Report - 21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719

Report Overview

Submitted URL
21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-02-04 08:10:05
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img0.baidu.com	50126	2021-03-25T13:17:59Z	2023-03-12T11:23:13Z	4.4 kB	358 kB	113.219.142.35
img1.baidu.com	50158	2021-03-25T13:17:58Z	2023-03-12T11:23:15Z	4.4 kB	376 kB	125.64.104.35
img2.baidu.com	50786	2021-03-25T13:17:58Z	2023-03-12T11:23:13Z	3.1 kB	282 kB	42.101.56.35
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.166.224.175
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.21.226
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	2.4 kB	24 kB	103.235.46.191
21426.url.tudown.com	unknown	2019-03-02T05:38:25Z	2023-03-08T05:24:34Z	48 kB	175 kB	154.218.151.71
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.3 kB	68 kB	34.120.237.76
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
img.yingyongge.com	unknown	2020-10-17T13:24:04Z	2023-03-12T11:08:51Z	810 B	972 B	47.75.18.176
at.alicdn.com	11137	2013-11-28T06:03:29Z	2023-03-13T05:15:04Z	398 B	1.9 kB	47.246.44.251
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.4 kB	3.1 kB	93.184.220.29
t14.baidu.com	32559	2021-01-22T21:20:42Z	2023-03-12T11:23:14Z	1.8 kB	598 kB	185.10.104.124
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
t15.baidu.com	33050	2021-01-09T17:16:17Z	2023-03-12T11:23:14Z	1.8 kB	250 kB	185.10.104.124
t13.baidu.com	32653	2021-01-09T14:57:25Z	2023-03-12T11:23:14Z	354 B	46 kB	185.10.104.124

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	Size	First Seen	Last Seen
	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:33:59 Last Seen2023-03-13 16:33:59 Times Seen1 Hash a0000ddd8fcefb298c3650ee10b3cec9 914d7df4e8d85ee32fab4315622967b620729955 346282ff63f010290d2b7ee2f76303487ac32c501237af1487069349b65c0e6b Loading...

	21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe	254 B	2023-03-09	2023-12-23
Pretty URL 21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

	21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe	338 B	2023-03-13	2023-03-25
Pretty URL 21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:33:59 Last Seen2023-03-25 23:10:28 Times Seen2 Hash d4403c5751f60f2287513da1b4e6731f f98e6ea2e97477ff6f1eef57900696ef71451c9a cbf2c6016138398386f91cb621f1d6d91387f983910ecad06dd29b7bae04374d Loading...

	hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:33:59 Last Seen2023-03-13 16:33:59 Times Seen1 Hash 5c2a0568fb74dbb53863f7b3ee183781 4278d03da5bd9e1a0d4176cb27332fe90a131594 d3abc74d254c97836423dac12533649128475ba05e80080c3cb33c8d437994ff Loading...

	21426.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 21426.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

	21426.url.tudown.com/template/company/0302/js/jquery.min.js	83 kB	2023-03-07	2024-04-08
Pretty URL 21426.url.tudown.com/template/company/0302/js/jquery.min.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:10:16 Last Seen2024-04-08 11:23:11 Times Seen690 Hash b327509226baa10f2d2e89c42c2c49fb e83568287a7a2f6e9aedc074350a51982524c257 91e8044a4b1bfce3c131d5579965a9808b42cdb9a350a53928d54cd35d6c1451 Loading...

	21426.url.tudown.com/template/company/0302/js/main.js	53 kB	2023-03-09	2023-10-26
Pretty URL 21426.url.tudown.com/template/company/0302/js/main.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 11:25:50 Last Seen2023-10-26 06:41:06 Times Seen271 Hash 1a5a8b12a6f8a3e1ae98a9175adb715b 97b7afb7145ec340973500ae8881f891e610a70b 304d971eadca57d65489a873e69719c07a546f0124c3ee25e55591929b5cb6ff Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-14 17:35:46 Times Seen2523 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

HTTP Transactions (118)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5813
Expires: Sat, 04 Feb 2023 09:46:47 GMT
Date: Sat, 04 Feb 2023 08:09:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3589
Expires: Sat, 04 Feb 2023 09:09:43 GMT
Date: Sat, 04 Feb 2023 08:09:54 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7028
Expires: Sat, 04 Feb 2023 10:07:02 GMT
Date: Sat, 04 Feb 2023 08:09:54 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 07:43:37 GMT
content-type: application/json
age: 1577
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Td0APaIDW/cl2AIWay6b7qBw5tFJeOhAnnCdgyu6MaYPNP+Jt3xDO3fzzHWbaMQIBTx/i8zJuYb/eB8k/DbNQA==
x-amz-request-id: 6VYK1MDT962BNTS8
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 07:52:45 GMT
age: 1029
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 08:09:54 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 08:07:19 GMT
age: 155
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10808
Expires: Sat, 04 Feb 2023 11:10:03 GMT
Date: Sat, 04 Feb 2023 08:09:55 GMT
Connection: keep-alive

21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe

154.218.151.71

200 OK

6.8 kB

URL HTTP/1.1
21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
6.8 kB (6832 bytes)
Hash
c23f0257df41c3f1cfb4204191c0ec07
76264c1a281ddf60e5b102999311da816790e31f
836ab859e0688c775ca98b6e29167bab23901897beb6cc1b6b8f5041fe726c79

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:55 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.services.mozilla.com/

35.166.224.175

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.166.224.175:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: pgPoEPJhAVg+2U2hDfb8vw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5HQcGqWfcPdCNbYMWXLwcOM/wII=

21426.url.tudown.com/template/company/0302/css/style.min.css

154.218.151.71

200 OK

5.0 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/css/style.min.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (25242), with no line terminators
Size
5.0 kB (4999 bytes)
Hash
c7b1260ebcbb9c63a6744c1e9f37ba87
08de2e04ca3fe765892cc77a80c65d2c42eedec7
d8d7b908e1455fef566bb414772fd354a739ea3738d79294feea1293265a0d57

HTTP Headers

GET /template/company/0302/css/style.min.css HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:55 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Mar 2021 15:32:22 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"603e5a86-629a"
Expires: Sat, 04 Feb 2023 20:09:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

21426.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
21426.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:55 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

21426.url.tudown.com/template/company/0302/css//style.css

154.218.151.71

200 OK

20 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/css//style.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with very long lines (65196), with CRLF line terminators
Size
20 kB (20198 bytes)
Hash
5867494c833cc596e0a94c636a8b4e49
387a9f0cd088b2d551446ef3e4f44858f5588829
10b2002f9661120f7f6d13a8cbf377070a42b5bedf5f458bd8e7384a85f8a760

HTTP Headers

GET /template/company/0302/css//style.css HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:55 GMT
Content-Type: text/css
Last-Modified: Tue, 02 Mar 2021 15:38:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"603e5bde-1bc98"
Expires: Sat, 04 Feb 2023 20:09:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

21426.url.tudown.com/template/company/0302/js/jquery.min.js

154.218.151.71

200 OK

33 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/js/jquery.min.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (32110), with CRLF line terminators
Size
33 kB (32721 bytes)
Hash
7509321c69d54b101a4a43e782868a2a
679c3d5a3772a714bc03a99ed06c18ab35961a53
b3fe20feaad99931eb923101edfaffcc11ca67d7d0f87f772b62fb2d86f74db0

HTTP Headers

GET /template/company/0302/js/jquery.min.js HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 Aug 2020 11:40:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f479bab-1449c"
Expires: Sat, 04 Feb 2023 20:09:56 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

21426.url.tudown.com/template/company/0302/js/main.js

154.218.151.71

200 OK

18 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/js/main.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (17543), with CRLF line terminators
Size
18 kB (17622 bytes)
Hash
ea96e586f9095ed9d4b542159488d75a
81fd5eb364579e7c609f545be90d109eddf8b695
89fc7055f00e92705f671d339bf701a965f31a8a02852918c6a5de9ef2836483

HTTP Headers

GET /template/company/0302/js/main.js HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: application/javascript
Last-Modified: Thu, 27 Aug 2020 11:40:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5f479ba8-cd88"
Expires: Sat, 04 Feb 2023 20:09:56 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21331
Expires: Sat, 04 Feb 2023 14:05:27 GMT
Date: Sat, 04 Feb 2023 08:09:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5075
Expires: Sat, 04 Feb 2023 09:34:31 GMT
Date: Sat, 04 Feb 2023 08:09:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5075
Expires: Sat, 04 Feb 2023 09:34:31 GMT
Date: Sat, 04 Feb 2023 08:09:56 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5075
Expires: Sat, 04 Feb 2023 09:34:31 GMT
Date: Sat, 04 Feb 2023 08:09:56 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 37312
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 35963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9141 bytes)
Hash
f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 35786
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9349 bytes)
Hash
4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 28153
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10253 bytes)
Hash
392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 35964
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13309 bytes)
Hash
f926cd4f39b1a10b152e5959b28ae29e
2b1982d21321071394e363888e007598e968fb35
a51b246a9aa5a2583cae7fd4f0a3bdf73f0b318b7838828d36ea5674a5f26753

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F651be34f-d4ea-4a24-987c-b006e5f9a876.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13309
x-amzn-requestid: f6a3f0f3-d91b-4f4d-8265-0f87742ba5d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFeBFX4oAMFfpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd82bf-5808ceec265756c702d212dc;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:55:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: WWjzs8W8GmSAM0-Uc8XBTxz67RJJCIzp3fBYhkoIWZ26UrobmZV8mw==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:28:17 GMT
age: 34899
etag: "2b1982d21321071394e363888e007598e968fb35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

21426.url.tudown.com/uploads/images/447099.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/447099.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/447099.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2137406555,4096306465&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=436

21426.url.tudown.com/uploads/images/227157.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/227157.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/227157.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1783721675,635933565&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753

21426.url.tudown.com/uploads/images/68813.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/68813.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/68813.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2848506614,1597189311&fm=224&app=112&f=PNG?w=500&h=500

21426.url.tudown.com/uploads/images/583191.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/583191.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/583191.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093

21426.url.tudown.com/uploads/images/27111.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/27111.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/27111.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1962900692,349528856&fm=224&app=112&f=JPEG?w=500&h=500&s=78F6209E000522F85296FD760300B069

21426.url.tudown.com/uploads/images/757709.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/757709.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/757709.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2199658093,3860547960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
fd85c457807ba420192d9fdb1e3b2e76
1309191996088c5e1bce3f6d5ca5b8ea2ff489ad
7d1c4dba2f7a95c9ec75b4f5abeb2b9d66abc8650424b896152f4d27fd3b4a8c

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 06:27:25 GMT
ETag: "1309191996088c5e1bce3f6d5ca5b8ea2ff489ad"
Last-Modified: Sat, 04 Feb 2023 06:27:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3489
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7941ed54aac40b31-OSL

21426.url.tudown.com/uploads/images/306672.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/306672.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/306672.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3206076334,524043272&fm=253&app=120&f=JPEG?w=1280&h=800

21426.url.tudown.com/uploads/images/15613.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/15613.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/15613.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1703669981,2176740673&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333

21426.url.tudown.com/uploads/images/491531.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/491531.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/491531.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1072862072,1898667836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=588

21426.url.tudown.com/uploads/images/384256.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/384256.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/384256.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2721007798,1536758920&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=240

21426.url.tudown.com/uploads/images/logo.png?n=5gmjz2mywps3raxfrsc6ri4f4weln2maudsy5aq&w=250

154.218.151.71

200 OK

3.5 kB

URL HTTP/1.1
21426.url.tudown.com/uploads/images/logo.png?n=5gmjz2mywps3raxfrsc6ri4f4weln2maudsy5aq&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3485 bytes)
Hash
54a0b5531a7677fa22acfb911c9cd66f
23117d308412030737b0baef4f1e139062397123
7f028ddfaab6034bada7cf7c1d0c34d1c9bc578634bd26d45818edcc9dc7ccbd

HTTP Headers

GET /uploads/images/logo.png?n=5gmjz2mywps3raxfrsc6ri4f4weln2maudsy5aq&w=250 HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

21426.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2

154.218.151.71

200 OK

34 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/css//fonts/iconfont.woff2
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
34 kB (34152 bytes)
Hash
4b71dc63e73c3677474949ed2630926c
4ffbe3045ca427a777490f9275713d9fd9e96b5e
af2136d1cf04c05d9050f96fa0ea1311f1648ae7928924a245a3789f87c4deb8

HTTP Headers

GET /template/company/0302/css//fonts/iconfont.woff2 HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://21426.url.tudown.com/template/company/0302/css//style.css
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding

at.alicdn.com/t/font_1652089_tg0x7qv1f1.woff2

47.246.44.251

200 OK

1.0 kB

URL HTTP/1.1
at.alicdn.com/t/font_1652089_tg0x7qv1f1.woff2
IP
47.246.44.251:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
Web Open Font Format (Version 2), TrueType, length 1032, version 1.0\012- data
Size
1.0 kB (1032 bytes)
Hash
5011371b36b7287ee277dee3889c83f6
d8e51076284dd4265431a4d44025642da256a89e
ccc1ce96db7771bb8bb0e54318fd87ab463c24b2e6bf0d9826fb33b097b6233f

HTTP Headers

GET /t/font_1652089_tg0x7qv1f1.woff2 HTTP/1.1
Host: at.alicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://21426.url.tudown.com
Connection: keep-alive
Referer: http://21426.url.tudown.com/

HTTP/1.1 200 OK
Server: Tengine
Content-Type: font/woff2
Content-Length: 1032
Connection: keep-alive
Date: Sat, 04 Feb 2023 08:09:57 GMT
x-oss-request-id: 63DE12D59DDDB03537FC9207
Vary: Origin
Accept-Ranges: bytes
ETag: "5011371B36B7287EE277DEE3889C83F6"
Last-Modified: Fri, 24 Dec 2021 17:00:24 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 16100374768313971226
x-oss-storage-class: Standard
Cache-Control: max-age=63072000
Content-MD5: UBE3Gza3KH7id97jiJyD9g==
x-oss-server-time: 47
Ali-Swift-Global-Savetime: 1675498197
Via: cache13.l2us1[484,484,200-0,M], cache23.l2us1[485,0], cache3.se1[585,584,200-0,M], cache5.se1[587,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 08:09:57 GMT
X-Swift-CacheTime: 31104000
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62c9916754981969836969e

21426.url.tudown.com/uploads/images/383801.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/383801.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/383801.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2999582254,2869472530&fm=224&app=112&f=JPEG?w=500&h=500

21426.url.tudown.com/uploads/images/956147.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/956147.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/956147.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1094340344,855539174&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=676

21426.url.tudown.com/uploads/images/837386.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/837386.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/837386.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=59549531,2692727658&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=200

21426.url.tudown.com/uploads/images/435583.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/435583.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/435583.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3949420600,2442572290&fm=253&app=120&f=JPEG?w=1422&h=800

21426.url.tudown.com/uploads/images/937967.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/937967.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/937967.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=359193520,2939900075&fm=224&app=112&f=JPEG?w=500&h=500

21426.url.tudown.com/uploads/images/521423.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/521423.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/521423.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=16218521,333722630&fm=224&app=112&f=JPEG?w=397&h=500

21426.url.tudown.com/uploads/images/693710.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/693710.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/693710.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=86110167,2849203977&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

21426.url.tudown.com/uploads/images/108997.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/108997.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/108997.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500

21426.url.tudown.com/uploads/images/535120.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/535120.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/535120.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500

21426.url.tudown.com/uploads/images/877797.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/877797.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/877797.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4152553465,2571926182&fm=253&fmt=auto&app=138&f=JPEG?w=413&h=620

21426.url.tudown.com/uploads/images/494527.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/494527.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/494527.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=124404
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:09:58 GMT
Etag: "63dd55ca-1d7"
Expires: Sun, 05 Feb 2023 18:43:22 GMT
Last-Modified: Fri, 03 Feb 2023 18:43:22 GMT
Server: nginx
Content-Length: 471

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1682
Cache-Control: max-age=126086
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:09:58 GMT
Etag: "63dd55ca-1d7"
Expires: Sun, 05 Feb 2023 19:11:24 GMT
Last-Modified: Fri, 03 Feb 2023 18:43:22 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471

21426.url.tudown.com/uploads/images/169739.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/169739.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/169739.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4122408476,2975001452&fm=224&app=112&f=JPEG?w=500&h=500

21426.url.tudown.com/uploads/images/651622.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/651622.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/651622.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=334040582,3735622414&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=124404
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:09:58 GMT
Etag: "63dd55ca-1d7"
Expires: Sun, 05 Feb 2023 18:43:22 GMT
Last-Modified: Fri, 03 Feb 2023 18:43:22 GMT
Server: nginx
Content-Length: 471

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
d7edbcf234b303926dfdc1a9376eeaf2
1115101d92806d2f1bf8c0ef76f23432fa73b4f3
e732a8b293efb2448a5ae3afb6351f4dc21730ecde9a00d93b4046ff1f03de6b

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://21426.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 08:09:57 GMT
Etag: 4c0733546c5b36c82e86251c18d1cedb
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=07D4219424EBA3FE; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

21426.url.tudown.com/uploads/images/466236.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/466236.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/466236.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1364284388,198794146&fm=253&fmt=auto&app=138&f=GIF?w=500&h=691

21426.url.tudown.com/uploads/images/168036.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/168036.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/168036.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1658491064,4170403912&fm=224&app=112&f=JPEG?w=401&h=500

hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?71b36f22c21839fd7a38e40d68b92934
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (624)
Size
11 kB (11262 bytes)
Hash
af2c4ce5614d738ddf54be486bad99b9
869cbc2a4da9866e4980b9bdb0d181b91127c1a4
a9a4eb52d331cb4d64b1eb704b88ad6a89c1ec8052c36bf2a0578798aa1b35fe

HTTP Headers

GET /hm.js?71b36f22c21839fd7a38e40d68b92934 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://21426.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11262
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 08:09:57 GMT
Etag: 349ab1115b22db3ae139fe24c37259a0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=19E0C2B70ED94234; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

21426.url.tudown.com/template/company/0302/css//fonts/iconfont.woff

154.218.151.71

200 OK

34 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/css//fonts/iconfont.woff
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
34 kB (34076 bytes)
Hash
4e13b56f7571724d33151ac6091f2b51
6978ef3e934f8c20af109645395ea9d93304d5f2
317171bfd7287cac511da12996fb3637114e728bd3f7ebb9efa1e748f629f4e2

HTTP Headers

GET /template/company/0302/css//fonts/iconfont.woff HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://21426.url.tudown.com/template/company/0302/css//style.css
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding

21426.url.tudown.com/uploads/images/633916.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/633916.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/633916.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422

t15.baidu.com/it/u=1962900692,349528856&fm=224&app=112&f=JPEG?w=500&h=500&s=78F6209E000522F85296FD760300B069

185.10.104.124

200 OK

42 kB

URL HTTP/1.1
t15.baidu.com/it/u=1962900692,349528856&fm=224&app=112&f=JPEG?w=500&h=500&s=78F6209E000522F85296FD760300B069
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
42 kB (42241 bytes)
Hash
84e81a969f5457e35889bca98ca398c5
b6044f4b5a7024af76caecd2b8a5baccc1054f80
a9f9957d0197d2855bcd4070ca874f309fa3197f3f1917581e3f824ceed008cd

HTTP Headers

GET /it/u=1962900692,349528856&fm=224&app=112&f=JPEG?w=500&h=500&s=78F6209E000522F85296FD760300B069 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 42241
Connection: keep-alive
Expires: Wed, 22 Feb 2023 14:00:16 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 84e81a969f5457e35889bca98ca398c5
Age: 991609
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 14:00:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache50 [2], wzix50 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 42241
X-Cache-Status: HIT
Timing-Allow-Origin: *

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e425d8f9e367de5af66503bc3e0e27b8
05b44906cbeb26e8515afbf78519e70e26fae4ee
9c792ca2e2db616bb44b4bea2d4e3229047698321c791e6b5907bf9bf026fc95

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=124404
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2023 08:09:58 GMT
Etag: "63dd55ca-1d7"
Expires: Sun, 05 Feb 2023 18:43:22 GMT
Last-Modified: Fri, 03 Feb 2023 18:43:22 GMT
Server: nginx
Content-Length: 471

t15.baidu.com/it/u=16218521,333722630&fm=224&app=112&f=JPEG?w=397&h=500

185.10.104.124

200 OK

49 kB

URL HTTP/1.1
t15.baidu.com/it/u=16218521,333722630&fm=224&app=112&f=JPEG?w=397&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 397x500, components 3\012- data
Size
49 kB (48848 bytes)
Hash
4da62e1ead068b80047ec33317b75fb5
398dac3e27dc25660e41575b011226e4e99beb9b
63d75015c715143a90ad7ed283d4b312068f8ac3faa0438d33ee041772f5a87b

HTTP Headers

GET /it/u=16218521,333722630&fm=224&app=112&f=JPEG?w=397&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 48848
Connection: keep-alive
Expires: Sun, 05 Feb 2023 14:45:32 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 4da62e1ead068b80047ec33317b75fb5
Age: 2024608
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 14:45:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache54 [4], xaix127 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 48848
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=359193520,2939900075&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

47 kB

URL HTTP/1.1
t15.baidu.com/it/u=359193520,2939900075&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
47 kB (47234 bytes)
Hash
fa144cc53688a22c5839bbff31f38afd
72c36eb96ef7e9cde7c2e1eb7745eff21272ce60
305bd100736f21f4f38ff1305f560b868bf700ab62ba3acc6f7d52553d467129

HTTP Headers

GET /it/u=359193520,2939900075&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 47234
Connection: keep-alive
Expires: Wed, 08 Feb 2023 10:44:39 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: fa144cc53688a22c5839bbff31f38afd
Age: 2025465
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 10:44:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache54 [1], bdix68 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 47234
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

60 kB

URL HTTP/1.1
t15.baidu.com/it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
60 kB (59853 bytes)
Hash
332a195c9bc9c9ea18b527cb53535dca
792d0e5893a32fa7cfe38a7e17b503a1506dc72c
55a03c97a93b477cea6480796fc9ed11a169e721046477c52755a6f3f127a54b

HTTP Headers

GET /it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 59853
Connection: keep-alive
Expires: Sun, 26 Feb 2023 01:54:34 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 332a195c9bc9c9ea18b527cb53535dca
Age: 364752
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 01:54:34 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache59 [1], xaix95 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 59853
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=2848506614,1597189311&fm=224&app=112&f=PNG?w=500&h=500

185.10.104.124

200 OK

415 kB

URL HTTP/1.1
t14.baidu.com/it/u=2848506614,1597189311&fm=224&app=112&f=PNG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
415 kB (414586 bytes)
Hash
8e1d1d3377242616425688dbe49b9693
7870c9ec53555bb660fd09caebc44d235d10b839
dcf08f0437cdb4d1f41237b82aea3267bcfedef817e4cd4029932b3ae1fd76a3

HTTP Headers

GET /it/u=2848506614,1597189311&fm=224&app=112&f=PNG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/png
Content-Length: 414586
Connection: keep-alive
Expires: Wed, 08 Feb 2023 11:29:21 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 8e1d1d3377242616425688dbe49b9693
Age: 2027082
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 11:29:21 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], xzuncache57 [1], xaix57 [3]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 414586
X-Cache-Status: HIT
Timing-Allow-Origin: *

img.yingyongge.com/wp-content/uploads/apk.png

47.75.18.176

404 Not Found

264 B

URL HTTP/1.1
img.yingyongge.com/wp-content/uploads/apk.png
IP
47.75.18.176:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
XML 1.0 document text\012- XML document, ASCII text
Size
264 B (264 bytes)
Hash
3322bf970b845964e5105557d69d90fb
36abc838a8f8ef6b6c3d55df822211fcde847dd4
a9c1cca48a5a52b2ff6fce33131fe3ecf46cad348ff48b8b87794214b17135d2

HTTP Headers

GET /wp-content/uploads/apk.png HTTP/1.1
Host: img.yingyongge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://21426.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: AliyunOSS
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: application/xml
Content-Length: 264
Connection: keep-alive
x-oss-request-id: 63DE12D6D0409B393122F7E0
x-oss-server-time: 8

img.yingyongge.com/wp-content/uploads/ios.png

47.75.18.176

404 Not Found

264 B

URL HTTP/1.1
img.yingyongge.com/wp-content/uploads/ios.png
IP
47.75.18.176:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
XML 1.0 document text\012- XML document, ASCII text
Size
264 B (264 bytes)
Hash
9a658faa8a824bcece73605f4dddac81
82b8ca5d81a4227c8e18cf13b545f8820cb3067e
99f38d400fc4540640ce264c69ced629990ece113744f20de7ef239e67c7e020

HTTP Headers

GET /wp-content/uploads/ios.png HTTP/1.1
Host: img.yingyongge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://21426.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 404 Not Found
Server: AliyunOSS
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: application/xml
Content-Length: 264
Connection: keep-alive
x-oss-request-id: 63DE12D6DA8A7930355560FF
x-oss-server-time: 4

t14.baidu.com/it/u=1658491064,4170403912&fm=224&app=112&f=JPEG?w=401&h=500

185.10.104.124

200 OK

29 kB

URL HTTP/1.1
t14.baidu.com/it/u=1658491064,4170403912&fm=224&app=112&f=JPEG?w=401&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 401x500, components 3\012- data
Size
29 kB (29329 bytes)
Hash
debb65dbff027286be526682d8369ce3
69befa1f0bf59ad4ca810c3646c9d43bf8da23f0
43761587ee1722e0b2895706be9f257448c9f71b87ebf017a063ef680b0e6b37

HTTP Headers

GET /it/u=1658491064,4170403912&fm=224&app=112&f=JPEG?w=401&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 29329
Connection: keep-alive
Expires: Fri, 10 Feb 2023 02:46:15 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: debb65dbff027286be526682d8369ce3
Age: 2026078
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 02:46:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache64 [2], czix164 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 29329
X-Cache-Status: HIT
Timing-Allow-Origin: *

21426.url.tudown.com/uploads/images/915009.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/915009.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/915009.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=923650067,1582786918&fm=224&app=112&f=JPEG?w=500&h=500&s=D89CFCB218564FEF46A0217103005072

21426.url.tudown.com/uploads/images/211800.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/211800.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/211800.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1788862553,3012281700&fm=253&fmt=auto?w=240&h=180

t14.baidu.com/it/u=923650067,1582786918&fm=224&app=112&f=JPEG?w=500&h=500&s=D89CFCB218564FEF46A0217103005072

185.10.104.124

200 OK

61 kB

URL HTTP/1.1
t14.baidu.com/it/u=923650067,1582786918&fm=224&app=112&f=JPEG?w=500&h=500&s=D89CFCB218564FEF46A0217103005072
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
61 kB (61059 bytes)
Hash
fe525d3e114b4bc6e7bb6d73d8637be1
4e4038a96bfa1effa5d6e3e4991105c65cf6545a
d78dd2fbe12416f091c8c61f74d585d7f4e08e43c2acd65a56add649457e084e

HTTP Headers

GET /it/u=923650067,1582786918&fm=224&app=112&f=JPEG?w=500&h=500&s=D89CFCB218564FEF46A0217103005072 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 61059
Connection: keep-alive
Expires: Thu, 02 Mar 2023 17:12:29 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: fe525d3e114b4bc6e7bb6d73d8637be1
Age: 190292
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 17:12:29 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache62 [4], csix107 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 61059
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=4122408476,2975001452&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

38 kB

URL HTTP/1.1
t14.baidu.com/it/u=4122408476,2975001452&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
38 kB (37860 bytes)
Hash
62c06ca01cb2577770747a9e998c09d3
f3501afd1077bc2f93c685cf14686d38750d6a61
b3fc231fe03e429e41ca81fdc965b76a0b308f184fbecc898e3efb786523d3d3

HTTP Headers

GET /it/u=4122408476,2975001452&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 37860
Connection: keep-alive
Expires: Mon, 06 Feb 2023 18:53:23 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 62c06ca01cb2577770747a9e998c09d3
Age: 2026767
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 18:53:23 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache59 [4], xiangyix221 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 37860
X-Cache-Status: HIT
Timing-Allow-Origin: *

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1249593159&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=30423&r=0&ww=1280&u=http%3A%2F%2F21426.url.tudown.com%2Fxiaz%2F%25E4%25B8%2587%25E8%2583%25BD%25E7%25BD%2591%25E5%258D%25A1%25E9%25A9%25B1%25E5%258A%25A8forwin1064bitv2018.01.24.1733%40719_271513.exe&tt=Ag%E4%BA%9A%E6%B4%B2%E6%B8%B8%E6%88%8F(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1249593159&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=30423&r=0&ww=1280&u=http%3A%2F%2F21426.url.tudown.com%2Fxiaz%2F%25E4%25B8%2587%25E8%2583%25BD%25E7%25BD%2591%25E5%258D%25A1%25E9%25A9%25B1%25E5%258A%25A8forwin1064bitv2018.01.24.1733%40719_271513.exe&tt=Ag%E4%BA%9A%E6%B4%B2%E6%B8%B8%E6%88%8F(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1249593159&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=30423&r=0&ww=1280&u=http%3A%2F%2F21426.url.tudown.com%2Fxiaz%2F%25E4%25B8%2587%25E8%2583%25BD%25E7%25BD%2591%25E5%258D%25A1%25E9%25A9%25B1%25E5%258A%25A8forwin1064bitv2018.01.24.1733%40719_271513.exe&tt=Ag%E4%BA%9A%E6%B4%B2%E6%B8%B8%E6%88%8F(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://21426.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 08:09:58 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F7A9E36A64AF358B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

t13.baidu.com/it/u=2999582254,2869472530&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

46 kB

URL HTTP/1.1
t13.baidu.com/it/u=2999582254,2869472530&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
46 kB (45738 bytes)
Hash
0763f480a22ca010bcd5dcfe8f288412
6b37f8d6270986a82afd66f3146b5b0690656ac0
ce14be0fa49272f92f2ec54e56f5f7d5b4332b5e51dad9010bdb2a526f26a999

HTTP Headers

GET /it/u=2999582254,2869472530&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 45738
Connection: keep-alive
Expires: Mon, 06 Feb 2023 21:28:50 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 0763f480a22ca010bcd5dcfe8f288412
Age: 1959677
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 21:28:50 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache62 [1], qdix162 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 45738
X-Cache-Status: HIT
Timing-Allow-Origin: *

21426.url.tudown.com/uploads/images/46221.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/46221.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/46221.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2245729360,3478553822&fm=253&fmt=auto&app=120&f=JPEG?w=350&h=350

t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093

185.10.104.124

200 OK

52 kB

URL HTTP/1.1
t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
52 kB (51976 bytes)
Hash
69f46be60272b10aab2918436b83cee9
d1d70dfaf08126eeb5329a29d70a398c50bd9673
c0523ac0b6bd671c82e3d0842b94b42f1a1764e09e8934dd935123f247e38bc4

HTTP Headers

GET /it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 51976
Connection: keep-alive
Expires: Sun, 12 Feb 2023 08:55:39 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 69f46be60272b10aab2918436b83cee9
Age: 1861438
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 08:55:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache65 [1], suzix207 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51976
X-Cache-Status: HIT
Timing-Allow-Origin: *

21426.url.tudown.com/uploads/images/39152.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/39152.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/39152.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3147742287,2683026221&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

21426.url.tudown.com/uploads/images/869225.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/869225.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/869225.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3084522320,777156884&fm=224&app=112&f=JPEG?w=500&h=500

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=671195154&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=30423&r=0&ww=1280&u=http%3A%2F%2F21426.url.tudown.com%2Fxiaz%2F%25E4%25B8%2587%25E8%2583%25BD%25E7%25BD%2591%25E5%258D%25A1%25E9%25A9%25B1%25E5%258A%25A8forwin1064bitv2018.01.24.1733%40719_271513.exe&tt=Ag%E4%BA%9A%E6%B4%B2%E6%B8%B8%E6%88%8F(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=671195154&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=30423&r=0&ww=1280&u=http%3A%2F%2F21426.url.tudown.com%2Fxiaz%2F%25E4%25B8%2587%25E8%2583%25BD%25E7%25BD%2591%25E5%258D%25A1%25E9%25A9%25B1%25E5%258A%25A8forwin1064bitv2018.01.24.1733%40719_271513.exe&tt=Ag%E4%BA%9A%E6%B4%B2%E6%B8%B8%E6%88%8F(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=671195154&si=71b36f22c21839fd7a38e40d68b92934&v=1.3.0&lv=1&sn=30423&r=0&ww=1280&u=http%3A%2F%2F21426.url.tudown.com%2Fxiaz%2F%25E4%25B8%2587%25E8%2583%25BD%25E7%25BD%2591%25E5%258D%25A1%25E9%25A9%25B1%25E5%258A%25A8forwin1064bitv2018.01.24.1733%40719_271513.exe&tt=Ag%E4%BA%9A%E6%B4%B2%E6%B8%B8%E6%88%8F(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://21426.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 08:09:58 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7792B85E4FFD4082; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img0.baidu.com/it/u=4152553465,2571926182&fm=253&fmt=auto&app=138&f=JPEG?w=413&h=620

113.219.142.35

200 OK

12 kB

URL HTTP/2
img0.baidu.com/it/u=4152553465,2571926182&fm=253&fmt=auto&app=138&f=JPEG?w=413&h=620
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 413x620, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11620 bytes)
Hash
73c8eac7ff96d5461fd63429e0379a5c
3407f2b4abf6a92f7f7ac0b39d6bb4958a22b347
4f726e66461f196bdf401359deeb8860e60a9664bed93ddbf68cd7e5453361e6

HTTP Headers

GET /it/u=4152553465,2571926182&fm=253&fmt=auto&app=138&f=JPEG?w=413&h=620 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 11620
expires: Thu, 02 Mar 2023 02:38:16 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 73c8eac7ff96d5461fd63429e0379a5c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 02:38:16 GMT
ohc-cache-hit: chenzct59 [1], csix59 [4]
ohc-file-size: 11620
x-cache-status: MISS
X-Firefox-Spdy: h2

t15.baidu.com/it/u=3084522320,777156884&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

49 kB

URL HTTP/1.1
t15.baidu.com/it/u=3084522320,777156884&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
49 kB (48827 bytes)
Hash
25c5db0db4ff083f25ece9c625aa11fe
b68b298dd0901f24367724a24462d713c6112d80
a727347a8c9326c6bc4fe4e2e372dbd01b437776c714e11bfd12d68ee72921f7

HTTP Headers

GET /it/u=3084522320,777156884&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpeg
Content-Length: 48827
Connection: keep-alive
Expires: Sun, 05 Feb 2023 11:10:37 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 25c5db0db4ff083f25ece9c625aa11fe
Age: 2025376
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 11:10:37 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache61 [4], suzix184 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 48827
X-Cache-Status: HIT
Timing-Allow-Origin: *

img0.baidu.com/it/u=1788862553,3012281700&fm=253&fmt=auto?w=240&h=180

113.219.142.35

200 OK

4.6 kB

URL HTTP/2
img0.baidu.com/it/u=1788862553,3012281700&fm=253&fmt=auto?w=240&h=180
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 240x180, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.6 kB (4622 bytes)
Hash
0be5d972f7d6ac2ab462977d1e78000e
88176387a86e689db7f0553d1a09956723bbe06a
145b4a25f40f38a90d3e3e8382f6cb5c2083907c0f903a9e0b0b5b2d3400d89e

HTTP Headers

GET /it/u=1788862553,3012281700&fm=253&fmt=auto?w=240&h=180 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 4622
expires: Thu, 23 Feb 2023 00:36:51 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0be5d972f7d6ac2ab462977d1e78000e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 00:36:51 GMT
ohc-cache-hit: chenzct82 [1], bdix189 [4]
ohc-file-size: 4622
x-cache-status: MISS
X-Firefox-Spdy: h2

21426.url.tudown.com/uploads/images/664482.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/664482.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/664482.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2379956074,1169273549&fm=253&fmt=auto&app=138&f=JPEG?w=422&h=500

21426.url.tudown.com/uploads/images/741344.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/741344.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/741344.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=927344494,1003611236&fm=253&fmt=auto&app=138&f=JPEG?w=891&h=500

img1.baidu.com/it/u=86110167,2849203977&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

125.64.104.35

200 OK

39 kB

URL HTTP/2
img1.baidu.com/it/u=86110167,2849203977&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
39 kB (38622 bytes)
Hash
e680b47e00be3d29d64d7a0db8bf1985
a5310cd053e3bc09aaa04926b251d1fdd85aed6e
b2beec2b73ccbcc9cc470232a573aed753f8ed297673fecc9eaeaa3b23614177

HTTP Headers

GET /it/u=86110167,2849203977&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 38622
expires: Tue, 28 Feb 2023 01:27:00 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: e680b47e00be3d29d64d7a0db8bf1985
age: 84109
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 01:27:00 GMT
ohc-cache-hit: dy2ct71 [4], wzix71 [4]
ohc-file-size: 38622
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2199658093,3860547960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313

125.64.104.35

200 OK

20 kB

URL HTTP/2
img1.baidu.com/it/u=2199658093,3860547960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x313, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20408 bytes)
Hash
47ad6cc1b07f19953b54e7d08cd2ee1b
9181bf6020a72d36140642354f4e8b32052519dd
54a6a9c78f576c85e1702c7d0dd15260844e309c200ef492d4de8be3f0e788b9

HTTP Headers

GET /it/u=2199658093,3860547960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=313 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 20408
expires: Tue, 21 Feb 2023 01:40:10 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 47ad6cc1b07f19953b54e7d08cd2ee1b
age: 54463
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 01:40:10 GMT
ohc-cache-hit: dy2ct99 [4], suzix136 [4]
ohc-file-size: 20408
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3949420600,2442572290&fm=253&app=120&f=JPEG?w=1422&h=800

125.64.104.35

200 OK

113 kB

URL HTTP/1.1
img1.baidu.com/it/u=3949420600,2442572290&fm=253&app=120&f=JPEG?w=1422&h=800
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
113 kB (113066 bytes)
Hash
40a408010d4c99edc434f632ef278ca4
aea17995f037c2a873b4bc8f6fe2e6f3a5c1cf27
e45e3c035d4eb5b5c887298b190effff6ac37ba34134e71b2bb5d7af153983b5

HTTP Headers

GET /it/u=3949420600,2442572290&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 113066
Connection: keep-alive
Expires: Mon, 06 Feb 2023 06:49:06 GMT
Last-Modified: Fri, 16 Jan 1970 00:00:00 GMT
ETag: 40a408010d4c99edc434f632ef278ca4
Age: 86526
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 06:49:06 GMT
Ohc-Cache-HIT: dy2ct57 [4], xaix57 [4]
Ohc-File-Size: 113066
X-Cache-Status: HIT

21426.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf

154.218.151.71

200 OK

6.8 kB

URL HTTP/1.1
21426.url.tudown.com/template/company/0302/css//fonts/iconfont.ttf
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (729), with CRLF, LF line terminators
Size
6.8 kB (6797 bytes)
Hash
53fd7b2db1b9aa41e682ecf73a433d69
a38f24e7e6de9f74b84bb4419a1360c6a71f8e04
868c0325cf2cd6efa80f11878f3a4522464f7e171089ac5b039a6f37caa52b64

HTTP Headers

GET /template/company/0302/css//fonts/iconfont.ttf HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/template/company/0302/css//style.css
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675498233; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675498233; Hm_lvt_71b36f22c21839fd7a38e40d68b92934=1675498233; Hm_lpvt_71b36f22c21839fd7a38e40d68b92934=1675498233

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

21426.url.tudown.com/uploads/images/405480.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/405480.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/405480.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410

img0.baidu.com/it/u=3206076334,524043272&fm=253&app=120&f=JPEG?w=1280&h=800

113.219.142.35

200 OK

87 kB

URL HTTP/1.1
img0.baidu.com/it/u=3206076334,524043272&fm=253&app=120&f=JPEG?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
87 kB (87185 bytes)
Hash
bd5cf59a109aab296a1fa84f4efac928
5af1d2ff1320e373c09fa1b9c76f3ec124212f95
5f6cbad94100e88a9f8766d4d621660825657de86aa1238e8350e751ca0de208

HTTP Headers

GET /it/u=3206076334,524043272&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://21426.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 08:09:58 GMT
Content-Type: image/jpeg
Content-Length: 87185
Connection: keep-alive
Expires: Mon, 06 Mar 2023 08:09:58 GMT
Last-Modified: Sat, 03 Jan 1970 00:00:00 GMT
ETag: bd5cf59a109aab296a1fa84f4efac928
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 08:09:58 GMT
Ohc-Cache-HIT: chenzct63 [1], xiangyix164 [1]
Ohc-File-Size: 87185
X-Cache-Status: MISS

21426.url.tudown.com/uploads/images/450281.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/450281.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/450281.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4206873190,3004808356&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=300

21426.url.tudown.com/uploads/images/9107.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/9107.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/9107.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1121689686,3778806586&fm=253&fmt=auto&app=138&f=JPEG?w=566&h=500

img1.baidu.com/it/u=1703669981,2176740673&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333

125.64.104.35

200 OK

11 kB

URL HTTP/2
img1.baidu.com/it/u=1703669981,2176740673&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x333, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (11152 bytes)
Hash
2e14dbaea2e71c9cbd2b382ba2a50eb6
f8b5affd18a7147ef09c7f3df926316ad87559a1
bab1995f348c0211874d8441f5436fabb4ee1b4194214f13e5b4302e512faf4a

HTTP Headers

GET /it/u=1703669981,2176740673&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=333 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 11152
expires: Thu, 16 Feb 2023 17:09:59 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 2e14dbaea2e71c9cbd2b382ba2a50eb6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 17:09:59 GMT
ohc-cache-hit: dy2ct62 [1], csix62 [4]
ohc-file-size: 11152
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=59549531,2692727658&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=200

125.64.104.35

200 OK

9.4 kB

URL HTTP/2
img1.baidu.com/it/u=59549531,2692727658&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=200
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.4 kB (9354 bytes)
Hash
9605fbc942580af7f03c4fbee7e1e66f
be9d091c49bd0c16ee33edce45ca2e2c5cd553e8
f9633590c1a2f88b7321be4df97a24f2f0e1e84aa50d7269a9f435f9d76b9b6c

HTTP Headers

GET /it/u=59549531,2692727658&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=200 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 9354
expires: Wed, 22 Feb 2023 02:05:53 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 9605fbc942580af7f03c4fbee7e1e66f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:05:53 GMT
ohc-cache-hit: dy2ct109 [1], suzix215 [4]
ohc-file-size: 9354
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1094340344,855539174&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=676

125.64.104.35

200 OK

22 kB

URL HTTP/2
img1.baidu.com/it/u=1094340344,855539174&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=676
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x676, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22482 bytes)
Hash
3362514ad3bf7be6c10a574c13b8f9ff
4381a583c1d1dd0d14d557156118fee85833f2d9
a8a9359d1eb11bb2d0e4cf7ae813240be6b0a7dd7dc0ed899fba01b9ef667166

HTTP Headers

GET /it/u=1094340344,855539174&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=676 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 22482
expires: Wed, 22 Feb 2023 02:34:19 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3362514ad3bf7be6c10a574c13b8f9ff
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:34:19 GMT
ohc-cache-hit: dy2ct116 [1], qdix142 [4]
ohc-file-size: 22482
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500

42.101.56.35

200 OK

39 kB

URL HTTP/2
img2.baidu.com/it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 362x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
39 kB (39240 bytes)
Hash
c04cd35e3b7220c37852f0895289c8eb
de893f6c029cda5837965356a06d7234b2c42308
2f9fe4c3c2e39ef66408e6f91e8d31e55521b5e6903776d30f1a6fc940bff8bf

HTTP Headers

GET /it/u=4252571863,1839450856&fm=253&fmt=auto&app=138&f=JPEG?w=362&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 39240
expires: Sun, 19 Feb 2023 05:33:28 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: c04cd35e3b7220c37852f0895289c8eb
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 05:33:28 GMT
ohc-cache-hit: hrb4ct76 [1], qdix76 [2]
ohc-file-size: 39240
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=1072862072,1898667836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=588

42.101.56.35

200 OK

18 kB

URL HTTP/2
img2.baidu.com/it/u=1072862072,1898667836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=588
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x588, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (18280 bytes)
Hash
e27ba8b4252fd549c0d45b18af8da88f
454082e6926cb24d305d7dd9ef7a5e79f07972f8
524af69d83e2e124ffd46ca948a02468db2c39c40e0e2d176abeb8dc4c548de7

HTTP Headers

GET /it/u=1072862072,1898667836&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=588 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 18280
expires: Fri, 03 Mar 2023 07:20:31 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: e27ba8b4252fd549c0d45b18af8da88f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 07:20:31 GMT
ohc-cache-hit: hrb4ct51 [2], csix51 [2]
ohc-file-size: 18280
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=334040582,3735622414&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

113.219.142.35

200 OK

11 kB

URL HTTP/2
img0.baidu.com/it/u=334040582,3735622414&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (11068 bytes)
Hash
3b1d62bdc1cb20d9bdefc1b3b78356ec
2b7d7e4fa6404d2075ef162b75a7c625db26e2d9
70f68abd6972d25c44c3d67620ad0f0f190c97523c975c36670c44d5e217e7b2

HTTP Headers

GET /it/u=334040582,3735622414&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 11068
expires: Sat, 04 Mar 2023 03:01:32 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 3b1d62bdc1cb20d9bdefc1b3b78356ec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 03:01:32 GMT
ohc-cache-hit: chenzct74 [1], xiangyix155 [2]
ohc-file-size: 11068
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1783721675,635933565&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753

113.219.142.35

200 OK

27 kB

URL HTTP/2
img0.baidu.com/it/u=1783721675,635933565&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x753, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (27114 bytes)
Hash
b17ce1899916b9599538d6327c66232f
03acc9318ee66e9709aa4d13af10a549e4f40d6a
2ee776a46276f9b77abd68d07408c630b90add59878c3303e6037d1a590ebc7b

HTTP Headers

GET /it/u=1783721675,635933565&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=753 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 27114
expires: Tue, 21 Feb 2023 21:31:51 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: b17ce1899916b9599538d6327c66232f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 21:31:51 GMT
ohc-cache-hit: chenzct54 [1], suzix221 [4]
ohc-file-size: 27114
x-cache-status: MISS
X-Firefox-Spdy: h2

21426.url.tudown.com/uploads/images/813642.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/813642.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/813642.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3475017141,1283094648&fm=253&fmt=auto?w=1422&h=800

21426.url.tudown.com/uploads/images/981126.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
21426.url.tudown.com/uploads/images/981126.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/981126.jpg HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 08:09:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=580850201,2848496032&fm=253&fmt=auto&app=120&f=JPEG?w=634&h=441

img1.baidu.com/it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499

125.64.104.35

200 OK

36 kB

URL HTTP/2
img1.baidu.com/it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 359x499, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
36 kB (35920 bytes)
Hash
2edf5f2a8b439035ecf1434e9b831b58
16b6c9f4d07f4926afee248d63f203260418f5ee
9d13a90fffc9504eec8cb9cadf0f23423628c77f7f957b86e0cd61039588c701

HTTP Headers

GET /it/u=4286396864,596511379&fm=253&fmt=auto&app=138&f=JPEG?w=359&h=499 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:58 GMT
content-type: image/webp
content-length: 35920
expires: Mon, 06 Feb 2023 09:41:30 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 2edf5f2a8b439035ecf1434e9b831b58
age: 14473
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 09:41:30 GMT
ohc-cache-hit: dy2ct59 [4], csix59 [4]
ohc-file-size: 35920
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2379956074,1169273549&fm=253&fmt=auto&app=138&f=JPEG?w=422&h=500

125.64.104.35

200 OK

37 kB

URL HTTP/2
img1.baidu.com/it/u=2379956074,1169273549&fm=253&fmt=auto&app=138&f=JPEG?w=422&h=500
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 422x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
37 kB (37232 bytes)
Hash
773212806f6e0a668d1c862591e78bec
4be66718cb6d4b6d574aa8b4152d4039dc23930e
7154be577be6eefff1426e07b7b44599a94bd28aef76ba9ff71aeea25e24046e

HTTP Headers

GET /it/u=2379956074,1169273549&fm=253&fmt=auto&app=138&f=JPEG?w=422&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 37232
expires: Mon, 20 Feb 2023 11:09:01 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 773212806f6e0a668d1c862591e78bec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 11:09:01 GMT
ohc-cache-hit: dy2ct62 [1], xaix62 [4]
ohc-file-size: 37232
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=4206873190,3004808356&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=300

125.64.104.35

200 OK

5.0 kB

URL HTTP/2
img1.baidu.com/it/u=4206873190,3004808356&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=300
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 440x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.0 kB (4950 bytes)
Hash
8b373439782959471ae685561e2531ce
e3a8c30634358a48c0d915c26075ce18d1412f80
6ee68d03df7bb7128f42f58c7aa43b69fe135bbf51dd8f9fa1e9b25cd4da3db0

HTTP Headers

GET /it/u=4206873190,3004808356&fm=253&fmt=auto&app=138&f=JPEG?w=440&h=300 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 4950
expires: Thu, 16 Feb 2023 10:08:19 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 8b373439782959471ae685561e2531ce
age: 85065
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 10:08:19 GMT
ohc-cache-hit: dy2ct68 [4], czix68 [4]
ohc-file-size: 4950
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2245729360,3478553822&fm=253&fmt=auto&app=120&f=JPEG?w=350&h=350

42.101.56.35

200 OK

28 kB

URL HTTP/2
img2.baidu.com/it/u=2245729360,3478553822&fm=253&fmt=auto&app=120&f=JPEG?w=350&h=350
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 350x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (27932 bytes)
Hash
a97e30bc8813f957c1facbe95c450a5c
f33740da46df1612ef78cfe5520f8a4f1144c177
e12e80700147fdbd11d76420c6f1aaec240dc26491b01a9c55c7911c2e705ab4

HTTP Headers

GET /it/u=2245729360,3478553822&fm=253&fmt=auto&app=120&f=JPEG?w=350&h=350 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 27932
expires: Tue, 14 Feb 2023 02:43:29 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: a97e30bc8813f957c1facbe95c450a5c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 02:43:29 GMT
ohc-cache-hit: hrb4ct66 [1], xiangyix178 [2]
ohc-file-size: 27932
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3475017141,1283094648&fm=253&fmt=auto?w=1422&h=800

125.64.104.35

200 OK

78 kB

URL HTTP/2
img1.baidu.com/it/u=3475017141,1283094648&fm=253&fmt=auto?w=1422&h=800
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
78 kB (77722 bytes)
Hash
0a465a305564290d68c5f0c0fc2e6c1c
36398a72f4a765727e897c3f20419b91663489f8
39fa2735b15d188f98927764ec4ae635236512813d701745960ffafc68b2be8d

HTTP Headers

GET /it/u=3475017141,1283094648&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 77722
expires: Sat, 04 Mar 2023 12:49:09 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 0a465a305564290d68c5f0c0fc2e6c1c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 12:49:09 GMT
ohc-cache-hit: dy2ct71 [1], wzix71 [4]
ohc-file-size: 77722
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=1364284388,198794146&fm=253&fmt=auto&app=138&f=GIF?w=500&h=691

42.101.56.35

200 OK

125 kB

URL HTTP/2
img2.baidu.com/it/u=1364284388,198794146&fm=253&fmt=auto&app=138&f=GIF?w=500&h=691
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
GIF image data, version 89a, 500 x 691\012- data
Size
125 kB (124740 bytes)
Hash
9eeb3aded8928c4ac87e9515b5945d39
014a8dfe45c4cfcff37f8a79e8c147c3e943637a
7d017fe93a6f0057bd32695f5de747068e3cc59e771f0209d292d58faf3290bc

HTTP Headers

GET /it/u=1364284388,198794146&fm=253&fmt=auto&app=138&f=GIF?w=500&h=691 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/gif
content-length: 124740
expires: Fri, 24 Feb 2023 09:08:52 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 9eeb3aded8928c4ac87e9515b5945d39
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 09:08:52 GMT
ohc-cache-hit: hrb4ct65 [1], wzix65 [4]
ohc-file-size: 124740
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2137406555,4096306465&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=436

42.101.56.35

200 OK

40 kB

URL HTTP/2
img2.baidu.com/it/u=2137406555,4096306465&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=436
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x436, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
40 kB (39878 bytes)
Hash
5b261fc4584a2a76bb908c9ef4b268e4
06ba86e8520251fb22aa5f3cb6ce3e04e9c5a117
827a8ddda1e73be44b46f7204b0a5ce97e003b77cea615273e940fced58c26db

HTTP Headers

GET /it/u=2137406555,4096306465&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=436 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 39878
expires: Fri, 10 Feb 2023 19:45:10 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 5b261fc4584a2a76bb908c9ef4b268e4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 19:45:10 GMT
ohc-cache-hit: hrb4ct78 [1], wzix98 [4]
ohc-file-size: 39878
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3147742287,2683026221&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

42.101.56.35

200 OK

9.2 kB

URL HTTP/2
img2.baidu.com/it/u=3147742287,2683026221&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.2 kB (9206 bytes)
Hash
9b73d4a05a965972980d12322e9cb382
a9fa48d0c251f077566e891f6db8ff73a29d7640
7b25e4e82a50f92fbdcaee9177d0d3f0de66571d6d89b570428eab3b43265169

HTTP Headers

GET /it/u=3147742287,2683026221&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 9206
expires: Sun, 12 Feb 2023 07:26:14 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 9b73d4a05a965972980d12322e9cb382
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 07:26:14 GMT
ohc-cache-hit: hrb4ct53 [1], wzix119 [4]
ohc-file-size: 9206
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410

42.101.56.35

200 OK

19 kB

URL HTTP/2
img2.baidu.com/it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410
IP
42.101.56.35:0
ASN
#137698 HaerbingHeilongjiang Province, P.R.China.

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 410x410, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19444 bytes)
Hash
af5a409edb2a104a6bfa09d94184e470
f2e028b0bb8d5ef75bc270a2d8937477e2af12d2
cf2188013c468d9137160a4e9e8eb8cccfbe931f309ed485bdb513474b8b2451

HTTP Headers

GET /it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 19444
expires: Tue, 14 Feb 2023 12:39:47 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: af5a409edb2a104a6bfa09d94184e470
age: 4580
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 12:39:47 GMT
ohc-cache-hit: hrb4ct76 [4], xaix76 [2]
ohc-file-size: 19444
x-cache-status: HIT
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422

113.219.142.35

200 OK

94 kB

URL HTTP/2
img0.baidu.com/it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x1422, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
94 kB (93736 bytes)
Hash
11bcb53531ca8d4f4e01b74408914190
e79aa2d657a5642d09531107897d44c4ee8a81b7
e82b314eb92093e3c3294d37dadde9edc5712fc14485a04e6fc9481bef9e01d7

HTTP Headers

GET /it/u=1838257260,3150999738&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=1422 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 93736
expires: Wed, 22 Feb 2023 12:47:59 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 11bcb53531ca8d4f4e01b74408914190
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 12:47:59 GMT
ohc-cache-hit: chenzct58 [1], qdix103 [2]
ohc-file-size: 93736
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=927344494,1003611236&fm=253&fmt=auto&app=138&f=JPEG?w=891&h=500

113.219.142.35

200 OK

56 kB

URL HTTP/2
img0.baidu.com/it/u=927344494,1003611236&fm=253&fmt=auto&app=138&f=JPEG?w=891&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 891x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
56 kB (55910 bytes)
Hash
09a0e4e41f951f15a6028a6b8786bfae
53fa883c15eba32fc17f9d261c0ceb71bb894eb1
10b05ac8596d18c7b63804264c198ea5c30da03323088ee01321383480164e13

HTTP Headers

GET /it/u=927344494,1003611236&fm=253&fmt=auto&app=138&f=JPEG?w=891&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 55910
expires: Sun, 19 Feb 2023 01:45:40 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 09a0e4e41f951f15a6028a6b8786bfae
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 01:45:40 GMT
ohc-cache-hit: chenzct87 [1], bdix141 [4]
ohc-file-size: 55910
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1121689686,3778806586&fm=253&fmt=auto&app=138&f=JPEG?w=566&h=500

113.219.142.35

200 OK

27 kB

URL HTTP/2
img0.baidu.com/it/u=1121689686,3778806586&fm=253&fmt=auto&app=138&f=JPEG?w=566&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 566x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (26768 bytes)
Hash
f1e570a8f7a4090e27fd21fd599f33f0
b40818689e82508241fab9be9a4d3acab2bdc928
63e62a0f924eb4b40a2363b58a4c7b03836cbdd4d68b0137b635b8d49d6a19c2

HTTP Headers

GET /it/u=1121689686,3778806586&fm=253&fmt=auto&app=138&f=JPEG?w=566&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 26768
expires: Fri, 10 Feb 2023 03:41:51 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: f1e570a8f7a4090e27fd21fd599f33f0
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 03:41:51 GMT
ohc-cache-hit: chenzct72 [1], suzix202 [4]
ohc-file-size: 26768
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2721007798,1536758920&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=240

113.219.142.35

200 OK

3.7 kB

URL HTTP/2
img0.baidu.com/it/u=2721007798,1536758920&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=240
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 310x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.7 kB (3700 bytes)
Hash
21db629d6c91488c6ebf82ea86310d2c
d6aaf745680218fbabb210151708c76b2e08fe34
c1c1f0047dee6bf6e414a39a561995a8f87660e71f06260e8fe35c64aaccd56a

HTTP Headers

GET /it/u=2721007798,1536758920&fm=253&fmt=auto&app=138&f=JPEG?w=310&h=240 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 3700
expires: Tue, 28 Feb 2023 03:37:20 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 21db629d6c91488c6ebf82ea86310d2c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 03:37:20 GMT
ohc-cache-hit: chenzct84 [1], xiangyix105 [4]
ohc-file-size: 3700
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=580850201,2848496032&fm=253&fmt=auto&app=120&f=JPEG?w=634&h=441

113.219.142.35

200 OK

32 kB

URL HTTP/2
img0.baidu.com/it/u=580850201,2848496032&fm=253&fmt=auto&app=120&f=JPEG?w=634&h=441
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 634x441, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31776 bytes)
Hash
3b3a41d049344ad6e8781f4994996c80
2ae64c92c984fd5e5a6d71437ee0a7a28fa22562
77e8884b7e8a87b9c0c2d0b1edb9b9edc37ad829031def464d0b0a1fc735b857

HTTP Headers

GET /it/u=580850201,2848496032&fm=253&fmt=auto&app=120&f=JPEG?w=634&h=441 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://21426.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 08:09:59 GMT
content-type: image/webp
content-length: 31776
expires: Sat, 04 Mar 2023 04:59:06 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 3b3a41d049344ad6e8781f4994996c80
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 04:59:06 GMT
ohc-cache-hit: chenzct74 [1], csix95 [4]
ohc-file-size: 31776
x-cache-status: MISS
X-Firefox-Spdy: h2

21426.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
21426.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 21426.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://21426.url.tudown.com/xiaz/%E4%B8%87%E8%83%BD%E7%BD%91%E5%8D%A1%E9%A9%B1%E5%8A%A8forwin1064bitv2018.01.24.1733@719_271513.exe
Cookie: __bid_n=1861b0d2b4fd529a314207; FPTOKEN=2gxwhywYpagzS70THD1juL5BZ/Prda/jlWsgLsuFz0lSaE/h2D5O7Wc7XXA7WncqBTFSf1wE0vrKbIjXqrYdksFx2seU5ow4/UM6KkLmXUDfWtg0Lsf77LZKdItTpLbOfz/2U8ac2H8MGS1wYNcDfS2EQbfS7YYf1hSwjLxV7IdRvPIFqALegVQlGKJyD5TMmnC4P9rFVJchXQj2u2AN4tkwcpQmtdLULHBJEWMkXN4cklY05QrW/7ZXSkWN8s/QyXnq1jxr1uFhqosUjTobaJmkXQGiyj01z54qOziFJqionDm1XZqoVRR0zOiOfYTMbs+A6cmxF98N2Si392y4Dsqgl9yUVaIK8/5hycQuWIYMuvugH/lgDzbZAKT+UOcjA0dmdmn46fZc8xNYBZfpnA==|HCKaeXLJGm4eNctoS9FkF+w86rBLgkL0dtnTGSNQnXE=|10|f523c139bcf75d372ff3585f24535ff0; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675498233; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675498233; Hm_lvt_71b36f22c21839fd7a38e40d68b92934=1675498233; Hm_lpvt_71b36f22c21839fd7a38e40d68b92934=1675498233

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 08:10:00 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (118)