Report - 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418

Report Overview

Submitted URL
12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-02-04 15:47:33
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
36

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
t13.baidu.com	32653	2021-01-09T14:57:25Z	2023-03-12T11:23:14Z	2.9 kB	682 kB	185.10.104.124
e2.2345.com	unknown	2017-12-06T06:21:14Z	2023-03-12T11:20:48Z	383 B	30 kB	180.101.199.215
bdcode.2345.com	375922	2018-08-21T06:25:40Z	2023-03-12T11:20:48Z	1.9 kB	50 kB	42.81.8.130
push.zhanzhang.baidu.com	57139	2015-07-22T07:44:02Z	2023-03-13T05:37:01Z	290 B	750 B	182.61.201.93
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	1.3 kB	12 kB	103.235.46.191
sofire.baidu.com	24372	2017-01-30T10:11:21Z	2023-03-13T08:59:14Z	1.2 kB	571 B	36.110.192.156
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	60 kB	34.120.237.76
www.2345.com	95142	2012-05-21T14:50:14Z	2023-03-12T11:20:49Z	703 B	6.1 kB	47.246.44.204
img2.baidu.com	50786	2021-03-25T13:17:58Z	2023-03-12T11:23:13Z	8.0 kB	641 kB	182.140.225.35
img4.duote.com	unknown	2020-03-26T04:58:38Z	2023-03-12T11:20:48Z	2.0 kB	7.7 kB	180.101.198.211
sofire.bdstatic.com	90403	2017-02-04T08:33:09Z	2023-03-13T08:59:12Z	299 B	124 kB	60.190.116.48
img4.runjiapp.com	unknown	2022-10-10T05:16:14Z	2023-03-12T11:20:49Z	434 B	42 kB	180.122.78.243
t14.baidu.com	32559	2021-01-22T21:20:42Z	2023-03-12T11:23:14Z	2.1 kB	256 kB	185.10.104.124
pos.baidu.com	23488	2012-05-24T23:17:49Z	2023-03-13T08:11:35Z	2.5 kB	29 kB	182.61.200.109
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
union2.50bang.org	170920	2012-05-21T14:50:32Z	2023-03-12T11:20:48Z	791 B	1.1 kB	180.101.190.124
img1.baidu.com	50158	2021-03-25T13:17:58Z	2023-03-12T11:23:15Z	7.7 kB	468 kB	183.136.216.35
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.162.71.253
img1.duote.com	unknown	2020-03-26T04:58:33Z	2023-03-12T11:20:48Z	3.8 kB	33 kB	180.101.198.211
12732.url.tudown.com	unknown	2017-06-17T11:51:25Z	2023-03-08T08:35:49Z	46 kB	237 kB	154.218.151.71
img0.baidu.com	50126	2021-03-25T13:17:59Z	2023-03-12T11:23:13Z	9.0 kB	833 kB	182.242.59.35
api.share.baidu.com	44629	2013-04-25T16:45:11Z	2023-03-13T05:37:01Z	396 B	114 B	182.61.240.101
static.mediav.com	139048	2013-07-11T18:22:07Z	2023-03-12T11:20:50Z	583 B	50 kB	104.192.110.245
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	367 B	1.9 kB	104.18.21.226
cpro.baidustatic.com	23298	2012-08-26T17:55:02Z	2023-03-13T08:59:12Z	721 B	5.7 kB	220.169.152.35
img1.2345.com	unknown	2012-08-01T17:23:05Z	2023-03-12T11:20:48Z	796 B	1.4 kB	180.101.199.215
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.21.226
t15.baidu.com	33050	2021-01-09T17:16:17Z	2023-03-12T11:23:14Z	2.5 kB	301 kB	185.10.104.124
ocsp.trust-provider.cn	unknown	2022-02-10T09:18:30Z	2023-03-13T07:40:56Z	1.0 kB	4.5 kB	47.246.44.205
ocsp.digicert.cn	37572	2020-03-20T18:45:56Z	2023-03-13T08:35:28Z	1.7 kB	5.1 kB	47.246.44.205
s5.cnzz.com	124433	2012-05-30T08:23:55Z	2023-03-12T11:20:48Z	393 B	669 B	180.97.251.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-04 15:47:58	medium	160.121.182.85	Client IP	ET DROP Spamhaus DROP Listed Traffic Inbound group 14

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe	Malware
2023-02-04	medium	12732.url.tudown.com/js/orsxg5a.script	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/index.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js	Malware
2023-02-04	medium	bdcode.2345.com/source/g/common/by/ht_jy_qx.js	Malware
2023-02-04	medium	bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js	Malware
2023-02-04	medium	12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js	Malware
2023-02-04	medium	12732.url.tudown.com/common/ipnotice/	Malware
2023-02-04	medium	bdcode.2345.com/awycyrm.js	Malware
2023-02-04	medium	bdcode.2345.com/rvsptpid.js	Malware
2023-02-04	medium	bdcode.2345.com/js/logo/js/logo.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (54)

	URL	Size	First Seen	Last Seen
	static.mediav.com/js/mvf_g2.js	26 kB	2023-03-09	2023-11-12
Pretty URL static.mediav.com/js/mvf_g2.js IP 104.192.110.245 ASN #55992 Beijing Qihu Technology Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-11-12 11:12:42 Times Seen485 Hash 3714bf65e8e1251620432ea9497cca2c 63e9c954ec9853923d780178803fa3c7b380be36 0486b1011f29c20d6731571ade93ad75b6a8d6906fe8b8fb79f93ef65cd5ab40 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js	1.9 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:16 Times Seen334 Hash aee75734b449c56df8c9611d7a95013a f146107c3988a1ced796df214a5b0b715bf8de0e 54f9a83a2222d1ae052a30fd496a744a7c14a987d2957ca27e477b9581834f37 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js	63 B	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:16 Times Seen318 Hash 827609f4f6b6dbef37e7bbb2c6cb8535 09929f83133df43c4ec28623065e3af7647a1f11 f7f82084b7a593e189a56487ea3179a61e6d8c93ec6ffdfada18e8c5e8863375 Loading...

	cpro.baidustatic.com/cpro/ui/pr.js	255 B	2023-03-07	2024-04-26
Pretty URL cpro.baidustatic.com/cpro/ui/pr.js IP 220.169.152.35 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:15:23 Last Seen2024-04-26 00:27:07 Times Seen553 Hash d3f648e5fa7484b7c87eab9cb5216837 aefc3afd530c842dbcf65f623e14f3655b3cf576 f012f754c1f5e78fb4b99e0b0fc3f56297c1654488072f7a39bcb3ef37b58c14 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	14 kB	2023-03-07	2024-04-26
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24:52 Last Seen2024-04-26 00:27:04 Times Seen317 Hash 5d4e296cd06cfa9d1deb88320747bea4 77fef758e53794ff3faaca75b72a87069d24bcf9 490946c119b2dcf7fed28b85345b61a41acfea2b0db35a4c089ef633d73fc6bf Loading...

	img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js	361 B	2023-03-12	2023-04-20
Pretty URL img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js IP 180.101.198.211 ASN #23650 AS Number for CHINANET jiangsu province backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-04-20 10:54:37 Times Seen321 Hash d7877f2308efe72c7913b65816859daa 755606b601ae85ebcbf0dd47660fb028d1bf30d7 3af5e226f01cd0faf44433ba44517cc6b0fe9596de061a613c8d719227cc2c1a Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js	1.8 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:16 Times Seen233 Hash 149323ee912db07b3fe13fd2cfa3e525 74e8fc06d6177353177a87ea7259760998134425 0eb494b2341948871284c2f98ed6c9fb695809d7445b03ac6dabd2d4dcfb9c68 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	3.4 kB	2023-03-07	2024-04-26
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24:52 Last Seen2024-04-26 00:27:05 Times Seen313 Hash 2249362d326da34b993e5960118cdb36 a4c9de5784ae5aebf9493ccde43fe3359384beff 1999e22ccecce48965c246bfb777d81c7d37116272e200f0dbbb4ba73b63e8b0 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js	94 kB	2023-03-07	2024-04-26
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:02:44 Last Seen2024-04-26 19:42:31 Times Seen1510 Hash 25721ced154b3a99e818431446d7506d 3f1b0e9e54af1af2db2c8a639530448723462151 ff4e4975ef403004f8fe8e59008db7ad47f54b10d84c72eb90e728d1ec9157ce Loading...

	12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe	1.4 kB	2023-03-09	2023-04-04
Pretty URL 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-04-04 00:00:25 Times Seen152 Hash b4a5278fa722561981a346887be4039f 55f919a60e2023c62065be335c4d989f25fe4f54 8f2ffea8c298706d06a14206dd21232e227ca991a7e224125d90c503a6aaa937 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	931 B	2023-03-13	2023-03-13
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash cdb1b001e60535c5a2ce60fa38982f9a 1259882374aae4049f276648ce77163f7fa0f4d9 246b78bb70d9eb6e3beafd55cefffa735260424d3d55c516ae8f30268fb80df5 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	1.7 kB	2023-03-13	2023-03-13
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash 990e5f4f31956f36f0875c3e9199f247 abae6e01c181c7e143bdf0c87f05eacd38568999 8e42d3679783b872221fd9b61255229653bc33f83daf50545431455296a12382 Loading...

	pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	127 B	2023-03-07	2024-04-03
Pretty URL pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:15:23 Last Seen2024-04-03 18:34:21 Times Seen295 Hash 6ff340e705788a463c5b639dcfc65478 4b3af7f59e3f39c5fb828b2210037fb5939c970d f65e21cc9875842fb44594012b5cb4250519012320619e611e9bfa86302aebe3 Loading...

	12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe	254 B	2023-03-09	2023-12-23
Pretty URL 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-26
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.201.93 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 16:09:47 Times Seen19027 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	union2.50bang.org/js/duoteall	370 B	2023-03-13	2023-03-13
Pretty URL union2.50bang.org/js/duoteall IP 180.101.190.124 ASN #138950 Jiangsu Wuxi International IDC network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash 72d61d39ba783036bb9a92693b68b0f4 41f159955f3087bf1e759ea535577609bf7499dd 71979a4f36bdc6931861cd4daae2b4e17864faf1b61cac427f64f349005fb426 Loading...

	12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe	533 B	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:16 Times Seen312 Hash b02e8c21c792981aa3c6518bc0428132 25a838117e5054f6f9ca484b5b84fb2434611e35 a72b865a0df4c3db294e5a1ea0e7a4006df2b4cf55f76fab1c4a0cc0d63933ce Loading...

	bdcode.2345.com/source/g/common/by/ht_jy_qx.js	5.4 kB	2023-03-13	2023-03-13
Pretty URL bdcode.2345.com/source/g/common/by/ht_jy_qx.js IP 42.81.8.130 ASN #58542 Tianjij,300000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash 194ffe9f673c80955bbb88af81b666c1 28420325f77a93342d3d9cd020ae4728d88185b2 618d4572ff8b3379088d31ae2452dd256a1fa9d36ae81b54d102c5cf4eb7e86f Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js	254 kB	2023-03-07	2024-04-24
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-24 05:19:05 Times Seen846 Hash bcad1d60cf9cb3bb180a1a8339ed5529 e045cf3abc14f3d1489828d51a47dd8fb10db197 21cacca8e9eb98f1f32702b4176685f2f941af51ab5bc7cf88ccb5435a1bb080 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js	1.4 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:16 Times Seen283 Hash 812b177d6a765340a049155ffb346995 700c3fbc94f1c323fc37bc810a66054bec2e40ec a89c354872619549fd2740a9d6635e5534681d6014662468fa2e1b2bdcaf1f21 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	603 B	2023-03-07	2024-04-26
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24:52 Last Seen2024-04-26 00:27:05 Times Seen335 Hash be7f95f4b660c9e9ef9929a532315ea2 2dadcf96b7674ad775c7ae79d2edabbd040d5052 2b37ab63fdc70ede05e9ea1ab287c7654bf8a51ff184af48b43360f09e84a514 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/index.js	8.8 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/index.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:16 Times Seen465 Hash eacfe0b6810b8427a10a72f2ce292245 fd9d1419d9e13fca138ba839b12ca6542e503cf3 a45427609e1f16e70dffca4a7ca41380f2dddfe89cf3447511190b0cc9078f96 Loading...

	e2.2345.com/news/module2/js/newsModule-v2.js	52 kB	2023-03-09	2023-10-29
Pretty URL e2.2345.com/news/module2/js/newsModule-v2.js IP 180.101.199.215 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:16 Times Seen344 Hash e9ff16cd9c6348e2d6b0ece5a13dd1e5 73edea04a761b2234f0fe1dd6ccedb477c387ecb 3e548a1af72f09a194611d68e4395c84cfdb5354c535f1cd60973dea65aba724 Loading...

	img4.duote.com/duoteimg/js/baidu_js_push.js	359 B	2023-03-09	2023-10-29
Pretty URL img4.duote.com/duoteimg/js/baidu_js_push.js IP 180.101.198.211 ASN #23650 AS Number for CHINANET jiangsu province backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:17 Times Seen262 Hash f63ef5e096ef52af0cb95b8d2f3fda32 8d6dcc307c816618f7b26e1482d16d447f382e51 e0679eaf3f94f9353f167a1ebe1a8424c61631cc9be2d5a5445ba35e77f58932 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js	4.1 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:16 Times Seen282 Hash 1e119639af390ae51db5366c232e4e0d 44ffecfba2fe74b06261e94a8e32d447f943b571 3f54c29e8cbf25fa93d2d8e0457bd538ee6126ed9a3c6360ca3707ae7cfc7350 Loading...

	bdcode.2345.com/js/logo/js/logo.js	14 kB	2023-03-07	2023-11-27
Pretty URL bdcode.2345.com/js/logo/js/logo.js IP 42.81.8.130 ASN #58542 Tianjij,300000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24:52 Last Seen2023-11-27 13:10:06 Times Seen695 Hash 4c48d5cb6252ddb9114acca39ba29add fa7faa54bc6f49005a62f9c1a18409f3e3d6d146 65913f31dd2fa488a4060686e7f52d2114941952bffebf9cae2656d2276910bd Loading...

	pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	5.7 kB	2023-03-13	2023-03-13
Pretty URL pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash 313d1cdff1ea39dd09732c5b18c5d3a8 88f4a3ee1cf10c450e46bfc71c50477328dbe895 93006d14ce1f7f574f90c838eda4f570550914f52fa91cb9bf57336d966c4e9e Loading...

	unknown	0 B	2023-03-07	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 23:32:08 Times Seen37104665 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	bdcode.2345.com/rvsptpid.js	11 kB	2023-03-07	2023-08-30
Pretty URL bdcode.2345.com/rvsptpid.js IP 42.81.8.130 ASN #58542 Tianjij,300000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:15:23 Last Seen2023-08-30 12:21:25 Times Seen516 Hash fed46fdc63a1a437e76557c7e8597e0d d9c98e0d583d61f7f5d0b915967cfabfe928e354 44364bbc2bfde11a30f86a3572f285be6581444ecd1b9d2e509e2d433004f1b7 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	1.5 kB	2023-03-13	2023-03-13
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash f59f902d6b2f7a505e099505c58135ad 8d6aa2178ce88acbd005a0b75720f6e60d447f38 27a8789129ab146b228488b554f65b726428d9ae763191c9ab5a0fb26c4c1a92 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	989 B	2023-03-07	2024-04-26
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24:52 Last Seen2024-04-26 00:27:04 Times Seen317 Hash 333d0a528d5a49b9172ab72ee2f7eec8 75f771f2f112ce84cd4d1cea2273de4824c89edd 0e45242c4bc23b8f926d3b154f2fee0092f84533ab699324cff5a162708db99b Loading...

	static.mediav.com/js/mvf_pm_slider.js	119 kB	2023-03-09	2023-10-29
Pretty URL static.mediav.com/js/mvf_pm_slider.js IP 104.192.110.245 ASN #55992 Beijing Qihu Technology Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:16 Times Seen474 Hash dea0abff12c788a3fb7d025091f2fe01 adde6e8c41a299a4da1cea56e58d3a8a314aed78 bdb5c8ccfdfdd6b386fb3c3c5f46163cc7677d9e46ace3ea48b61e0dd45f1001 Loading...

	img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js	3.6 kB	2023-03-09	2023-10-29
Pretty URL img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js IP 180.101.198.211 ASN #23650 AS Number for CHINANET jiangsu province backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:17 Times Seen371 Hash 4c7f46ff62d37b2cc7456f8f9eb96611 45f278213fdc87c90f6443d895a5f745487d4ef4 b690a9a9e51f55d345e5c0a09c7fa980ca0eb9ec62cbb085f4ce88d6a52f0a34 Loading...

	12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe	1.2 kB	2023-03-09	2023-04-05
Pretty URL 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-04-05 01:35:14 Times Seen280 Hash ff180145c396ca82ab809fcf873afaaf 0efcb80b150cc878e8b3c14338adcc10a9d17372 a26b0d809bcd8910d897ec1e990d06a2c35a1bbe94400f1959228423538ec454 Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js	1.9 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:16 Times Seen283 Hash ec524989219f7cdb591a3944cdf1d878 8e8bfad418f82b96f610f8b6f0e736c3a155d01e 267f011b9d3366b5fbd33aa11b1e43284ce1f8ad53d76c276e9ce8b882022fb5 Loading...

	img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js	3.6 kB	2023-03-09	2023-10-29
Pretty URL img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js IP 180.101.198.211 ASN #23650 AS Number for CHINANET jiangsu province backbone Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:18 Last Seen2023-10-29 08:10:16 Times Seen267 Hash d964f9ba8f04ae2ffd1d138e6b0a895f eb9e54b4d5061bf4717d75e93dd7ec2f2115f4c4 86637e24f132def1d8e7515b98ac4539d0d45eb13e962185981ffab1a86b6280 Loading...

	bdcode.2345.com/awycyrm.js	113 kB	2023-03-13	2023-03-13
Pretty URL bdcode.2345.com/awycyrm.js IP 42.81.8.130 ASN #58542 Tianjij,300000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:51:25 Last Seen2023-03-13 16:51:42 Times Seen1 Hash a4c76d16ba80dfe46194e52fad2f5ea9 a84af11e3dbd1c49440cd4e0fc8f8ddf0470e60b 04966930000e60ee7a7394e60874c6052cc3ae46ef99d2ba5bdc3bee61ae27b8 Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash f7ed0279e2a2de0010e61027ad3273a5 d406bc677cb05b840ecc82450adbbc94a95f231b 90b3fe15e8046cd704c69a38cac7753ec23e1223dc0d659a0a4c73d9618e11af Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	934 B	2023-03-13	2023-03-13
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash b64a1fe0fdc43b77075e6e9a6fd590f4 e63b438eba29642f93f702d2c313726bfc55f338 5c0ee906af32a2322068d658d4eab9ecca8b9ca622229fcbc4b4f1bdb2c48e39 Loading...

	pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	3.1 kB	2023-03-07	2024-04-26
Pretty URL pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:24:52 Last Seen2024-04-26 00:27:03 Times Seen351 Hash 245d4babbd1beb6e8d9825eebf21a944 d6a0e15bde9d543bf2cf790c62116db6d5ee92d9 0f20f0b295af53cad4007283310501f115cd26723948edd222f25d202f962b44 Loading...

	pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	1.5 kB	2023-03-13	2023-03-13
Pretty URL pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash af3eb2e2cbac1d3feea52bb3258563f2 10135db6b457077f315e64fca1866f76db3f40f0 a2b106a8dff2117048fac2c72ec7c0f768567c71a04b29eabf21f81ef70cd7a2 Loading...

	www.2345.com/js/index/activity/20171111/widget.min.js	20 kB	2023-03-09	2023-10-29
Pretty URL www.2345.com/js/index/activity/20171111/widget.min.js IP 47.246.44.204 ASN #24429 Zhejiang Taobao Network Co.,Ltd Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:17 Times Seen492 Hash 1a4ca1c15a88ef6b29b589a43036569b f007bcf11ab64283f445c88fa7eb95a9b6fbdbab 120670f990332f3bdabc88bce49fe17f4b7e8ebf3a58454e7fe8ed2a2dd6a7bb Loading...

	12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js	2.7 kB	2023-03-09	2023-10-29
Pretty URL 12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-10-29 08:10:16 Times Seen413 Hash 16df5e954746c848fc2aeb4cacdd0db4 743c35bc5aa33edf5cdb4c14aa9e5368bbc596c5 63bbeafa424a02da103b3c6c4203b0cb1ee1edbb6dbc3d307b5e0c18167abfa0 Loading...

	12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe	622 B	2023-03-13	2023-03-13
Pretty URL 12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash b793cb17843bcdf560a2e6c89f3ea10b 97ec200bb0a08c61c5ef88b4c0b11705c213f3e3 06ff87da7920ca82d8dd1a59df8bb4551d66a9032de73845a6322d977d446709 Loading...

	bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js	5.4 kB	2023-03-13	2023-03-13
Pretty URL bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js IP 42.81.8.130 ASN #58542 Tianjij,300000 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:05:27 Last Seen2023-03-13 16:51:42 Times Seen1 Hash 8e3de395832d444ad5788da135a464ad 97b838884f0e36931ee7c06673ef99a9cafd8d8d 3ec2375de4517bf35cb1828da162795a2962b3069ceab74a060a62ee52344c6e Loading...

	pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	10 kB	2023-03-07	2024-04-03
Pretty URL pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:15:23 Last Seen2024-04-03 18:34:20 Times Seen298 Hash 441b3151929643c995abd202e9f8daa4 32447855811d8e0a6b6e5debce2b0f31b1a7de3b 05c995e78741cdfbfb8523e36ac43afb91aaf46623cc38cedcf4454e57fb4d44 Loading...

	pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1	378 B	2023-03-07	2024-04-03
Pretty URL pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 IP 182.61.200.109 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:15:23 Last Seen2024-04-03 18:34:20 Times Seen296 Hash c5c3e023824d543d561461f2ab0e9dd6 d08c8b6affb7afbe09668544d0eed6f7f25bbc99 b2db23f4c92703f1d029d2716bf880ee69811837dbe0854a5d4cfbccd3881cb2 Loading...

	12732.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 12732.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

		Size	First Seen	Last Seen
	#1 Eval - f2a3816a519e9b647f39851bd709da24	52 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:24:52 Last Seen2024-04-26 00:27:05 Times Seen355 Hash f2a3816a519e9b647f39851bd709da24 3844e1a72e765bbbe1ba3748d3f252766a5a42bc e6400ed58a0a32912bdae90bc21d02ba6f1e7c3dccf3ab439815ffaa78bbaef5 Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-26 08:30:56 Times Seen2525 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

	#3 Write - bb7a44977fe1173db4e4064784493fed	337 B	2023-03-12	2023-04-20
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-04-20 10:54:37 Times Seen315 Hash bb7a44977fe1173db4e4064784493fed 2c6cf3918b6a98d7f8a8a80aeaf2141c64fbf1d1 ea8f79c31b8923d48c3f9d19e1501a476dfc38992304cdca99d0c72df9f784ce Loading...

	#4 Write - e81957e0099aabf0e9fe52bf850621a1	194 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 16:51:42 Last Seen2023-03-13 16:51:42 Times Seen1 Hash e81957e0099aabf0e9fe52bf850621a1 33dec383dc9e6e3dde7dc087d8015df9a305a468 a4956cb183870b9224257beea39d755009b4f2c5d23ecc037a1d81028c79bfbc Loading...

	#5 Write - 60bb19ab2a56de37b11d04df681f6ee0	12 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:23:57 Last Seen2024-04-26 00:04:40 Times Seen2549 Hash 60bb19ab2a56de37b11d04df681f6ee0 cd5f38ca8d19989e372e1bb66130aade666ee63b 3f7af3768d0a5463f3cfd93c47864c3f654c8cdb65e4ca6b24d5772365e6dee4 Loading...

HTTP Transactions (266)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5769
Expires: Sat, 04 Feb 2023 17:23:28 GMT
Date: Sat, 04 Feb 2023 15:47:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14531
Expires: Sat, 04 Feb 2023 19:49:30 GMT
Date: Sat, 04 Feb 2023 15:47:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13357
Expires: Sat, 04 Feb 2023 19:29:56 GMT
Date: Sat, 04 Feb 2023 15:47:19 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 15:36:15 GMT
content-type: application/json
age: 664
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: M4dxy4YcOX1BzAY1odQT0HyCIXMsSHfKynEgDK1gGMkrgVMzvnF9Jevnn+abnjMZu980LkMgznVaiLRvPdViPA==
x-amz-request-id: N6DDCJ614S60W59Q
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 15:24:04 GMT
age: 1395
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 15:47:19 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 14:49:07 GMT
age: 3493
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2771
Expires: Sat, 04 Feb 2023 16:33:31 GMT
Date: Sat, 04 Feb 2023 15:47:20 GMT
Connection: keep-alive

push.services.mozilla.com/

35.162.71.253

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.162.71.253:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: EHizy1qhYsXt3uPRbhC03A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: V5EEThB29eHWgSaBZyHj9WFs1NE=

12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

154.218.151.71

200 OK

17 kB

URL HTTP/1.1
12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
17 kB (17064 bytes)
Hash
5cfffdd43d96f10a6d25f13c03f68c76
15fe3678cc74fab7985ede4ede65e39bf5df39fd
c242daa9e9622b747b0d4f43f7a309e913847fd0030dba6d90a2150074cf2bc5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:20 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12732.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
12732.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:20 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/teach.css

154.218.151.71

200 OK

4.1 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/teach.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (499)
Size
4.1 kB (4125 bytes)
Hash
16ca38b11b525a142c6086c2c2802545
88ed9d1c7088344b24f18132ad025ed63623bb7e
c7d5eef240fb383c039b0141854336a78a07597b0bff022ae71514e913351d7a

HTTP Headers

GET /template/company/duote-xiazai/css/teach.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e70-503f"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

154.218.151.71

200 OK

8.6 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/soft.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text
Size
8.6 kB (8609 bytes)
Hash
952b2841668e8303c2ee8bc817394790
1e7d159d8d75df0112f06eedab3ecd62b7075a52
51c463da96c71adce2a234968d1e46949fa82804f680861cb6562da84239e209

HTTP Headers

GET /template/company/duote-xiazai/css/soft.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6e-a090"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/news.css

154.218.151.71

200 OK

1.5 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/news.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text
Size
1.5 kB (1491 bytes)
Hash
4d5f155ee78bab18dd989f8fedda8ebc
d3e3353e7a3da786e2a1342ca13407fd432e3398
6754cc7b30008e41d53b0ebfb6b52a0c59712348880d235a77a07c3af02d9886

HTTP Headers

GET /template/company/duote-xiazai/css/news.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-16fd"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/message.css

154.218.151.71

200 OK

1.6 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/message.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text
Size
1.6 kB (1554 bytes)
Hash
90d699f8127fe2e7210c0f31f0b90bb0
245191b7026614b76c7234e8e82724d463d4adf1
50d4eaf1d089edb739f43068f78330d22700b47f9ea8acb14fa5606637aeaf23

HTTP Headers

GET /template/company/duote-xiazai/css/message.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-17a8"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css

154.218.151.71

200 OK

353 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/scrollbar.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text
Size
353 B (353 bytes)
Hash
6fc35ccb15b461bc6b549a85ea398894
21581ad4fc3db4acc99bb2fb4ed2fde1dfa50049
8d88f6d1d76a2cf300e9378742dc29f48060c9747cfdeb6b05050cf25cc5ebfb

HTTP Headers

GET /template/company/duote-xiazai/css/scrollbar.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Content-Length: 353
Last-Modified: Sun, 06 Nov 2022 08:21:02 GMT
Connection: keep-alive
ETag: "63676e6e-161"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js

154.218.151.71

200 OK

37 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/jquery.min.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (32769)
Size
37 kB (37234 bytes)
Hash
d4e282e0e1e69d378568eac0d45bfd24
8b62528373788e473676aa025a72aae45ec17d01
b5bbdf5ae69bfc2b39919ac018f41b27efac22f98ab92848db65022eb03dfd12

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/jquery.min.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-16f44"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css

154.218.151.71

404 Not Found

146 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/scrollStyle.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /template/company/duote-xiazai/css/scrollStyle.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

12732.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css

154.218.151.71

200 OK

8.9 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/jquery-ui.min.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (29165), with CRLF line terminators
Size
8.9 kB (8914 bytes)
Hash
fd0bdc561b4f37fa8e4539d86c5fd0e4
663b932af8ef82dff4cfeb56351bd32853e54804
98161b22bc6e6613ecf1c230ff9664ba032c3abfe8d6a4079263f9daeb1829db

HTTP Headers

GET /template/company/duote-xiazai/css/jquery-ui.min.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6d-7d6e"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js

154.218.151.71

200 OK

799 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/duotecommon_top.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ISO-8859 text
Size
799 B (799 bytes)
Hash
ac93d373f5090fbc3e8a7152aab7170d
160c0bc3072bccced250979b7999ae060941eb06
e15e1cefcdcd40db68eecbd7a02af32a8a97e5749791b07b434f8454408c1570

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/duotecommon_top.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-a0b"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/global.css

154.218.151.71

200 OK

7.6 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/global.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (710)
Size
7.6 kB (7628 bytes)
Hash
b2502d4c36bc519e47bce519ffb3a295
d252dd5c34dbd231f5c120d8f45ded16e0aa3f4c
10bec4c97bde3cac4a43e4d86604e1ff2c54926ec350419e404435f0616d1a1a

HTTP Headers

GET /template/company/duote-xiazai/css/global.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:20:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6b-935f"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/css/index.css

154.218.151.71

200 OK

3.6 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/css/index.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text
Size
3.6 kB (3566 bytes)
Hash
fbfd831dee308c5094076e0b4022a222
fa69c04bf3f0c911d2b1697717e05706362f0c57
ab5a9d33745256917eb22abecd3d8ed4790e612720f2a743206d00b85aa5ff4f

HTTP Headers

GET /template/company/duote-xiazai/css/index.css HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: text/css
Last-Modified: Sun, 06 Nov 2022 08:21:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e6c-42b3"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20209
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:47:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20209
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:47:21 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c14d3cf8ade0150a711f094be32ac474
11e7fb5487d364c5392e1594e09f5b49831043ea
2a98ce39894b7d9befdba3916467bc95962376d0b308103e0a1eea36c0bc2302

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A98CE39894B7D9BEFDBA3916467BC95962376D0B308103E0A1EEA36C0BC2302"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20209
Expires: Sat, 04 Feb 2023 21:24:10 GMT
Date: Sat, 04 Feb 2023 15:47:21 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9349 bytes)
Hash
4b5c35cdff2fb0758db780212b0b1f77
edbb557a3bf57128467335685aebbd4831d802f8
e0fa59843073ba8bd171c66610bc1b3d59a1a94c4991e6023507b9453ca0edba

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd74fd89c-32f8-4ed4-ab23-e95f810fbc57.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9349
x-amzn-requestid: ecd1913d-7dbe-4ffd-ba85-0549aab51a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyayOGPlIAMFQ7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dda4da-6a9b8d146155fa8b6c1c02d6;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 00:20:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jGBEz2d-SXXPBZhwlJgR4w248y-NY2c-18euLre5PULjWUIfhfUmNQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Feb 2023 00:20:43 GMT
etag: "edbb557a3bf57128467335685aebbd4831d802f8"
content-type: image/jpeg
age: 55598
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 63408
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 63420
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10253 bytes)
Hash
392b61306c346508d3ac4a2f28218f9c
d2de32b52e0d3f4fc6acaf687b3521294b01dc03
018712a4d6734b84ac1777124f97dae4d93b1e5b297a5dcfe0955b52710b8a35

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F10640252-429d-4110-bf18-1908ac233402.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10253
x-amzn-requestid: a90cb6b3-8a72-4b4b-b4f5-6dafc8c6752a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7GGv5IAMFu8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-3ca59e7c52800a4e44bda8fd;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: G8F3Fflod6HB4QFtjpD09xzi-2LKPw_DBJT0PKYKU3bs3pvOwO_LRw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:32 GMT
age: 63409
etag: "d2de32b52e0d3f4fc6acaf687b3521294b01dc03"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9141 bytes)
Hash
f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 63231
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 64757
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js

154.218.151.71

200 OK

741 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/super_slider.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (1844)
Size
741 B (741 bytes)
Hash
64d8d6bbbe2129e883c5af163b76600d
5c0f7df223f7f0ca25cc5c8247ae8b8f0cae4805
66f01728ee43d433d4fd4c0409354667cc543ae51cd362376d3f053da321369b

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/super_slider.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-763"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js

154.218.151.71

200 OK

592 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/new_global.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ISO-8859 text
Size
592 B (592 bytes)
Hash
232fd4a41f68cb95c02a365b6aca84e9
4d17747184f32abc1b922759c510bdbab4eccedd
0d50c1f4db8f330ef99775e40dadb29b531eb33314540560567b1f2623d4885e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/new_global.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9d-685"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/js/index.js

154.218.151.71

200 OK

2.3 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/index.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (8638)
Size
2.3 kB (2325 bytes)
Hash
a1f3815ea981db7480ca3c4d5d54aac6
f3961cccb17dc2190e2a8c249d936d0b1185fd7e
7adb4d2ea2856125d829deeabfc70e92f87a5e50f84187ed8d570b810c807d6f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/index.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e97-223b"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js

154.218.151.71

200 OK

1.4 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/soft_comment.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ISO-8859 text
Size
1.4 kB (1384 bytes)
Hash
33db5499343abb12f6c7d980cfdf5af0
ca9f7d2be1dd0f229f709b2effd22d57413fc7d4
3ca1208b56597372cccafd9817375f08e7e85ab84b310cb882ff8a76bac1c388

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/soft_comment.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676ea0-f1c"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js

154.218.151.71

200 OK

577 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/clickdown_stat_ajax.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ISO-8859 text
Size
577 B (577 bytes)
Hash
d2fd0ff89c3e773f8cfb6e5e57ae2909
537114b9b969f30770ba619a17d217bb69efb759
9665a3c5c2aa7e032819815b24dccc0dd5fbfbbef8876d7d42dfe2751e06d8f7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/clickdown_stat_ajax.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e96-57a"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12732.url.tudown.com/template/company/duote-xiazai/images/stars.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/stars.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/stars.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/global.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:35 GMT
Connection: keep-alive
ETag: "63676e8f-199"
Accept-Ranges: bytes

ocsp.trust-provider.cn/

47.246.44.205

200 OK

599 B

URL HTTP/1.1
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
599 B (599 bytes)
Hash
3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 15:38:34 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=601328,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 79447e804fcc913d-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675525114
via: cache2.l2de2[0,0,304-0,H], cache16.l2de2[1,0], cache3.se1[24,23,200-0,H], cache5.se1[25,0], cache3.se1[29,0]
age: 528
x-cache: HIT TCP_REFRESH_HIT dirn:2:320191984
x-swift-savetime: Sat, 04 Feb 2023 15:47:22 GMT
x-swift-cachetime: 1272
timing-allow-origin: *, *
eagleid: 2ff62c9716755256420856737e, 2ff62c9716755256420856737e

ocsp.trust-provider.cn/

47.246.44.205

200 OK

599 B

URL HTTP/1.1
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
599 B (599 bytes)
Hash
3dcf364a98ec525459de31da9ef17294
1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93
c5d1b7bb1ab9ead9d1274e898a83e0b153b002a003345b6b36f08f71357110c7

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 15:38:34 GMT
last-modified: Sat, 04 Feb 2023 04:54:58 GMT
expires: Sat, 11 Feb 2023 04:54:57 GMT
etag: "1b997bb1f6f07f3fca7ed53c26515d21fa1b8c93"
cache-control: max-age=601328,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 79447e804fcc913d-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675525114
via: cache2.l2de2[0,-1,304-0,H], cache12.l2de2[0,0], cache5.se1[22,42,200-0,H], cache5.se1[44,0], cache7.se1[46,0]
age: 528
x-cache: HIT TCP_REFRESH_HIT dirn:4:283448285
x-swift-savetime: Sat, 04 Feb 2023 15:47:22 GMT
x-swift-cachetime: 1272
timing-allow-origin: *, *
eagleid: 2ff62c9b16755256420904536e, 2ff62c9b16755256420904536e

www.2345.com/js/index/activity/20171111/widget.min.js

47.246.44.204

301 Moved Permanently

262 B

URL HTTP/1.1
www.2345.com/js/index/activity/20171111/widget.min.js
IP
47.246.44.204:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
262 B (262 bytes)
Hash
72fa0fca20c82853e6dbbc1f13c78100
4e9b01e3ad0b56c9409bb02e5700430792fecacd
4555de589ff9b307e20c708d6f112bc47bb377df29ff0a5914f8fb0932926887

HTTP Headers

GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: text/html
Content-Length: 262
Connection: keep-alive
Location: https://www.2345.com/js/index/activity/20171111/widget.min.js
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Via: cache4.se1[,0]
Timing-Allow-Origin: *
EagleId: 2ff62c9816755256421284520e

12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js

154.218.151.71

200 OK

63 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/keyword_new.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with no line terminators
Size
63 B (63 bytes)
Hash
827609f4f6b6dbef37e7bbb2c6cb8535
09929f83133df43c4ec28623065e3af7647a1f11
f7f82084b7a593e189a56487ea3179a61e6d8c93ec6ffdfada18e8c5e8863375

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/keyword_new.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: application/javascript
Content-Length: 63
Last-Modified: Sun, 06 Nov 2022 08:21:47 GMT
Connection: keep-alive
ETag: "63676e9b-3f"
Expires: Sun, 05 Feb 2023 03:47:22 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js

154.218.151.71

200 OK

738 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/scrollbar.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (1755)
Size
738 B (738 bytes)
Hash
941e223b206b2f389ba88e5c62146e05
1ea47333441413a3afd2fbc6e335810513cd3b5f
c0034343dbd842fc5ba9dfae6be7145ec000eb017fc0ca9a7fd6e245811df660

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/scrollbar.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e9e-707"
Expires: Sun, 05 Feb 2023 03:47:22 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

bdcode.2345.com/source/g/common/by/ht_jy_qx.js

42.81.8.130

200 OK

2.2 kB

URL HTTP/1.1
bdcode.2345.com/source/g/common/by/ht_jy_qx.js
IP
42.81.8.130:0
ASN
#58542 Tianjij,300000

File type
ASCII text, with very long lines (5410), with no line terminators
Size
2.2 kB (2206 bytes)
Hash
71019fd4bece6d235fe75bffe859eb22
be95ba0376e00833ea8206ab4a13c69725e92cb5
4b0c7b1ee0821d98a40dee5f62f06088d9f837c96d8d5b77122f2c2f57a75eff

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /source/g/common/by/ht_jy_qx.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2206
Connection: keep-alive
Cache-Control: max-age=14400
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 19:47:22 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c20745663ca937dd-143
Server: yunjiasu

bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js

42.81.8.130

200 OK

2.2 kB

URL HTTP/1.1
bdcode.2345.com/common/xsoa-r/openjs/pu/ao.js
IP
42.81.8.130:0
ASN
#58542 Tianjij,300000

File type
ASCII text, with very long lines (5411), with no line terminators
Size
2.2 kB (2204 bytes)
Hash
5871fcd549aa0ada79216f55fc6eca14
711298c5227c79a85f9eb60392b3c478519396dc
20b238083b6a55c4dae9970e637bae8cee9ea2236c76a7e9932aa25d586267a3

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /common/xsoa-r/openjs/pu/ao.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 2204
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 16:47:22 GMT
Last-Modified: Sun, 29 Jan 2023 16:31:43 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c207456694eb37e5-143
Server: yunjiasu

12732.url.tudown.com/uploads/images/logo.png?n=4s5lhznxt3s3raxjusiotjno46xkdz4qq3syrnxjqcqolduc&w=250

154.218.151.71

200 OK

3.5 kB

URL HTTP/1.1
12732.url.tudown.com/uploads/images/logo.png?n=4s5lhznxt3s3raxjusiotjno46xkdz4qq3syrnxjqcqolduc&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3530 bytes)
Hash
5bd398e884eb29fa286d97d44052760f
c4c02d36c85181ee3fe926e780cef62eda41394f
9e77b68e1646a5fa8bba77da8c7167685e16b1401b2cbbc441add22cd02bf8b0

HTTP Headers

GET /uploads/images/logo.png?n=4s5lhznxt3s3raxjusiotjno46xkdz4qq3syrnxjqcqolduc&w=250 HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

12732.url.tudown.com/uploads/images/871387.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/871387.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/871387.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=378699573,2946821918&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21533
Expires: Sat, 04 Feb 2023 21:46:15 GMT
Date: Sat, 04 Feb 2023 15:47:22 GMT
Connection: keep-alive

static.mediav.com/js/mvf_g2.js

104.192.110.245

200 OK

9.0 kB

URL HTTP/1.1
static.mediav.com/js/mvf_g2.js
IP
104.192.110.245:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
ASCII text, with very long lines (25539), with no line terminators
Size
9.0 kB (9022 bytes)
Hash
1baf9fc7116527b1a41307a6653030ca
f854953834e70e842d0d3fe6c8966ffb38e16744
d601207a5fa9a6b11008bc0a5a295c46ed62707d4a4b7b04a276eef33c3dcbd3

HTTP Headers

GET /js/mvf_g2.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:41 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 20:47:22 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc01.lato;HIT from w-sc02.bjmd

12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js

154.218.151.71

200 OK

80 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/js/jquery-ui.min.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (32074), with CRLF line terminators
Size
80 kB (80124 bytes)
Hash
e81ec1034a64ade1aa8b290326108e91
67aa74b0a4d0039f59acacca2ee6eee5ebaa312e
825cd708c0562c4b038d007351af36e0c4b34a32c0a1e8fd5852206417cbf94e

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/duote-xiazai/js/jquery-ui.min.js HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:21 GMT
Content-Type: application/javascript
Last-Modified: Sun, 06 Nov 2022 08:21:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63676e99-3def1"
Expires: Sun, 05 Feb 2023 03:47:21 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 15:47:22 GMT
Last-Modified: Sat, 04 Feb 2023 07:12:34 GMT
ETag: "63de0562-1d7"
Expires: Mon, 06 Feb 2023 07:12:34 GMT
Cache-Control: max-age=141912
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675525642
Via: cache16.l2de2[195,195,200-0,M], cache16.l2de2[196,0], cache1.se1[218,217,200-0,M], cache1.se1[219,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 15:47:22 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9516755256424114792e

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
8b713e782d4daaaf92b087fa2f128979
a4a673654c0544378aa15e1dfab8c7e64eef8698
15764a19559af6a9aa1a79c435c70e3eb0d5b6ceabfb35c50e3a15539faf63ec

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 13:52:11 GMT
ETag: "a4a673654c0544378aa15e1dfab8c7e64eef8698"
Last-Modified: Sat, 04 Feb 2023 13:52:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2587
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79448b62b915b4fa-OSL

static.mediav.com/js/mvf_pm_slider.js

104.192.110.245

200 OK

40 kB

URL HTTP/1.1
static.mediav.com/js/mvf_pm_slider.js
IP
104.192.110.245:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
ASCII text, with very long lines (65536), with no line terminators, with escape sequences
Size
40 kB (40296 bytes)
Hash
b23b60a7adefb62f50583079ed66f03b
965ea6506ea6c004b1135f23c10c67484fc0d238
987d03cb317bd411589ab916be6ea0e5aaabf8de0e94a2de7712beff577a62f8

HTTP Headers

GET /js/mvf_pm_slider.js HTTP/1.1
Host: static.mediav.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 16 Nov 2022 07:57:42 GMT
Vary: Accept-Encoding
Expires: Sat, 04 Feb 2023 20:47:22 GMT
Cache-Control: max-age=18000
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Content-Encoding: gzip
KCS-Via: HIT from w-fc02.lato;HIT from w-sc09.zzzc

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 15:47:22 GMT
Ali-Swift-Global-Savetime: 1675525642
Via: cache19.l2de2[312,312,200-0,M], cache19.l2de2[313,0], cache3.se1[336,337,200-0,M], cache3.se1[338,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 15:47:22 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716755256424127114e

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 15:47:22 GMT
Ali-Swift-Global-Savetime: 1675525642
Via: cache14.l2de2[315,315,200-0,M], cache14.l2de2[316,0], cache3.se1[337,337,200-0,M], cache3.se1[339,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 15:47:22 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716755256424127113e

12732.url.tudown.com/uploads/images/458286.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/458286.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/458286.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1443111533,475388791&fm=253&fmt=auto&app=120&f=JPEG?w=660&h=363

12732.url.tudown.com/uploads/images/844803.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/844803.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/844803.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4102967583,720449785&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=354

12732.url.tudown.com/common/ipnotice/

154.218.151.71

200 OK

17 kB

URL HTTP/1.1
12732.url.tudown.com/common/ipnotice/
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
17 kB (16991 bytes)
Hash
a994e11113a0d36d42067c31a83e06fe
6349b666191b8d5694a9d467cb738f2a8030e825
3d879530f6884d7fbee4ec463030819e404220a317de3d5083f948e1cb19e15a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /common/ipnotice/ HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12732.url.tudown.com/uploads/images/371451.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/371451.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/371451.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/277287.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/277287.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/277287.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2359150615,627469233&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sat, 04 Feb 2023 15:47:22 GMT
Ali-Swift-Global-Savetime: 1675525642
Via: cache25.l2de2[502,501,200-0,M], cache25.l2de2[502,0], cache8.se1[524,524,200-0,M], cache8.se1[525,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 15:47:22 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9c16755256424066233e

12732.url.tudown.com/uploads/images/812811.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/812811.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/812811.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:22 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2127145328,732012671&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714

s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517

180.97.251.250

200 OK

20 B

URL HTTP/2
s5.cnzz.com/z_stat.php?id=1277770517&web_id=1277770517
IP
180.97.251.250:0
ASN
#4134 Chinanet

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /z_stat.php?id=1277770517&web_id=1277770517 HTTP/1.1
Host: s5.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 15:36:57 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 15:36:57 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675525017
via: cache6.l2ea120-8[52,52,200-0,M], cache27.l2ea120-8[53,0], cache9.cn2205[0,0,200-0,H], cache11.cn2205[0,0]
age: 625
x-cache: HIT TCP_MEM_HIT dirn:13:813447518
x-swift-savetime: Sat, 04 Feb 2023 15:36:57 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb1f16755256429496770e
X-Firefox-Spdy: h2

img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301

180.101.199.215

404 Not Found

146 B

URL HTTP/2
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP
180.101.199.215:0
ASN
#4134 Chinanet

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 15:47:22 GMT
ali-swift-global-savetime: 1675525642
via: cache48.l2cn3037[25,24,404-1280,M], cache53.l2cn3037[26,0], cache53.l2cn3037[26,0], vcache19.cn4733[29,29,404-1280,M], vcache17.cn4733[30,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 15:47:22 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: b465c72516755256427761608e
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/221461.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/221461.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/221461.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3958606269,1426629133&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/832176.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/832176.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/832176.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=178608739,32716320&fm=224&app=112&f=JPEG?w=350&h=350

img1.duote.com/duoteimg/zhuanti/comment/images/4.gif

180.101.198.211

200 OK

1.7 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/4.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
1.7 kB (1706 bytes)
Hash
9429cb260cbf87e528d14cf6baaf2b5b
eb067540c3b93c515efbc46b5a1cb4c7bcb16ff7
4cce9443159a3c082fbf59610efbf5ef9b92d5422bce4bbe8ef43d1bcc8d0475

HTTP Headers

GET /duoteimg/zhuanti/comment/images/4.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1706
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3DFFFCE35347F52A3
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "9429CB260CBF87E528D14CF6BAAF2B5B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 875222251737355829
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: lCnLJgy/h+Uo0Uz2uq8rWw==
x-oss-server-time: 88
ali-swift-global-savetime: 1675307171
via: cache5.l2cn3055[137,136,200-0,M], cache34.l2cn3055[138,0], vcache5.cn4732[0,0,200-0,H], vcache16.cn4732[2,0]
age: 218471
x-cache: HIT TCP_HIT dirn:9:233318430
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256428002773e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/6.gif

180.101.198.211

200 OK

3.5 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/6.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
3.5 kB (3468 bytes)
Hash
eb575dd556470ae55acfa8350f63f3ab
5ded8852598c3cb4ff9130d24b1b7b03c558d14e
0be355d4a20f70a41fef403a817d2d27a1c5122fa1b58ef04dc884fb9a12ed7a

HTTP Headers

GET /duoteimg/zhuanti/comment/images/6.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 3468
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3C428EB3630F276FE
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "EB575DD556470AE55ACFA8350F63F3AB"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17858666986198953545
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 61dd1VZHCuVaz6g1D2Pzqw==
x-oss-server-time: 117
ali-swift-global-savetime: 1675307171
via: cache12.l2cn3055[156,156,200-0,M], cache36.l2cn3055[158,0], vcache7.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 218471
x-cache: HIT TCP_MEM_HIT dirn:9:53898126
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256428012776e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/5.gif

180.101.198.211

200 OK

2.8 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/5.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
2.8 kB (2768 bytes)
Hash
a7bff4f63a973a68e2d98ee780d9e29e
4c87d92faf82347bb122c2ad0e74e166aec5c567
18e82892f579e1f63d003f7e8404754b775542d72ea2d677f61d8ed3c7dfd21c

HTTP Headers

GET /duoteimg/zhuanti/comment/images/5.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2768
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3F1D5B233305BE7E5
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "A7BFF4F63A973A68E2D98EE780D9E29E"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 11302870927342222426
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: p7/09jqXOmji2Y7ngNning==
x-oss-server-time: 127
ali-swift-global-savetime: 1675307171
via: cache51.l2cn3055[157,156,200-0,M], cache47.l2cn3055[159,0], vcache1.cn4732[0,1,200-0,H], vcache16.cn4732[3,0]
age: 218471
x-cache: HIT TCP_HIT dirn:10:284702017
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256428002772e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/7.gif

180.101.198.211

200 OK

1.5 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/7.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
1.5 kB (1495 bytes)
Hash
56bd697fdac1de3dbe8d4dd53e309a9b
215d4fead2dbf7bf6aeea1136749675cc5034f9e
7acdc1e69fd8d2c578ccf122054b7dab5a58a59caa255cd5585d45956136f4a3

HTTP Headers

GET /duoteimg/zhuanti/comment/images/7.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1495
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3E3631F36348B9DE4
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "56BD697FDAC1DE3DBE8D4DD53E309A9B"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 6398064933782332215
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Vr1pf9rB3j2+jU3VPjCamw==
x-oss-server-time: 88
ali-swift-global-savetime: 1675307171
via: cache25.l2cn3055[109,109,200-0,M], cache76.l2cn3055[111,0], vcache25.cn4732[0,0,200-0,H], vcache16.cn4732[2,0]
age: 218471
x-cache: HIT TCP_HIT dirn:11:237709296
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256428012778e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/10.gif

180.101.198.211

200 OK

2.1 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/10.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
2.1 kB (2105 bytes)
Hash
8535863eee1ae5dfffa4f25a79cffa10
ae60588f804b611794c725429927f1a37c31a6e5
13fd5ae010e7d97dc637a2ec0537a28a8d74dac1f1480fa87279ae226e13e535

HTTP Headers

GET /duoteimg/zhuanti/comment/images/10.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2105
date: Tue, 03 Jan 2023 14:51:52 GMT
x-oss-request-id: 63B44108DA57CC3430E71280
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "8535863EEE1AE5DFFFA4F25A79CFFA10"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 720901678692586227
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: hTWGPu4a5d//pPJaec/6EA==
x-oss-server-time: 80
ali-swift-global-savetime: 1672757512
via: cache79.l2cn3055[0,0,200-0,H], cache51.l2cn3055[2,0], vcache18.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 2768130
x-cache: HIT TCP_HIT dirn:10:213188726
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 13002341
timing-allow-origin: *
eagleid: b465c62416755256429182856e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/9.gif

180.101.198.211

200 OK

1.7 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/9.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
1.7 kB (1733 bytes)
Hash
52c2ef213baaff54c731557b999a0bf7
804e7ac80e4255b27247350265bbc92ce8d075bb
6bc6cc4739fbf0b9257b84549097c06651f82bcb2edef386710f4bb88e5b1676

HTTP Headers

GET /duoteimg/zhuanti/comment/images/9.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1733
date: Tue, 03 Jan 2023 11:51:50 GMT
x-oss-request-id: 63B416D62B654B3335D3555D
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "52C2EF213BAAFF54C731557B999A0BF7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 7207152638915174298
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: UsLvITuq/1THMVV7mZoL9w==
x-oss-server-time: 135
ali-swift-global-savetime: 1672746710
via: cache4.l2cn3055[0,0,200-0,H], cache34.l2cn3055[1,0], vcache5.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 2778933
x-cache: HIT TCP_HIT dirn:9:233693268
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 12991539
timing-allow-origin: *
eagleid: b465c62416755256430842948e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/11.gif

180.101.198.211

200 OK

7.0 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/11.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
7.0 kB (6979 bytes)
Hash
0dfec8a688ee97162d852f42a0fa2a23
a6bc13493b4f2471b72b9d9e8474a9889ad2f4cb
bfef5124ff15cc50ba2eb8e6c605541b642bb5c8c18a4c618ed248522f8d44e0

HTTP Headers

GET /duoteimg/zhuanti/comment/images/11.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 6979
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3EEC7423138E2BAB0
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "0DFEC8A688EE97162D852F42A0FA2A23"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 5501157311881781066
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: Df7IpojulxYthS9CoPoqIw==
x-oss-server-time: 166
ali-swift-global-savetime: 1675307171
via: cache60.l2cn3055[198,198,200-0,M], cache67.l2cn3055[199,0], vcache27.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 218472
x-cache: HIT TCP_HIT dirn:10:25434270
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256431072958e
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/539515.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/539515.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/539515.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4250376146,713319959&fm=253&fmt=auto?w=500&h=500

12732.url.tudown.com/uploads/images/89656.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/89656.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/89656.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1154681949,3347615978&fm=253&fmt=auto&app=138&f=JPEG?w=584&h=500

12732.url.tudown.com/uploads/images/475758.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/475758.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/475758.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2464625651,1606600720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js

180.101.198.211

200 OK

361 B

URL HTTP/2
img4.duote.com/duoteimg/dtnew_recom_img/duoteself/softdown_1.js
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
HTML document text\012- HTML document, ASCII text, with very long lines (361), with no line terminators
Size
361 B (361 bytes)
Hash
d7877f2308efe72c7913b65816859daa
755606b601ae85ebcbf0dd47660fb028d1bf30d7
3af5e226f01cd0faf44433ba44517cc6b0fe9596de061a613c8d719227cc2c1a

HTTP Headers

GET /duoteimg/dtnew_recom_img/duoteself/softdown_1.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 361
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3BDCDCF3936A08917
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D7877F2308EFE72C7913B65816859DAA"
last-modified: Wed, 04 Jan 2023 09:53:30 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13587884656729146177
x-oss-storage-class: Standard
x-oss-meta-mtime: 1672826010
x-oss-expiration: expiry-date="Thu, 05 Jan 2023 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVxiBgMCnu.bwqxgiIGMwYmRlOGE3NDQ3MjQxYmY4Y2NiYWYyOWExMzU2Zjdi
content-md5: 14d/Iwjv5yx5E7ZYFoWdqg==
x-oss-server-time: 43
ali-swift-global-savetime: 1675307171
via: cache36.l2cn3055[57,57,200-0,M], cache30.l2cn3055[58,0], vcache5.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 218472
x-cache: HIT TCP_HIT dirn:9:196091996
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256432023029e
X-Firefox-Spdy: h2

union2.50bang.org/js/duoteall

180.101.190.124

200 OK

370 B

URL HTTP/1.1
union2.50bang.org/js/duoteall
IP
180.101.190.124:0
ASN
#138950 Jiangsu Wuxi International IDC network

File type
ASCII text, with very long lines (370), with no line terminators
Size
370 B (370 bytes)
Hash
72d61d39ba783036bb9a92693b68b0f4
41f159955f3087bf1e759ea535577609bf7499dd
71979a4f36bdc6931861cd4daae2b4e17864faf1b61cac427f64f349005fb426

HTTP Headers

GET /js/duoteall HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Length: 370

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
a7d60eb77ee704162930c6b48c27d6c1
25b149d4af4ecbb0b810732fbc0eb3675910500a
a22cef7d656a03291c80fbbe66b43811e9e7ea9f34e230f0fd92756038b82ebb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Date: Sat, 04 Feb 2023 15:47:23 GMT
Last-Modified: Sat, 04 Feb 2023 07:12:34 GMT
ETag: "63de0562-1d7"
Expires: Mon, 06 Feb 2023 07:12:34 GMT
Cache-Control: max-age=141911
Accept-Ranges: bytes
Ali-Swift-Global-Savetime: 1675525643
Via: cache1.l2de2[773,773,200-0,M], cache1.l2de2[774,0], cache3.se1[795,794,200-0,M], cache3.se1[796,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sat, 04 Feb 2023 15:47:23 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9716755256425457287e

12732.url.tudown.com/uploads/images/216078.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/216078.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/216078.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1987992573,1525544017&fm=253&fmt=auto?w=1422&h=800

img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js

180.101.198.211

200 OK

895 B

URL HTTP/2
img4.duote.com/duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
ASCII text
Size
895 B (895 bytes)
Hash
f8f676d38231dad63dfc1144b4739051
978c21f9675780eb755412efc1ddc8fe098c5d7f
2ab62b8459e616fbc36456facba7af14984e90a3a5522a317d46cdb6f133f871

HTTP Headers

GET /duoteimg/dtnew_assets/pc/js/searchCode/transcoding.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/x-javascript
content-length: 895
date: Tue, 03 Jan 2023 08:39:42 GMT
x-oss-request-id: 63B3E9CEF01BDA30320260CE
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "4C7F46FF62D37B2CC7456F8F9EB96611"
last-modified: Thu, 10 Sep 2020 02:00:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 13670043018340852857
x-oss-storage-class: Standard
x-oss-meta-mode: 33188
x-oss-meta-mtime: 1599017058
x-oss-expiration: expiry-date="Fri, 11 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
vary: Accept-Encoding
content-md5: TH9G/2LTeyzHRW+PnrlmEQ==
x-oss-server-time: 22
content-encoding: gzip
ali-swift-global-savetime: 1672735182
via: cache7.l2cn3055[0,19,200-0,H], cache51.l2cn3055[23,0], vcache27.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 2790461
x-cache: HIT TCP_HIT dirn:9:20475925
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 12980011
timing-allow-origin: *
eagleid: b465c62416755256432093035e
X-Firefox-Spdy: h2

img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js

180.101.198.211

200 OK

1.0 kB

URL HTTP/2
img4.duote.com/duoteimg/dtnew_assets/pc/js/soft/auto_complete.js
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
ISO-8859 text
Size
1.0 kB (1015 bytes)
Hash
8c6a6de562181b71d2867e2711f31df9
6e3aed7b36431b15293f6a3a1c66567a6fec5334
f65233dc7f87033f78a736238467c78ce1973af259b67f932c285a0f180174ee

HTTP Headers

GET /duoteimg/dtnew_assets/pc/js/soft/auto_complete.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 1015
date: Wed, 19 Oct 2022 03:08:25 GMT
vary: Accept-Encoding
x-oss-request-id: 634F6A297AA92E33352FF6B9
x-oss-cdn-auth: success
last-modified: Wed, 19 Oct 2022 02:15:25 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3181168464323094172
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 20 Oct 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQVRiBgICaq4y4nxgiIDJjNjljMDkwMWY0MjQ4N2JhZTA2NmEwOWJkZmNhMWYx
content-md5: 5qfmF/GrELbus726BAkyLQ==
x-oss-server-time: 29
content-encoding: gzip
ali-swift-global-savetime: 1666148905
via: cache25.l2cn3047[0,0,200-0,H], cache49.l2cn3047[1,0], vcache10.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 9376738
x-cache: HIT TCP_HIT dirn:11:361348434
x-swift-savetime: Wed, 19 Oct 2022 04:31:53 GMT
x-swift-cachetime: 15546992
timing-allow-origin: *
eagleid: b465c62416755256432093036e
X-Firefox-Spdy: h2

img4.duote.com/duoteimg/js/baidu_js_push.js

180.101.198.211

200 OK

359 B

URL HTTP/2
img4.duote.com/duoteimg/js/baidu_js_push.js
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
ASCII text, with CRLF line terminators
Size
359 B (359 bytes)
Hash
f63ef5e096ef52af0cb95b8d2f3fda32
8d6dcc307c816618f7b26e1482d16d447f382e51
e0679eaf3f94f9353f167a1ebe1a8424c61631cc9be2d5a5445ba35e77f58932

HTTP Headers

GET /duoteimg/js/baidu_js_push.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 359
date: Tue, 03 Jan 2023 12:52:52 GMT
x-oss-request-id: 63B42524A2FF263437FD44EA
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "F63EF5E096EF52AF0CB95B8D2F3FDA32"
last-modified: Tue, 21 Jun 2022 08:41:11 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2603761381065918884
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Wed, 22 Jun 2022 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: CAEQUxiBgID4uNiVjBgiIDdjODgyMTExYzA2OTQ5NmU4NjMxZTI4MDZmMTc2NGEx
content-md5: 9j714JbvUq8MuVuNLz/aMg==
x-oss-server-time: 6
ali-swift-global-savetime: 1672750372
via: cache41.l2cn3055[0,0,200-0,H], cache65.l2cn3055[1,0], vcache24.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 2775271
x-cache: HIT TCP_HIT dirn:9:136430831
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 12995201
timing-allow-origin: *
eagleid: b465c62416755256432213042e
X-Firefox-Spdy: h2

img4.duote.com/duoteimg/js/front_ad.js

180.101.198.211

200 OK

0 B

URL HTTP/2
img4.duote.com/duoteimg/js/front_ad.js
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /duoteimg/js/front_ad.js HTTP/1.1
Host: img4.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 0
date: Mon, 30 Jan 2023 14:45:14 GMT
x-oss-request-id: 63D7D7FA375B533033D1ED45
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "D41D8CD98F00B204E9800998ECF8427E"
last-modified: Wed, 02 Sep 2020 01:55:56 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 0
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Thu, 03 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 1B2M2Y8AsgTpgAmY7PhCfg==
ali-swift-global-savetime: 1675089914
via: cache29.l2cn2641[0,0,200-0,H], cache20.l2cn2641[1,0], vcache2.cn4732[0,0,200-0,H], vcache16.cn4732[2,0]
age: 435729
x-cache: HIT TCP_HIT dirn:11:22325687
x-swift-savetime: Fri, 03 Feb 2023 10:18:49 GMT
x-swift-cachetime: 15222385
timing-allow-origin: *
eagleid: b465c62416755256433123099e
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/652313.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/652313.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/652313.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952

12732.url.tudown.com/uploads/images/419807.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/419807.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/419807.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=496646664,2249254928&fm=224&app=112&f=JPEG?w=500&h=500

img1.duote.com/duoteimg/zhuanti/comment/images/2.gif

180.101.198.211

200 OK

1.7 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/2.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
1.7 kB (1668 bytes)
Hash
daaa6d71e871eec644788b703b718bd8
8fadc0f0070931b2f807159e87b82bc2269b467a
6d31802a2485e9ff603aa0ec2528c96590e9d4c5ac8961ddf8a9c3fe3bb5c0b8

HTTP Headers

GET /duoteimg/zhuanti/comment/images/2.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 1668
date: Thu, 02 Feb 2023 03:06:11 GMT
x-oss-request-id: 63DB28A3EE37C83934296313
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "DAAA6D71E871EEC644788B703B718BD8"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17840225992830112301
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: 2qptcehx7sZEeItwO3GL2A==
x-oss-server-time: 101
ali-swift-global-savetime: 1675307171
via: cache51.l2cn3055[128,127,200-0,M], cache71.l2cn3055[129,0], vcache3.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 218472
x-cache: HIT TCP_HIT dirn:11:35063887
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 15552000
timing-allow-origin: *
eagleid: b465c62416755256435013212e
X-Firefox-Spdy: h2

img1.duote.com/duoteimg/zhuanti/comment/images/12.gif

180.101.198.211

200 OK

2.6 kB

URL HTTP/2
img1.duote.com/duoteimg/zhuanti/comment/images/12.gif
IP
180.101.198.211:0
ASN
#23650 AS Number for CHINANET jiangsu province backbone

File type
GIF image data, version 89a, 24 x 24\012- data
Size
2.6 kB (2575 bytes)
Hash
74dc1aa4f1e4f7219da7ad597c91b8e7
bfda85aaa1fd81b79b792ee83cd448cd2cde5005
733f3dc6aa38aaad278d72cbef942326c77b0f872727e5971cc8fb9b3b683efe

HTTP Headers

GET /duoteimg/zhuanti/comment/images/12.gif HTTP/1.1
Host: img1.duote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 2575
date: Tue, 03 Jan 2023 14:51:52 GMT
x-oss-request-id: 63B44108E8761339321255DD
x-oss-cdn-auth: success
accept-ranges: bytes
etag: "74DC1AA4F1E4F7219DA7AD597C91B8E7"
last-modified: Thu, 03 Sep 2020 22:40:39 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 17001896356624891276
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Fri, 04 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
content-md5: dNwapPHk9yGdp61ZfJG45w==
x-oss-server-time: 66
ali-swift-global-savetime: 1672757512
via: cache35.l2cn3055[0,0,200-0,H], cache31.l2cn3055[1,0], vcache9.cn4732[0,0,200-0,H], vcache16.cn4732[1,0]
age: 2768131
x-cache: HIT TCP_HIT dirn:9:354643125
x-swift-savetime: Thu, 02 Feb 2023 03:06:11 GMT
x-swift-cachetime: 13002341
timing-allow-origin: *
eagleid: b465c62416755256435083218e
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/682147.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/682147.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/682147.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=905519110,4260712405&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800

12732.url.tudown.com/uploads/images/537399.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/537399.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/537399.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

12732.url.tudown.com/uploads/images/268915.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/268915.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/268915.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1025032097,1279027058&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=401

12732.url.tudown.com/uploads/images/309793.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/309793.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/309793.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2479701200,2263408814&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/template/company/duote-xiazai/images/soft-down.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/soft-down.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/soft-down.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:32 GMT
Connection: keep-alive
ETag: "63676e8c-199"
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/softfastdownbtn.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/softfastdownbtn.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:33 GMT
Connection: keep-alive
ETag: "63676e8d-199"
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png

154.218.151.71

200 OK

1.2 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/icon-sprites.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1160 bytes)
Hash
cc3e19fad8a144bf1e7bf400678f99cb
6ac3ec9a26fdec416640a98d24564ddee9886999
1725f9122ad4ec5075cd0967aef3ef5aff312d90e17a33b854d71434f7cbba4c

HTTP Headers

GET /template/company/duote-xiazai/images/icon-sprites.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/png
Content-Length: 1160
Last-Modified: Sun, 06 Nov 2022 08:21:18 GMT
Connection: keep-alive
ETag: "63676e7e-488"
Accept-Ranges: bytes

img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301

180.101.199.215

404 Not Found

146 B

URL HTTP/2
img1.2345.com/duoteimg/js/base64.js?_vtim=2014122301
IP
180.101.199.215:0
ASN
#4134 Chinanet

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /duoteimg/js/base64.js?_vtim=2014122301 HTTP/1.1
Host: img1.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
server: Tengine
content-type: text/html; charset=gb2312
content-length: 146
date: Sat, 04 Feb 2023 15:47:23 GMT
ali-swift-global-savetime: 1675525643
via: cache48.l2cn3037[20,20,404-1280,M], cache54.l2cn3037[21,0], cache54.l2cn3037[22,0], vcache19.cn4733[26,26,404-1280,M], vcache17.cn4733[27,0]
x-cache: MISS TCP_MISS dirn:-2:-2
x-swift-savetime: Sat, 04 Feb 2023 15:47:23 GMT
x-swift-cachetime: 1
x-swift-error: orig response 4XX error
timing-allow-origin: *
eagleid: b465c72516755256437582470e
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/414148.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/414148.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/414148.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1913668018,255780574&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350

12732.url.tudown.com/uploads/images/341384.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/341384.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/341384.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800

12732.url.tudown.com/template/company/duote-xiazai/images/like.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/like.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/like.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:23 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:22 GMT
Connection: keep-alive
ETag: "63676e82-199"
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/images/dislike.png

154.218.151.71

200 OK

295 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/dislike.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 16 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
295 B (295 bytes)
Hash
a23e4dc6044953a149d0eb87aa9df5a4
48ab906d07b8d3265c0de7255d41d5352df29b9d
0342c264fcaac6c9fb4c0ea801d56145043dcd37613bddc633a6333c783eb2b9

HTTP Headers

GET /template/company/duote-xiazai/images/dislike.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/png
Content-Length: 295
Last-Modified: Sun, 06 Nov 2022 08:21:09 GMT
Connection: keep-alive
ETag: "63676e75-127"
Accept-Ranges: bytes

union2.50bang.org/web/duoteall?uId2=QUTSTNUQRR&r=&fBL=1280*1024

180.101.190.124

200 OK

0 B

URL HTTP/1.1
union2.50bang.org/web/duoteall?uId2=QUTSTNUQRR&r=&fBL=1280*1024
IP
180.101.190.124:0
ASN
#138950 Jiangsu Wuxi International IDC network

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /web/duoteall?uId2=QUTSTNUQRR&r=&fBL=1280*1024 HTTP/1.1
Host: union2.50bang.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: uidFlag=1; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uUid=136163DE7E0C0001037A50670006; path=/; domain=union2.50bang.org; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTL=1; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
uHTT=1675525644; path=/web/duoteall; expires=Sun,22-Feb-2099 00:00:00 GMT
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Length: 0

12732.url.tudown.com/template/company/duote-xiazai/images/right.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/right.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/right.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:30 GMT
Connection: keep-alive
ETag: "63676e8a-199"
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/images/left.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/left.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/left.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:20 GMT
Connection: keep-alive
ETag: "63676e80-199"
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png

154.218.151.71

200 OK

1.3 kB

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/newbtnbg.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 178 x 40, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1308 bytes)
Hash
7e22e63af128066b4d249bec71934fa7
09313b9c9717d049883d7c82b3b87f1a4af28408
ea827b6f53f2f091eb1a9ab83c5f53c5f4215e5a14721037af0b50dc47ffe5b0

HTTP Headers

GET /template/company/duote-xiazai/images/newbtnbg.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/png
Content-Length: 1308
Last-Modified: Sun, 06 Nov 2022 08:21:23 GMT
Connection: keep-alive
ETag: "63676e83-51c"
Accept-Ranges: bytes

12732.url.tudown.com/template/company/duote-xiazai/images/biaoq-icon.png

154.218.151.71

200 OK

409 B

URL HTTP/1.1
12732.url.tudown.com/template/company/duote-xiazai/images/biaoq-icon.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
409 B (409 bytes)
Hash
513adea23e19785779ef24441cbdb356
acaf0cd2ec302562b27850b970523d96ac5a120c
b78bf1490ecfe58446b32e59b0e6505d2d18f75f8676809753830b66a8dee298

HTTP Headers

GET /template/company/duote-xiazai/images/biaoq-icon.png HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/template/company/duote-xiazai/css/global.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/png
Content-Length: 409
Last-Modified: Sun, 06 Nov 2022 08:21:07 GMT
Connection: keep-alive
ETag: "63676e73-199"
Accept-Ranges: bytes

12732.url.tudown.com/uploads/images/697801.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/697801.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/697801.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=4052067396,4175232010&fm=253&app=120&f=JPEG?w=1280&h=800

12732.url.tudown.com/uploads/images/5193.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/5193.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/5193.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500

12732.url.tudown.com/uploads/images/406893.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/406893.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/406893.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3747757751,3216234103&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=531

12732.url.tudown.com/uploads/images/665949.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/665949.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/665949.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505

12732.url.tudown.com/uploads/images/565001.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/565001.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/565001.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1808016061,1340336792&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

12732.url.tudown.com/uploads/images/611065.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/611065.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/611065.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1859839898,486395623&fm=253&fmt=auto&app=138&f=PNG?w=458&h=500

bdcode.2345.com/awycyrm.js

42.81.8.130

200 OK

38 kB

URL HTTP/1.1
bdcode.2345.com/awycyrm.js
IP
42.81.8.130:0
ASN
#58542 Tianjij,300000

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
38 kB (38255 bytes)
Hash
5fbb10e03d1f57d1cc8b11f6733f05e9
6c5795f7e16e68be43e5416cf63e509a6caa58b8
550493b918a5548592ae1a76018c938f3ff7e9f64fe5af1dfcf91839e7270bd8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /awycyrm.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 38255
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 16:47:24 GMT
Last-Modified: Sun, 29 Jan 2023 02:02:23 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c207457b3cb837dd-143
Server: yunjiasu

12732.url.tudown.com/uploads/images/640580.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/640580.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/640580.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1856503022,3791914285&fm=224&app=112&f=JPEG?w=500&h=500

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
81f5c123f4a83e821e1e2f7c4101a7bf
650933ff62323a28072863389d558e213041f68a
5a56d766b7901444e0da4d430348ca3f0ddae9cf26f9bb4f41266c36750572d7

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 12:17:24 GMT
ETag: "650933ff62323a28072863389d558e213041f68a"
Last-Modified: Sat, 04 Feb 2023 12:17:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2035
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79448b70dc9eb4fd-OSL

12732.url.tudown.com/uploads/images/160013.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/160013.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/160013.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3527261308,422736669&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

12732.url.tudown.com/uploads/images/879494.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/879494.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/879494.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3547934588,425058143&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/412717.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/412717.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/412717.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1148678010,3796072657&fm=253&fmt=auto&app=138&f=JPEG?w=226&h=300

12732.url.tudown.com/uploads/images/790419.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/790419.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/790419.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2372809127,57165781&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/281068.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/281068.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/281068.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3919443128,1808455130&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224

12732.url.tudown.com/uploads/images/141379.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/141379.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/141379.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2420663857,1526987197&fm=253&fmt=auto?w=500&h=313

img0.baidu.com/it/u=4052067396,4175232010&fm=253&app=120&f=JPEG?w=1280&h=800

182.242.59.35

200 OK

55 kB

URL HTTP/1.1
img0.baidu.com/it/u=4052067396,4175232010&fm=253&app=120&f=JPEG?w=1280&h=800
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
55 kB (54666 bytes)
Hash
5c70099af0e8618ce537c0f62dc7e990
7cb57e9c796b6176b8be4070b86fb4a00e69b3e4
8c9d074cf8ee3644327c78dce4bbdd1c864f2d6b23089eb5f443e5cc397adeed

HTTP Headers

GET /it/u=4052067396,4175232010&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpeg
Content-Length: 54666
Connection: keep-alive
Expires: Sun, 12 Feb 2023 19:03:50 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 5c70099af0e8618ce537c0f62dc7e990
Age: 45537
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 19:03:50 GMT
Ohc-Cache-HIT: km7ct56 [4], xiangyix56 [4]
Ohc-File-Size: 54666
X-Cache-Status: HIT

12732.url.tudown.com/uploads/images/674538.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/674538.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/674538.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1748480310,3664289343&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671

12732.url.tudown.com/uploads/images/619173.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/619173.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/619173.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2516689219,3309501234&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/172114.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/172114.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/172114.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501

12732.url.tudown.com/uploads/images/778521.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/778521.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/778521.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1700406931,2331889492&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=280

12732.url.tudown.com/uploads/images/633540.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/633540.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/633540.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4208291045,2975080820&fm=224&app=112&f=JPEG?w=368&h=500

img1.baidu.com/it/u=1808016061,1340336792&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

183.136.216.35

200 OK

39 kB

URL HTTP/2
img1.baidu.com/it/u=1808016061,1340336792&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
39 kB (39254 bytes)
Hash
b67170dba452c201076f5eab70ed6e8d
7c0c2e175fe21030956e7e654fec7bab1b86a4da
f8ebff036f31fe34ceca66a8da564f71a567abf9dbf6b6136c1e5f3da27a8972

HTTP Headers

GET /it/u=1808016061,1340336792&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 39254
expires: Sun, 05 Mar 2023 10:49:56 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: b67170dba452c201076f5eab70ed6e8d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 03 Feb 2023 10:49:56 GMT
ohc-cache-hit: shaoxct73 [1], qdix239 [4]
ohc-file-size: 39254
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2127145328,732012671&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714

183.136.216.35

200 OK

43 kB

URL HTTP/2
img1.baidu.com/it/u=2127145328,732012671&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x714, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
43 kB (43272 bytes)
Hash
3bc7fee1d9581b8ebd154cfd2a418448
06f4937ac56528fd006e1f1e49cbdb7bf2a9bc08
2191d613b9d2d4a05b3ba7dfb8ae3a55f05652699c319a0928503bdc37c44c76

HTTP Headers

GET /it/u=2127145328,732012671&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=714 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 43272
expires: Sun, 19 Feb 2023 20:37:04 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3bc7fee1d9581b8ebd154cfd2a418448
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 20:37:04 GMT
ohc-cache-hit: shaoxct61 [1], czix153 [4]
ohc-file-size: 43272
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1025032097,1279027058&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=401

183.136.216.35

200 OK

5.8 kB

URL HTTP/2
img1.baidu.com/it/u=1025032097,1279027058&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=401
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 400x401, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.8 kB (5790 bytes)
Hash
6a22f90718f37e42d4cb2081519c6962
41339650cfc7baa610c0010057f81afaab46e92a
f304446e8adeef15ff12df6e3c5e29936dc797c84a2d38f870988be092e5f2e9

HTTP Headers

GET /it/u=1025032097,1279027058&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=401 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 5790
expires: Mon, 20 Feb 2023 13:00:35 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 6a22f90718f37e42d4cb2081519c6962
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 13:00:35 GMT
ohc-cache-hit: shaoxct72 [1], czix179 [4]
ohc-file-size: 5790
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505

182.242.59.35

200 OK

38 kB

URL HTTP/1.1
img0.baidu.com/it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x505, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (37826 bytes)
Hash
121886da958ce1337f3ab9e8af293363
6e3f3566c239b33e67b84edc16c29800ddb92363
1292d4aa1308df673cf52fb148ed646ade883e180d684fca51cae7bcc04d7d09

HTTP Headers

GET /it/u=1880593139,1541291693&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=505 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/webp
Content-Length: 37826
Connection: keep-alive
Expires: Mon, 20 Feb 2023 13:48:16 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 121886da958ce1337f3ab9e8af293363
Age: 108738
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 13:48:16 GMT
Ohc-Cache-HIT: km7ct60 [4], xiangyix212 [2]
Ohc-File-Size: 37826
X-Cache-Status: HIT

ocsp.trust-provider.cn/

47.246.44.205

200 OK

600 B

URL HTTP/1.1
ocsp.trust-provider.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
600 B (600 bytes)
Hash
eceaa87d9a3316ee0dcad3fa5f444ee7
74afece1d64ad7c63136ffcd5d58ad1d15a764df
fb586a5f0f8968e29212268bb4bd746eae9cc20b4eda7fc41f1420482c74b3b9

HTTP Headers

POST / HTTP/1.1
Host: ocsp.trust-provider.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
date: Sat, 04 Feb 2023 15:47:25 GMT
last-modified: Thu, 02 Feb 2023 04:39:52 GMT
expires: Thu, 09 Feb 2023 04:39:51 GMT
etag: "74afece1d64ad7c63136ffcd5d58ad1d15a764df"
cache-control: max-age=500058,s-maxage=1800,public,no-transform,must-revalidate
x-ccacdn-proxy-id: mcdpinlb1
x-frame-options: SAMEORIGIN
cf-cache-status: REVALIDATED
cf-ray: 79448b74bd4c35f9-FRA
accept-ranges: bytes
ali-swift-global-savetime: 1675525645
via: cache9.l2de2[31,31,304-0,M], cache25.l2de2[32,0], cache8.se1[121,121,200-0,H], cache5.se1[122,0], cache3.se1[124,0]
age: 0
x-cache: HIT TCP_REFRESH_HIT dirn:4:281658634
x-swift-savetime: Sat, 04 Feb 2023 15:47:25 GMT
x-swift-cachetime: 1800
timing-allow-origin: *, *
eagleid: 2ff62c9716755256454482259e, 2ff62c9716755256454482259e

sofire.bdstatic.com/js/dfxaf3-635b4cd6.js

60.190.116.48

200 OK

123 kB

URL HTTP/1.1
sofire.bdstatic.com/js/dfxaf3-635b4cd6.js
IP
60.190.116.48:0
ASN
#4134 Chinanet

File type
ASCII text, with very long lines (65536), with no line terminators
Size
123 kB (123037 bytes)
Hash
c39ed7d28cee6240d44cc5b5c2bbd686
eab7220ff1195b14d9c1c21ae4fcad33315549b5
cd5d1c61337dd6b5a3ddffdc95ed7da921b125c9911aa22eaef8f054a2345459

HTTP Headers

GET /js/dfxaf3-635b4cd6.js HTTP/1.1
Host: sofire.bdstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 06 Feb 2023 08:39:29 GMT
Last-Modified: Fri, 06 Jan 2023 03:24:00 GMT
ETag: "6c8af00e14f394b624a4b374d18b9b7a"
Content-Encoding: gzip
Age: 112075
Accept-Ranges: bytes
Content-MD5: bIrwDhTzlLYkpLN00Yubeg==
x-bce-content-crc32: 1362413814
x-bce-debug-id: JT6BkvVLE9azBPO/DzyM7YxGrIXhgA5dvh7eappSaehhbpZwAXTf8t2hHCCbT5PKQBm7He3SXz5sqguLRbgK1Q==
x-bce-request-id: 010843bc-3dd7-4dcd-8bdf-0ab184bc4b71
x-bce-restore-cache: -
x-bce-restore-tier: -
x-bce-storage-class: STANDARD
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 08:39:29 GMT
Ohc-Cache-HIT: wz2ct54 [2], nb2ctcache77 [1]
Ohc-Response-Time: 1 0 0 0 0 0

img0.baidu.com/it/u=2359150615,627469233&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

182.242.59.35

200 OK

52 kB

URL HTTP/2
img0.baidu.com/it/u=2359150615,627469233&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
52 kB (52372 bytes)
Hash
07c7e9936959498f2f4bf2655abd83d3
84fb255c7df280b5dc63593da7f1ee6f179d76cb
2c3ddf55a4e1886d06ffc5da3b09aa7fc0b76123bd2fe5adbbf5a8f138b55c9b

HTTP Headers

GET /it/u=2359150615,627469233&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 52372
expires: Mon, 20 Feb 2023 12:33:19 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 07c7e9936959498f2f4bf2655abd83d3
age: 113202
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:33:19 GMT
ohc-cache-hit: km7ct52 [4], bdix226 [2]
ohc-file-size: 52372
x-cache-status: HIT
X-Firefox-Spdy: h2

img0.baidu.com/it/u=4250376146,713319959&fm=253&fmt=auto?w=500&h=500

182.242.59.35

200 OK

17 kB

URL HTTP/2
img0.baidu.com/it/u=4250376146,713319959&fm=253&fmt=auto?w=500&h=500
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (17046 bytes)
Hash
c521d95ec65fb91c8caa3407c3665104
e5dbcbaed7de685725c53afcc1d529472b60f550
b33b1929f06c2bd207d78623bb71c07e423fddaab7d5fbe65b45b421d5cd5a2e

HTTP Headers

GET /it/u=4250376146,713319959&fm=253&fmt=auto?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 17046
expires: Fri, 24 Feb 2023 03:31:52 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: c521d95ec65fb91c8caa3407c3665104
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:31:52 GMT
ohc-cache-hit: km7ct83 [1], xiangyix145 [4]
ohc-file-size: 17046
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800

182.140.225.35

200 OK

129 kB

URL HTTP/1.1
img2.baidu.com/it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
129 kB (128727 bytes)
Hash
f2d96b96bc5d9b349afbb78d14609317
b83fbbfb5c506747134476e146b2fc7ddf559f47
13275e4934a289b3257e7de5136aa4abdaf483be447655142950c1a806c12756

HTTP Headers

GET /it/u=2556160408,270397814&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:24 GMT
Content-Type: image/jpeg
Content-Length: 128727
Connection: keep-alive
Expires: Sun, 26 Feb 2023 04:32:02 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: f2d96b96bc5d9b349afbb78d14609317
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 04:32:02 GMT
Ohc-Cache-HIT: cd5ct75 [1], czix161 [4]
Ohc-File-Size: 128727
X-Cache-Status: MISS

img0.baidu.com/it/u=1148678010,3796072657&fm=253&fmt=auto&app=138&f=JPEG?w=226&h=300

182.242.59.35

200 OK

17 kB

URL HTTP/2
img0.baidu.com/it/u=1148678010,3796072657&fm=253&fmt=auto&app=138&f=JPEG?w=226&h=300
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 226x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (17228 bytes)
Hash
8bb4f88c5ca9f7f948f562f50ff9c533
601597a4ffab4ef491ae85adb13a32969e5d6048
ec082a86779d5aeb385105bc4d677dbe023e41a802fc0fa5e84307b6163b7212

HTTP Headers

GET /it/u=1148678010,3796072657&fm=253&fmt=auto&app=138&f=JPEG?w=226&h=300 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 17228
expires: Sat, 18 Feb 2023 04:39:28 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 8bb4f88c5ca9f7f948f562f50ff9c533
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:39:28 GMT
ohc-cache-hit: km7ct72 [1], xiangyix99 [4]
ohc-file-size: 17228
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/781035.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/781035.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/781035.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2791491984,4015087914&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

12732.url.tudown.com/uploads/images/816908.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/816908.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/816908.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2657328981,1611012276&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/182112.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/182112.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/182112.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2970134638,2658398603&fm=253&app=120&f=JPEG?w=1422&h=800

12732.url.tudown.com/uploads/images/132189.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/132189.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/132189.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681

12732.url.tudown.com/uploads/images/27075.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/27075.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/27075.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2635167135,4050530486&fm=224&app=112&f=JPEG?w=500&h=500

img1.baidu.com/it/u=905519110,4260712405&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800

183.136.216.35

200 OK

36 kB

URL HTTP/2
img1.baidu.com/it/u=905519110,4260712405&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
36 kB (35972 bytes)
Hash
f1b1fc4e1469268822a0a77e9d1c728e
c8deb6df3b7224fc88c8ebe40cbc9f49c2f44ed0
856585e8599a475a2eff70065b9a8e11615f91173f2f98b3ec73cd9a41d9dfc5

HTTP Headers

GET /it/u=905519110,4260712405&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 35972
expires: Fri, 03 Mar 2023 13:50:38 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: f1b1fc4e1469268822a0a77e9d1c728e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 13:50:38 GMT
ohc-cache-hit: shaoxct52 [1], wzix88 [2]
ohc-file-size: 35972
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=378699573,2946821918&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350

183.136.216.35

200 OK

14 kB

URL HTTP/2
img1.baidu.com/it/u=378699573,2946821918&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 350x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13460 bytes)
Hash
3049dbfe7ea96d05d6d7c2026128dcf1
34aac4a8b7dd83d6684cf1ab6228e547be288d5b
e9dd027587b4c1fcaf0c6931a30402095924640d9d4f8d84df94a90ca04f3419

HTTP Headers

GET /it/u=378699573,2946821918&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 13460
expires: Sun, 19 Feb 2023 16:46:18 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3049dbfe7ea96d05d6d7c2026128dcf1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 16:46:18 GMT
ohc-cache-hit: shaoxct62 [1], xaix62 [4]
ohc-file-size: 13460
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3919443128,1808455130&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224

183.136.216.35

200 OK

3.1 kB

URL HTTP/2
img1.baidu.com/it/u=3919443128,1808455130&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 224x224, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.1 kB (3148 bytes)
Hash
1e0b36924c76417173458447c5d9b9d2
7e4be9e21d923e772da56ae4b0d1fac75c9b3696
fe9948d06a5396607b865d329369bb39e88418d6cea25dd78ebf0c6ab3bbb1ac

HTTP Headers

GET /it/u=3919443128,1808455130&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=224 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 3148
expires: Tue, 14 Feb 2023 08:55:52 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 1e0b36924c76417173458447c5d9b9d2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 08:55:52 GMT
ohc-cache-hit: shaoxct68 [1], suzix101 [4]
ohc-file-size: 3148
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=3527261308,422736669&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

182.242.59.35

200 OK

69 kB

URL HTTP/2
img0.baidu.com/it/u=3527261308,422736669&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
69 kB (69430 bytes)
Hash
1a085c5f29709b7346a7b955d1cf0765
ee1669b1c6db1386b9b6bdab2b00bcd585c1ad87
4254e47981e9b0107c4a91543f272622fac2d1c9026188f72d7af4a46f1bd398

HTTP Headers

GET /it/u=3527261308,422736669&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 69430
expires: Tue, 07 Feb 2023 21:21:01 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 1a085c5f29709b7346a7b955d1cf0765
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 21:21:01 GMT
ohc-cache-hit: km7ct60 [1], xaix197 [4]
ohc-file-size: 69430
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1913668018,255780574&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350

182.242.59.35

200 OK

20 kB

URL HTTP/2
img0.baidu.com/it/u=1913668018,255780574&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 350x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20072 bytes)
Hash
94e50f725a8159d28165227103502fae
d54c742be9a671e8f2fc0b6497ff21a0b2c88a20
5b861a250def0d37734e84f31093f2299b8b5ee91306ae8304401dd2390445c9

HTTP Headers

GET /it/u=1913668018,255780574&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 20072
expires: Wed, 08 Feb 2023 08:34:51 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 94e50f725a8159d28165227103502fae
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 08:34:51 GMT
ohc-cache-hit: km7ct59 [1], bdix234 [4]
ohc-file-size: 20072
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

183.136.216.35

200 OK

47 kB

URL HTTP/2
img1.baidu.com/it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
47 kB (46968 bytes)
Hash
461ae0a8dce89aa5c4fd199b7865ee6c
1c39ebea6ffa595f49276b3c3b89bd80fde29a86
3c44c54a13869124ee4aed9c09f4347cbaf9cd173ddaa23a80abefb01426113a

HTTP Headers

GET /it/u=782712908,3305363822&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 46968
expires: Mon, 06 Mar 2023 15:47:25 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 461ae0a8dce89aa5c4fd199b7865ee6c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 15:47:25 GMT
ohc-cache-hit: shaoxct61 [1], xiangyix238 [2]
ohc-file-size: 46968
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/633691.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/633691.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/633691.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2396899889,1491874221&fm=224&app=112&f=JPEG?w=500&h=500&s=92A0D4A112E2B6E8068D4DBE03007012

img1.baidu.com/it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500

183.136.216.35

200 OK

27 kB

URL HTTP/2
img1.baidu.com/it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 888x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (27354 bytes)
Hash
d8f87db12420fe4355fc07f560cd9f1e
680fa1a55e18f7b8c28b55e18ac33acaa7d10aa1
b0f7c09a1546b9f2f6cc1d45842d123f1a0f21062327500c60bfd4e28abd830e

HTTP Headers

GET /it/u=2486954498,2663922424&fm=253&fmt=auto&app=120&f=JPEG?w=888&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 27354
expires: Tue, 21 Feb 2023 00:42:09 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: d8f87db12420fe4355fc07f560cd9f1e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 00:42:09 GMT
ohc-cache-hit: shaoxct66 [1], qdix152 [4]
ohc-file-size: 27354
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2420663857,1526987197&fm=253&fmt=auto?w=500&h=313

183.136.216.35

200 OK

19 kB

URL HTTP/2
img1.baidu.com/it/u=2420663857,1526987197&fm=253&fmt=auto?w=500&h=313
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x313, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19046 bytes)
Hash
472cd5151fbd14f3847acb23a33ed919
696f5236a40983d97349f352b92973d805225a43
b9ee10905997d1b72aa96dc306df87d1bb139fec7f033247232539ce31f60bab

HTTP Headers

GET /it/u=2420663857,1526987197&fm=253&fmt=auto?w=500&h=313 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 19046
expires: Thu, 23 Feb 2023 10:33:37 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 472cd5151fbd14f3847acb23a33ed919
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 10:33:37 GMT
ohc-cache-hit: shaoxct62 [1], bdix227 [2]
ohc-file-size: 19046
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1700406931,2331889492&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=280

183.136.216.35

200 OK

16 kB

URL HTTP/2
img1.baidu.com/it/u=1700406931,2331889492&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=280
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 499x280, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (16360 bytes)
Hash
1a4f66a90393476c9fc007aa346f8507
bf8715c34ae1f567339a3a1c82a32d25348f8f8a
862b1026ba9bbc59d76bde855082b089d8ad548a1426457a7591389886c8e5df

HTTP Headers

GET /it/u=1700406931,2331889492&fm=253&fmt=auto&app=138&f=JPEG?w=499&h=280 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 16360
expires: Mon, 06 Feb 2023 10:20:59 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 1a4f66a90393476c9fc007aa346f8507
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 10:20:59 GMT
ohc-cache-hit: shaoxct54 [1], suzix221 [4]
ohc-file-size: 16360
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2791491984,4015087914&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

183.136.216.35

200 OK

32 kB

URL HTTP/2
img1.baidu.com/it/u=2791491984,4015087914&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31602 bytes)
Hash
ba0ad5446c1f7711962f39a18d3c152a
5e14b191a3b792602374e93092ee98be75b01613
86314858770946f0c95a080ff765823d7fad720be9db0b42097adeb5bcf107d7

HTTP Headers

GET /it/u=2791491984,4015087914&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 31602
expires: Fri, 03 Mar 2023 02:40:41 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: ba0ad5446c1f7711962f39a18d3c152a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 02:40:41 GMT
ohc-cache-hit: shaoxct63 [1], csix111 [4]
ohc-file-size: 31602
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/372638.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/372638.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/372638.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:25 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667

12732.url.tudown.com/uploads/images/904560.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/904560.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/904560.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=152378212,3081094847&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=710

12732.url.tudown.com/uploads/images/617545.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/617545.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/617545.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=909572906,4015997866&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631

12732.url.tudown.com/uploads/images/418409.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/418409.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/418409.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1799105427,1730698596&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/40434.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/40434.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/40434.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=446488040,2211681049&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200

img0.baidu.com/it/u=1859839898,486395623&fm=253&fmt=auto&app=138&f=PNG?w=458&h=500

182.242.59.35

200 OK

92 kB

URL HTTP/2
img0.baidu.com/it/u=1859839898,486395623&fm=253&fmt=auto&app=138&f=PNG?w=458&h=500
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 458x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
92 kB (91594 bytes)
Hash
ad522d8c5742165428ba0f9997dd4b36
6a748939d83dbc632fd16210e4d5fcc3912cfe0c
1fc00e9ae8025904ce04fa7a12f4272a47cce68da5e8991616fae1a88db0b677

HTTP Headers

GET /it/u=1859839898,486395623&fm=253&fmt=auto&app=138&f=PNG?w=458&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 91594
expires: Mon, 13 Feb 2023 06:33:07 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: ad522d8c5742165428ba0f9997dd4b36
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 14 Jan 2023 06:33:07 GMT
ohc-cache-hit: km7ct85 [1], wzix98 [4]
ohc-file-size: 91594
x-cache-status: MISS
X-Firefox-Spdy: h2

push.zhanzhang.baidu.com/push.js

182.61.201.93

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.201.93:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 15:47:26 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 15:47:26 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=E07D2944620A08EE171FFDD1F99798AD:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 15:47:26 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

img4.runjiapp.com/duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg

180.122.78.243

200 OK

41 kB

URL HTTP/1.1
img4.runjiapp.com/duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg
IP
180.122.78.243:0
ASN
#4134 Chinanet

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, software=www.meitu.com], baseline, precision 8, 910x86, components 3\012- data
Size
41 kB (41017 bytes)
Hash
f8f15f37c9961bc7463d1df83059d32c
7b4aa49eaed0106e8722fda960d4f397b78e7811
eb99269720c3ad25a285d1cae14a73f57a45ffe3e1f086f1e0a8351a83e62cc0

HTTP Headers

GET /duoteimg/dtnew_recom_img/202008/20200812163506_69310.jpg HTTP/1.1
Host: img4.runjiapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Tengine
Content-Type: image/jpeg
Content-Length: 41017
Connection: keep-alive
Date: Wed, 04 Jan 2023 09:53:47 GMT
x-oss-request-id: 63B54CAB565BBE34373244FA
x-oss-cdn-auth: success
Accept-Ranges: bytes
ETag: "F8F15F37C9961BC7463D1DF83059D32C"
Last-Modified: Fri, 04 Sep 2020 08:59:59 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 2768094505068467474
x-oss-storage-class: Standard
x-oss-expiration: expiry-date="Sat, 05 Sep 2020 00:00:00 GMT", rule-id="03f94d9c-6cf0-4053-b855-b1862a1b87c2"
x-oss-version-id: null
Content-MD5: +PFfN8mWG8dGPR34MFnTLA==
x-oss-server-time: 16
Ali-Swift-Global-Savetime: 1672826027
Via: cache46.l2cn2647[0,0,200-0,H], cache75.l2cn2647[1,0], vcache12.cn2811[0,0,200-0,H], vcache10.cn2811[2,0]
Age: 2699618
X-Cache: HIT TCP_MEM_HIT dirn:9:558982005
X-Swift-SaveTime: Sat, 28 Jan 2023 04:12:56 GMT
X-Swift-CacheTime: 13498851
Timing-Allow-Origin: *
EagleId: b47a4ea016755256458786612e

img0.baidu.com/it/u=1748480310,3664289343&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671

182.242.59.35

200 OK

63 kB

URL HTTP/2
img0.baidu.com/it/u=1748480310,3664289343&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x671, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
63 kB (63320 bytes)
Hash
45837f9575590f5c0c378354d7300ed8
bf80f803fb83e6d61c7e7b7b2f2850c7bc716109
8e5421e87b383107c43a1357277ba03de58d6b56cf966e653349c0a625edc895

HTTP Headers

GET /it/u=1748480310,3664289343&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 63320
expires: Tue, 28 Feb 2023 03:09:14 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 45837f9575590f5c0c378354d7300ed8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 03:09:14 GMT
ohc-cache-hit: km7ct54 [1], xiangyix172 [4]
ohc-file-size: 63320
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501

182.242.59.35

200 OK

10 kB

URL HTTP/2
img0.baidu.com/it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (9998 bytes)
Hash
a57a17f2dfb3aed215cb76ba498a0874
5a47d2b9e36bd23faf9b129e19b6155c47ac87e7
529676ffdeb0064834758d70ec1c73ac2b66cf3f54155b99ad05d70f5c9fdd60

HTTP Headers

GET /it/u=945998793,3154147444&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 9998
expires: Fri, 17 Feb 2023 15:02:01 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: a57a17f2dfb3aed215cb76ba498a0874
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 15:02:01 GMT
ohc-cache-hit: km7ct61 [1], wzix61 [2]
ohc-file-size: 9998
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1536434626,2690735139&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800

182.242.59.35

200 OK

18 kB

URL HTTP/2
img0.baidu.com/it/u=1536434626,2690735139&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (17954 bytes)
Hash
e16fa196a20463ddb8d852050f82f528
3d19122dd83e4b5c7bf2f62beccc736b11223768
740cf1e45b94726aec0c7cee734763919a52b32b1605fb38123d8b6a45e31411

HTTP Headers

GET /it/u=1536434626,2690735139&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:25 GMT
content-type: image/webp
content-length: 17954
expires: Fri, 17 Feb 2023 08:17:06 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: e16fa196a20463ddb8d852050f82f528
age: 202595
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 08:17:06 GMT
ohc-cache-hit: km7ct67 [4], suzix95 [2]
ohc-file-size: 17954
x-cache-status: HIT
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
79d3290d2e25c6aa0bbf1894cc58ee25
dfcd92e6e8545519b79e27ff344ab248d70e45e1
95ba679ac85556e786f4fe289cf5db2bc388ea4b1b116f9ae061067159874a93

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 15:47:25 GMT
Etag: fa7ccdfcd142e887bd556f45fdb6776f
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=65D2AFD4F48C54D7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

t14.baidu.com/it/u=4208291045,2975080820&fm=224&app=112&f=JPEG?w=368&h=500

185.10.104.124

200 OK

27 kB

URL HTTP/1.1
t14.baidu.com/it/u=4208291045,2975080820&fm=224&app=112&f=JPEG?w=368&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 37x37, segment length 16, baseline, precision 8, 368x500, components 3\012- data
Size
27 kB (27222 bytes)
Hash
465a4dcd02253f1efe7bc9f5f384a8c6
066bd3f465a44ea2caeff323e11f476579f83f4e
f3fddb8e3024ce36d61b351b0b88c7426cb4b588f6df761b068abac15650ff43

HTTP Headers

GET /it/u=4208291045,2975080820&fm=224&app=112&f=JPEG?w=368&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 27222
Connection: keep-alive
Expires: Mon, 06 Feb 2023 09:08:09 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 465a4dcd02253f1efe7bc9f5f384a8c6
Age: 2052985
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 09:08:09 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache63 [4], xaix82 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 27222
X-Cache-Status: HIT
Timing-Allow-Origin: *

cpro.baidustatic.com/cpro/ui/pr.js

220.169.152.35

200 OK

191 B

URL HTTP/1.1
cpro.baidustatic.com/cpro/ui/pr.js
IP
220.169.152.35:0
ASN
#4134 Chinanet

File type
ASCII text, with CRLF line terminators
Size
191 B (191 bytes)
Hash
48bbe750b892850b181762bf739e10dd
716574fe9afcde8faef513b16d6867cb07afe626
e538c894cae59538764a334e2cf2bc02e53fa6a9e4efebcd251bc5da82fa2158

HTTP Headers

GET /cpro/ui/pr.js HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 04 Feb 2023 16:10:44 GMT
Last-Modified: Tue, 10 Jan 2023 11:33:17 GMT
ETag: "63bd4cfd-ff"
Cache-Control: max-age=3600
Content-Encoding: gzip
Age: 2202
Accept-Ranges: bytes
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 15:10:44 GMT
Ohc-Cache-HIT: yy2ct64 [2], wzix64 [2]
Ohc-File-Size: 191
X-Cache-Status: HIT

t14.baidu.com/it/u=3958606269,1426629133&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

46 kB

URL HTTP/1.1
t14.baidu.com/it/u=3958606269,1426629133&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
46 kB (46358 bytes)
Hash
bad5944e12473c0a4733a4fa526647ff
2167bd6575150d0e0f46a9a5b58ba83a9693430a
853fe86f0e22fd9db86b44ded194281f3c1f6e58577762825cf56507daef2b67

HTTP Headers

GET /it/u=3958606269,1426629133&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 46358
Connection: keep-alive
Expires: Mon, 06 Feb 2023 04:37:19 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: bad5944e12473c0a4733a4fa526647ff
Age: 387824
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 04:37:18 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache50 [1], xaix50 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46358
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

43 kB

URL HTTP/1.1
t13.baidu.com/it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
43 kB (42991 bytes)
Hash
1acddc10580fb36977a99effd7b06e38
b09383fc78e33993fcb468d4be923f0da1a8ec31
18fd68d53e3f40af637c9919ec2754d2a415333786df1e65f8218cbd238c301e

HTTP Headers

GET /it/u=4026963693,1107216391&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 42991
Connection: keep-alive
Expires: Wed, 08 Feb 2023 02:12:19 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 1acddc10580fb36977a99effd7b06e38
Age: 2054516
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 02:12:19 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache62 [1], wzix99 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 42991
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=1799105427,1730698596&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

60 kB

URL HTTP/1.1
t13.baidu.com/it/u=1799105427,1730698596&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
60 kB (60005 bytes)
Hash
fda83c182ee071e2a3a089cf7e91055a
aba8d2cd7fd55994125a948e3ed94311a894efcc
1472a70157c268e3276b3537fbc4db4ca559415191915be5ed058317f1df25dd

HTTP Headers

GET /it/u=1799105427,1730698596&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 60005
Connection: keep-alive
Expires: Tue, 21 Feb 2023 04:01:15 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: fda83c182ee071e2a3a089cf7e91055a
Age: 1083521
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 04:01:14 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [2], zhuzuncache55 [4], bdix119 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 60005
X-Cache-Status: HIT
Timing-Allow-Origin: *

12732.url.tudown.com/uploads/images/489099.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/489099.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/489099.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268

t14.baidu.com/it/u=2657328981,1611012276&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

67 kB

URL HTTP/1.1
t14.baidu.com/it/u=2657328981,1611012276&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
67 kB (66822 bytes)
Hash
0b255f9b9ca07df4e9a9722ebe87e8e5
1d98b817887e6f99d329b6c2d8cc710e1977591c
9ec7120865220a6b98c1089668c23416a81f9c65644176f095860f2d9cbaece4

HTTP Headers

GET /it/u=2657328981,1611012276&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 66822
Connection: keep-alive
Expires: Tue, 07 Feb 2023 07:04:00 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 0b255f9b9ca07df4e9a9722ebe87e8e5
Age: 2054099
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 07:04:00 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], xauncache100 [1], suzix111 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 66822
X-Cache-Status: HIT
Timing-Allow-Origin: *

e2.2345.com/news/module2/js/newsModule-v2.js

180.101.199.215

200 OK

30 kB

URL HTTP/2
e2.2345.com/news/module2/js/newsModule-v2.js
IP
180.101.199.215:0
ASN
#4134 Chinanet

File type
data
Size
30 kB (29519 bytes)
Hash
0b43437fdeb7c242d8715aa5dfe4ce53
08d4d3a5b232c08400038ebb53e9493fcd03d6a1
d1e7025fe5637e382b37d5434e4cc0df92eee9c61afb5423d06499a40efd7b8f

HTTP Headers

GET /news/module2/js/newsModule-v2.js HTTP/1.1
Host: e2.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
date: Sat, 04 Feb 2023 15:04:54 GMT
etag: W/"5f35e38f-cacf"
last-modified: Fri, 14 Aug 2020 01:06:23 GMT
vary: Accept-Encoding, Accept-Encoding
ali-swift-global-savetime: 1675523094
via: cache59.l2cn3037[0,0,304-0,H], cache27.l2cn3037[0,0], cache27.l2cn3037[1,0], vcache20.cn4733[0,0,200-0,H], vcache17.cn4733[1,0]
age: 2548
x-cache: HIT TCP_MEM_HIT dirn:10:202934290
x-swift-savetime: Sat, 04 Feb 2023 15:05:47 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b465c72516755256427761609e
content-encoding: gzip
X-Firefox-Spdy: h2

img2.baidu.com/it/u=4102967583,720449785&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=354

182.140.225.35

200 OK

11 kB

URL HTTP/2
img2.baidu.com/it/u=4102967583,720449785&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=354
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 236x354, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (11030 bytes)
Hash
8d444f22a8db4929a3e5f0b9d658962f
8874c78fca8e041a9db158606feaf1af28582715
9eeacf10ed50479a97332ca44ed9b986116dd5ed40bced7365fd2036d0f028be

HTTP Headers

GET /it/u=4102967583,720449785&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=354 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 11030
expires: Sun, 26 Feb 2023 03:38:00 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 8d444f22a8db4929a3e5f0b9d658962f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 03:38:00 GMT
ohc-cache-hit: cd5ct72 [1], xiangyix99 [4]
ohc-file-size: 11030
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667

183.136.216.35

200 OK

19 kB

URL HTTP/2
img1.baidu.com/it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x667, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19106 bytes)
Hash
1602e0d72b4e23bc8d34f7e51d9fe31e
73e4a65840ccd87557424dcd1095522a56d5eb41
d46cd537c18f72bfed3af1c365cea174903b177103c563e8bde3dd5252b3548a

HTTP Headers

GET /it/u=3738131743,2497319802&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 19106
expires: Tue, 07 Feb 2023 12:45:08 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 1602e0d72b4e23bc8d34f7e51d9fe31e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 12:45:08 GMT
ohc-cache-hit: shaoxct66 [1], csix114 [4]
ohc-file-size: 19106
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=152378212,3081094847&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=710

183.136.216.35

200 OK

54 kB

URL HTTP/2
img1.baidu.com/it/u=152378212,3081094847&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=710
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x710, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
54 kB (53940 bytes)
Hash
97a7cab49615d1c00044c25cc5324e58
81ec4bb076e39760f3d3598bfa1fd9de3cc36e3e
d08d7ffe442c954ad47e0e212aade2b23075e385e92aff54eebfe7d1691560a1

HTTP Headers

GET /it/u=152378212,3081094847&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=710 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 53940
expires: Wed, 15 Feb 2023 08:15:05 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 97a7cab49615d1c00044c25cc5324e58
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 08:15:05 GMT
ohc-cache-hit: shaoxct52 [1], xaix195 [4]
ohc-file-size: 53940
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=446488040,2211681049&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200

182.242.59.35

200 OK

6.4 kB

URL HTTP/2
img0.baidu.com/it/u=446488040,2211681049&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.4 kB (6388 bytes)
Hash
b4ef0dac254e582f82f27b64cd50037d
edd743f4362c8d3055bb78e60b037c3e6d336a12
083eb249c3859894a3758b188c41d55403cee626249ba921866d225fa9ab80be

HTTP Headers

GET /it/u=446488040,2211681049&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 6388
expires: Fri, 03 Mar 2023 03:45:49 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: b4ef0dac254e582f82f27b64cd50037d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 03:45:49 GMT
ohc-cache-hit: km7ct85 [1], suzix107 [4]
ohc-file-size: 6388
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/823390.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/823390.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/823390.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/323002.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/323002.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/323002.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3484575870,1529232270&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500

12732.url.tudown.com/uploads/images/322581.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/322581.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/322581.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1028304191,455267146&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=225

12732.url.tudown.com/uploads/images/719776.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/719776.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/719776.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981

t13.baidu.com/it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

49 kB

URL HTTP/1.1
t13.baidu.com/it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
49 kB (49251 bytes)
Hash
e392236e88a934d1d3cf7066672b0742
ba2d13bce09cc872278b4d3dc7a6702638a00dad
87629ac9c873802166678912690b483a41d679d8d763c37ad613936b862d65ca

HTTP Headers

GET /it/u=2551813505,798743326&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 49251
Connection: keep-alive
Expires: Sun, 05 Feb 2023 15:24:07 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: e392236e88a934d1d3cf7066672b0742
Age: 2053879
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 15:24:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache51 [1], wzix86 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 49251
X-Cache-Status: HIT
Timing-Allow-Origin: *

12732.url.tudown.com/uploads/images/193746.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/193746.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/193746.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4099763382,3424408054&fm=224&app=112&f=JPEG?w=500&h=500

t14.baidu.com/it/u=4099763382,3424408054&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

50 kB

URL HTTP/1.1
t14.baidu.com/it/u=4099763382,3424408054&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
50 kB (50369 bytes)
Hash
a0daf1132a6af382b259c0e998381a27
4c65c2d929fe09c81ba5c301e32c76c4a61797bc
e672f2d895f92b10e0a4a3e00ab141508d561cc9c3b3df5a395ab1ffabb8ff28

HTTP Headers

GET /it/u=4099763382,3424408054&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 50369
Connection: keep-alive
Expires: Mon, 06 Feb 2023 06:37:46 GMT
Last-Modified: Wed, 14 Jan 1970 00:00:00 GMT
ETag: a0daf1132a6af382b259c0e998381a27
Age: 2114834
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 06:37:46 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache61 [1], xaix226 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 50369
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=1154681949,3347615978&fm=253&fmt=auto&app=138&f=JPEG?w=584&h=500

182.140.225.35

200 OK

19 kB

URL HTTP/2
img2.baidu.com/it/u=1154681949,3347615978&fm=253&fmt=auto&app=138&f=JPEG?w=584&h=500
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 584x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18562 bytes)
Hash
bbc43f14f3965006bc4bd54944ee5834
6042a8811e6ddf0fab78bb9c2051c7a7b88cc267
ccd4afeef31d215bdba8d215a3385e2ad4a63cf9349124445092678c5ba08111

HTTP Headers

GET /it/u=1154681949,3347615978&fm=253&fmt=auto&app=138&f=JPEG?w=584&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 18562
expires: Thu, 09 Feb 2023 07:36:06 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: bbc43f14f3965006bc4bd54944ee5834
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 07:36:06 GMT
ohc-cache-hit: cd5ct81 [1], xiangyix209 [4]
ohc-file-size: 18562
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=1443111533,475388791&fm=253&fmt=auto&app=120&f=JPEG?w=660&h=363

182.140.225.35

200 OK

17 kB

URL HTTP/2
img2.baidu.com/it/u=1443111533,475388791&fm=253&fmt=auto&app=120&f=JPEG?w=660&h=363
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 660x363, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (16718 bytes)
Hash
d4e7e215ed4583e651441c239104b1f6
976c7570666c17846ec4cb5a626dfac18ddd1755
f3d3bd5d22e365cbe6c65c776b80e61b7fd7a9acb7381c8249ee482b66c63d51

HTTP Headers

GET /it/u=1443111533,475388791&fm=253&fmt=auto&app=120&f=JPEG?w=660&h=363 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 16718
expires: Mon, 13 Feb 2023 23:43:25 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: d4e7e215ed4583e651441c239104b1f6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 14 Jan 2023 23:43:25 GMT
ohc-cache-hit: cd5ct62 [1], wzix97 [4]
ohc-file-size: 16718
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681

182.140.225.35

200 OK

19 kB

URL HTTP/2
img2.baidu.com/it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x681, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18988 bytes)
Hash
fc144a19de6edc8fac134a63b616f86e
edf8b5ec243bdafe7002c8adc201c958432ba825
a17bd83bd92e7b4f579877358861a1703ccfffb7ec0c419fb55ca80723b9293b

HTTP Headers

GET /it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 18988
expires: Sun, 19 Feb 2023 07:32:00 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: fc144a19de6edc8fac134a63b616f86e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 07:32:00 GMT
ohc-cache-hit: cd5ct77 [1], wzix77 [4]
ohc-file-size: 18988
x-cache-status: MISS
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1960460048&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=57873&r=0&ww=1152&u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&tt=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1960460048&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=57873&r=0&ww=1152&u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&tt=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=836&et=0&ja=0&ln=en-us&lo=0&rnd=1960460048&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=57873&r=0&ww=1152&u=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&tt=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 15:47:26 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=649361B7E2E57FC4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

12732.url.tudown.com/uploads/images/234373.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/234373.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/234373.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1743507686,1261803091&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=450

12732.url.tudown.com/uploads/images/607909.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/607909.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/607909.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=605535103,844291182&fm=253&fmt=auto?w=92&h=69

12732.url.tudown.com/uploads/images/83466.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/83466.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/83466.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1508137495,276103181&fm=224&app=112&f=JPEG?w=500&h=500

img1.baidu.com/it/u=3484575870,1529232270&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500

183.136.216.35

200 OK

23 kB

URL HTTP/2
img1.baidu.com/it/u=3484575870,1529232270&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 353x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
23 kB (22722 bytes)
Hash
8c52c1aa7e5b3645feff654c01ff77a5
a7ff25203b5519a69857c333ca7f509fe462e57e
a5cccada85b3b3f38899fbb898511e00a3e567b0a5a9a4afe4ea7303a1a11fe2

HTTP Headers

GET /it/u=3484575870,1529232270&fm=253&fmt=auto&app=138&f=JPEG?w=353&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 22722
expires: Wed, 22 Feb 2023 03:32:39 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 8c52c1aa7e5b3645feff654c01ff77a5
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:32:39 GMT
ohc-cache-hit: shaoxct50 [1], xaix132 [4]
ohc-file-size: 22722
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981

182.242.59.35

200 OK

38 kB

URL HTTP/2
img0.baidu.com/it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x981, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (37878 bytes)
Hash
3a810cb9662aacd3acb2c2b1a3c6687b
19a165caaf10c3bfabca5e7e5e0cdf99d838f053
47d8d67372db5a255bb5a87106be70e467a49e53d40882825f2c22e6c6853099

HTTP Headers

GET /it/u=1860816323,2457517798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=981 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 37878
expires: Sun, 26 Feb 2023 01:28:25 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3a810cb9662aacd3acb2c2b1a3c6687b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 01:28:25 GMT
ohc-cache-hit: km7ct85 [1], bdix230 [4]
ohc-file-size: 37878
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/883871.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/883871.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/883871.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=466953155,205157467&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

12732.url.tudown.com/uploads/images/732225.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/732225.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/732225.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800

12732.url.tudown.com/uploads/images/41714.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/41714.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/41714.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3897158553,3167431377&fm=253&fmt=auto&app=138&f=JPEG?w=460&h=292

img0.baidu.com/it/u=1028304191,455267146&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=225

182.242.59.35

200 OK

14 kB

URL HTTP/2
img0.baidu.com/it/u=1028304191,455267146&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=225
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x225, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13836 bytes)
Hash
104d4fcfad56cf3a65de0a90ef23ffb4
c76fae2ccb5e63522ca6ffe4d7637e87680319c4
9570e295f5f5135fe869cd6626f53d5ed098c763a1204662fc4c4d0fe748a149

HTTP Headers

GET /it/u=1028304191,455267146&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=225 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 13836
expires: Sat, 04 Mar 2023 14:03:09 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 104d4fcfad56cf3a65de0a90ef23ffb4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 14:03:09 GMT
ohc-cache-hit: km7ct71 [1], xiangyix168 [4]
ohc-file-size: 13836
x-cache-status: MISS
X-Firefox-Spdy: h2

t13.baidu.com/it/u=2372809127,57165781&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

30 kB

URL HTTP/1.1
t13.baidu.com/it/u=2372809127,57165781&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
30 kB (30435 bytes)
Hash
bc3031ce08751615b6807d97f754b934
7cd5bae5edcad0f97c279857a3ee5af078830dd5
716efbba5ced4777c7dd3a86960cc15fb7445de7a957bdb877ee882b2b95a326

HTTP Headers

GET /it/u=2372809127,57165781&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 30435
Connection: keep-alive
Expires: Sun, 05 Mar 2023 10:49:55 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: bc3031ce08751615b6807d97f754b934
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 10:49:55 GMT
Ohc-Upstream-Trace: 113.142.198.177; 58.20.204.55
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [2], zhuzuncache64 [4], xaix177 [2]
Ohc-Response-Time: 1 0 0 0 615 615
Ohc-File-Size: 30435
X-Cache-Status: MISS
Timing-Allow-Origin: *

img2.baidu.com/it/u=1987992573,1525544017&fm=253&fmt=auto?w=1422&h=800

182.140.225.35

200 OK

100 kB

URL HTTP/2
img2.baidu.com/it/u=1987992573,1525544017&fm=253&fmt=auto?w=1422&h=800
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
100 kB (99470 bytes)
Hash
211bd3fb1c8c4f71828cadd005e0d1cc
41621bf636b6a2f2500c99eef3a95c9500a1687a
9a994cb54b38445cdf65d0e0836d3536864d0516ec994e0dc28473944a3e5d40

HTTP Headers

GET /it/u=1987992573,1525544017&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 99470
expires: Mon, 20 Feb 2023 12:38:38 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 211bd3fb1c8c4f71828cadd005e0d1cc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:38:38 GMT
ohc-cache-hit: cd5ct73 [1], qdix108 [4]
ohc-file-size: 99470
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3547934588,425058143&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

182.140.225.35

200 OK

19 kB

URL HTTP/2
img2.baidu.com/it/u=3547934588,425058143&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18734 bytes)
Hash
76131008a9d1cb0b87abad6deae931b7
8cbf62227b45729dc108729ff4d14df241f44da1
e67d30228758d35fa1e2047140f820ddf71c0d917bac2cbd7731942bc04a402a

HTTP Headers

GET /it/u=3547934588,425058143&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 18734
expires: Sun, 12 Feb 2023 00:18:59 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 76131008a9d1cb0b87abad6deae931b7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 00:18:59 GMT
ohc-cache-hit: cd5ct52 [1], czix240 [4]
ohc-file-size: 18734
x-cache-status: MISS
X-Firefox-Spdy: h2

pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1

182.61.200.109

200 OK

13 kB

URL HTTP/2
pos.baidu.com/s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1
IP
182.61.200.109:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7457)
Size
13 kB (13257 bytes)
Hash
23da41df880544204c128d7a614b9ac5
77922831d86462cc15f8204d6744327eb9392fc0
bd56dc947dee39110a2a2730ec74de2aa296bf63f20579fa6c7110bdfbbe898b

HTTP Headers

GET /s?wid=910&hei=120&di=u4965894&s1=3965713834&s2=1566741629&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=1802x0&drs=3&pcs=1140x824&pss=1200x2558&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=1&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 15:47:26 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb  4 23:47:26 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=75A54DFFA14A92E88E91B7A251CB81D1:FG=1; expires=Sun, 04-Feb-54 15:47:26 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 13257
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/287616.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/287616.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/287616.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3206947797,2357396840&fm=224&app=112&f=JPEG?w=284&h=284

t13.baidu.com/it/u=3206947797,2357396840&fm=224&app=112&f=JPEG?w=284&h=284

185.10.104.124

200 OK

17 kB

URL HTTP/1.1
t13.baidu.com/it/u=3206947797,2357396840&fm=224&app=112&f=JPEG?w=284&h=284
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 284x284, components 3\012- data
Size
17 kB (17119 bytes)
Hash
e6a62f11a428979a2bad5559994e8ca4
aa896c0d9e8335d8b2ab2d1bd1451fb9d10ffdff
0aa72d417040bebc91edbc2edb4d462b3808b2a28bc240c9c8fff204f4e9ad12

HTTP Headers

GET /it/u=3206947797,2357396840&fm=224&app=112&f=JPEG?w=284&h=284 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 17119
Connection: keep-alive
Expires: Thu, 16 Feb 2023 16:06:27 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: e6a62f11a428979a2bad5559994e8ca4
Age: 1433345
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 16:06:27 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache57 [1], suzix220 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 17119
X-Cache-Status: HIT
Timing-Allow-Origin: *

img0.baidu.com/it/u=605535103,844291182&fm=253&fmt=auto?w=92&h=69

182.242.59.35

200 OK

810 B

URL HTTP/2
img0.baidu.com/it/u=605535103,844291182&fm=253&fmt=auto?w=92&h=69
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 92x69, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
810 B (810 bytes)
Hash
796c7d7f62542860b46d1188ecfe0f01
a2e6823f7ae657afe400847cedc01dd277acf53e
d9c03db5264f2bbe1fb2ebe707a07e4ecf9123f0fc039c1008e00aca96f80468

HTTP Headers

GET /it/u=605535103,844291182&fm=253&fmt=auto?w=92&h=69 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 810
expires: Wed, 22 Feb 2023 01:29:23 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 796c7d7f62542860b46d1188ecfe0f01
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 01:29:23 GMT
ohc-cache-hit: km7ct59 [1], czix174 [4]
ohc-file-size: 810
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952

182.140.225.35

200 OK

32 kB

URL HTTP/2
img2.baidu.com/it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x952, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31958 bytes)
Hash
615a681704246683d939ffdf83f7c391
ebe315d3321780f364ae033e99e7a6a25b28de5c
605bc4f04ae761d4a2c4450ef293d4565daf4ce4193f92f8a2eb21ba741868de

HTTP Headers

GET /it/u=4272242601,3093854454&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=952 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 31958
expires: Sat, 11 Feb 2023 13:45:49 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 615a681704246683d939ffdf83f7c391
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 13:45:49 GMT
ohc-cache-hit: cd5ct50 [1], suzix123 [4]
ohc-file-size: 31958
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2970134638,2658398603&fm=253&app=120&f=JPEG?w=1422&h=800

182.242.59.35

200 OK

145 kB

URL HTTP/1.1
img0.baidu.com/it/u=2970134638,2658398603&fm=253&app=120&f=JPEG?w=1422&h=800
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
145 kB (144982 bytes)
Hash
d1263292975c2efe67b899a91bd7721f
2f38b95a4c2cfc3eca1ec843e78d49e8626a13d0
96156ef718f5abd33c78f0a2a5cd77b2d54c14d984b4759c339cb44e41d13d26

HTTP Headers

GET /it/u=2970134638,2658398603&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:26 GMT
Content-Type: image/jpeg
Content-Length: 144982
Connection: keep-alive
Expires: Mon, 06 Mar 2023 15:47:26 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: d1263292975c2efe67b899a91bd7721f
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 15:47:26 GMT
Ohc-Cache-HIT: km7ct73 [2], czix180 [4]
Ohc-File-Size: 144982
X-Cache-Status: MISS

img2.baidu.com/it/u=3747757751,3216234103&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=531

182.140.225.35

200 OK

30 kB

URL HTTP/2
img2.baidu.com/it/u=3747757751,3216234103&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=531
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x531, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (29644 bytes)
Hash
6b1e13ea0f9a55db509f3e06047eb210
fac68ad7c0b0eb98f286c2e7b932f1fb2191a35f
04c04f993f8d9ecfb8941a80df68facfec8527496737568bec69051eea684e51

HTTP Headers

GET /it/u=3747757751,3216234103&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=531 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 29644
expires: Thu, 23 Feb 2023 10:25:23 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 6b1e13ea0f9a55db509f3e06047eb210
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 10:25:23 GMT
ohc-cache-hit: cd5ct69 [1], bdix186 [4]
ohc-file-size: 29644
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=909572906,4015997866&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631

182.140.225.35

200 OK

9.6 kB

URL HTTP/2
img2.baidu.com/it/u=909572906,4015997866&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x631, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.6 kB (9570 bytes)
Hash
dd05b8069277fb366f83afc47134149c
d6e2117485fb31409ca75d7019240d26a5d49d8c
9744681be0200e182e7e5259c3f1a64c753a938b829721d424448aedbf730640

HTTP Headers

GET /it/u=909572906,4015997866&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=631 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 9570
expires: Sun, 12 Feb 2023 06:17:51 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: dd05b8069277fb366f83afc47134149c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 06:17:51 GMT
ohc-cache-hit: cd5ct59 [1], qdix59 [2]
ohc-file-size: 9570
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2464625651,1606600720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

182.140.225.35

200 OK

15 kB

URL HTTP/2
img2.baidu.com/it/u=2464625651,1606600720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
15 kB (15148 bytes)
Hash
7a2ec1ee4fe8245bac208061e1f83178
576fc02c45a5bbef734f2604b639b977f87a506c
5c682dae2a9768876aff7f047ab1ea89c273a2ceb3196b930f305daba1d5a97f

HTTP Headers

GET /it/u=2464625651,1606600720&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 15148
expires: Mon, 06 Mar 2023 15:47:26 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 7a2ec1ee4fe8245bac208061e1f83178
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 15:47:26 GMT
ohc-cache-hit: cd5ct54 [1], suzix228 [2]
ohc-file-size: 15148
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268

182.140.225.35

200 OK

3.5 kB

URL HTTP/2
img2.baidu.com/it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 508x268, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
3.5 kB (3532 bytes)
Hash
bc61b6e3c6a007facb24e887cbf78eec
aa9cf1edb99a3b2ed9656a2cdbd0117cb9599a6e
395c6d621738559cb70e95b4c07e83fe638da0d63c41e308769fb739fd093a7a

HTTP Headers

GET /it/u=3275485709,1879986680&fm=253&fmt=auto&app=138&f=JPEG?w=508&h=268 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 3532
expires: Mon, 06 Mar 2023 15:47:26 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: bc61b6e3c6a007facb24e887cbf78eec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 15:47:26 GMT
ohc-cache-hit: cd5ct61 [1], xiangyix232 [2]
ohc-file-size: 3532
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=1743507686,1261803091&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=450

182.140.225.35

200 OK

12 kB

URL HTTP/2
img2.baidu.com/it/u=1743507686,1261803091&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=450
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 253x450, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (11956 bytes)
Hash
bbe1744eb36b1ead27dde2306fd88653
fd13f17be37e3508652156a55de28c422ee1c399
cbb7b281f7ed7f36143b2cd8e19f0bfaa9cbd50ef45ad1c0c85cfdd20c7fa69c

HTTP Headers

GET /it/u=1743507686,1261803091&fm=253&fmt=auto&app=138&f=JPEG?w=253&h=450 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:26 GMT
content-type: image/webp
content-length: 11956
expires: Fri, 03 Mar 2023 14:19:00 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: bbe1744eb36b1ead27dde2306fd88653
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 14:19:00 GMT
ohc-cache-hit: cd5ct58 [1], wzix118 [4]
ohc-file-size: 11956
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/881604.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/881604.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/881604.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=944643861,648959183&fm=253&fmt=auto&app=138&f=JPEG?w=496&h=500

img2.baidu.com/it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800

182.140.225.35

200 OK

73 kB

URL HTTP/1.1
img2.baidu.com/it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
73 kB (72608 bytes)
Hash
6d56ccfce206848e626c3b134e5b4c93
c6cd62b23680dc983376bf9d1a5f340d0dd73cfb
d34e8b4c4b304a00dfb024c1f3685c4cceee19d79ca8509b06b821a1c6147d1e

HTTP Headers

GET /it/u=3186698285,4074400735&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 72608
Connection: keep-alive
Expires: Sun, 05 Mar 2023 11:20:57 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 6d56ccfce206848e626c3b134e5b4c93
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 11:20:57 GMT
Ohc-Cache-HIT: cd5ct80 [1], wzix89 [2]
Ohc-File-Size: 72608
X-Cache-Status: MISS

12732.url.tudown.com/uploads/images/132758.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/132758.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/132758.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400

12732.url.tudown.com/uploads/images/515341.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/515341.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/515341.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1373074618,4104553767&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/244077.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/244077.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/244077.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571

12732.url.tudown.com/uploads/images/519650.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/519650.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/519650.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2834301155,2452667106&fm=253&app=120&f=JPEG?w=1280&h=800

bdcode.2345.com/rvsptpid.js

42.81.8.130

200 OK

4.0 kB

URL HTTP/1.1
bdcode.2345.com/rvsptpid.js
IP
42.81.8.130:0
ASN
#58542 Tianjij,300000

File type
ASCII text, with very long lines (11438), with no line terminators
Size
4.0 kB (4034 bytes)
Hash
4927ec7cf61077c3cb553d1e91fbe407
81cecb6db2e670675c9bdac9c8c9225b987262cc
439bad0c6b3cec8c27d7bd369cf89917af4deec831c07836e4e1d265113a641c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /rvsptpid.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 4034
Connection: keep-alive
Cache-Control: max-age=3600
Content-Encoding: gzip
Expires: Sat, 04 Feb 2023 16:47:27 GMT
Last-Modified: Fri, 28 Oct 2022 03:41:54 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
YJS-ID: c20745983cc737dd-143
Server: yunjiasu

pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1

182.61.200.109

200 OK

14 kB

URL HTTP/2
pos.baidu.com/s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1
IP
182.61.200.109:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (38365)
Size
14 kB (14507 bytes)
Hash
fd60b93d4b967264e04f82ed51d44f15
6303a0dcebd9e80713063af2160d7f36b1ff058f
19c803975d61aaa2469da96e5256b268331d49b146dd9dabab0c42296d493af2

HTTP Headers

GET /s?wid=890&hei=200&di=u5039524&s1=118434110&s2=534447821&ltu=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&dc=3&ti=yabo888vip%E7%BD%91%E9%A1%B5%E7%99%BB%E5%BD%95%E5%B9%B3%E5%8F%B0(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875&ps=2136x0&drs=3&pcs=1140x824&pss=1200x2678&cfv=0&cpl=0&chi=1&cce=true&cec=UTF-8&tlm=1675525680&psr=1280x1024&par=1280x1024&pis=-1x-1&ccd=24&cja=false&cmi=0&col=en-US&cdo=-1&tcn=1675525681&dtm=HTML_POST&tpr=1675525680954&ari=2&ant=0&exps=110281,110277,110269,110257,110009,111000,110011&prot=2&dis=0&dai=2&dri=0&ver=0129&ecd=1&psi=166e2c2b76459bc1&dft=0&ft=1 HTTP/1.1
Host: pos.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sat, 04 Feb 2023 15:47:26 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sat Feb  4 23:47:26 2023
p3p: CP=" OTI DSP COR IVA OUR IND COM ", CP=" OTI DSP COR IVA OUR IND COM "
pragma: no-cache
server: nginx
set-cookie: BAIDUID=75A54DFFA14A92E8D1EF048B5C71B318:FG=1; expires=Sun, 04-Feb-54 15:47:26 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
x-xss-protection: 0
content-length: 14507
X-Firefox-Spdy: h2

img0.baidu.com/it/u=3897158553,3167431377&fm=253&fmt=auto&app=138&f=JPEG?w=460&h=292

182.242.59.35

200 OK

17 kB

URL HTTP/2
img0.baidu.com/it/u=3897158553,3167431377&fm=253&fmt=auto&app=138&f=JPEG?w=460&h=292
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 460x292, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
17 kB (16902 bytes)
Hash
86bf2448c4a91e988277ccf48797a1fe
6ca4417ae401649a9334c39554654326f49473d8
79ca5cdc55d10b554a3e42967e304dc1ed9a901a40a01823d9d612c40dd3caab

HTTP Headers

GET /it/u=3897158553,3167431377&fm=253&fmt=auto&app=138&f=JPEG?w=460&h=292 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 16902
expires: Sun, 05 Feb 2023 03:50:06 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 86bf2448c4a91e988277ccf48797a1fe
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 03:50:06 GMT
ohc-cache-hit: km7ct82 [1], csix82 [4]
ohc-file-size: 16902
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=466953155,205157467&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

182.242.59.35

200 OK

30 kB

URL HTTP/2
img0.baidu.com/it/u=466953155,205157467&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x707, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (29688 bytes)
Hash
1bf9955a0abe763b1d176ae58c3bf567
2e6992f68013f2e12c4792b17793f898348899c9
f584d69dc94d377d21961e4b11ecd7ae12b12ce26f758bf76b0248b80329760e

HTTP Headers

GET /it/u=466953155,205157467&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 29688
expires: Thu, 16 Feb 2023 05:25:47 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 1bf9955a0abe763b1d176ae58c3bf567
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 17 Jan 2023 05:25:47 GMT
ohc-cache-hit: km7ct56 [1], czix92 [4]
ohc-file-size: 29688
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/531414.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/531414.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/531414.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3629306599,278441627&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

img1.baidu.com/it/u=1373074618,4104553767&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

183.136.216.35

200 OK

20 kB

URL HTTP/2
img1.baidu.com/it/u=1373074618,4104553767&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20332 bytes)
Hash
ad3bdf5d4fcbb7c1b69a74e0c7194059
87150cc3c0ab4b243a28238e3e928fd5c8ee88e7
64c4a733089a8616db3b637b86d28dd9b6af8069a17ad32c7c2325873fd6d665

HTTP Headers

GET /it/u=1373074618,4104553767&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 20332
expires: Sun, 05 Feb 2023 16:56:25 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: ad3bdf5d4fcbb7c1b69a74e0c7194059
age: 370879
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 16:56:25 GMT
ohc-cache-hit: shaoxct58 [4], wzix58 [2]
ohc-file-size: 20332
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571

183.136.216.35

200 OK

30 kB

URL HTTP/2
img1.baidu.com/it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x571, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (29738 bytes)
Hash
31cef7688c2367345943c9898a23be6e
6989dbf316a026f35e8796c0259c505f9e100feb
a096e27d64b23a8c8671de2dcd1406071f5eb2c73eccc95c81941df5b337abb1

HTTP Headers

GET /it/u=2336765679,4167357952&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=571 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 29738
expires: Fri, 17 Feb 2023 07:29:34 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 31cef7688c2367345943c9898a23be6e
age: 271128
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 07:29:34 GMT
ohc-cache-hit: shaoxct69 [4], suzix115 [2]
ohc-file-size: 29738
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400

182.140.225.35

200 OK

16 kB

URL HTTP/2
img2.baidu.com/it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (16442 bytes)
Hash
66977e062032a031f3dda1816ccb8bd4
8cac11d87097e383e22bfb9f46bed652ffcab0a8
d99c6e21fa4a9a2f09fed2b9bacbb8c75c4d907f7b93f01f85107b20b70e8376

HTTP Headers

GET /it/u=3124343620,2940080505&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 16442
expires: Sat, 11 Feb 2023 10:28:35 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 66977e062032a031f3dda1816ccb8bd4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 10:28:35 GMT
ohc-cache-hit: cd5ct74 [1], suzix144 [4]
ohc-file-size: 16442
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=944643861,648959183&fm=253&fmt=auto&app=138&f=JPEG?w=496&h=500

182.242.59.35

200 OK

23 kB

URL HTTP/1.1
img0.baidu.com/it/u=944643861,648959183&fm=253&fmt=auto&app=138&f=JPEG?w=496&h=500
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 496x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
23 kB (23226 bytes)
Hash
dc496f83fff7b9f5522b1d84d26504cd
a26b6e055750f311c13aa90a6d802333488353cc
1687efc382c13221511738d14aff81c3420ba1d9c89e6ecf38631a198e85ee25

HTTP Headers

GET /it/u=944643861,648959183&fm=253&fmt=auto&app=138&f=JPEG?w=496&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/webp
Content-Length: 23226
Connection: keep-alive
Expires: Wed, 22 Feb 2023 02:23:28 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: dc496f83fff7b9f5522b1d84d26504cd
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 02:23:28 GMT
Ohc-Cache-HIT: km7ct84 [1], czix227 [4]
Ohc-File-Size: 23226
X-Cache-Status: MISS

12732.url.tudown.com/uploads/images/478876.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/478876.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/478876.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2763544410,3614962004&fm=253&fmt=auto&app=120&f=JPEG?w=480&h=270

12732.url.tudown.com/uploads/images/334967.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/334967.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/334967.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2236806891,4120767610&fm=253&fmt=auto&app=120&f=JPEG?w=1067&h=800

t15.baidu.com/it/u=496646664,2249254928&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

21 kB

URL HTTP/1.1
t15.baidu.com/it/u=496646664,2249254928&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
21 kB (20785 bytes)
Hash
e1a94e99940f086be3d1d7c00d68d931
90658bcb1d987255678fc99e9ee2bcbca45c02da
62c690849c6d0df403421a391e15a4809cd1649f4ad16c2070f05c941689c1b2

HTTP Headers

GET /it/u=496646664,2249254928&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 20785
Connection: keep-alive
Expires: Thu, 09 Feb 2023 02:28:16 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: e1a94e99940f086be3d1d7c00d68d931
Age: 2053365
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 02:28:16 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache64 [4], suzix174 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 20785
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=2479701200,2263408814&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

28 kB

URL HTTP/1.1
t15.baidu.com/it/u=2479701200,2263408814&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
28 kB (28305 bytes)
Hash
80efc02fcce992339adc824c5b8c2bae
ea7f92e4b634b3dd77a86a5bbe61da01b794beaf
31e6b7c11b96ca3cd75b279c35bcd91f4a5dd6713fb24af5028fec9f53332d7e

HTTP Headers

GET /it/u=2479701200,2263408814&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 28305
Connection: keep-alive
Expires: Tue, 07 Feb 2023 03:02:33 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 80efc02fcce992339adc824c5b8c2bae
Age: 2054388
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 03:02:33 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache55 [4], suzix70 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 28305
X-Cache-Status: HIT
Timing-Allow-Origin: *

12732.url.tudown.com/uploads/images/293915.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/293915.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/293915.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2482915275,1971596915&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=358

12732.url.tudown.com/uploads/images/423742.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/423742.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/423742.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500

t15.baidu.com/it/u=2396899889,1491874221&fm=224&app=112&f=JPEG?w=500&h=500&s=92A0D4A112E2B6E8068D4DBE03007012

185.10.104.124

200 OK

70 kB

URL HTTP/1.1
t15.baidu.com/it/u=2396899889,1491874221&fm=224&app=112&f=JPEG?w=500&h=500&s=92A0D4A112E2B6E8068D4DBE03007012
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
70 kB (70147 bytes)
Hash
b07217f668f44b70812a60465370d765
ed0d6f784726e63af6f0a59ea6f42657112622e4
447bf7eeaec571e6b024e71581bb89b6a5298f43bbf238fb762c10870126c431

HTTP Headers

GET /it/u=2396899889,1491874221&fm=224&app=112&f=JPEG?w=500&h=500&s=92A0D4A112E2B6E8068D4DBE03007012 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 70147
Connection: keep-alive
Expires: Tue, 14 Feb 2023 12:15:48 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: b07217f668f44b70812a60465370d765
Age: 1600323
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 12:15:48 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache53 [4], xaix139 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 70147
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=2635167135,4050530486&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

44 kB

URL HTTP/1.1
t15.baidu.com/it/u=2635167135,4050530486&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
44 kB (44033 bytes)
Hash
3c48935a56a8c257b119112e1004ce2e
182d008c12bd8f9d1ca55166548b42080f906ebf
101dce329a76502e0966fab942af76c1df0db3665eb311ec2d2d7f3430ce8e25

HTTP Headers

GET /it/u=2635167135,4050530486&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 44033
Connection: keep-alive
Expires: Mon, 06 Mar 2023 07:48:34 GMT
Last-Modified: Fri, 16 Jan 1970 00:00:00 GMT
ETag: 3c48935a56a8c257b119112e1004ce2e
Age: 14016
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 04 Feb 2023 07:48:33 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache59 [1], qdix241 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 44033
X-Cache-Status: HIT
Timing-Allow-Origin: *

12732.url.tudown.com/uploads/images/392273.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/392273.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/392273.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3993228290,1779746090&fm=224&app=112&f=JPEG?w=500&h=500

t15.baidu.com/it/u=1856503022,3791914285&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

54 kB

URL HTTP/1.1
t15.baidu.com/it/u=1856503022,3791914285&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
54 kB (53790 bytes)
Hash
964c27c69f542fbbc3ea73f97c6549b3
4d60b436f0d64cb4d99ff6af20ac801d81b2ab78
95a2ca0e4d1719c2a5ceb4112562db021371fce9b45219777399de97c6d423b0

HTTP Headers

GET /it/u=1856503022,3791914285&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 53790
Connection: keep-alive
Expires: Fri, 10 Feb 2023 09:57:45 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 964c27c69f542fbbc3ea73f97c6549b3
Age: 2049927
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 09:57:45 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache56 [1], qdix180 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53790
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

40 kB

URL HTTP/1.1
t15.baidu.com/it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
40 kB (39516 bytes)
Hash
af61f0c4c49b9c5a2794de949403419e
327c063fec078aae0785cd4cab909705663227f5
fe7e2c033be46f2a8f9fe24d149be7fba81a85ea988d72c80c32a564b9f9b832

HTTP Headers

GET /it/u=1612866542,1335902659&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 39516
Connection: keep-alive
Expires: Wed, 08 Feb 2023 08:35:07 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: af61f0c4c49b9c5a2794de949403419e
Age: 393171
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 08:35:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache58 [1], xiangyix74 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39516
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=3993228290,1779746090&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t13.baidu.com/it/u=3993228290,1779746090&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (39445 bytes)
Hash
0040264420ef153ab3c0b7e7e83d0b42
f6ac9efcf4df9f7ec29859c8e94b2e8b1415bc76
820fda4cc93ddedda12c439a81a29b7fd5b0e2a948aeb231d20ba058474d3575

HTTP Headers

GET /it/u=3993228290,1779746090&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 39445
Connection: keep-alive
Expires: Thu, 16 Feb 2023 11:07:20 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 0040264420ef153ab3c0b7e7e83d0b42
Age: 1498696
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 11:07:20 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache60 [1], wzix117 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39445
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=1508137495,276103181&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

40 kB

URL HTTP/1.1
t15.baidu.com/it/u=1508137495,276103181&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
40 kB (40304 bytes)
Hash
f5ae181dda2c0292f1605600cb31e380
623a247e7f782d19dc086b7119657d2cc9b6736e
9ca5906fcff81e57ddaa07220dd4751a97433abc94ba1139ff5e0b2d81ffdba5

HTTP Headers

GET /it/u=1508137495,276103181&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 40304
Connection: keep-alive
Expires: Mon, 06 Feb 2023 14:04:36 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: f5ae181dda2c0292f1605600cb31e380
Age: 2053240
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 14:04:36 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache51 [1], csix83 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 40304
X-Cache-Status: HIT
Timing-Allow-Origin: *

12732.url.tudown.com/uploads/images/824850.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/824850.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/824850.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4241759297,2913637654&fm=224&app=112&f=JPEG?w=500&h=500

img0.baidu.com/it/u=2834301155,2452667106&fm=253&app=120&f=JPEG?w=1280&h=800

182.242.59.35

200 OK

78 kB

URL HTTP/1.1
img0.baidu.com/it/u=2834301155,2452667106&fm=253&app=120&f=JPEG?w=1280&h=800
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
78 kB (77791 bytes)
Hash
4ee0919f4649f4d8e3dfd1a71f9a4c2a
ca9323659e6ef272e2ec905efb3fcc8a2187b608
6205b7c5e7e99abc4a2147a1eefdd77072721ca382b4f9d8bf22cd4a081dc2c4

HTTP Headers

GET /it/u=2834301155,2452667106&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpeg
Content-Length: 77791
Connection: keep-alive
Expires: Mon, 20 Feb 2023 16:02:58 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 4ee0919f4649f4d8e3dfd1a71f9a4c2a
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 16:02:58 GMT
Ohc-Cache-HIT: km7ct62 [1], bdix248 [4]
Ohc-File-Size: 77791
X-Cache-Status: MISS

bdcode.2345.com/js/logo/css/logo-sm.css

42.81.8.130

200 OK

783 B

URL HTTP/2
bdcode.2345.com/js/logo/css/logo-sm.css
IP
42.81.8.130:0
ASN
#58542 Tianjij,300000

File type
ASCII text, with very long lines (2128), with no line terminators
Size
783 B (783 bytes)
Hash
621b3563f1231de3a058fa25980064be
c2575c8110cbaba0c87c543fabf7c592789ad67f
37944a5c3981b16d6a498a7dc9427edcd64c1752e6728c5323525bc400efc8d6

HTTP Headers

GET /js/logo/css/logo-sm.css HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: text/css
date: Sat, 04 Feb 2023 15:47:27 GMT
etag: W/"639b0691-850"
expires: Sat, 04 Feb 2023 16:47:27 GMT
last-modified: Thu, 15 Dec 2022 11:35:45 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c207459e895337df-143
content-length: 783
X-Firefox-Spdy: h2

t14.baidu.com/it/u=4241759297,2913637654&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

46 kB

URL HTTP/1.1
t14.baidu.com/it/u=4241759297,2913637654&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
46 kB (45891 bytes)
Hash
d18890af44e6845d282cfac6f4350a0c
bf677f9684fc2e894c3f8669bdcb38d83e24258c
78b2a845f6e17ebf8a84f9a3da94b2a20030631bafd3836676edb38d199571a4

HTTP Headers

GET /it/u=4241759297,2913637654&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpeg
Content-Length: 45891
Connection: keep-alive
Expires: Mon, 06 Feb 2023 22:50:02 GMT
Last-Modified: Mon, 12 Jan 1970 00:00:00 GMT
ETag: d18890af44e6845d282cfac6f4350a0c
Age: 402154
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 22:50:02 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache60 [1], bdix221 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 45891
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=2236806891,4120767610&fm=253&fmt=auto&app=120&f=JPEG?w=1067&h=800

182.140.225.35

200 OK

62 kB

URL HTTP/2
img2.baidu.com/it/u=2236806891,4120767610&fm=253&fmt=auto&app=120&f=JPEG?w=1067&h=800
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1067x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
62 kB (61644 bytes)
Hash
5c89094f355eab286841ce7e6c8c87c8
814c2d8bc2095a9f19097ccae94b543ce57b90f2
7d2763aa203f0028efa205933b1cf3786e0522a31d1a4687df9407f5017bf253

HTTP Headers

GET /it/u=2236806891,4120767610&fm=253&fmt=auto&app=120&f=JPEG?w=1067&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 61644
expires: Sat, 04 Mar 2023 02:31:40 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 5c89094f355eab286841ce7e6c8c87c8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 02:31:40 GMT
ohc-cache-hit: cd5ct61 [1], csix111 [4]
ohc-file-size: 61644
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3629306599,278441627&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

182.140.225.35

200 OK

38 kB

URL HTTP/2
img2.baidu.com/it/u=3629306599,278441627&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (38194 bytes)
Hash
50bc02fce5116e2c8c0934e6020bb6bc
076fcf04bbd75d2a971f79dc64080d6b8041a737
29edd09b28169253b2d0f4fec371c6f704b63fb3cb53992bed6ac03cce78dfe3

HTTP Headers

GET /it/u=3629306599,278441627&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 38194
expires: Wed, 22 Feb 2023 02:06:58 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 50bc02fce5116e2c8c0934e6020bb6bc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:06:58 GMT
ohc-cache-hit: cd5ct60 [1], bdix145 [4]
ohc-file-size: 38194
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/109792.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/109792.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/109792.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4285146320,1067032272&fm=253&fmt=auto&app=138&f=PNG?w=168&h=500

12732.url.tudown.com/uploads/images/992394.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/992394.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/992394.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3290309950,244139761&fm=224&app=112&f=JPEG?w=495&h=500

img0.baidu.com/it/u=2763544410,3614962004&fm=253&fmt=auto&app=120&f=JPEG?w=480&h=270

182.242.59.35

200 OK

20 kB

URL HTTP/2
img0.baidu.com/it/u=2763544410,3614962004&fm=253&fmt=auto&app=120&f=JPEG?w=480&h=270
IP
182.242.59.35:0
ASN
#134766 CHINANET Yunnan province IDC2 network

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 480x270, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (19638 bytes)
Hash
c11e950f0351c98e235e750878af90da
597fdd89ac0da512287e6a4f42a539815d2a8562
0fe6b3d6bdc1c898931745a7b8b3d71dfff945562bdddd2ae87ca6c8fd1168ad

HTTP Headers

GET /it/u=2763544410,3614962004&fm=253&fmt=auto&app=120&f=JPEG?w=480&h=270 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 19638
expires: Fri, 24 Feb 2023 03:01:51 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: c11e950f0351c98e235e750878af90da
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 03:01:51 GMT
ohc-cache-hit: km7ct51 [1], xiangyix216 [4]
ohc-file-size: 19638
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/466340.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/466340.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/466340.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3821247245,2431353316&fm=224&app=112&f=PNG?w=500&h=500&s=7384FE0F5C0546DC6A2A2F6C0300F068

img2.baidu.com/it/u=2482915275,1971596915&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=358

182.140.225.35

200 OK

29 kB

URL HTTP/2
img2.baidu.com/it/u=2482915275,1971596915&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=358
IP
182.140.225.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x358, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29288 bytes)
Hash
eb7c158a750fab7e7dbc99a5bb0d559c
58d35b34ef1a6857228c9dd244fc38395671d3d4
d5d88c1cd7489f2632e9b31eb8c7f04e1c841ede0858942efd5094fc2079e363

HTTP Headers

GET /it/u=2482915275,1971596915&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=358 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:27 GMT
content-type: image/webp
content-length: 29288
expires: Fri, 24 Feb 2023 02:34:48 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: eb7c158a750fab7e7dbc99a5bb0d559c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 02:34:48 GMT
ohc-cache-hit: cd5ct53 [1], xiangyix53 [4]
ohc-file-size: 29288
x-cache-status: MISS
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/644926.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/644926.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/644926.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2635167135,4050530486&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/409983.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/409983.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/409983.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:27 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=2734136340,3750608964&fm=253&app=120&f=JPEG?w=1280&h=800

t13.baidu.com/it/u=3290309950,244139761&fm=224&app=112&f=JPEG?w=495&h=500

185.10.104.124

200 OK

30 kB

URL HTTP/1.1
t13.baidu.com/it/u=3290309950,244139761&fm=224&app=112&f=JPEG?w=495&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 495x500, components 3\012- data
Size
30 kB (29913 bytes)
Hash
45fd1e8c32d024a462fe0cdb129378c1
8b89a43009bc8a8ca2c30551c8be50430acf71d6
0e192f92dc9655c2c41f8e19ca63e716e7733596dc6c30d0fafe745f8a11b7a6

HTTP Headers

GET /it/u=3290309950,244139761&fm=224&app=112&f=JPEG?w=495&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpeg
Content-Length: 29913
Connection: keep-alive
Expires: Tue, 21 Feb 2023 14:11:22 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 45fd1e8c32d024a462fe0cdb129378c1
Age: 1080937
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 14:11:22 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache57 [2], suzix235 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 29913
X-Cache-Status: HIT

api.share.baidu.com/s.gif?l=http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

182.61.240.101

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe
IP
182.61.240.101:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 15:47:28 GMT

t13.baidu.com/it/u=3821247245,2431353316&fm=224&app=112&f=PNG?w=500&h=500&s=7384FE0F5C0546DC6A2A2F6C0300F068

185.10.104.124

200 OK

408 kB

URL HTTP/1.1
t13.baidu.com/it/u=3821247245,2431353316&fm=224&app=112&f=PNG?w=500&h=500&s=7384FE0F5C0546DC6A2A2F6C0300F068
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
408 kB (407881 bytes)
Hash
8c027f5b715f3da09bab606b4e6500de
758ef6a83df81dbef576a0a4aed675b5f49c832d
1c31a270b345291d90c642d55069c8bca035f1375d1f7bdfb418be51e842f382

HTTP Headers

GET /it/u=3821247245,2431353316&fm=224&app=112&f=PNG?w=500&h=500&s=7384FE0F5C0546DC6A2A2F6C0300F068 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/png
Content-Length: 407881
Connection: keep-alive
Expires: Fri, 03 Mar 2023 02:11:56 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 8c027f5b715f3da09bab606b4e6500de
Age: 219010
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 01 Feb 2023 02:11:56 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache112 [3], czix112 [3]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 407881
X-Cache-Status: HIT

12732.url.tudown.com/uploads/images/728819.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/728819.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/728819.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350

cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png

183.136.216.35

200 OK

4.5 kB

URL HTTP/2
cpro.baidustatic.com/cpro/ui/noexpire/img/2.0.0/native_ad.png
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
PNG image data, 44 x 984, 8-bit colormap, non-interlaced\012- data
Size
4.5 kB (4514 bytes)
Hash
3e2d110dd13ae372eac3c04347687487
666c77091671206a1ee7202bfa821afa63dfed94
4b86aeb9d139835e6517cef965d3442d8efca774abc2d6befc580ec63aace62e

HTTP Headers

GET /cpro/ui/noexpire/img/2.0.0/native_ad.png HTTP/1.1
Host: cpro.baidustatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:28 GMT
content-type: image/png
content-length: 4514
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 01 Apr 2022 07:05:03 GMT
etag: "6246a41f-11a2"
cache-control: max-age=315360000
age: 286388
accept-ranges: bytes
timing-allow-origin: *
ohc-global-saved-time: Tue, 21 Jun 2022 04:49:12 GMT
ohc-cache-hit: shaoxct60 [2], wzix60 [4]
ohc-file-size: 4514
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=4285146320,1067032272&fm=253&fmt=auto&app=138&f=PNG?w=168&h=500

183.136.216.35

200 OK

32 kB

URL HTTP/2
img1.baidu.com/it/u=4285146320,1067032272&fm=253&fmt=auto&app=138&f=PNG?w=168&h=500
IP
183.136.216.35:0
ASN
#58461 CT-HangZhou-IDC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
32 kB (31798 bytes)
Hash
fed7e3fc16d6996ab736ca504d728b54
9ed1c503a4c95e0e4c001c99bad26a59830bf3f1
84640c611a67c2889b73000c72077a840fed39062ccb5c5e2b716e70bcf936de

HTTP Headers

GET /it/u=4285146320,1067032272&fm=253&fmt=auto&app=138&f=PNG?w=168&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 15:47:28 GMT
content-type: image/webp
content-length: 31798
expires: Sun, 26 Feb 2023 00:19:14 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: fed7e3fc16d6996ab736ca504d728b54
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 00:19:14 GMT
ohc-cache-hit: shaoxct58 [1], wzix92 [4]
ohc-file-size: 31798
x-cache-status: MISS
X-Firefox-Spdy: h2

t14.baidu.com/it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350

185.10.104.124

200 OK

16 kB

URL HTTP/1.1
t14.baidu.com/it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Size
16 kB (16276 bytes)
Hash
d4e764303a3eeca53f111a2ccd4bf643
14fef7fd2b41c8dccaed74b09a01fc8f513dc656
3dca47f7d4367d23b36ef6bb9cf86f31b65770b12582136c99a128a4760dd5f7

HTTP Headers

GET /it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12732.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpeg
Content-Length: 16276
Connection: keep-alive
Expires: Sun, 05 Feb 2023 12:44:15 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d4e764303a3eeca53f111a2ccd4bf643
Age: 2052390
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 12:44:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache61 [2], qdix103 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 16276
X-Cache-Status: HIT
Timing-Allow-Origin: *

sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-7c066e19852cf40019e433a18d5d093bbb76b02e&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675525681951&r=init

36.110.192.156

200 OK

0 B

URL HTTP/2
sofire.baidu.com/abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-7c066e19852cf40019e433a18d5d093bbb76b02e&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675525681951&r=init
IP
36.110.192.156:0
ASN
#23724 IDC, China Telecommunications Corporation

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /abot/api/v1/tpl/re/8800?v=1.1&0=1&1=0&2=0&3=0&4=0&5=0&6=0&7=1&8=v10-7c066e19852cf40019e433a18d5d093bbb76b02e&9=0&10=0&11=0&u=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&h=http%3A%2F%2F12732.url.tudown.com%2Fdown%2Ffoxitpdfeditor%25E7%25A0%25B4%25E8%25A7%25A3%25E7%2589%2588%40418_63004.exe&t=1675525681951&r=init HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12732.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
date: Sat, 04 Feb 2023 15:47:28 GMT
content-length: 0
X-Firefox-Spdy: h2

sofire.baidu.com/h5/t/8800

36.110.192.156

204 No Content

0 B

URL HTTP/2
sofire.baidu.com/h5/t/8800
IP
36.110.192.156:0
ASN
#23724 IDC, China Telecommunications Corporation

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /h5/t/8800 HTTP/1.1
Host: sofire.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-bdh5-pf
Referer: http://12732.url.tudown.com/
Origin: http://12732.url.tudown.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,AccessToken,X-CSRF-Token,X-Bdh5-Pf,X-XSRF-TOKEN, Authorization
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: http://12732.url.tudown.com
access-control-expose-headers: Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type
date: Sat, 04 Feb 2023 15:47:28 GMT
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/361866.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/361866.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/361866.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3542176406,2205480352&fm=224&app=112&f=PNG?w=409&h=389&s=755E11D7FEA33E86623E63A40300C02E

www.2345.com/js/index/activity/20171111/widget.min.js

47.246.44.204

200 OK

4.7 kB

URL HTTP/2
www.2345.com/js/index/activity/20171111/widget.min.js
IP
47.246.44.204:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
ASCII text, with very long lines (19539), with no line terminators
Size
4.7 kB (4696 bytes)
Hash
afdf292db7e3a74a6887c51d71178c69
9e9f10f2a5defd7a48fe30002fa9c933bf9acbfa
827e8b6d5c2a4cb5800559a481cb49e8222d3b55834f05a0db0f8db02efbe193

HTTP Headers

GET /js/index/activity/20171111/widget.min.js HTTP/1.1
Host: www.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12732.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
strict-transport-security: max-age=5184000
date: Sat, 04 Feb 2023 15:45:39 GMT
last-modified: Wed, 06 Nov 2019 08:19:39 GMT
etag: W/"5dc2821b-4c53"
vary: Accept-Encoding, Accept-Encoding
expires: Tue, 22 Nov 2022 14:45:06 GMT
cache-control: max-age=600
ali-swift-global-savetime: 1675525540
via: cache1.l2de2[0,0,304-0,H], cache19.l2de2[1,0], cache8.se1[87,88,200-0,H], cache5.se1[91,0]
age: 102
x-cache: HIT TCP_REFRESH_HIT dirn:1:205964275
x-swift-savetime: Sat, 04 Feb 2023 15:47:22 GMT
x-swift-cachetime: 498
content-encoding: br
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
timing-allow-origin: *
eagleid: 2ff62c9916755256421897555e
X-Firefox-Spdy: h2

12732.url.tudown.com/uploads/images/239016.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/239016.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/239016.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2613865349,2155068843&fm=224&app=112&f=JPEG?w=500&h=500

12732.url.tudown.com/uploads/images/895553.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/895553.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/895553.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3105199758,985614764&fm=253&app=120&f=JPEG?w=800&h=1422

12732.url.tudown.com/uploads/images/475523.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/475523.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/475523.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2008333849,631457780&fm=253&fmt=auto&app=138&f=JPEG?w=323&h=300

12732.url.tudown.com/uploads/images/343555.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12732.url.tudown.com/uploads/images/343555.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/343555.jpg HTTP/1.1
Host: 12732.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12732.url.tudown.com/down/foxitpdfeditor%E7%A0%B4%E8%A7%A3%E7%89%88@418_63004.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 15:47:28 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3750180845,3920682766&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=709

bdcode.2345.com/js/logo/js/logo.js

42.81.8.130

200 OK

0 B

URL HTTP/2
bdcode.2345.com/js/logo/js/logo.js
IP
42.81.8.130:0
ASN
#58542 Tianjij,300000

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/logo/js/logo.js HTTP/1.1
Host: bdcode.2345.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://pos.baidu.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=3600
content-encoding: gzip
content-type: application/x-javascript
date: Sat, 04 Feb 2023 15:47:27 GMT
etag: W/"6261299c-371a"
expires: Sat, 04 Feb 2023 16:47:27 GMT
last-modified: Thu, 21 Apr 2022 09:53:32 GMT
p3p: CP=" OTI DSP COR IVA OUR IND COM "
server: yunjiasu
yjs-id: c207459d022b37df-143
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (54)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML