cdbf736e5b515a19aae88f76b486365b17eb14f7be93a5ddc277224719
GET /it/u=2863989895,2377787208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=600 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 67066
expires: Fri, 10 Feb 2023 04:12:44 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: e285d275e8176bddadf574ecdaffe6b6
age: 162741
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 04:12:44 GMT
ohc-cache-hit: nt2ct60 [4], xiangyix60 [2]
ohc-file-size: 67066
x-cache-status: HIT
X-Firefox-Spdy: h2
bdsearch.2345.com/auto_ds?tgc=u&utz=Vv&ckl=bnnjWx4Ww9Ww9v0yx0WUolfWUno_iqhWUZigWw9rcXtWw9qdjfZggVpvWUuWyuw11UxuwzxWU-r-&ukd=4ONIUDMIHJ&ttv=nlo->j=vw02r3x3&uwk=u&llzu=0u3w._2ZuX000wz_&kte=v01zy3wvwz&uts=UUUYXc_oUohcihUZXffYXZe&ugk=hih-&usm=u&gzj=VvrVv&rr=v&vel=-hZi_cha&uzj=u&urz=u&vogj=vvuuvv&gjj=vw02rwzz2&kgi=v01zy3wvwyzz2&kcd=v01zy3wvwy&gifk=w&in=3x3&rek=u&umz=uWUu&ut=y&mvi=uvw3&tvt=ON9V2&riz=w<=vw2urvuuw&kz=XaW8zW42W2vW8zW5uW56W80W30W49VW8zW53W5xW8zW29W5uW80W36W2uW80W30W5uW8yW52W25W82W57W57W6wW51W81W33W55W8zW57W3zW8zW53W5xW8zW29W5ucIMWw9W8zW48W23W8zW27W3xW8zW48W32W80W30W53W81W23W22&uz=u&ji=vw2urvuwy&gjz=-02X-uv.w23uZ-w2&gj=uru&twm=u&tyz=v&wgk=LZY_LkLgpmyp+1B2jf7b2gI2RBXHGA4nKpro0/i+yStSKDfjB9kAuLdOFmd4P-AFL/tDkesjy9Z1GIzFCAiyYpIzql3yNoBB73kL-YZrMj3-LFBSYNA.t5B4Ch+5QKaJ/qbc7fBMTGrYN5agrZas5J/jhAAwg3ZCnLiPfreJo2bDrd2Z5J-2XbAYARC-NqL7JLCgrhkmBvqb62hAXmECILxuxe_f.vpphB4qoqf8t.slpIGJcryLfBetfhAJ4IIwB0-9Q-NZBPEd8i8iOr1SMI.kJY_q.SF5TyAOYkZ3APix9yspgM8I_quvFYsPDwkgO41YwD-CK0l2YL9OaxwevFr.cdfoA3k5hxAa4oLd4BDCFCPsT8SXBaEwkH5QEs5N4IoXitKlvfZmLQbv7nKoIa&uij=v&vtu=v&uiz=u
42.81.8.129200 OK 78 B URL HTTP/2 bdsearch.2345.com/auto_ds?tgc=u&utz=Vv&ckl=bnnjWx4Ww9Ww9v0yx0WUolfWUno_iqhWUZigWw9rcXtWw9qdjfZggVpvWUuWyuw11UxuwzxWU-r-&ukd=4ONIUDMIHJ&ttv=nlo->j=vw02r3x3&uwk=u&llzu=0u3w._2ZuX000wz_&kte=v01zy3wvwz&uts=UUUYXc_oUohcihUZXffYXZe&ugk=hih-&usm=u&gzj=VvrVv&rr=v&vel=-hZi_cha&uzj=u&urz=u&vogj=vvuuvv&gjj=vw02rwzz2&kgi=v01zy3wvwyzz2&kcd=v01zy3wvwy&gifk=w&in=3x3&rek=u&umz=uWUu&ut=y&mvi=uvw3&tvt=ON9V2&riz=w<=vw2urvuuw&kz=XaW8zW42W2vW8zW5uW56W80W30W49VW8zW53W5xW8zW29W5uW80W36W2uW80W30W5uW8yW52W25W82W57W57W6wW51W81W33W55W8zW57W3zW8zW53W5xW8zW29W5ucIMWw9W8zW48W23W8zW27W3xW8zW48W32W80W30W53W81W23W22&uz=u&ji=vw2urvuwy&gjz=-02X-uv.w23uZ-w2&gj=uru&twm=u&tyz=v&wgk=LZY_LkLgpmyp+1B2jf7b2gI2RBXHGA4nKpro0/i+yStSKDfjB9kAuLdOFmd4P-AFL/tDkesjy9Z1GIzFCAiyYpIzql3yNoBB73kL-YZrMj3-LFBSYNA.t5B4Ch+5QKaJ/qbc7fBMTGrYN5agrZas5J/jhAAwg3ZCnLiPfreJo2bDrd2Z5J-2XbAYARC-NqL7JLCgrhkmBvqb62hAXmECILxuxe_f.vpphB4qoqf8t.slpIGJcryLfBetfhAJ4IIwB0-9Q-NZBPEd8i8iOr1SMI.kJY_q.SF5TyAOYkZ3APix9yspgM8I_quvFYsPDwkgO41YwD-CK0l2YL9OaxwevFr.cdfoA3k5hxAa4oLd4BDCFCPsT8SXBaEwkH5QEs5N4IoXitKlvfZmLQbv7nKoIa&uij=v&vtu=v&uiz=u
IP 42.81.8.129:0
File type ASCII text, with no line terminators
Hash c71576455a493b26ad262525f2002d98
fcdfc69cb0da1894f1a375dc31c1336d40ef9030
9d50d2716b30cf73021cad195338fd90430a4323a91b37b1b7d5abaa20b5a376
GET /auto_ds?tgc=u&utz=Vv&ckl=bnnjWx4Ww9Ww9v0yx0WUolfWUno_iqhWUZigWw9rcXtWw9qdjfZggVpvWUuWyuw11UxuwzxWU-r-&ukd=4ONIUDMIHJ&ttv=nlo->j=vw02r3x3&uwk=u&llzu=0u3w._2ZuX000wz_&kte=v01zy3wvwz&uts=UUUYXc_oUohcihUZXffYXZe&ugk=hih-&usm=u&gzj=VvrVv&rr=v&vel=-hZi_cha&uzj=u&urz=u&vogj=vvuuvv&gjj=vw02rwzz2&kgi=v01zy3wvwyzz2&kcd=v01zy3wvwy&gifk=w&in=3x3&rek=u&umz=uWUu&ut=y&mvi=uvw3&tvt=ON9V2&riz=w<=vw2urvuuw&kz=XaW8zW42W2vW8zW5uW56W80W30W49VW8zW53W5xW8zW29W5uW80W36W2uW80W30W5uW8yW52W25W82W57W57W6wW51W81W33W55W8zW57W3zW8zW53W5xW8zW29W5ucIMWw9W8zW48W23W8zW27W3xW8zW48W32W80W30W53W81W23W22&uz=u&ji=vw2urvuwy&gjz=-02X-uv.w23uZ-w2&gj=uru&twm=u&tyz=v&wgk=LZY_LkLgpmyp+1B2jf7b2gI2RBXHGA4nKpro0/i+yStSKDfjB9kAuLdOFmd4P-AFL/tDkesjy9Z1GIzFCAiyYpIzql3yNoBB73kL-YZrMj3-LFBSYNA.t5B4Ch+5QKaJ/qbc7fBMTGrYN5agrZas5J/jhAAwg3ZCnLiPfreJo2bDrd2Z5J-2XbAYARC-NqL7JLCgrhkmBvqb62hAXmECILxuxe_f.vpphB4qoqf8t.slpIGJcryLfBetfhAJ4IIwB0-9Q-NZBPEd8i8iOr1SMI.kJY_q.SF5TyAOYkZ3APix9yspgM8I_quvFYsPDwkgO41YwD-CK0l2YL9OaxwevFr.cdfoA3k5hxAa4oLd4BDCFCPsT8SXBaEwkH5QEs5N4IoXitKlvfZmLQbv7nKoIa&uij=v&vtu=v&uiz=u HTTP/1.1
Host: bdsearch.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: application/javascript;charset=UTF-8
date: Sat, 04 Feb 2023 06:28:13 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb 4 14:28:13 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: yunjiasu
x-xss-protection: 0
yjs-id: c20226e7b4d737e8-143
content-length: 78
X-Firefox-Spdy: h2
t13.baidu.com/it/u=3989341614,3146446391&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 110 kB URL HTTP/1.1 t13.baidu.com/it/u=3989341614,3146446391&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size 110 kB (109846 bytes)
Hash 74b8f8745a5e13baa3f5e5353a4c7ca9
85d44a977a7bf5ca06646b1e2f370294c73635f3
b9ae5f0a4f10b6b6a282e612a60417411c6a1791aa3aa20f162a4b8a82611349
GET /it/u=3989341614,3146446391&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpeg
Content-Length: 109846
Connection: keep-alive
Expires: Sun, 05 Feb 2023 10:48:34 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 74b8f8745a5e13baa3f5e5353a4c7ca9
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 10:48:34 GMT
Ohc-Upstream-Trace: 113.240.118.97; 58.20.204.57
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], jnuncache97 [4], csix97 [4]
Ohc-Response-Time: 1 0 0 15 290 290
Ohc-File-Size: 109846
X-Cache-Status: MISS
Timing-Allow-Origin: *
img1.baidu.com/it/u=1392016874,2093954953&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=639
125.74.42.35200 OK 37 kB URL HTTP/2 img1.baidu.com/it/u=1392016874,2093954953&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=639
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 360x639, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash cf9e168a873cd909d5a32c4e8dabd4fa
8d3aafde7a00f4b7cd558fef33028622f467d8e0
1013597b4def61a0f44c19cc3082b2593ddaa19a9fd3c2572cdc5479d661b525
GET /it/u=1392016874,2093954953&fm=253&fmt=auto&app=138&f=JPEG?w=360&h=639 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 36914
expires: Tue, 07 Feb 2023 08:27:00 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: cf9e168a873cd909d5a32c4e8dabd4fa
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 08:27:00 GMT
ohc-cache-hit: lz3ct54 [1], bdix156 [4]
ohc-file-size: 36914
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/885618.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/885618.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/885618.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1427316151,2299261671&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
16436.url.tudown.com/uploads/images/923265.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/923265.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/923265.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1071142098,3775113579&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1280
16436.url.tudown.com/uploads/images/607028.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/607028.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/607028.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=782766973,1634654072&fm=253&fmt=auto&app=138&f=JPEG?w=251&h=500
16436.url.tudown.com/uploads/images/817686.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/817686.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/817686.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752
img0.baidu.com/it/u=2716894052,2972302306&fm=253&app=138&f=JPEG?w=500&h=634
114.232.92.35200 OK 59 kB URL HTTP/1.1 img0.baidu.com/it/u=2716894052,2972302306&fm=253&app=138&f=JPEG?w=500&h=634
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x634, components 3\012- data
Hash 5aa294e9ee3dc7143966367d70217c5d
7956cacf89ff90a86170e19f3dc3fefbe3685103
9f7121a0854cda5cb2ad77f9429132209b4931cfb1fa3728d85828f1aa854ced
GET /it/u=2716894052,2972302306&fm=253&app=138&f=JPEG?w=500&h=634 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpeg
Content-Length: 59243
Connection: keep-alive
Expires: Fri, 10 Feb 2023 14:15:59 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 5aa294e9ee3dc7143966367d70217c5d
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 14:15:59 GMT
Ohc-Cache-HIT: nt2ct67 [1], xaix248 [4]
Ohc-File-Size: 59243
X-Cache-Status: MISS
img1.baidu.com/it/u=933824084,3800450290&fm=253&fmt=auto&app=138&f=JPEG?w=379&h=500
125.74.42.35200 OK 22 kB URL HTTP/2 img1.baidu.com/it/u=933824084,3800450290&fm=253&fmt=auto&app=138&f=JPEG?w=379&h=500
IP 125.74.42.35:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 379x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c600c17b6e18450b0065da8687523e1c
a33d82b1fdb8577fade67719e3e054c88baef729
9ea752fc08ddc691de2ba78eaeb699bafe72ccaae6a5e0908eb38a6d3709c050
GET /it/u=933824084,3800450290&fm=253&fmt=auto&app=138&f=JPEG?w=379&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:13 GMT
content-type: image/webp
content-length: 22322
expires: Mon, 20 Feb 2023 09:33:15 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: c600c17b6e18450b0065da8687523e1c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 09:33:15 GMT
ohc-cache-hit: lz3ct73 [1], bdix73 [4]
ohc-file-size: 22322
x-cache-status: MISS
X-Firefox-Spdy: h2
sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=2260&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&t=1675492128067&r=lo
36.110.192.156200 OK 0 B URL HTTP/2 sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=2260&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&t=1675492128067&r=lo
IP 36.110.192.156:0
ASN #23724 IDC, China Telecommunications Corporation
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-8cd0ab35412670219e5b178f5427616d2aff9092&9=0&10=0&11=2260&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F16436.url.tudown.com%2Fxiaz%2Fwjplcmm-v1.0%40277_30253.exe&t=1675492128067&r=lo HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
date: Sat, 04 Feb 2023 06:28:13 GMT
content-length: 0
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/344185.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/344185.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/344185.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4002426445,1364513167&fm=224&app=112&f=JPEG?w=500&h=500
16436.url.tudown.com/uploads/images/716146.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/716146.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/716146.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1123558313,3238356912&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
t14.baidu.com/it/u=4002426445,1364513167&fm=224&app=112&f=JPEG?w=500&h=500
185.10.104.124200 OK 50 kB URL HTTP/1.1 t14.baidu.com/it/u=4002426445,1364513167&fm=224&app=112&f=JPEG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 625f23df105ef2f1e727625c236e0794
017812ad1b535bcb7256ce5122968ec3aa8b4c8c
d3383e2bc3d888b804c1a2df7fd4a675eb8b3114cc70c7e7b1df4d6d6e5298c3
GET /it/u=4002426445,1364513167&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:14 GMT
Content-Type: image/jpeg
Content-Length: 49972
Connection: keep-alive
Expires: Sun, 12 Feb 2023 05:22:06 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 625f23df105ef2f1e727625c236e0794
Age: 1856426
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 05:22:06 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache51 [4], qdix210 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 49972
X-Cache-Status: HIT
Timing-Allow-Origin: *
img0.baidu.com/it/u=1427316151,2299261671&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
114.232.92.35200 OK 12 kB URL HTTP/1.1 img0.baidu.com/it/u=1427316151,2299261671&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 472827a0ce75d8c40f91f0aa4eece0ec
2bde06c8aaad37162618dbc4e8dc504a5595432c
b9f78ebaea25b6edbfe20c9fa8500f920191470a808125f3c3f6c4f64b2ea80e
GET /it/u=1427316151,2299261671&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:13 GMT
Content-Type: image/webp
Content-Length: 12402
Connection: keep-alive
Expires: Sun, 19 Feb 2023 01:27:53 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 472827a0ce75d8c40f91f0aa4eece0ec
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 20 Jan 2023 01:27:53 GMT
Ohc-Cache-HIT: nt2ct69 [1], suzix90 [2]
Ohc-File-Size: 12402
X-Cache-Status: MISS
16436.url.tudown.com/uploads/images/329648.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/329648.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/329648.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:14 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=494206292,3107245631&fm=253&fmt=auto&app=138&f=JPEG?w=212&h=300
16436.url.tudown.com/uploads/images/762926.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/762926.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/762926.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:14 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=361379517,1180922377&fm=253&fmt=auto?w=500&h=666
img0.baidu.com/it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752
114.232.92.35200 OK 55 kB URL HTTP/2 img0.baidu.com/it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 700x752, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a58bcb6fc234be8b013aeabaefc7fd65
0647ac60fb9decf200c79d0231c69f8820b8a022
8148f082b25b4fe191ed4b12257be4507815ade547ec600b6dc42eac06ba06cf
GET /it/u=4225101521,3307799046&fm=253&fmt=auto&app=120&f=JPEG?w=700&h=752 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:14 GMT
content-type: image/webp
content-length: 54638
expires: Tue, 21 Feb 2023 12:06:17 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: a58bcb6fc234be8b013aeabaefc7fd65
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 12:06:17 GMT
ohc-cache-hit: nt2ct58 [1], wzix58 [4]
ohc-file-size: 54638
x-cache-status: MISS
X-Firefox-Spdy: h2
16436.url.tudown.com/uploads/images/861877.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/861877.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/861877.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:14 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=280939632,1944689369&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=281
16436.url.tudown.com/uploads/images/355744.jpg
154.218.151.71301 Moved Permanently 0 B URL HTTP/1.1 16436.url.tudown.com/uploads/images/355744.jpg
IP 154.218.151.71:0
ASN #137951 Clayer Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /uploads/images/355744.jpg HTTP/1.1
Host: 16436.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://16436.url.tudown.com/xiaz/wjplcmm-v1.0@277_30253.exe
Cookie: __bid_n=1861afc9f6e11f02114207; FPTOKEN=RcbdRqRmvs4v+7H8plDh8mO8XHaNMGAtQvxu6/o+4YzYQJlpHFqG0RjULsjAVeGLR/zJqkyp4Fc7MO5LIGo4bvO5wr94TuHHD9qRebcxSp9eRLHYbTGfzBHAIn+BWQgP/whiDlHSZMxbTBgmxcgyBP/pnGG2m9cItRoVlxkPu8hJxj8cBPe8ahGbGXIeTwRDPRImxnqsH1whC8nGasKIOR303kdlf1vvnHAwuwlEzfyrvOMPix4RlHkzlnGPAOO2H6eFWeTcHVKjEoEoUx7YSOfqPbdwfYLBZ4GUbqc9GVo3F4yvmSEOdw01LbyVJ2qmUA7b2JeIQ6r8bRFUg32k1LxfijluG9qBn3GgAuRjAHJILIVyZEYaHgK2qNBWKyBTAOuaozQr1lcsRWh1DtQuOg==|kJJRBRHPd8yPPbyMzsKoiDkNwp11zZIbzEnD77KW74I=|10|c546442dca53b2b332a77b37f74b1457
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:28:14 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2892273189,3579008392&fm=253&fmt=auto&app=138&f=JPEG?w=522&h=500
img0.baidu.com/it/u=1071142098,3775113579&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1280
114.232.92.35200 OK 0 B URL HTTP/2 img0.baidu.com/it/u=1071142098,3775113579&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1280
IP 114.232.92.35:0
ASN #131325 CHINATELECOM JIANGSU province NANTONG MAN network
GET /it/u=1071142098,3775113579&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1280 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://16436.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:28:14 GMT
content-type: image/webp
content-length: 90654
expires: Wed, 01 Mar 2023 13:35:09 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 8b1405fcad9e9313dc8da5140d12851d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 13:35:09 GMT
ohc-cache-hit: nt2ct50 [1], wzix118 [4]
ohc-file-size: 90654
x-cache-status: MISS
X-Firefox-Spdy: h2
t14.baidu.com/it/u=3917054646,421632753&fm=224&app=112&f=PNG?w=500&h=500
185.10.104.124200 OK 0 B URL HTTP/1.1 t14.baidu.com/it/u=3917054646,421632753&fm=224&app=112&f=PNG?w=500&h=500
IP 185.10.104.124:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
GET /it/u=3917054646,421632753&fm=224&app=112&f=PNG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://16436.url.tudown.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:28:12 GMT
Content-Type: image/png
Content-Length: 485307
Connection: keep-alive
Expires: Sat, 11 Feb 2023 16:26:31 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: e5eebe9a0c29b31f15e42b9f812c0d9b
Age: 1856333
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 16:26:30 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache51 [3], qdix116 [3]
Ohc-Response-Time: 1 0 0 0 0 2
Ohc-File-Size: 485307
X-Cache-Status: HIT
Timing-Allow-Origin: *
bdcode.2345.com/js/logo/js/logo.js
42.81.8.130200 OK 0 B URL HTTP/2 bdcode.2345.com/js/logo/js/logo.js
IP 42.81.8.130:0
Analyzer Verdict Alert fortinet Malware
GET /js/logo/js/logo.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: application/x-javascript
date: Sat, 04 Feb 2023 06:28:12 GMT
etag: W/"639b0691-371a"
expires: Sat, 04 Feb 2023 07:28:12 GMT
last-modified: Thu, 15 Dec 2022 11:35:45 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c20226dc925f37df-143
X-Firefox-Spdy: h2
e2.2345.com/news/module2/js/newsModule-v2.js
222.186.17.196200 OK 0 B URL HTTP/2 e2.2345.com/news/module2/js/newsModule-v2.js
IP 222.186.17.196:0
GET /news/module2/js/newsModule-v2.js HTTP/1.1
Host: e2.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://16436.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: application/javascript
date: Sat, 04 Feb 2023 06:03:34 GMT
etag: W/"5f35e38f-cacf"
last-modified: Fri, 14 Aug 2020 01:06:23 GMT
vary: Accept-Encoding, Accept-Encoding
ali-swift-global-savetime: 1675490614
via: cache59.l2cn3037[0,0,304-0,H], cache20.l2cn3037[1,0], cache20.l2cn3037[1,0], ens-vcache8.cn5274[0,0,200-0,H], ens-vcache4.cn5274[1,0]
age: 1474
x-cache: HIT TCP_MEM_HIT dirn:12:357688749
x-swift-savetime: Sat, 04 Feb 2023 06:10:57 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: deba119716754920882637929e
content-encoding: gzip
X-Firefox-Spdy: h2