Report - 12731.url.tudown.com/down/fasts3wifidr@376

Report Overview

Submitted URL
12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-02-04 11:53:55
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	45 kB	34.120.237.76
img2.baidu.com	50786	2021-03-25T13:17:58Z	2023-03-12T11:23:13Z	3.6 kB	343 kB	113.219.142.35
t15.baidu.com	33050	2021-01-09T17:16:17Z	2023-03-12T11:23:14Z	704 B	101 kB	185.10.104.124
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.33.119.27
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.200.29.22
at.alicdn.com	11137	2013-11-28T06:03:29Z	2023-03-13T05:15:04Z	398 B	1.9 kB	47.246.44.251
img.yingyongge.com	unknown	2020-10-17T13:24:04Z	2023-03-12T11:08:51Z	810 B	972 B	47.75.18.176
img0.baidu.com	50126	2021-03-25T13:17:59Z	2023-03-12T11:23:13Z	2.5 kB	330 kB	49.79.225.35
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.3 kB	93.184.220.29
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	2.4 kB	24 kB	103.235.46.191
t14.baidu.com	32559	2021-01-22T21:20:42Z	2023-03-12T11:23:14Z	1.8 kB	235 kB	185.10.104.124
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.20.226
t13.baidu.com	32653	2021-01-09T14:57:25Z	2023-03-12T11:23:14Z	1.8 kB	257 kB	185.10.104.124
img1.baidu.com	50158	2021-03-25T13:17:58Z	2023-03-12T11:23:15Z	4.7 kB	598 kB	183.131.118.35
12731.url.tudown.com	unknown	2017-06-17T11:51:39Z	2023-03-11T07:31:43Z	18 kB	172 kB	154.218.151.71

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	12731.url.tudown.com/down/fasts3wifidr@376_20274.exe	Malware
2023-02-04	medium	12731.url.tudown.com/js/orsxg5a.script	Malware
2023-02-04	medium	12731.url.tudown.com/template/company/0302/js/main.js	Malware
2023-02-04	medium	12731.url.tudown.com/template/company/0302/js/jquery.min.js	Malware
2023-02-04	medium	12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2	Malware
2023-02-04	medium	12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff	Malware
2023-02-04	medium	12731.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (10)

	URL	Size	First Seen	Last Seen
	12731.url.tudown.com/down/fasts3wifidr@376_20274.exe	254 B	2023-03-09	2023-12-23
Pretty URL 12731.url.tudown.com/down/fasts3wifidr@376_20274.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

	hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:42:52 Last Seen2023-03-13 16:42:52 Times Seen1 Hash 225f6f73f5170522334fe3ef8509a492 a1423ae24fa15e60cad43378b7b36dd1f2044728 fa92546afcb1633bb9cb9571543261002241c73e1af6b384d5777235c90427f3 Loading...

	12731.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 12731.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

	12731.url.tudown.com/template/company/0302/js/main.js	53 kB	2023-03-09	2023-10-26
Pretty URL 12731.url.tudown.com/template/company/0302/js/main.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:25:50 Last Seen2023-10-26 06:41:06 Times Seen271 Hash 1a5a8b12a6f8a3e1ae98a9175adb715b 97b7afb7145ec340973500ae8881f891e610a70b 304d971eadca57d65489a873e69719c07a546f0124c3ee25e55591929b5cb6ff Loading...

	12731.url.tudown.com/template/company/0302/js/jquery.min.js	83 kB	2023-03-07	2024-04-08
Pretty URL 12731.url.tudown.com/template/company/0302/js/jquery.min.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:16 Last Seen2024-04-08 11:23:11 Times Seen690 Hash b327509226baa10f2d2e89c42c2c49fb e83568287a7a2f6e9aedc074350a51982524c257 91e8044a4b1bfce3c131d5579965a9808b42cdb9a350a53928d54cd35d6c1451 Loading...

	12731.url.tudown.com/down/fasts3wifidr@376_20274.exe	266 B	2023-03-13	2023-03-26
Pretty URL 12731.url.tudown.com/down/fasts3wifidr@376_20274.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:24:13 Last Seen2023-03-26 01:38:26 Times Seen3 Hash c181a241c138bfd5cd9ad4003e88ef6e e5db410f5a21ae91bccc7a292140e91883b19c0a 255e6579b9992e9013e7da4eed111fe22c08bf6ecf674275ad85c06a8252fd6f Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 03:10:52 Times Seen37082026 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:42:52 Last Seen2023-03-13 16:42:52 Times Seen1 Hash 5619497deca4300d0d2058a5dedafea0 bd436d3bf1602267009111d3dabd02028f3d3109 01798bdb595867c5aa41eba6a33a311c7b130f7f45a4b80083f6a9fed7811c9f Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-24 09:12:37 Times Seen2524 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

HTTP Transactions (115)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16274
Expires: Sat, 04 Feb 2023 16:24:57 GMT
Date: Sat, 04 Feb 2023 11:53:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19811
Expires: Sat, 04 Feb 2023 17:23:54 GMT
Date: Sat, 04 Feb 2023 11:53:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 11:36:14 GMT
content-type: application/json
age: 1049
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8026
Expires: Sat, 04 Feb 2023 14:07:29 GMT
Date: Sat, 04 Feb 2023 11:53:43 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: oJYXh06P5Ue+rk06mSPfDpN2P0gu0e+57f2mW7Rp+5RYomYSBhlXfe19jclak7o4AEt/wBrYDMQ=
x-amz-request-id: NTPEH9AB61SQT292
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 11:23:58 GMT
age: 1785
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 11:53:43 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 11:07:19 GMT
age: 2785
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

154.218.151.71

200 OK

6.7 kB

URL HTTP/1.1
12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
6.7 kB (6749 bytes)
Hash
fede7ec4af064277a752f8e6ac50fd36
e12e7357cb8e613cd8d1d346b6239fe7581ffc2f
c1e7b1e7ad04faa6e752b6aecf13edac80e33af36226e9a2b2cb0c483fa507a0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /down/fasts3wifidr@376_20274.exe HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10444
Expires: Sat, 04 Feb 2023 14:47:48 GMT
Date: Sat, 04 Feb 2023 11:53:44 GMT
Connection: keep-alive

push.services.mozilla.com/

54.200.29.22

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.200.29.22:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3bnL5DcyfUQKRL38b8isLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VHEe3Ll1h01DJ6DeEqFvez95rmY=

12731.url.tudown.com/template/company/0302/css/style.min.css

154.218.151.71

200 OK

5.0 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/css/style.min.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (25242), with no line terminators
Size
5.0 kB (4999 bytes)
Hash
c7b1260ebcbb9c63a6744c1e9f37ba87
08de2e04ca3fe765892cc77a80c65d2c42eedec7
d8d7b908e1455fef566bb414772fd354a739ea3738d79294feea1293265a0d57

HTTP Headers

GET /template/company/0302/css/style.min.css HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Mar 2021 15:32:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"603e5a86-629a"
Expires: Sat, 04 Feb 2023 23:53:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12731.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
12731.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12731.url.tudown.com/template/company/0302/js/main.js

154.218.151.71

200 OK

18 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/js/main.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (17543), with CRLF line terminators
Size
18 kB (17622 bytes)
Hash
ea96e586f9095ed9d4b542159488d75a
81fd5eb364579e7c609f545be90d109eddf8b695
89fc7055f00e92705f671d339bf701a965f31a8a02852918c6a5de9ef2836483

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/0302/js/main.js HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 Aug 2020 11:40:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f479ba8-cd88"
Expires: Sat, 04 Feb 2023 23:53:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12731.url.tudown.com/template/company/0302/js/jquery.min.js

154.218.151.71

200 OK

33 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/js/jquery.min.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (32110), with CRLF line terminators
Size
33 kB (32721 bytes)
Hash
7509321c69d54b101a4a43e782868a2a
679c3d5a3772a714bc03a99ed06c18ab35961a53
b3fe20feaad99931eb923101edfaffcc11ca67d7d0f87f772b62fb2d86f74db0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/0302/js/jquery.min.js HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 Aug 2020 11:40:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f479bab-1449c"
Expires: Sat, 04 Feb 2023 23:53:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12731.url.tudown.com/template/company/0302/css//style.css

154.218.151.71

200 OK

20 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/css//style.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with very long lines (65196), with CRLF line terminators
Size
20 kB (20198 bytes)
Hash
5867494c833cc596e0a94c636a8b4e49
387a9f0cd088b2d551446ef3e4f44858f5588829
10b2002f9661120f7f6d13a8cbf377070a42b5bedf5f458bd8e7384a85f8a760

HTTP Headers

GET /template/company/0302/css//style.css HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Mar 2021 15:38:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"603e5bde-1bc98"
Expires: Sat, 04 Feb 2023 23:53:45 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7902
Expires: Sat, 04 Feb 2023 14:05:27 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive

12731.url.tudown.com/uploads/images/611174.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/611174.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/611174.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500

12731.url.tudown.com/uploads/images/931862.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/931862.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/931862.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500

12731.url.tudown.com/uploads/images/694028.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/694028.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/694028.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12731.url.tudown.com/uploads/images/956587.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/956587.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/956587.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889

12731.url.tudown.com/uploads/images/342430.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/342430.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/342430.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12731.url.tudown.com/uploads/images/507870.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/507870.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/507870.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022

at.alicdn.com/t/font_1652089_tg0x7qv1f1.woff2

47.246.44.251

200 OK

1.0 kB

URL HTTP/1.1
at.alicdn.com/t/font_1652089_tg0x7qv1f1.woff2
IP
47.246.44.251:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
Web Open Font Format (Version 2), TrueType, length 1032, version 1.0\012- data
Size
1.0 kB (1032 bytes)
Hash
5011371b36b7287ee277dee3889c83f6
d8e51076284dd4265431a4d44025642da256a89e
ccc1ce96db7771bb8bb0e54318fd87ab463c24b2e6bf0d9826fb33b097b6233f

HTTP Headers

GET /t/font_1652089_tg0x7qv1f1.woff2 HTTP/1.1
Host: at.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://12731.url.tudown.com
Connection: keep-alive
Referer: http://12731.url.tudown.com/

HTTP/1.1 200 OK
Server: Tengine
Content-Type: font/woff2
Content-Length: 1032
Connection: keep-alive
Date: Sat, 04 Feb 2023 05:10:15 GMT
x-oss-request-id: 63DDE8B79F70D6393257F9E7
Vary: Origin
Accept-Ranges: bytes
ETag: "5011371B36B7287EE277DEE3889C83F6"
Last-Modified: Fri, 24 Dec 2021 17:00:24 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16100374768313971226
x-oss-storage-class: Standard
Cache-Control: max-age=63072000
Content-MD5: UBE3Gza3KH7id97jiJyD9g==
x-oss-server-time: 11
Ali-Swift-Global-Savetime: 1675487415
Via: cache13.l2us1[707,706,200-0,M], cache16.l2us1[708,0], cache3.se1[0,12,200-0,H], cache4.se1[13,0]
Age: 24210
X-Cache: HIT TCP_HIT dirn:11:188746541
X-Swift-SaveTime: Sat, 04 Feb 2023 05:10:15 GMT
X-Swift-CacheTime: 31104000
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62c9816755116259158434e

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11023
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive

t14.baidu.com/it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022

185.10.104.124

200 OK

64 kB

URL HTTP/1.1
t14.baidu.com/it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
64 kB (64481 bytes)
Hash
e16460f4c348b6b8c473f4842aaec94d
23f0eb6e7180e24a650b7ea205a9f3fc9cc7482e
ec4532abb0cf1705d2cb618c642022846a499c41be994b85e5f177beb8a469e9

HTTP Headers

GET /it/u=1158784419,2454374181&fm=224&app=112&f=JPEG?w=500&h=500&s=C9146D9A5CD74FEB1AF064DD0300A022 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: image/jpeg
Content-Length: 64481
Connection: keep-alive
Expires: Tue, 21 Feb 2023 09:53:00 GMT
Last-Modified: Sat, 17 Jan 1970 00:00:00 GMT
ETag: e16460f4c348b6b8c473f4842aaec94d
Age: 1074346
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 09:53:00 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache56 [1], czix243 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 64481
X-Cache-Status: HIT
Timing-Allow-Origin: *

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11023
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7249 bytes)
Hash
d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 49404
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11023
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:45 GMT
Connection: keep-alive

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 49404
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11022
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:46 GMT
Connection: keep-alive

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9743 bytes)
Hash
518bba9a8770e8ff15229a68be5bddc3
139f944b3f4279e640901f7a6b993f1a49b51a22
0591e73dec2190752677f06525bc993dc8c7a5aa20984a5eda64c323188e2b1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: b6c1caa9-72e4-476f-9c3d-4a746c410ba3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHLJoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-1289ef383fbad59621eda6d0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nIp2nUVnamnoTpFwrN1L4K1dqjYvcDGuV2yFqYskkXb14k72AZsjMg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:41 GMT
age: 49505
etag: "139f944b3f4279e640901f7a6b993f1a49b51a22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11022
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:46 GMT
Connection: keep-alive

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 49393
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9141 bytes)
Hash
f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 49216
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
896527e9b74cc1e9b5b97c09ad3b321c
77f8053e0989f43e0820de5d8ca4fa2c011dabf0
c3e179932c16e93245a00ae2c3575f1e6c0e7632a8bde1898e9e27c0b9b41e4c

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 10:09:59 GMT
ETag: "77f8053e0989f43e0820de5d8ca4fa2c011dabf0"
Last-Modified: Sat, 04 Feb 2023 10:10:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2499
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943352f891a1bfe-OSL

12731.url.tudown.com/uploads/images/227640.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/227640.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/227640.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645

12731.url.tudown.com/uploads/images/480196.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/480196.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/480196.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500

12731.url.tudown.com/uploads/images/881507.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/881507.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/881507.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

12731.url.tudown.com/uploads/images/logo.png?n=5g5zd2n6thtldh7ixwx6jo5w4s4jvzmkuhuyhka&w=250

154.218.151.71

200 OK

3.2 kB

URL HTTP/1.1
12731.url.tudown.com/uploads/images/logo.png?n=5g5zd2n6thtldh7ixwx6jo5w4s4jvzmkuhuyhka&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.2 kB (3187 bytes)
Hash
7443f3676339c96d19ab58b72f972469
1c2b0a759675b583c112d405719cdbd8f6542e3f
9d9303a1e279a6ea2828a31929e45b66c78c67092ba1403c0670929fa8bf1852

HTTP Headers

GET /uploads/images/logo.png?n=5g5zd2n6thtldh7ixwx6jo5w4s4jvzmkuhuyhka&w=250 HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

12731.url.tudown.com/uploads/images/905002.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/905002.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/905002.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500

12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2

154.218.151.71

200 OK

33 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
33 kB (33000 bytes)
Hash
c6c1b5cd86e19528aeb16df3ee787520
735ed4b0ba34f375df0d2846d9ce4209b67a647b
335ecbb19b7bf94db680d6afcef42a934a16005b1578332be815014608b76a22

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/0302/css//fonts/iconfont.woff2 HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://12731.url.tudown.com/template/company/0302/css//style.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:45 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding

t13.baidu.com/it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

56 kB

URL HTTP/1.1
t13.baidu.com/it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
56 kB (55840 bytes)
Hash
87da8c1811a54cb251d5ef389cf61b2f
bf584d3b36c2e5e4189cc3bf79d8175036b8df2a
a2b07fa2f8c5d2e3f69561ee40912bde8c0cc867efd6ec9161b836ddaa5f7f01

HTTP Headers

GET /it/u=3457898662,739595987&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 55840
Connection: keep-alive
Expires: Sat, 18 Feb 2023 19:06:24 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 87da8c1811a54cb251d5ef389cf61b2f
Age: 1247381
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 19:06:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache61 [1], qdix97 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55840
X-Cache-Status: HIT
Timing-Allow-Origin: *

12731.url.tudown.com/uploads/images/723226.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/723226.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/723226.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800

12731.url.tudown.com/uploads/images/672192.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/672192.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/672192.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500

12731.url.tudown.com/uploads/images/954556.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/954556.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/954556.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400

12731.url.tudown.com/uploads/images/518791.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/518791.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/518791.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500

12731.url.tudown.com/uploads/images/147057.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/147057.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/147057.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

img1.baidu.com/it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

183.131.118.35

200 OK

20 kB

URL HTTP/2
img1.baidu.com/it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (19546 bytes)
Hash
d83ab77425a250c418e27f73807e9931
aaeeb18fae4eba3c514f9125b38641bafb3323f0
ec4ff086e0a064581779e42e97938bf54d7b4205e7a8eab7c855d5de9e832888

HTTP Headers

GET /it/u=485290630,4011633325&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 19546
expires: Wed, 01 Mar 2023 23:35:04 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: d83ab77425a250c418e27f73807e9931
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 23:35:04 GMT
ohc-cache-hit: tzct57 [1], czix57 [4]
ohc-file-size: 19546
x-cache-status: MISS
X-Firefox-Spdy: h2

t14.baidu.com/it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

46 kB

URL HTTP/1.1
t14.baidu.com/it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
46 kB (46178 bytes)
Hash
55e6af0f80bbf11f1f1361ba3eec8974
7b7a09e5c5ca32a8c843e416481b6fdf1559e7c4
74a94bc92deb10a6a7f4d962208c3307dcaa44ad4f5d388f5c08367f218c10e1

HTTP Headers

GET /it/u=2134404391,1303417250&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 46178
Connection: keep-alive
Expires: Tue, 21 Feb 2023 20:19:22 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 55e6af0f80bbf11f1f1361ba3eec8974
Age: 197195
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 20:19:22 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache53 [1], xaix199 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46178
X-Cache-Status: HIT
Timing-Allow-Origin: *

img1.baidu.com/it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889

183.131.118.35

200 OK

50 kB

URL HTTP/1.1
img1.baidu.com/it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Size
50 kB (49786 bytes)
Hash
c82e94460e9f9bc438afbd05e5bfb4d8
6e312864d0bc61392e6116f9f1f5ed75dd3fa6b0
b01c9200ee63bfca21776862d337c7e490fed3108de180a1c59a01208aad22ab

HTTP Headers

GET /it/u=3742383831,741488140&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 49786
Connection: keep-alive
Expires: Mon, 06 Feb 2023 16:08:00 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: c82e94460e9f9bc438afbd05e5bfb4d8
Age: 1382224
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 16:08:00 GMT
Ohc-Cache-HIT: tzct51 [4], wzix51 [2]
Ohc-File-Size: 49786
X-Cache-Status: HIT

img2.baidu.com/it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500

113.219.142.35

200 OK

16 kB

URL HTTP/2
img2.baidu.com/it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 352x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (15742 bytes)
Hash
5318ba05c333fa0c32862688cc90a6bc
eaa6bf7a8d3766b000649bbfb8e5a33e9b7b49e5
6dd94865ecccaf6ab30c592a7574564d4817d0d301915b63a3d6f697c22680fa

HTTP Headers

GET /it/u=2991854527,2294893127&fm=253&fmt=auto&app=138&f=JPEG?w=352&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 15742
expires: Thu, 02 Mar 2023 14:00:28 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 5318ba05c333fa0c32862688cc90a6bc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 14:00:28 GMT
ohc-cache-hit: chenzct85 [1], csix85 [4]
ohc-file-size: 15742
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500

49.79.225.35

200 OK

34 kB

URL HTTP/2
img0.baidu.com/it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 366x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
34 kB (33876 bytes)
Hash
b8e615487a9313012f57799c608493a9
9c869d274d73df5c3d6584237dd7f837196474bb
80b40dd9c3d0e696d8c785dd4ab0db9b945cc659a4e05886f6ef78c62f401fbc

HTTP Headers

GET /it/u=961407469,3939124360&fm=253&fmt=auto&app=138&f=JPEG?w=366&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 33876
expires: Sun, 19 Feb 2023 00:16:10 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: b8e615487a9313012f57799c608493a9
age: 202669
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 00:16:10 GMT
ohc-cache-hit: ntct62 [4], bdix93 [2]
ohc-file-size: 33876
x-cache-status: HIT
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/925646.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/925646.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/925646.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281

img1.baidu.com/it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800

183.131.118.35

200 OK

46 kB

URL HTTP/2
img1.baidu.com/it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
46 kB (45986 bytes)
Hash
faf39e1f4bb112def3e8161f8bd8acaa
2f9343c04bf0738b1eb89ff1fc50ce7eefcaa9f5
c4ddd7c81b9f7221ac54cbcdd317f13533ef15d93221e52e7f9c3cf67744835f

HTTP Headers

GET /it/u=829719919,3588146038&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 45986
expires: Wed, 15 Feb 2023 06:06:06 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: faf39e1f4bb112def3e8161f8bd8acaa
age: 1651153
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 06:06:06 GMT
ohc-cache-hit: tzct56 [4], xaix180 [2]
ohc-file-size: 45986
x-cache-status: HIT
X-Firefox-Spdy: h2

t14.baidu.com/it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281

185.10.104.124

200 OK

8.4 kB

URL HTTP/1.1
t14.baidu.com/it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x281, components 3\012- data
Size
8.4 kB (8417 bytes)
Hash
4d4059c1e344f68fb5c5e2919a1e700c
03bbd7abc684877a1a38e2c22e5bd2fc4ab749e2
68ba151593c473b7407cf2621d7d2161ef6867147092e05769d0276585c32cb7

HTTP Headers

GET /it/u=2568969537,511856250&fm=224&app=112&f=JPEG?w=500&h=281 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpeg
Content-Length: 8417
Connection: keep-alive
Expires: Fri, 17 Feb 2023 22:10:11 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 4d4059c1e344f68fb5c5e2919a1e700c
Age: 1415815
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 22:10:10 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache62 [1], xaix211 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 8417
X-Cache-Status: HIT
Timing-Allow-Origin: *

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:53:46 GMT
Etag: "63dd55ca-1d7"
Server: ECS (amb/6B7D)
Content-Length: 471

12731.url.tudown.com/uploads/images/631484.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/631484.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/631484.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196

12731.url.tudown.com/uploads/images/543944.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/543944.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/543944.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499

12731.url.tudown.com/uploads/images/239135.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/239135.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/239135.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 11:53:46 GMT
Server: ECS (amb/6BC5)
Content-Length: 471

12731.url.tudown.com/uploads/images/872181.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/872181.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/872181.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400

img2.baidu.com/it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

113.219.142.35

200 OK

30 kB

URL HTTP/2
img2.baidu.com/it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (30178 bytes)
Hash
53606c5769a0ffbfd7af69aa3afc886a
bf72ba62139684845a6ae8213e61b7046a87ed25
a4f6cafa94696e447ea705439fdec2ae0653016f8e38d4518000d657e20cad3e

HTTP Headers

GET /it/u=2090316947,2429540012&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 30178
expires: Fri, 24 Feb 2023 03:24:32 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 53606c5769a0ffbfd7af69aa3afc886a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:24:32 GMT
ohc-cache-hit: chenzct58 [1], bdix172 [4]
ohc-file-size: 30178
x-cache-status: MISS
X-Firefox-Spdy: h2

t14.baidu.com/it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499

185.10.104.124

200 OK

46 kB

URL HTTP/1.1
t14.baidu.com/it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 381x499, components 3\012- data
Size
46 kB (46111 bytes)
Hash
bdc6a5dce2f05ace70d90da6969cb846
db062e1f4cccbd406389a84c122ba36b9e949535
f43792dd4369fe2d5af8076a384147186b62f53eae2b1e486f4db1db1f186732

HTTP Headers

GET /it/u=1109849099,4255714048&fm=224&app=112&f=JPEG?w=381&h=499 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 46111
Connection: keep-alive
Expires: Wed, 08 Feb 2023 18:33:40 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: bdc6a5dce2f05ace70d90da6969cb846
Age: 2222407
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 18:33:40 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache54 [1], czix123 [1]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46111
X-Cache-Status: HIT
Timing-Allow-Origin: *

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
821d422425337e4f5b820d832f1c7c6a
ce7c37c73283c4d8e47977165b736fcff5e63719
a584f7d9164e8cdf05360ce8cf978c4111793761986f649c5ce933d870b8dfe4

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 11:53:46 GMT
Etag: 4035992e7bb26c3d4875819fbc880d67
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=34E8ECE086659F2A; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

t13.baidu.com/it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

65 kB

URL HTTP/1.1
t13.baidu.com/it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
65 kB (64794 bytes)
Hash
b8de2384f2b152e32f3cb1502b8faa7b
a7c59dfa677471c033341f3ca8c8371c1c32d333
414ae6b7885a3033e2e7d60fc1ea1e47e115bd66d24280488fc1286c943430a5

HTTP Headers

GET /it/u=852505513,2476117381&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 64794
Connection: keep-alive
Expires: Thu, 02 Mar 2023 14:22:31 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: b8de2384f2b152e32f3cb1502b8faa7b
Age: 336676
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 14:22:31 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache58 [1], csix108 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 64794
X-Cache-Status: HIT
Timing-Allow-Origin: *

img1.baidu.com/it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645

183.131.118.35

200 OK

19 kB

URL HTTP/2
img1.baidu.com/it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 397x645, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19026 bytes)
Hash
26a0910b3898e67d146821f584ee7fd7
61501a1089268fc031390db0880f02fef6866d34
d7421c1b23a253aca95efa7bfd523b002bd6fd9a6336935b7e5c1c6a28f7b5d0

HTTP Headers

GET /it/u=2451065939,2179232251&fm=253&fmt=auto&app=138&f=JPG?w=397&h=645 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 19026
expires: Mon, 06 Feb 2023 23:57:12 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 26a0910b3898e67d146821f584ee7fd7
age: 613190
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 23:57:12 GMT
ohc-cache-hit: tzct60 [4], czix105 [2]
ohc-file-size: 19026
x-cache-status: HIT
X-Firefox-Spdy: h2

img0.baidu.com/it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400

49.79.225.35

200 OK

10 kB

URL HTTP/2
img0.baidu.com/it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (10268 bytes)
Hash
de4c6f99c551c39316e6f2234fca6da6
7e816b91829917bed80d47760cc452c2ec98f5b5
fc5181134ac551c3ae1fe8b72548e72a8009e4ab33cbcd8f37bd40dcb9556957

HTTP Headers

GET /it/u=4005342380,2879154372&fm=253&fmt=auto&app=138&f=JPG?w=400&h=400 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 10268
expires: Tue, 14 Feb 2023 07:50:32 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: de4c6f99c551c39316e6f2234fca6da6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 07:50:32 GMT
ohc-cache-hit: ntct62 [1], xaix184 [2]
ohc-file-size: 10268
x-cache-status: MISS
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/228540.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/228540.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/228540.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749

img2.baidu.com/it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500

113.219.142.35

200 OK

76 kB

URL HTTP/2
img2.baidu.com/it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
GIF image data, version 89a, 500 x 500\012- data
Size
76 kB (76175 bytes)
Hash
9fc129c9cdbc1c31f4304655eff61e4a
d212578280ba9c1eba0f95fd2e6a536961bbf841
85d4cb8d81273f55afe48d8c7dd3bf6eb00ad4a55adfe8692e096445d347bd13

HTTP Headers

GET /it/u=1294190256,3359814370&fm=253&fmt=auto&app=138&f=GIF?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/gif
content-length: 76175
expires: Thu, 09 Feb 2023 07:28:18 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 9fc129c9cdbc1c31f4304655eff61e4a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 07:28:18 GMT
ohc-cache-hit: chenzct85 [1], qdix157 [4]
ohc-file-size: 76175
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400

113.219.142.35

200 OK

15 kB

URL HTTP/2
img2.baidu.com/it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
15 kB (15164 bytes)
Hash
018fb0cdf34e42324752f6e3495f8221
9d0b99cc6ee2dfaf462913a24b2a86c1942815d2
289f3e3e12df570e087f6ecb3f92dea6cc09bb82d2cafe168513da0ea260b04a

HTTP Headers

GET /it/u=2144345989,2246226505&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 15164
expires: Sun, 19 Feb 2023 07:08:34 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 018fb0cdf34e42324752f6e3495f8221
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 07:08:34 GMT
ohc-cache-hit: chenzct79 [1], bdix115 [4]
ohc-file-size: 15164
x-cache-status: MISS
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/964204.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/964204.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/964204.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421

12731.url.tudown.com/uploads/images/17161.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/17161.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/17161.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

12731.url.tudown.com/uploads/images/810062.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/810062.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/810062.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD

12731.url.tudown.com/uploads/images/819963.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/819963.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/819963.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500

img0.baidu.com/it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

49.79.225.35

200 OK

61 kB

URL HTTP/1.1
img0.baidu.com/it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
61 kB (61050 bytes)
Hash
fe399601ba45dab5db2c6c6a0bf85b7c
3e06b17dc8b41f328a51448946568af320583221
befe79d95cdb9f5936581619a20092dc418e966467ba1e6054d09754a581285a

HTTP Headers

GET /it/u=203161250,326234976&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/webp
Content-Length: 61050
Connection: keep-alive
Expires: Tue, 21 Feb 2023 03:15:34 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: fe399601ba45dab5db2c6c6a0bf85b7c
Age: 344985
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 03:15:34 GMT
Ohc-Cache-HIT: ntct52 [4], czix82 [2]
Ohc-File-Size: 61050
X-Cache-Status: HIT

12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff

154.218.151.71

200 OK

33 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/css//fonts/iconfont.woff
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
33 kB (33095 bytes)
Hash
cd70647e3842b0d9f9ddfa4002052e23
2e5f3bae488bc632607322c82b8d8d1f317047e4
c58dd6fd1216680f6bbc09d05b2f7d2bc21bf2352f3ac2e960b68a3178c0a5e6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/0302/css//fonts/iconfont.woff HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://12731.url.tudown.com/template/company/0302/css//style.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:46 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding

hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (624)
Size
11 kB (11262 bytes)
Hash
40166048cbbafce78c61a6f77da7b0ff
427103a532f196bc62411df885851eb1c9ca50f1
6dd2a2a67f2233570908d852865bb9632f87966af4dbc55738709807e991c0cd

HTTP Headers

GET /hm.js?71b36f22c21839fd7a38e40d68b92934 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 11:53:46 GMT
Etag: 2bd41a1245c4c1847a2b8a205dc36802
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=B438BB7B9210FF3D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

img2.baidu.com/it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

113.219.142.35

200 OK

51 kB

URL HTTP/2
img2.baidu.com/it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
51 kB (50624 bytes)
Hash
588c3c86befc0e4c5f599b3a553385b1
14f931e00fdec274cf43512b13ec4f2f4c18da4f
044d0f1448b10b410ddfdc8d7c8212fcc1181ce8ea02fe8c01c23b6eb6b71e7d

HTTP Headers

GET /it/u=3181037217,2180889067&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 50624
expires: Thu, 16 Feb 2023 22:19:14 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 588c3c86befc0e4c5f599b3a553385b1
age: 107041
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 22:19:14 GMT
ohc-cache-hit: chenzct57 [4], csix57 [2]
ohc-file-size: 50624
x-cache-status: HIT
X-Firefox-Spdy: h2

img.yingyongge.com/wp-content/uploads/apk.png

47.75.18.176

404 Not Found

264 B

URL HTTP/1.1
img.yingyongge.com/wp-content/uploads/apk.png
IP
47.75.18.176:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
XML 1.0 document text\012- XML document, ASCII text
Size
264 B (264 bytes)
Hash
f02ab07d9262262f66c1186d51ba493a
d02974e73edcc23507006788847d76b1424df6e6
b57b9d80bb0df080e88cfc4b50c5ac71712cbaa4321d58a5a301b989001e1b95

HTTP Headers

GET /wp-content/uploads/apk.png HTTP/1.1
Host: img.yingyongge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: AliyunOSS
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: application/xml
Content-Length: 264
Connection: keep-alive
x-oss-request-id: 63DE474B23C0543330A58EB1
x-oss-server-time: 8

img.yingyongge.com/wp-content/uploads/ios.png

47.75.18.176

404 Not Found

264 B

URL HTTP/1.1
img.yingyongge.com/wp-content/uploads/ios.png
IP
47.75.18.176:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
XML 1.0 document text\012- XML document, ASCII text
Size
264 B (264 bytes)
Hash
24fd955213974f6c4c11d64410832c7d
b0ac67b8906a94808e24ed6c5d6fb8632bd7ea6f
c7f556100a42a20ea074eefd6a0f2571b87ec5b5a132f84ee87060fa1cc8a2c1

HTTP Headers

GET /wp-content/uploads/ios.png HTTP/1.1
Host: img.yingyongge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: AliyunOSS
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: application/xml
Content-Length: 264
Connection: keep-alive
x-oss-request-id: 63DE474BDA8A793330C50F0C
x-oss-server-time: 4

t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD

185.10.104.124

200 OK

52 kB

URL HTTP/1.1
t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
52 kB (51923 bytes)
Hash
ee58bc975bdf2da81d2423fa198793db
903380ced71106832c8792c0a57a99dd42ff49d0
7426f646b2d59501b3a598aa5c5d965247bc857253e95fd798f15ac6f1316abd

HTTP Headers

GET /it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 51923
Connection: keep-alive
Expires: Thu, 23 Feb 2023 21:36:49 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: ee58bc975bdf2da81d2423fa198793db
Age: 898719
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 21:36:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache50 [1], xiangyix218 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51923
X-Cache-Status: HIT
Timing-Allow-Origin: *

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=931845151&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=931845151&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=931845151&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 11:53:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=D6C6E1DB7DA06168; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img2.baidu.com/it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500

113.219.142.35

200 OK

26 kB

URL HTTP/2
img2.baidu.com/it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 567x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (26274 bytes)
Hash
aee52af81372700679cea5ad5b1a12df
d8ef333591da5185b43f5e828329d639b78a6ad2
4862efdac399775a6a2e5c72bd67560fef85042a2beb4abc29f3cbfc9fe60cf2

HTTP Headers

GET /it/u=889383370,1008151367&fm=253&fmt=auto&app=138&f=JPEG?w=567&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:46 GMT
content-type: image/webp
content-length: 26274
expires: Thu, 02 Mar 2023 11:01:18 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: aee52af81372700679cea5ad5b1a12df
age: 10823
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 11:01:18 GMT
ohc-cache-hit: chenzct69 [4], csix99 [2]
ohc-file-size: 26274
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196

113.219.142.35

200 OK

3.7 kB

URL HTTP/2
img2.baidu.com/it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 138x196, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.7 kB (3744 bytes)
Hash
4705d959457f24b961e4574c59ff0036
56ed22beb312bc3cc29f1c8708a10c17944c472e
0bd08e9d06cc7043563f0d4e625ca4dfd6331f3edc4affb54e8fee7242515edf

HTTP Headers

GET /it/u=3191671757,637145362&fm=253&fmt=auto&app=138&f=JPEG?w=138&h=196 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 3744
expires: Thu, 16 Feb 2023 03:22:43 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 4705d959457f24b961e4574c59ff0036
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 03:22:43 GMT
ohc-cache-hit: chenzct84 [1], xiangyix125 [4]
ohc-file-size: 3744
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749

49.79.225.35

200 OK

19 kB

URL HTTP/2
img0.baidu.com/it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x749, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19414 bytes)
Hash
f1d8b6a9a8566e8f2d06598cacd09e2f
e72f9a80167391364c0c73ee35d234f1f6d15fc9
640f07a2e8504f5b79ad22b5d7f2e7e3c49974660a029f762c0472802db2b7bd

HTTP Headers

GET /it/u=1288460254,3487570808&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=749 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 19414
expires: Mon, 20 Feb 2023 14:57:54 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: f1d8b6a9a8566e8f2d06598cacd09e2f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 14:57:54 GMT
ohc-cache-hit: ntct50 [1], bdix187 [2]
ohc-file-size: 19414
x-cache-status: MISS
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/94913.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/94913.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/94913.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591

12731.url.tudown.com/uploads/images/424676.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/424676.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/424676.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281

12731.url.tudown.com/uploads/images/320780.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/320780.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/320780.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800

12731.url.tudown.com/uploads/images/187108.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/187108.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/187108.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500

12731.url.tudown.com/uploads/images/154837.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/154837.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/154837.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800

img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500

113.219.142.35

200 OK

121 kB

URL HTTP/2
img2.baidu.com/it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image\012- data
Size
121 kB (121254 bytes)
Hash
ba14fd72ae318e11cb88b546c117c21e
ed9a3c02274bb2ee853dbe8780467360b80a808f
93941c0d811bbdba3a24a2f189ee77e90434c79be61c57230e9252d2871cdf58

HTTP Headers

GET /it/u=2762925853,3960277089&fm=253&fmt=auto&app=138&f=PNG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 121254
expires: Wed, 22 Feb 2023 03:03:27 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: ba14fd72ae318e11cb88b546c117c21e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:03:27 GMT
ohc-cache-hit: chenzct76 [1], xiangyix105 [4]
ohc-file-size: 121254
x-cache-status: MISS
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/956239.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/956239.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/956239.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1955616388&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1955616388&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1955616388&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=43853&r=0&ww=1280&u=http%3A%2F%2F12731.url.tudown.com%2Fdown%2Ffasts3wifidr%40376_20274.exe&tt=%E4%BA%9A%E6%B4%B2%E5%8D%9A%E4%BD%93%E8%82%B2%E5%AE%98%E7%BD%91%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12731.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 11:53:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=EAF5B06B2BB0BA35; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img1.baidu.com/it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

183.131.118.35

200 OK

122 kB

URL HTTP/2
img1.baidu.com/it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
122 kB (121580 bytes)
Hash
2d9b819c1145284bf877e74f642666a9
022660eb8b9d85978dd40392f76546043e36874b
5ebe0a35e5ab7da119d45c384593010c965af45fd3f10540d8f4503365aa997e

HTTP Headers

GET /it/u=1357144556,2866867507&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 121580
expires: Tue, 21 Feb 2023 05:26:09 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 2d9b819c1145284bf877e74f642666a9
age: 1099956
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:26:09 GMT
ohc-cache-hit: tzct54 [4], bdix114 [2]
ohc-file-size: 121580
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591

183.131.118.35

200 OK

21 kB

URL HTTP/2
img1.baidu.com/it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 475x591, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
21 kB (21196 bytes)
Hash
79db352c9bcf2945285cb4e613e1031e
dbf9e3f695c77959d51ece136edcf2fd0be765bc
a2d1e8bcbd7334404409e631d8b7ec7d86498c3389f66ff3ab9429bc6dcf7a25

HTTP Headers

GET /it/u=1596358634,2056085501&fm=253&fmt=auto&app=138&f=JPEG?w=475&h=591 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 21196
expires: Fri, 24 Feb 2023 03:37:43 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 79db352c9bcf2945285cb4e613e1031e
age: 549460
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:37:43 GMT
ohc-cache-hit: tzct54 [4], suzix246 [4]
ohc-file-size: 21196
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421

183.131.118.35

200 OK

102 kB

URL HTTP/1.1
img1.baidu.com/it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x1421, components 3\012- data
Size
102 kB (101514 bytes)
Hash
86274d847cf746a4e181a2534b2a2726
464b098c4504c00c52008f743384ac70d951300c
5c231425ace023e8bc372b9ffee1ce294c03f838dbe54a2f401618382ec85fbf

HTTP Headers

GET /it/u=2395695251,4145582447&fm=253&app=120&f=JPEG?w=800&h=1421 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 101514
Connection: keep-alive
Expires: Sun, 26 Feb 2023 13:38:20 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 86274d847cf746a4e181a2534b2a2726
Age: 80674
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 13:38:20 GMT
Ohc-Cache-HIT: tzct73 [4], xiangyix189 [4]
Ohc-File-Size: 101514
X-Cache-Status: HIT

12731.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf

154.218.151.71

200 OK

6.7 kB

URL HTTP/1.1
12731.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
6.7 kB (6656 bytes)
Hash
22acbf4462de66b3c07b2849cf95eb88
cbf66d383efb595ad6d43d231f72fe4ceb7721f2
0b54052c38ac41b35a613556fbdfc461cbead11f74401df7c35ab972de3c1082

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/0302/css//fonts/iconfont.ttf HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/template/company/0302/css//style.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

img1.baidu.com/it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281

183.131.118.35

200 OK

21 kB

URL HTTP/2
img1.baidu.com/it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 499x281, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
21 kB (20630 bytes)
Hash
7baa264709a9474ff6032d1616e1163c
e1e41c8972aabb7af2e4ad255c5cc7153daf8b74
79b2d3f8d4a8a1e13a555cbbc580970b14907e5e30d69180bf6083a3d1ebe106

HTTP Headers

GET /it/u=2255714356,4139830919&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=281 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:47 GMT
content-type: image/webp
content-length: 20630
expires: Fri, 24 Feb 2023 20:30:12 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 7baa264709a9474ff6032d1616e1163c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 20:30:12 GMT
ohc-cache-hit: tzct69 [1], bdix92 [4]
ohc-file-size: 20630
x-cache-status: MISS
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/744641.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/744641.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/744641.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500

12731.url.tudown.com/uploads/images/419996.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/419996.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/419996.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500

12731.url.tudown.com/uploads/images/625249.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/625249.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/625249.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500

12731.url.tudown.com/uploads/images/526621.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/526621.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/526621.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500

t14.baidu.com/it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500

185.10.104.124

200 OK

67 kB

URL HTTP/1.1
t14.baidu.com/it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 396x500, components 3\012- data
Size
67 kB (66613 bytes)
Hash
848056f51ee4138731b0fe4966922112
a1283f05e66ba713c5c92fb92638fd228e52400d
9cba801b5362cbbf72d50e79d1ca96884bd0d032897258efe0a048db8b167ee3

HTTP Headers

GET /it/u=2246418931,1080345835&fm=224&app=112&f=JPEG?w=396&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 66613
Connection: keep-alive
Expires: Tue, 07 Feb 2023 21:08:41 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 848056f51ee4138731b0fe4966922112
Age: 2261111
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 21:08:41 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache57 [1], wzix88 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 66613
X-Cache-Status: HIT
Timing-Allow-Origin: *

12731.url.tudown.com/uploads/images/403842.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/403842.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/403842.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625

img1.baidu.com/it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500

183.131.118.35

200 OK

66 kB

URL HTTP/2
img1.baidu.com/it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 732x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
66 kB (66442 bytes)
Hash
fa9d19cd534eb63f48a670454631c83c
a1887e7a87dedc4a3ae366008461c598c67336f2
79620950f57cc1fa63aaa72f12002a4d2df04b381a3ddd1df9f57c474d01f710

HTTP Headers

GET /it/u=993620306,3049325355&fm=253&fmt=auto&app=138&f=JPEG?w=732&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:48 GMT
content-type: image/webp
content-length: 66442
expires: Mon, 06 Mar 2023 11:53:48 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: fa9d19cd534eb63f48a670454631c83c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 11:53:48 GMT
ohc-cache-hit: tzct56 [1], xiangyix167 [2]
ohc-file-size: 66442
x-cache-status: MISS
X-Firefox-Spdy: h2

12731.url.tudown.com/uploads/images/499765.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12731.url.tudown.com/uploads/images/499765.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/499765.jpg HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914

img1.baidu.com/it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625

183.131.118.35

200 OK

19 kB

URL HTTP/2
img1.baidu.com/it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 428x625, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18874 bytes)
Hash
521fdcbbb878620fdfff33a5da41ebaf
d4d60234b9cc3fdfbbabd89dac162b343bfbea12
eec5e8a5f4a19661c029983195fc616f844581833d2ea2fc4bd9b3cc9fc2d2bd

HTTP Headers

GET /it/u=118301553,1212716945&fm=253&fmt=auto&app=120&f=JPEG?w=428&h=625 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:48 GMT
content-type: image/webp
content-length: 18874
expires: Tue, 28 Feb 2023 01:25:23 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 521fdcbbb878620fdfff33a5da41ebaf
age: 18427
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 01:25:23 GMT
ohc-cache-hit: tzct70 [4], qdix88 [4]
ohc-file-size: 18874
x-cache-status: HIT
X-Firefox-Spdy: h2

t13.baidu.com/it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

42 kB

URL HTTP/1.1
t13.baidu.com/it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
42 kB (42132 bytes)
Hash
c818a0ebf40b06d9953ae7453cb93217
4464dec6216837236ca64984dffb37d55670ee2d
b2463f55405ba58457e9c0d638eadc6a9b619a52b032f45b1470a5cd4ac68e65

HTTP Headers

GET /it/u=4110683136,311288991&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 42132
Connection: keep-alive
Expires: Mon, 06 Mar 2023 11:52:46 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: c818a0ebf40b06d9953ae7453cb93217
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 11:52:46 GMT
Ohc-Upstream-Trace: 58.20.204.53
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache53 [1], qdix184 [4]
Ohc-Response-Time: 1 0 0 0 389 389
Ohc-File-Size: 42132
X-Cache-Status: MISS
Timing-Allow-Origin: *

img1.baidu.com/it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800

183.131.118.35

200 OK

108 kB

URL HTTP/1.1
img1.baidu.com/it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800
IP
183.131.118.35:0
ASN
#136190 JINHUA, ZHEJIANG Province, P.R.China.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
108 kB (108109 bytes)
Hash
7481042715e9296bfdd6be466d4fba1f
c58e6c7ab72c3eded627ff3f0c4f67ada7fae805
a48f4d11f26a12092b9ab83600b688593f129e48cf6b111301174156ed2a537f

HTTP Headers

GET /it/u=4105755212,132343308&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:47 GMT
Content-Type: image/jpeg
Content-Length: 108109
Connection: keep-alive
Expires: Wed, 22 Feb 2023 03:36:12 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 7481042715e9296bfdd6be466d4fba1f
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 03:36:12 GMT
Ohc-Cache-HIT: tzct58 [1], xiangyix97 [4]
Ohc-File-Size: 108109
X-Cache-Status: MISS

img0.baidu.com/it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914

49.79.225.35

200 OK

26 kB

URL HTTP/2
img0.baidu.com/it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x914, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (26122 bytes)
Hash
e095f68fbf3ca9091ebde6bee83ad53c
fd6857b7482a5550d50d6320070289364c4cd265
835372c4af12c504d98237adcbb2ccaf5825de6a95bda30036949751ec53a3af

HTTP Headers

GET /it/u=2173543328,1561856439&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=914 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12731.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:48 GMT
content-type: image/webp
content-length: 26122
expires: Sun, 19 Feb 2023 12:01:05 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: e095f68fbf3ca9091ebde6bee83ad53c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 12:01:05 GMT
ohc-cache-hit: ntct63 [1], suzix167 [4]
ohc-file-size: 26122
x-cache-status: MISS
X-Firefox-Spdy: h2

t13.baidu.com/it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t13.baidu.com/it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (39305 bytes)
Hash
80a01e62e852333cdfd24df98d0b67d6
46ff0c92ee2535a2cfd68f6f27bdbae90a633b14
117c10c0b8ce6e26b74df00ac478d6afaa79c73b1547a22fe505ff0b2de64a4a

HTTP Headers

GET /it/u=1096280536,2566434421&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 39305
Connection: keep-alive
Expires: Mon, 27 Feb 2023 18:53:19 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 80a01e62e852333cdfd24df98d0b67d6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 18:53:19 GMT
Ohc-Upstream-Trace: 121.228.171.107; 58.20.204.62
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [1], zhuzuncache62 [1], suzix107 [4]
Ohc-Response-Time: 1 0 0 0 332 332
Ohc-File-Size: 39305
X-Cache-Status: MISS
Timing-Allow-Origin: *

img0.baidu.com/it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800

49.79.225.35

200 OK

176 kB

URL HTTP/1.1
img0.baidu.com/it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
176 kB (176216 bytes)
Hash
fd6dbf254c4b7167d690fa811c0c161e
333ff5c70c4313c9f3664b6992eae464f6b00f25
9a326badc4247192f3e8be00445dcf95ed07d543782572b98eeed7fe58d9cbf3

HTTP Headers

GET /it/u=3891346948,3751388608&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:48 GMT
Content-Type: image/jpeg
Content-Length: 176216
Connection: keep-alive
Expires: Mon, 06 Mar 2023 11:53:48 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: fd6dbf254c4b7167d690fa811c0c161e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 11:53:48 GMT
Ohc-Cache-HIT: ntct60 [2], wzix60 [4]
Ohc-File-Size: 176216
X-Cache-Status: MISS

12731.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
12731.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12731.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12731.url.tudown.com/down/fasts3wifidr@376_20274.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675511663; Hm_lvt_71b36f22c21839fd7a38e40d68b92934=1675511663; Hm_lpvt_71b36f22c21839fd7a38e40d68b92934=1675511663

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:49 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

t15.baidu.com/it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

44 kB

URL HTTP/1.1
t15.baidu.com/it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
44 kB (44392 bytes)
Hash
2737735d3baf53d8869bf598eac55c23
57f7b01224e43e32c6c461967ba13a83ce6d5df2
2e54bad46c94b2442620626608238a42dcb7f771bed2ce61deaf4fee0e3eb369

HTTP Headers

GET /it/u=95054306,2799987580&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:49 GMT
Content-Type: image/jpeg
Content-Length: 44392
Connection: keep-alive
Expires: Fri, 03 Mar 2023 12:10:16 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 2737735d3baf53d8869bf598eac55c23
Age: 203187
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 01 Feb 2023 12:10:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache62 [1], csix101 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44392
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

55 kB

URL HTTP/1.1
t15.baidu.com/it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
55 kB (55186 bytes)
Hash
4088331d309619799e16ba62ace99686
4631a7158be07dc3a1763c8fe0152de85312e812
099beee5b26a30ba927829af25826e325264102dd81b4f37c34e8fc9ce8abfd3

HTTP Headers

GET /it/u=113352441,223121214&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12731.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:49 GMT
Content-Type: image/jpeg
Content-Length: 55186
Connection: keep-alive
Expires: Mon, 06 Feb 2023 18:41:25 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 4088331d309619799e16ba62ace99686
Age: 2039863
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 18:41:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache64 [4], suzix78 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55186
X-Cache-Status: HIT
Timing-Allow-Origin: *

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations