Report - 12254.url.tudown.com/down/wbjj_2.81@376

Report Overview

Submitted URL
12254.url.tudown.com/down/wbjj_2.81@376_426.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-02-04 05:13:54
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
img0.baidu.com	50126	2021-03-25T13:17:59Z	2023-03-12T11:23:13Z	2.7 kB	199 kB	113.219.142.35
t14.baidu.com	32559	2021-01-22T21:20:42Z	2023-03-12T11:23:14Z	1.8 kB	229 kB	185.10.104.124
12254.url.tudown.com	unknown	2018-10-29T14:13:47Z	2023-02-20T04:35:24Z	49 kB	86 kB	154.218.151.71
push.zhanzhang.baidu.com	57139	2015-07-22T07:44:02Z	2023-03-13T05:37:01Z	290 B	750 B	182.61.201.94
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	1.3 kB	12 kB	103.235.46.191
img2.baidu.com	50786	2021-03-25T13:17:58Z	2023-03-12T11:23:13Z	5.1 kB	781 kB	58.42.14.35
s22.cnzz.com	87635	2012-05-30T12:09:17Z	2023-03-12T16:31:15Z	394 B	671 B	180.97.251.250
t13.baidu.com	32653	2021-01-09T14:57:25Z	2023-03-12T11:23:14Z	1.8 kB	272 kB	185.10.104.124
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.26.56.94
api.share.baidu.com	44629	2013-04-25T16:45:11Z	2023-03-13T05:37:01Z	362 B	114 B	182.61.240.101
s5.qhres2.com	unknown	2022-02-12T08:02:38Z	2023-03-12T10:46:21Z	298 B	1.1 kB	54.230.111.35
js.passport.qihucdn.com	273795	2014-08-12T03:08:07Z	2023-03-12T11:11:59Z	324 B	453 B	104.192.110.245
s.360.cn	19814	2012-07-10T18:01:51Z	2023-03-13T09:22:08Z	445 B	238 B	171.13.14.66
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	23.33.119.27
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.20.226
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	367 B	1.9 kB	104.18.20.226
img1.baidu.com	50158	2021-03-25T13:17:58Z	2023-03-12T11:23:15Z	5.5 kB	761 kB	58.42.14.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	12254.url.tudown.com/down/wbjj_2.81@376_426.exe	Malware
2023-02-04	medium	12254.url.tudown.com/js/orsxg5a.script	Malware
2023-02-04	medium	12254.url.tudown.com/template/company/42xz/js/soft.js	Malware
2023-02-04	medium	12254.url.tudown.com/template/company/42xz/js/jquery.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d	105 B	2023-03-07	2024-04-21
Pretty URL js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d IP 104.192.110.245 ASN #55992 Beijing Qihu Technology Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-21 21:29:48 Times Seen119 Hash 11073c47471f23e6e431ecbd0729bf6f 6282816610cdaef1512f1ac8457250763b6c147d 2b56ed0b00d15dde097595d4cc8e29e5f6053e6f6efdf8b3c13dfe7b9185b1f2 Loading...

	s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130	0 B	2023-03-07	2024-04-24
Pretty URL s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130 IP 180.97.251.250 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 22:55:09 Times Seen37049676 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-24
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.201.94 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-24 14:00:50 Times Seen18985 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	12254.url.tudown.com/template/company/42xz/js/soft.js	9.9 kB	2023-03-12	2023-06-15
Pretty URL 12254.url.tudown.com/template/company/42xz/js/soft.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-06-15 06:04:36 Times Seen205 Hash 5e32a0f26da3d6f80a8ba482448e7314 c5724c4245049e753a66805f2fe986c620071141 d2acdf1a20ffb5f140291d37fd878d834918e465e977c487720816d7bf69cf31 Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:24:25 Last Seen2023-03-13 16:24:25 Times Seen1 Hash d996772d105858a88f9f67126d1d960b bbb91297292f88b184d7823659af2a09569e5a27 a96030e3c36eaf7869165f1f95a0e2a1c6a8deed57cf3aaa0c03f9c4df23a194 Loading...

	s5.qhres2.com/static/ab77b6ea7f3fbf79.js	478 B	2023-03-07	2024-04-24
Pretty URL s5.qhres2.com/static/ab77b6ea7f3fbf79.js IP 54.230.111.35 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-24 09:12:38 Times Seen2399 Hash 5dd27f8f2b042194c3cdabd62fd80110 c035036a939799d4c29b9c0f7229ae1953d03109 928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a Loading...

	12254.url.tudown.com/down/wbjj_2.81@376_426.exe	254 B	2023-03-09	2023-12-23
Pretty URL 12254.url.tudown.com/down/wbjj_2.81@376_426.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

	12254.url.tudown.com/template/company/42xz/js/jquery.js	120 kB	2023-03-12	2023-11-20
Pretty URL 12254.url.tudown.com/template/company/42xz/js/jquery.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen235 Hash 1925d85004d53931fe7e1cb8e1d658fb fc6192892c227e2a2f5a68e31b08d83ab0458355 b26e0c2001d8d9f1947b20033e77665409f3504f832556ce2ee9dfb01ef7a041 Loading...

	12254.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 12254.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-24 09:12:37 Times Seen2524 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

	#3 Write - f6c66fa781641bc152896d4d331fb47c	107 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash f6c66fa781641bc152896d4d331fb47c 75058381be5febb338d4b018ff21ddeb72634f79 1b60638050239eb6f376f41ed7c52f5fa636ff1b2899f86fc62f093fdd6b3e8b Loading...

	#4 Write - fa85d85498e61666775145658e0c17ed	143 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash fa85d85498e61666775145658e0c17ed 0c7232cecdccc72b25160d2732cc180c3fe73160 ba9029ca999756c61255a5964826bb7f12d35e3dd5255cbc1cbfe47438995591 Loading...

	#5 Write - 008e38ad8e4e7bba758d9ec3f773206e	87 B	2023-03-07	2024-04-21
Pretty Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-21 21:29:48 Times Seen85 Hash 008e38ad8e4e7bba758d9ec3f773206e 0ddd0136073df13ca578bd26c5cb154a31486d80 33956db9602f7758ab5c966ef9e66fa3ca0a73a5bb644ba35721d7c828cb1d28 Loading...

HTTP Transactions (123)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e935ea42be4feaed61a824b0b903913e
f966cfa80d65a805cb9d7c6a53b3340865d7c51a
eb0ce9ae50d156fe5924b2d77346735e4e93b5240cff301c9aa835bb0b385815

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB0CE9AE50D156FE5924B2D77346735E4E93B5240CFF301C9AA835BB0B385815"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8556
Expires: Sat, 04 Feb 2023 07:36:19 GMT
Date: Sat, 04 Feb 2023 05:13:43 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16384
Expires: Sat, 04 Feb 2023 09:46:47 GMT
Date: Sat, 04 Feb 2023 05:13:43 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 04:36:13 GMT
content-type: application/json
age: 2250
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7012
Expires: Sat, 04 Feb 2023 07:10:35 GMT
Date: Sat, 04 Feb 2023 05:13:43 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 34Vpso3GjIz2oAjRhk9RtbNS6KLcaVjrDcWZRBxy4VoPBEGYvYJQBlq0OPmSVY5odnaGNFcBCOI=
x-amz-request-id: KQ2PBT8G40Z8Z0EP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 04:52:42 GMT
age: 1261
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 05:13:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 04:49:07 GMT
age: 1477
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

12254.url.tudown.com/down/wbjj_2.81@376_426.exe

154.218.151.71

200 OK

6.5 kB

URL HTTP/1.1
12254.url.tudown.com/down/wbjj_2.81@376_426.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (303), with CRLF, LF line terminators
Size
6.5 kB (6459 bytes)
Hash
6dcebe8356c577a5d789bb08179bba14
3b5488c258499c3887e7cf119ea49232fe0e6b63
d094fdb8eaa8049306f15503e064d0f33f926128234f66a48089ddf99e0d8797

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /down/wbjj_2.81@376_426.exe HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21379
Expires: Sat, 04 Feb 2023 11:10:03 GMT
Date: Sat, 04 Feb 2023 05:13:44 GMT
Connection: keep-alive

push.services.mozilla.com/

52.26.56.94

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.26.56.94:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SfeZ5WQCACkVwVjujjK+Kg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: B3L5yUS3cjIvfSYW1XrhdrV4ofM=

12254.url.tudown.com/template/company/42xz/css/common.css

154.218.151.71

200 OK

1.9 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/css/common.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.9 kB (1933 bytes)
Hash
625ff65f2c44178957f32d288dd56ddf
cb918d56e4595594c56cab503ed56f84379e862d
2436857c00ba0ab148e7c16f63712844f5bb62e23379751d6dddd82abe667ac5

HTTP Headers

GET /template/company/42xz/css/common.css HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea53-1ccb"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12254.url.tudown.com/template/company/42xz/css/soft.css

154.218.151.71

200 OK

6.6 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/css/soft.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
6.6 kB (6556 bytes)
Hash
669589d0ffba3898ecf26c242eaed555
f6a564b66491cf102d5961fb95294d84192c9f11
00947ca9960fa7f5ad71c5f5343ded6e595dec626a9da917da58305fdc98e356

HTTP Headers

GET /template/company/42xz/css/soft.css HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea55-6438"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12254.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
12254.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12254.url.tudown.com/template/company/42xz/js/soft.js

154.218.151.71

200 OK

3.6 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/js/soft.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
3.6 kB (3643 bytes)
Hash
67be5352d7d3355ae57faad8a6221355
30f4a9a4a3dede0d2d72725ffa28958f45053e7e
1a59b7c5be683676fa54951bf4129899c3980e78c1f956c287f7cc0c001a857d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/42xz/js/soft.js HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea5a-26b2"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12254.url.tudown.com/uploads/images/554885.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/554885.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/554885.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80

12254.url.tudown.com/uploads/images/183794.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/183794.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/183794.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500

12254.url.tudown.com/uploads/images/967446.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/967446.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/967446.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12254.url.tudown.com/template/company/42xz/images/tab_line.png

154.218.151.71

200 OK

1.2 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/images/tab_line.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 190 x 7\012- data
Size
1.2 kB (1155 bytes)
Hash
4c54d42f73e777c70b63b1854b994bb5
6b751c2e611f485d04805ccc3ef84ba5c7868775
b86451a9f18cc0bffd106863661cecbc4abc2364f2898e3bc0796992f3ebbd06

HTTP Headers

GET /template/company/42xz/images/tab_line.png HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/template/company/42xz/css/soft.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/png
Content-Length: 1155
Last-Modified: Thu, 05 Nov 2020 12:04:39 GMT
Connection: keep-alive
ETag: "5fa3ea57-483"
Accept-Ranges: bytes

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc91044ea257e54846f8dd907b48d29e
6d2231e05dabe5ee55f8dbf8687d7b7a92c25d64
8e77e1a87ab035ed1affd01159d1c899e46d7c247d0bc085dd57d1b1c6fed830

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E77E1A87AB035ED1AFFD01159D1C899E46D7C247D0BC085DD57D1B1C6FED830"
Last-Modified: Thu, 02 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8122
Expires: Sat, 04 Feb 2023 07:29:07 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive

12254.url.tudown.com/uploads/images/logo.png?n=5gkknznxt3s3raxgswm6ravs46tzdzukqdsyrnxjqcqolduc&w=250

154.218.151.71

200 OK

3.5 kB

URL HTTP/1.1
12254.url.tudown.com/uploads/images/logo.png?n=5gkknznxt3s3raxgswm6ravs46tzdzukqdsyrnxjqcqolduc&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3463 bytes)
Hash
cb93d63fadd85c40af4d089658f71e93
c48c3bd2f56a89707f8d997b94b484c0494a3937
34542b8ff46ed591ded5537eaffe78f76a90f083249cd849ec93c9625eb9d68f

HTTP Headers

GET /uploads/images/logo.png?n=5gkknznxt3s3raxgswm6ravs46tzdzukqdsyrnxjqcqolduc&w=250 HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
c45b5d23d78c603a4f679957cc907c55
c0c6131e462224b19bf52c269ffda26be7dcc3ce
7acbb574f2c3ce64da98b8bf9e8af19ba063535e4cbf9fadaf803c34381178dd

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:09:39 GMT
ETag: "c0c6131e462224b19bf52c269ffda26be7dcc3ce"
Last-Modified: Sat, 04 Feb 2023 04:09:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 127
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940eb3bab4eb509-OSL

12254.url.tudown.com/uploads/images/678448.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/678448.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/678448.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

12254.url.tudown.com/uploads/images/30797.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/30797.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/30797.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500

12254.url.tudown.com/uploads/images/347638.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/347638.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/347638.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800

12254.url.tudown.com/uploads/images/921801.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/921801.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/921801.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500

12254.url.tudown.com/template/company/42xz/js/jquery.js

154.218.151.71

200 OK

46 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/js/jquery.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (65479), with CRLF line terminators
Size
46 kB (45799 bytes)
Hash
49fcb7f2a26c0656e22b75bfe591667f
f277ecd02517fc0f243fd9d882178473d4def06b
9ee94398fbe5a57c715dfdfe1b8d05ea964dd9947dba57dad68ee38ea381a2be

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/42xz/js/jquery.js HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea62-1d491"
Expires: Sat, 04 Feb 2023 17:13:44 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6391
Expires: Sat, 04 Feb 2023 07:00:16 GMT
Date: Sat, 04 Feb 2023 05:13:45 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 25404
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8909 bytes)
Hash
a032104cf4ccc6ea31f163ca16386487
a0573916c3d72f0554928963c0a74413fdcb3558
8ba7b6e9b3fa28f6fd27f5f006cedac10f50d7da6c109155a2476cf04f4df932

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F72a06bff-2a3c-4fc8-9c7a-5649a696581e.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 051806fe-c051-4948-a46a-48ed1df321a4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyFIMFLNoAMFY5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8234-212ec9a838fc64a9164f21f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:52:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 24zolqnsQilbFdqM8BnmjaH7DXfFunFyXgmOyF_FkPoatjLi137xgQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:53 GMT
age: 25372
etag: "a0573916c3d72f0554928963c0a74413fdcb3558"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13065 bytes)
Hash
cf80667db0c35c9c6139eca4ba5d12fd
4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590
d63e69f4b6ea16333d242bf33d4f02a4a6c96a739ca018d86afc5741d85b774d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4c16006-34b0-45cb-bb9f-46fe6dd44e3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13065
x-amzn-requestid: 54c06759-6fab-455c-be34-496ee42a2580
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fSZLQEqroAMFyWA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d0d57b-2237358a5cc22b8003af1852;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 07:08:43 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oc3NhvAmcrO3msFYF2ITsEpq8a2wsOLkXtmZxRQpmse84yml0l9PNA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:46:57 GMT
age: 26808
etag: "4c4cfdc2463e8704a7bf8e1477c43b6adf7c7590"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7249 bytes)
Hash
d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 25404
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9500 bytes)
Hash
3ac51fd6789cbe19c2d484c9022b0e39
bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9
300b5e50cb910f9f4905ee7313d98763b68f85f5874db499cc94469fb14cabfe

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b2d6920-2a79-45a8-b007-d36cc875c52f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9500
x-amzn-requestid: 8fe94388-e8d9-4329-b73a-e9a356df76bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9QEA1IAMF3Ug=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8054-51f954ac4bec16d1055e38f5;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:52 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FkTJ6wQ4eFYBPDyS0l5vLeWvHHiQIx-cYyFzT4ggHJ8M5Gg3dozFxQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:30:36 GMT
age: 24189
etag: "bcba22a7b7f5dd1f59fffd1027e5d7002cecb6e9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7992 bytes)
Hash
65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 25404
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12254.url.tudown.com/uploads/images/734015.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/734015.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/734015.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500

12254.url.tudown.com/uploads/images/142300.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/142300.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/142300.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800

12254.url.tudown.com/uploads/images/561501.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/561501.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/561501.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800

12254.url.tudown.com/uploads/images/618345.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/618345.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/618345.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750

12254.url.tudown.com/uploads/images/601228.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/601228.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/601228.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889

12254.url.tudown.com/uploads/images/684934.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/684934.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/684934.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:45 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185

push.zhanzhang.baidu.com/push.js

182.61.201.94

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.201.94:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 05:13:46 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 05:13:46 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=1AA16AB2576358EDA83A816F6C2477DD:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 05:13:46 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

12254.url.tudown.com/uploads/images/819954.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/819954.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/819954.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800

12254.url.tudown.com/uploads/images/775736.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/775736.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/775736.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD

12254.url.tudown.com/uploads/images/535187.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/535187.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/535187.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12254.url.tudown.com/uploads/images/332495.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/332495.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/332495.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185

12254.url.tudown.com/uploads/images/296953.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/296953.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/296953.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738

12254.url.tudown.com/uploads/images/823236.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/823236.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/823236.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500

12254.url.tudown.com/uploads/images/472259.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/472259.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/472259.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709

12254.url.tudown.com/uploads/images/559545.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/559545.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/559545.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185

12254.url.tudown.com/uploads/images/24064.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/24064.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/24064.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800

12254.url.tudown.com/uploads/images/591551.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/591551.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/591551.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350

12254.url.tudown.com/uploads/images/415426.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/415426.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/415426.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500

12254.url.tudown.com/uploads/images/685146.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/685146.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/685146.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888

api.share.baidu.com/s.gif?l=http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe

182.61.240.101

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
IP
182.61.240.101:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 05:13:46 GMT

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
265996de9b0f944ebdfef273d3f661d8
9d1dbcea0a3ae99571386d5b62c7ca85bbc8f0de
3a8a224564d0318d08540c1f0e1fb5207513c556e1bbe7aa07d689ba4bc296dd

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12254.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 05:13:46 GMT
Etag: 9f5cd0590de2a12de47209c29501544a
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=7D781B95C4948015; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

12254.url.tudown.com/uploads/images/39939.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/39939.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/39939.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
3638d10ba38437c046548f36f6705e84
2923c83653a9927b95e5ab32b5d39827756b8a87
2a41ab245dc91b8b6070dda51dae266832c86d0513a7a401da84daeb37270f57

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 02:06:28 GMT
ETag: "2923c83653a9927b95e5ab32b5d39827756b8a87"
Last-Modified: Sat, 04 Feb 2023 02:06:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2510
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7940eb452bc5b4f1-OSL

12254.url.tudown.com/template/company/42xz/images/dian2.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/images/dian2.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1106 bytes)
Hash
3cb1caaf45a919b2028a853add556aa8
c8b93e13049ae31ad5dcb2d267c8b3ee6a4466e8
039b652744162c3c599998f28f50e7154d297ce5028e7e4954f7d7354c5374a1

HTTP Headers

GET /template/company/42xz/images/dian2.png HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/template/company/42xz/css/soft.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/png
Content-Length: 1106
Last-Modified: Thu, 05 Nov 2020 12:04:53 GMT
Connection: keep-alive
ETag: "5fa3ea65-452"
Accept-Ranges: bytes

img2.baidu.com/it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500

58.42.14.35

200 OK

32 kB

URL HTTP/1.1
img2.baidu.com/it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 54x54, segment length 16, baseline, precision 8, 800x500, components 3\012- data
Size
32 kB (31518 bytes)
Hash
5089989d7200a8d19a150590604f43c9
0ad2a79ce9c1492b010b759552fa84a18be6ce58
f555372ff468a451f267ed59495382e0e69835f3b37a6c1a093922c3d40893af

HTTP Headers

GET /it/u=4188928638,2115159921&fm=253&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 31518
Connection: keep-alive
Expires: Sat, 18 Feb 2023 04:48:42 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 5089989d7200a8d19a150590604f43c9
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 04:48:42 GMT
Ohc-Cache-HIT: gyct62 [1], xiangyix187 [2]
Ohc-File-Size: 31518
X-Cache-Status: MISS

12254.url.tudown.com/template/company/42xz/images/dian1.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
12254.url.tudown.com/template/company/42xz/images/dian1.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1110 bytes)
Hash
de5d5d1c8fb00bc14f9512dd323b9ed8
9c7c5df21afb7b686932c96ecf7877e1e6adf243
982f48c65cf01077b0606401f082c15ee15f183903d5170f06d0bb3ae3b9b685

HTTP Headers

GET /template/company/42xz/images/dian1.png HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/template/company/42xz/css/soft.css
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/png
Content-Length: 1110
Last-Modified: Thu, 05 Nov 2020 12:04:54 GMT
Connection: keep-alive
ETag: "5fa3ea66-456"
Accept-Ranges: bytes

img0.baidu.com/it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889

113.219.142.35

200 OK

33 kB

URL HTTP/2
img0.baidu.com/it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
33 kB (32912 bytes)
Hash
d3d6c2929d8703357ec570237cec6945
bcadc2a669715232d2a3f36b0614d9f6360cd07e
0f21ac1108a557d9c6760b2418f45ee79d4911c8f08c7ae0911a3060697ae2da

HTTP Headers

GET /it/u=1032599041,2165458136&fm=253&fmt=auto?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 32912
expires: Sat, 04 Feb 2023 11:50:32 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: d3d6c2929d8703357ec570237cec6945
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 05 Jan 2023 11:50:32 GMT
ohc-cache-hit: chenzct58 [1], xaix58 [2]
ohc-file-size: 32912
x-cache-status: MISS
X-Firefox-Spdy: h2

12254.url.tudown.com/uploads/images/558779.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/558779.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/558779.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

img1.baidu.com/it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800

58.42.14.35

200 OK

54 kB

URL HTTP/2
img1.baidu.com/it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
54 kB (53998 bytes)
Hash
b97692d496f4f007822b09935bf6314c
a0648fd7d513f35a3581d554e206fdcd9281e248
589c3498284fa1fd8ef0fff5b4076f8d04dd1268823028d6e9650385d56fc7b1

HTTP Headers

GET /it/u=3525878616,3223470652&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 53998
expires: Sun, 26 Feb 2023 08:12:31 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: b97692d496f4f007822b09935bf6314c
age: 246455
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 08:12:31 GMT
ohc-cache-hit: gyct59 [4], qdix202 [2]
ohc-file-size: 53998
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185

58.42.14.35

200 OK

7.1 kB

URL HTTP/2
img1.baidu.com/it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.1 kB (7098 bytes)
Hash
bfbab4d4224ac5d371e7fc85cd27a2ee
b01046f0dfba4a2cdd0c02a4b8d119bca18c58b9
12630eb0b118e643e5ff2991501d9854942ea89ad11149e472825e86195f267f

HTTP Headers

GET /it/u=1458915287,4084058809&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 7098
expires: Tue, 21 Feb 2023 04:47:17 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: bfbab4d4224ac5d371e7fc85cd27a2ee
age: 252825
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:47:17 GMT
ohc-cache-hit: gyct58 [4], xaix184 [4]
ohc-file-size: 7098
x-cache-status: HIT
X-Firefox-Spdy: h2

12254.url.tudown.com/uploads/images/21251.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/21251.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/21251.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831

12254.url.tudown.com/uploads/images/399703.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/399703.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/399703.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500

img2.baidu.com/it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800

58.42.14.35

200 OK

133 kB

URL HTTP/1.1
img2.baidu.com/it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
133 kB (132966 bytes)
Hash
6957f2e61e5abf5b2333eb150ad325ad
da2754341b52683c5c459c0d673dea83757f2a58
4bed472fa6e07f18e3c611fa60d5043cb5391dcaf50d423106063af74bea39eb

HTTP Headers

GET /it/u=3961739356,345708010&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 132966
Connection: keep-alive
Expires: Sun, 26 Feb 2023 09:50:04 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 6957f2e61e5abf5b2333eb150ad325ad
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 09:50:04 GMT
Ohc-Cache-HIT: gyct52 [1], xiangyix238 [4]
Ohc-File-Size: 132966
X-Cache-Status: MISS

img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800

58.42.14.35

200 OK

111 kB

URL HTTP/1.1
img1.baidu.com/it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
111 kB (111157 bytes)
Hash
8f1fb5b2ead96639354dcdcd82a255a6
a587768d2d02dc3404034d2c5abdb53fbec97327
4055c62c892a58617e991a9b5191e28d4d9eabc58ffc3e65db3cdc61b5ea83c3

HTTP Headers

GET /it/u=3073216151,354608512&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 111157
Connection: keep-alive
Expires: Sun, 26 Feb 2023 11:36:48 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 8f1fb5b2ead96639354dcdcd82a255a6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 11:36:48 GMT
Ohc-Cache-HIT: gyct57 [1], qdix99 [4]
Ohc-File-Size: 111157
X-Cache-Status: MISS

img2.baidu.com/it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

58.42.14.35

200 OK

30 kB

URL HTTP/2
img2.baidu.com/it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (30190 bytes)
Hash
a6d0fd985e2296b747a1295acf3d5e04
a1428023681174f8ff8c3c67ae6ab9b0aa3a4e40
e90e94664733e2b3d955d2c0f52ce9ad424c94ad0251cf4687746968555265d2

HTTP Headers

GET /it/u=3491508296,2940139346&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 30190
expires: Mon, 20 Feb 2023 03:13:43 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: a6d0fd985e2296b747a1295acf3d5e04
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 03:13:43 GMT
ohc-cache-hit: gyct57 [1], xaix144 [4]
ohc-file-size: 30190
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500

113.219.142.35

200 OK

24 kB

URL HTTP/2
img0.baidu.com/it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 698x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (24090 bytes)
Hash
6c7266bbf7045b415fb295d332ae9360
0a6ccbc39caf20d638c256566ed74ffac87e78c9
ff4e04d02d26661ace6d7b8e8440b3051a876d3dd9f20998e50b97f62b82fb02

HTTP Headers

GET /it/u=1033065197,2754753554&fm=253&fmt=auto&app=138&f=JPEG?w=698&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 24090
expires: Sun, 19 Feb 2023 09:58:01 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6c7266bbf7045b415fb295d332ae9360
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 09:58:01 GMT
ohc-cache-hit: chenzct61 [1], qdix104 [4]
ohc-file-size: 24090
x-cache-status: MISS
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1675487661&rnd=82894070&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=19851&r=0&ww=1280&u=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&tt=%E5%8D%83%E4%BA%BF%E4%BD%93%E8%82%B2%E5%9B%BD%E9%99%85%E7%BD%91%E9%A1%B5%E7%89%88%E5%AE%98%E7%BD%91(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1675487661&rnd=82894070&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=19851&r=0&ww=1280&u=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&tt=%E5%8D%83%E4%BA%BF%E4%BD%93%E8%82%B2%E5%9B%BD%E9%99%85%E7%BD%91%E9%A1%B5%E7%89%88%E5%AE%98%E7%BD%91(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&lt=1675487661&rnd=82894070&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=2&sn=19851&r=0&ww=1280&u=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&tt=%E5%8D%83%E4%BA%BF%E4%BD%93%E8%82%B2%E5%9B%BD%E9%99%85%E7%BD%91%E9%A1%B5%E7%89%88%E5%AE%98%E7%BD%91(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12254.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 05:13:47 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=AB0BAE3F0CDE5080; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img2.baidu.com/it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185

58.42.14.35

200 OK

11 kB

URL HTTP/2
img2.baidu.com/it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10718 bytes)
Hash
a4aa2ac918ef8fca5c25eb434f3368be
3a7634868662ce04ff34afa847e1e80c402528f4
9193d2181079337551f5f436ab83b4f6a494ea2c476d92014e92f74383f8c3aa

HTTP Headers

GET /it/u=3729857284,1031126512&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 10718
expires: Tue, 28 Feb 2023 02:34:38 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: a4aa2ac918ef8fca5c25eb434f3368be
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 02:34:38 GMT
ohc-cache-hit: gyct55 [1], wzix55 [4]
ohc-file-size: 10718
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750

58.42.14.35

200 OK

47 kB

URL HTTP/2
img2.baidu.com/it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x750, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
47 kB (46982 bytes)
Hash
dfe387bf9df4a75ed5949b20d004ac2c
458cedc789eafe733238ed572ddd0648e994bd5f
22ef144115a5f66d282e8a6fa28de8565891ce86553adeb59fea38a0d9747aee

HTTP Headers

GET /it/u=3537830280,358465960&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 46982
expires: Fri, 10 Feb 2023 09:53:27 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: dfe387bf9df4a75ed5949b20d004ac2c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 09:53:27 GMT
ohc-cache-hit: gyct53 [1], bdix75 [4]
ohc-file-size: 46982
x-cache-status: MISS
X-Firefox-Spdy: h2

12254.url.tudown.com/uploads/images/643843.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/643843.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/643843.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

12254.url.tudown.com/uploads/images/361278.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/361278.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/361278.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500

12254.url.tudown.com/uploads/images/229011.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/229011.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/229011.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800

12254.url.tudown.com/uploads/images/157561.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/157561.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/157561.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093

12254.url.tudown.com/uploads/images/410222.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/410222.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/410222.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320

12254.url.tudown.com/uploads/images/628013.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/628013.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/628013.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889

img2.baidu.com/it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

58.42.14.35

200 OK

13 kB

URL HTTP/2
img2.baidu.com/it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (13402 bytes)
Hash
6d89be96a37685d522e9f1a40d577bd4
b04078465c6ee483d984f363cb96d76129683d89
7da07d8e12970ae589224e3db7814087dd92a37da189b7f670771aaff9572ecb

HTTP Headers

GET /it/u=63230177,3717045518&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 13402
expires: Mon, 20 Feb 2023 11:49:21 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6d89be96a37685d522e9f1a40d577bd4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 11:49:21 GMT
ohc-cache-hit: gyct53 [1], bdix99 [4]
ohc-file-size: 13402
x-cache-status: MISS
X-Firefox-Spdy: h2

s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130

180.97.251.250

200 OK

20 B

URL HTTP/2
s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
IP
180.97.251.250:0
ASN
#4134 Chinanet

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /z_stat.php?id=1275003130&web_id=1275003130 HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12254.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 04:56:36 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 04:56:36 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675486596
via: cache18.l2ea120-8[76,75,200-0,M], cache10.l2ea120-8[77,0], cache8.cn2205[0,0,200-0,H], cache17.cn2205[0,0]
age: 1031
x-cache: HIT TCP_MEM_HIT dirn:13:686460848
x-swift-savetime: Sat, 04 Feb 2023 04:56:36 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb2d16754876274186843e
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738

58.42.14.35

200 OK

86 kB

URL HTTP/2
img2.baidu.com/it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x738, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
86 kB (86356 bytes)
Hash
3a3ffea956f030d83d9224974ff9ec8d
cc07c6663ab39ed41162f5f6e1b1f4431a699e9d
1c969b90f7ec310d85649f6c1d8095544952fcbe32141a60518e7def28915078

HTTP Headers

GET /it/u=3911596080,670973521&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=738 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 86356
expires: Mon, 20 Feb 2023 16:50:07 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3a3ffea956f030d83d9224974ff9ec8d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 16:50:07 GMT
ohc-cache-hit: gyct55 [1], xaix142 [2]
ohc-file-size: 86356
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800

58.42.14.35

200 OK

169 kB

URL HTTP/2
img1.baidu.com/it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
169 kB (169248 bytes)
Hash
73e1585e5b466e164884416a591e19df
850ef35db0dee44fb574aff2fd57b3ad21c4d48b
1fc4e79fc7375abc9f80b058acd41514abcf0c5b73366ad5c02e5ea2a9c809b4

HTTP Headers

GET /it/u=3245199588,2203678376&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 169248
expires: Mon, 20 Feb 2023 12:47:58 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 73e1585e5b466e164884416a591e19df
age: 508604
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:47:58 GMT
ohc-cache-hit: gyct51 [4], czix51 [2]
ohc-file-size: 169248
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500

58.42.14.35

200 OK

13 kB

URL HTTP/2
img1.baidu.com/it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 501x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (12764 bytes)
Hash
6a4e7a1c36f2c0d72d35bb33ec8ac2b2
8a27450a0cbc6d0f3d78744144191fc2d0101096
a24e01b11609b71914b7a8d98501b2ee630bb56fcd505eab18112cd02e3aa037

HTTP Headers

GET /it/u=881529168,3747393721&fm=253&fmt=auto&app=138&f=JPEG?w=501&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 12764
expires: Wed, 22 Feb 2023 03:01:45 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6a4e7a1c36f2c0d72d35bb33ec8ac2b2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:01:45 GMT
ohc-cache-hit: gyct53 [1], czix122 [4]
ohc-file-size: 12764
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709

58.42.14.35

200 OK

25 kB

URL HTTP/2
img1.baidu.com/it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x709, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24992 bytes)
Hash
f8793bfa2048bf86a6d266ef085b473d
2000c9229d9411a7199adf5dc8a2654194625195
636145cbfc4909793c68b91ab9b6372833f8af6a2f14da0af9c10d4af1dec43f

HTTP Headers

GET /it/u=2236432464,3715600255&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 24992
expires: Wed, 08 Feb 2023 07:42:21 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: f8793bfa2048bf86a6d266ef085b473d
age: 224139
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 07:42:21 GMT
ohc-cache-hit: gyct53 [4], csix105 [4]
ohc-file-size: 24992
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625

58.42.14.35

200 OK

24 kB

URL HTTP/2
img2.baidu.com/it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x625, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (23800 bytes)
Hash
3358e7cad959daf09840a72727c0a620
0df9dc8cd07338258f99a6910205c3c4f379ed5c
67c45221b8481dd7d1dd56eac92bf175a44c6252003b8a40af6aaf65fc3bc369

HTTP Headers

GET /it/u=649108911,3052942626&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=625 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 23800
expires: Tue, 21 Feb 2023 04:05:42 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 3358e7cad959daf09840a72727c0a620
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:05:42 GMT
ohc-cache-hit: gyct60 [1], qdix228 [2]
ohc-file-size: 23800
x-cache-status: MISS
X-Firefox-Spdy: h2

12254.url.tudown.com/uploads/images/255396.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/255396.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/255396.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500

12254.url.tudown.com/uploads/images/321562.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/321562.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/321562.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652

img2.baidu.com/it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

58.42.14.35

200 OK

37 kB

URL HTTP/2
img2.baidu.com/it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
37 kB (37448 bytes)
Hash
354b71fb910470dd89860138e9a4ca80
b2d13f89b6cb75c45ab42488c0f2d9657f6d1da5
2e6fe270fb65e7c62e2075b08f2c77fc8d3a0b2d9052084399d7c8cde86062aa

HTTP Headers

GET /it/u=3691807083,2753392996&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 37448
expires: Sat, 18 Feb 2023 04:12:58 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 354b71fb910470dd89860138e9a4ca80
age: 503018
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:12:58 GMT
ohc-cache-hit: gyct53 [4], bdix131 [2]
ohc-file-size: 37448
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889

58.42.14.35

200 OK

78 kB

URL HTTP/1.1
img1.baidu.com/it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Size
78 kB (77939 bytes)
Hash
3f627da4715c157c0150ba931e0a8d03
3ec5a73fdde813cc012398269f5a37c9ae93579c
802331d20c57ae22f6828d220d430e5e9efea2c65f2024a2175e4e1fe67bc6c4

HTTP Headers

GET /it/u=536270855,1477431967&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpeg
Content-Length: 77939
Connection: keep-alive
Expires: Thu, 23 Feb 2023 06:18:05 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 3f627da4715c157c0150ba931e0a8d03
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 06:18:05 GMT
Ohc-Cache-HIT: gyct62 [1], suzix117 [4]
Ohc-File-Size: 77939
X-Cache-Status: MISS

12254.url.tudown.com/uploads/images/309462.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/309462.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/309462.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

img1.baidu.com/it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800

58.42.14.35

200 OK

201 kB

URL HTTP/1.1
img1.baidu.com/it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
201 kB (200623 bytes)
Hash
0d030410dc2819a5b79fa3ce810ab535
6a47c5efbc65b1138e3a23901c14747b7b3dfc2f
8fd8ba6ac2300c1c1f7e3aa5d115839ed794cd87005a4aa555b2448ac209669a

HTTP Headers

GET /it/u=1193740511,920949651&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:46 GMT
Content-Type: image/jpeg
Content-Length: 200623
Connection: keep-alive
Expires: Thu, 02 Mar 2023 16:37:38 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 0d030410dc2819a5b79fa3ce810ab535
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 16:37:38 GMT
Ohc-Cache-HIT: gyct57 [1], csix97 [2]
Ohc-File-Size: 200623
X-Cache-Status: MISS

12254.url.tudown.com/uploads/images/424598.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/424598.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/424598.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500

12254.url.tudown.com/uploads/images/407797.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/407797.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/407797.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374

12254.url.tudown.com/uploads/images/25534.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12254.url.tudown.com/uploads/images/25534.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/25534.jpg HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800

img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831

58.42.14.35

200 OK

159 kB

URL HTTP/2
img2.baidu.com/it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x831, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
159 kB (159164 bytes)
Hash
6e3aa246b3d6e3975ee83e684a6eb956
e2d068e9430752589a9676aaa634d61901e21dd7
8f22dcd63160447b55dfc7b342b55ce13a70ca3574d1872358a0c7376f9c1954

HTTP Headers

GET /it/u=537538927,714582321&fm=253&fmt=auto&app=138&f=PNG?w=500&h=831 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 159164
expires: Wed, 01 Mar 2023 12:41:13 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 6e3aa246b3d6e3975ee83e684a6eb956
age: 246672
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 12:41:13 GMT
ohc-cache-hit: gyct59 [4], qdix64 [4]
ohc-file-size: 159164
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

58.42.14.35

200 OK

31 kB

URL HTTP/2
img2.baidu.com/it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
31 kB (31100 bytes)
Hash
7b8069a921bfa89cb9382ebbc4727fb4
c3ceb7c8653ae14230c1314ffcb45116d49ce4b4
b3b6064c928ebd5438b60dfd22a900bfd196ffd1347a3102f04c4e728ce6de0d

HTTP Headers

GET /it/u=3371953013,4294219548&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 31100
expires: Sat, 18 Feb 2023 02:11:49 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 7b8069a921bfa89cb9382ebbc4727fb4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 02:11:49 GMT
ohc-cache-hit: gyct62 [1], xaix210 [4]
ohc-file-size: 31100
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888

58.42.14.35

200 OK

46 kB

URL HTTP/2
img1.baidu.com/it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x888, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
46 kB (46162 bytes)
Hash
e241dada51193a89a6a63ae7fa156986
b6c14a2c8448ece8ab92b9c1a4dedef2f47b0f16
a17db92fa61772580ee837f8d86ea64c50f5217b173cfdf19779ea6b40f8e058

HTTP Headers

GET /it/u=2983493014,1160797968&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=888 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 46162
expires: Sat, 04 Mar 2023 04:10:56 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: e241dada51193a89a6a63ae7fa156986
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 04:10:56 GMT
ohc-cache-hit: gyct60 [1], csix107 [4]
ohc-file-size: 46162
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80

58.42.14.35

200 OK

2.9 kB

URL HTTP/2
img1.baidu.com/it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x80, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
2.9 kB (2898 bytes)
Hash
f6eb05fb6195170bc9992783b424f690
a598299db282c75a34aaff072aef1f4e61961f6d
4fcff750258ef935f401d1a1abebebb2b7c76fad281e1738e499a9f6a32bc2c2

HTTP Headers

GET /it/u=993266157,271480026&fm=253&fmt=auto?w=120&h=80 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:46 GMT
content-type: image/webp
content-length: 2898
expires: Tue, 14 Feb 2023 17:53:43 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: f6eb05fb6195170bc9992783b424f690
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 17:53:43 GMT
ohc-cache-hit: gyct59 [1], xaix139 [4]
ohc-file-size: 2898
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185

58.42.14.35

200 OK

8.3 kB

URL HTTP/2
img1.baidu.com/it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.3 kB (8322 bytes)
Hash
58ad5a4006ee2b45ccae4ab5edd68029
aed76dfd3b23a3bb35e2ae46786d54958d0cc74a
fc37aa56b42fca4c43330a05f7b6e0915979baf66d6232f70695b1e96e404f9a

HTTP Headers

GET /it/u=2567789343,474956567&fm=253&fmt=auto?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 8322
expires: Mon, 06 Mar 2023 05:13:47 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 58ad5a4006ee2b45ccae4ab5edd68029
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 05:13:47 GMT
ohc-cache-hit: gyct55 [1], csix73 [2]
ohc-file-size: 8322
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

58.42.14.35

200 OK

14 kB

URL HTTP/2
img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13528 bytes)
Hash
3994120c8ee26ddd543bb5b842e4e137
fa939c0e7db0a6aa3d216180ecce175a7de4265e
d3c3f03706d10933bfe9500927e5f1bc7f4775b39942a9dc414e977a6e0aeb0d

HTTP Headers

GET /it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 13528
expires: Mon, 20 Feb 2023 21:52:09 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3994120c8ee26ddd543bb5b842e4e137
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 21:52:09 GMT
ohc-cache-hit: gyct55 [1], czix203 [4]
ohc-file-size: 13528
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320

58.42.14.35

200 OK

26 kB

URL HTTP/2
img1.baidu.com/it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 240x320, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (26110 bytes)
Hash
c24cb4f10d637b41be1d6aef43e5fd7f
c79db2849d25bff62a6481192d21a9230598d35e
a2aede2fba8b39006c3009e090fd013d900483b1e0da0e1f84b22171e952681b

HTTP Headers

GET /it/u=2931318331,2295127352&fm=253&fmt=auto&app=138&f=JPEG?w=240&h=320 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:47 GMT
content-type: image/webp
content-length: 26110
expires: Sun, 19 Feb 2023 02:00:35 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: c24cb4f10d637b41be1d6aef43e5fd7f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 02:00:35 GMT
ohc-cache-hit: gyct55 [1], wzix79 [4]
ohc-file-size: 26110
x-cache-status: MISS
X-Firefox-Spdy: h2

t13.baidu.com/it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350

185.10.104.124

200 OK

35 kB

URL HTTP/1.1
t13.baidu.com/it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Size
35 kB (34995 bytes)
Hash
d7ed60a07c0ce5c51176d6b3dca8a50e
a80ccc75f44b586c56eb6994db66700789b84141
514c47821cb0e68ba37a14bc181daacb2a0651b4b62ea79a6e3a6d925d2a512f

HTTP Headers

GET /it/u=3876444515,1024581277&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 34995
Connection: keep-alive
Expires: Sun, 05 Feb 2023 17:42:07 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d7ed60a07c0ce5c51176d6b3dca8a50e
Age: 2014565
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 17:42:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache56 [4], suzix94 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 34995
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800

58.42.14.35

200 OK

171 kB

URL HTTP/1.1
img2.baidu.com/it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
171 kB (171181 bytes)
Hash
bfe01db57fcab488900f45f01d7c0a53
17f17f4030b44ab9e77a78876c23b2bec902d4a7
48cc0ac10d177811cbde6603c4c90411511b9b7bd908c0b5849cc74aed00dafe

HTTP Headers

GET /it/u=2984944066,3696376590&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:47 GMT
Content-Type: image/jpeg
Content-Length: 171181
Connection: keep-alive
Expires: Mon, 27 Feb 2023 12:57:30 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: bfe01db57fcab488900f45f01d7c0a53
Age: 332576
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 12:57:30 GMT
Ohc-Cache-HIT: gyct54 [4], suzix212 [2]
Ohc-File-Size: 171181
X-Cache-Status: HIT

t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD

185.10.104.124

200 OK

52 kB

URL HTTP/1.1
t13.baidu.com/it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
52 kB (51923 bytes)
Hash
ee58bc975bdf2da81d2423fa198793db
903380ced71106832c8792c0a57a99dd42ff49d0
7426f646b2d59501b3a598aa5c5d965247bc857253e95fd798f15ac6f1316abd

HTTP Headers

GET /it/u=1646068231,3892505657&fm=224&app=112&f=JPEG?w=500&h=500&s=725331C04AE7B2DC525A82100300D0CD HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 51923
Connection: keep-alive
Expires: Thu, 23 Feb 2023 21:36:49 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: ee58bc975bdf2da81d2423fa198793db
Age: 874720
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 21:36:49 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache50 [1], xiangyix218 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51923
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

55 kB

URL HTTP/1.1
t13.baidu.com/it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
55 kB (55319 bytes)
Hash
d66b9da71d451b8cf4cfe1c91d8994c7
23a30f1a79f3e6cbfaaab97afde01475a20823c4
e2d68f5ca5ce61e4dc1e2e1512cb1488cf0cadd057c5b8a93cf3f332083d9f7f

HTTP Headers

GET /it/u=660271604,1944090033&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 55319
Connection: keep-alive
Expires: Thu, 02 Mar 2023 03:29:37 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: d66b9da71d451b8cf4cfe1c91d8994c7
Age: 351851
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 31 Jan 2023 03:29:37 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache56 [1], xiangyix70 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 55319
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

40 kB

URL HTTP/1.1
t14.baidu.com/it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
40 kB (40220 bytes)
Hash
54342c7ee310e7e53b4e7f86687e7ecf
9db617b9430cee4bb10df28d24a7b691fedf369d
61ab3c6b8836804a9159bdbb1626e2074dd551183dc18f4d6197789691988f6d

HTTP Headers

GET /it/u=4032313817,35103378&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 40220
Connection: keep-alive
Expires: Tue, 07 Feb 2023 12:00:40 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 54342c7ee310e7e53b4e7f86687e7ecf
Age: 2015445
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 12:00:40 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache64 [4], xaix188 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 40220
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093

185.10.104.124

200 OK

52 kB

URL HTTP/1.1
t14.baidu.com/it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
52 kB (51976 bytes)
Hash
69f46be60272b10aab2918436b83cee9
d1d70dfaf08126eeb5329a29d70a398c50bd9673
c0523ac0b6bd671c82e3d0842b94b42f1a1764e09e8934dd935123f247e38bc4

HTTP Headers

GET /it/u=1463220144,1141645343&fm=224&app=112&f=JPEG?w=500&h=500&s=29D27387840237FF6600A49A0300D093 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 51976
Connection: keep-alive
Expires: Sun, 12 Feb 2023 08:55:39 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 69f46be60272b10aab2918436b83cee9
Age: 1850868
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 08:55:38 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache65 [1], suzix207 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 51976
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

53 kB

URL HTTP/1.1
t13.baidu.com/it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
53 kB (53232 bytes)
Hash
ad142c8238499d8797688737249cd9d5
3b2787feffbb1e9943937d09bbd94ee23f0d488f
3c82fece0e25eb773ff421de6f2aa8ee8c3d096bd7169d052f63399415bbcb79

HTTP Headers

GET /it/u=3789432413,4266431036&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 53232
Connection: keep-alive
Expires: Fri, 10 Feb 2023 12:06:35 GMT
Last-Modified: Sun, 18 Jan 1970 00:00:00 GMT
ETag: ad142c8238499d8797688737249cd9d5
Age: 2015704
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 12:06:35 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache63 [2], qdix214 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53232
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

52 kB

URL HTTP/1.1
t14.baidu.com/it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
52 kB (52453 bytes)
Hash
e1d996c9f866d1e2903825734791f31c
7bb21993554db1834fb12957fb607037de64a6bf
7961500981c8e4199f3a826a409243dd385e4956392c08f60b550c1ff2964d06

HTTP Headers

GET /it/u=868870228,4263112687&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 52453
Connection: keep-alive
Expires: Fri, 17 Feb 2023 13:35:28 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: e1d996c9f866d1e2903825734791f31c
Age: 1392435
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 13:35:28 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache64 [1], csix89 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 52453
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

54 kB

URL HTTP/1.1
t14.baidu.com/it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
54 kB (53620 bytes)
Hash
8450e5a1e0b31f6c699b13e7e36b542f
1dc410c4ff0c94ecd3729bdeaea8899f1b063ae2
0bd0e6410f5042e5c98db8bb5f77a88ba7e1978ee6414f19c258637d414d3dbc

HTTP Headers

GET /it/u=1354242520,477234005&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 53620
Connection: keep-alive
Expires: Tue, 21 Feb 2023 02:38:25 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 8450e5a1e0b31f6c699b13e7e36b542f
Age: 358359
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 02:38:25 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache65 [4], qdix122 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53620
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

74 kB

URL HTTP/1.1
t13.baidu.com/it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
74 kB (73543 bytes)
Hash
559e472d04eb1316b2b2d217adf7d505
441141c6a375dfe3e232ace91d34f0d91b9975bb
e8911e4def214849486da58ef8495eb6f5e4e560169409ac06e0e5a017fc6f36

HTTP Headers

GET /it/u=3088376384,988367146&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 73543
Connection: keep-alive
Expires: Thu, 23 Feb 2023 17:25:32 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 559e472d04eb1316b2b2d217adf7d505
Age: 906496
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 17:25:32 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], bduncache83 [1], suzix200 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 73543
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

28 kB

URL HTTP/1.1
t14.baidu.com/it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
28 kB (27690 bytes)
Hash
3fc28001dfb6229466c2f702f132da30
5c82d6090de99b8a88efc9d08a37a55cce9be75b
6f5d176f834bcec68c533f0a6652c417abc93d251c5584400e3ca1dbd47435a8

HTTP Headers

GET /it/u=2842691146,1532805845&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12254.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 05:13:48 GMT
Content-Type: image/jpeg
Content-Length: 27690
Connection: keep-alive
Expires: Sat, 11 Feb 2023 00:55:15 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 3fc28001dfb6229466c2f702f132da30
Age: 1993761
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 00:55:14 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache51 [4], wzix51 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 27690
X-Cache-Status: HIT
Timing-Allow-Origin: *

img0.baidu.com/it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652

113.219.142.35

200 OK

44 kB

URL HTTP/2
img0.baidu.com/it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x652, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
44 kB (43694 bytes)
Hash
27b6f8b9467d7822bcc6bf2ebb34e653
6e0dacd474a71c01578e6d8cd9018b68878b4663
a93145ca9501ad7e79918dcb31e71f5d4a941c05283cbcde5a67d914c5aa2d3e

HTTP Headers

GET /it/u=1980182231,2594883&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=652 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 43694
expires: Fri, 24 Feb 2023 12:30:30 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 27b6f8b9467d7822bcc6bf2ebb34e653
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 12:30:29 GMT
ohc-cache-hit: chenzct67 [1], czix132 [4]
ohc-file-size: 43694
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

113.219.142.35

200 OK

18 kB

URL HTTP/2
img0.baidu.com/it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (18538 bytes)
Hash
0972bc41e7105ea76487b66875289ca1
e6af8771bc789d73c2e4301c4dc948a7b38a0e2a
e71a1ebedea6b9ef20f569101d0e7c589ea4caf1f57f2597e974abf6a93cb013

HTTP Headers

GET /it/u=1311957819,2512572683&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 18538
expires: Wed, 01 Mar 2023 17:24:14 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 0972bc41e7105ea76487b66875289ca1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 17:24:14 GMT
ohc-cache-hit: chenzct70 [1], bdix113 [2]
ohc-file-size: 18538
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374

113.219.142.35

200 OK

29 kB

URL HTTP/2
img0.baidu.com/it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x374, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (28822 bytes)
Hash
82600c0ffe966577d135c700dde4b2fc
beee326947343d8c2ffa21cfa8642a3e8afef04d
a6586ddac57c85e7c13f4ce420ed408a8184815299d7f25f57ca3a182dd60956

HTTP Headers

GET /it/u=1508478523,1670742700&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=374 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 28822
expires: Mon, 20 Feb 2023 21:47:39 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 82600c0ffe966577d135c700dde4b2fc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 21:47:39 GMT
ohc-cache-hit: chenzct78 [1], xaix135 [4]
ohc-file-size: 28822
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800

113.219.142.35

200 OK

48 kB

URL HTTP/2
img0.baidu.com/it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
48 kB (47814 bytes)
Hash
860a3490c3e473908d2e5a561216cf6e
17484c1ad9d5dcd5e2477b4a360765ca747bddb8
e1c95dab56da158e11038817d1322ce0e72cbd3f6d8adceab15418e654f79d73

HTTP Headers

GET /it/u=1659083339,3866357200&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12254.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 05:13:48 GMT
content-type: image/webp
content-length: 47814
expires: Fri, 24 Feb 2023 00:59:59 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 860a3490c3e473908d2e5a561216cf6e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 00:59:59 GMT
ohc-cache-hit: chenzct78 [1], bdix214 [2]
ohc-file-size: 47814
x-cache-status: MISS
X-Firefox-Spdy: h2

js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d

104.192.110.245

200 OK

117 B

URL HTTP/1.1
js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
IP
104.192.110.245:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
HTML document, ASCII text, with no line terminators
Size
117 B (117 bytes)
Hash
d7c7d923f7e71e0b2a1e52f3f25aee25
8606ce2096c434bbe71f9f1ef0545a8381427c37
db40794d592b2a0f6924d2c38fcabe8901b6f65f59f1bf041d6b5a8f0c4f1cb9

HTTP Headers

GET /11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d HTTP/1.1
Host: js.passport.qihucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 05:13:49 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 07:43:20 GMT
Cache-Control: max-age=600
Expires: Sat, 04 Feb 2023 05:23:49 GMT
KCS-Via: HIT from w-fc03.lato;HIT from w-sc01.lato
Content-Encoding: gzip

s5.qhres2.com/static/ab77b6ea7f3fbf79.js

54.230.111.35

200 OK

478 B

URL HTTP/1.1
s5.qhres2.com/static/ab77b6ea7f3fbf79.js
IP
54.230.111.35:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (478), with no line terminators
Size
478 B (478 bytes)
Hash
5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a

HTTP Headers

GET /static/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s5.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 478
Connection: keep-alive
Date: Mon, 26 Sep 2022 01:48:25 GMT
X-QSTATIC-HIT: 1
Last-Modified: Mon, 01 Jan 2018 00:00:00 GMT
ETag: W/"b300475a05992239"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Expires: Thu, 23 Sep 2032 01:48:25 GMT
KCS-Via: HIT from w-fc01.lato;MISS from w-sc02.lato
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: PWQFW5ne4dKSl8dKsmfXfp0aSnwjed0EinxP5BbHla5tYTKwGDDdTw==
Age: 11330724

12254.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
12254.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12254.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/down/wbjj_2.81@376_426.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776; __bid_n=1861a7ac1116a4ffe44207; FPTOKEN=RhMjXL9a2tIj0sFzUzpmH3WTcQPsoetcooUahZ1J10sD2cqE4bSeyw+Y98q5ZtnzRsY6p+NWmpDwFABE9nFYT8I57/vseKEZDnONkax/XC+gSeCe3JfU8Y8Uo/koxnpBeTWXuw5TFLjbhnkwFxl7vhpZhDhDQvesyFl+cmiQTK81+1rXbzTU2809yXJ7gvxGNObnP/BlEfb68GB5b/qjiEc/w/kz16LSMMU8JxJBdiMLgYVeMiCwc3oGc3yG1/vyPHWfuubS6W6Djx4ueryrPsG+GNCqAJPEfu4imMQbs9dj72yo7EAn+pxVyRD/vzwtKa8yDp1c6gThFvGMQC0QWtawDhkz6OQOgugepln0QA3yYzR/FDwt+vrnjrqs31CyF/k3QGIFMAZwDNVBZDO3jQ==|ABrTKgxwFyOkRRtikZqgLPW9q42pmztxxkrT1u5UJ9I=|10|5ce6c0c829141106d500a6d07ff1ec33; Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675480776,1675487661; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675487661

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 05:13:50 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

s.360.cn/so/zz.gif?url=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a622641_06e733a@91b89.02

171.13.14.66

200 OK

0 B

URL HTTP/1.1
s.360.cn/so/zz.gif?url=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a622641_06e733a@91b89.02
IP
171.13.14.66:0
ASN
#4134 Chinanet

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /so/zz.gif?url=http%3A%2F%2F12254.url.tudown.com%2Fdown%2Fwbjj_2.81%40376_426.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a622641_06e733a@91b89.02 HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12254.url.tudown.com/

HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Sat, 04 Feb 2023 05:13:51 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Thu, 01 Aug 2019 13:00:32 GMT
Connection: keep-alive
ETag: "5d42e270-0"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML