Report - 12441.url.tudown.com/down/office2003@394

Report Overview

Submitted URL
12441.url.tudown.com/down/office2003@394_2.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-01-25 10:55:10
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
12441.url.tudown.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	18 kB	86 kB	154.218.151.71
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	60 kB	34.120.237.76
img0.baidu.com	50126	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	527 kB	118.112.225.35
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	12 kB	103.235.46.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
img1.baidu.com	50158	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	283 kB	119.96.52.35
push.zhanzhang.baidu.com	57139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	290 B	750 B	112.34.113.148
img2.baidu.com	50786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	796 kB	119.96.52.35
s22.cnzz.com	87635	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	665 B	180.97.251.250
s6.qhres2.com	910970	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	298 B	1.1 kB	54.230.111.11
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	100.20.30.105
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.9 kB	104.18.21.226
t15.baidu.com	33050	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	105 kB	185.10.104.124
api.share.baidu.com	44629	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	114 B	182.61.201.93
t14.baidu.com	32559	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	209 kB	185.10.104.124
t13.baidu.com	32653	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	400 kB	185.10.104.124
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	1.9 kB	104.18.20.226
js.passport.qihucdn.com	273795	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	324 B	454 B	101.198.192.7
s.360.cn	19814	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	444 B	238 B	171.8.167.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-25	medium	12441.url.tudown.com/down/office2003@394_2.exe	Malware
2023-01-25	medium	12441.url.tudown.com/js/orsxg5a.script	Malware
2023-01-25	medium	12441.url.tudown.com/template/company/42xz/js/soft.js	Malware
2023-01-25	medium	12441.url.tudown.com/template/company/42xz/js/jquery.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	12441.url.tudown.com/down/office2003@394_2.exe	254 B	2023-03-09	2023-12-23
Pretty URL 12441.url.tudown.com/down/office2003@394_2.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

	12441.url.tudown.com/template/company/42xz/js/jquery.js	120 kB	2023-03-12	2023-11-20
Pretty URL 12441.url.tudown.com/template/company/42xz/js/jquery.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen235 Hash 1925d85004d53931fe7e1cb8e1d658fb fc6192892c227e2a2f5a68e31b08d83ab0458355 b26e0c2001d8d9f1947b20033e77665409f3504f832556ce2ee9dfb01ef7a041 Loading...

	s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130	0 B	2023-03-07	2024-04-19
Pretty URL s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130 IP 180.97.251.250 ASN #4134 Chinanet Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 06:41:06 Times Seen36953544 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	12441.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 12441.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

	js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d	105 B	2023-03-07	2024-04-14
Pretty URL js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d IP 101.198.192.7 ASN #55992 Beijing Qihu Technology Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:51 Last Seen2024-04-14 23:50:53 Times Seen385 Hash 06b5672f6400f1eb3255c53b8716ec1b f35120a5317fa4f91b98abb29d0ee3ad899b55f7 42e703267bb95fd28b350c6f27fd014f39e6d88443a50b7322c14b76bb513e99 Loading...

	12441.url.tudown.com/template/company/42xz/js/soft.js	9.9 kB	2023-03-12	2023-06-15
Pretty URL 12441.url.tudown.com/template/company/42xz/js/soft.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-06-15 06:04:36 Times Seen205 Hash 5e32a0f26da3d6f80a8ba482448e7314 c5724c4245049e753a66805f2fe986c620071141 d2acdf1a20ffb5f140291d37fd878d834918e465e977c487720816d7bf69cf31 Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:04:39 Last Seen2023-03-13 07:04:39 Times Seen1 Hash f616104a25cf14be413557e15bac4da9 eafbbba2a3e6be512066ca87c42d26d9820baa68 a349c2d37c54761eab9c8d2a1922f82a5f7f046308685daff1152185eaed8cdf Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-18
Pretty URL push.zhanzhang.baidu.com/push.js IP 112.34.113.148 ASN #9808 China Mobile Communications Group Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-18 14:13:26 Times Seen18955 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	s6.qhres2.com/static/ab77b6ea7f3fbf79.js	478 B	2023-03-07	2024-04-15
Pretty URL s6.qhres2.com/static/ab77b6ea7f3fbf79.js IP 54.230.111.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-15 19:30:50 Times Seen2387 Hash 5dd27f8f2b042194c3cdabd62fd80110 c035036a939799d4c29b9c0f7229ae1953d03109 928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-14 17:35:46 Times Seen2523 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

	#3 Write - f6c66fa781641bc152896d4d331fb47c	107 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash f6c66fa781641bc152896d4d331fb47c 75058381be5febb338d4b018ff21ddeb72634f79 1b60638050239eb6f376f41ed7c52f5fa636ff1b2899f86fc62f093fdd6b3e8b Loading...

	#4 Write - fa85d85498e61666775145658e0c17ed	143 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash fa85d85498e61666775145658e0c17ed 0c7232cecdccc72b25160d2732cc180c3fe73160 ba9029ca999756c61255a5964826bb7f12d35e3dd5255cbc1cbfe47438995591 Loading...

	#5 Write - 49ab76f98f0ffd3c06e5f9e8fd523616	87 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 12:57:51 Last Seen2024-04-14 23:50:53 Times Seen258 Hash 49ab76f98f0ffd3c06e5f9e8fd523616 8ff32ae013817b78b340ba1c1ee24f34ca2d8b2a dacba7ea3ae581abd50497c748a9455c720f9c23b96c3826f9d45ef4db4f8db0 Loading...

HTTP Transactions (122)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5fe582397f3003b225cb9058e02c2190
68174a54a8f6c4de9247ccea2dcae3c9b76bdb9f
238a2ef5b61d56353d0a5e97ec3092b8f2792cde7cecf40e1a858f8c129d3a9d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "238A2EF5B61D56353D0A5E97EC3092B8F2792CDE7CECF40E1A858F8C129D3A9D"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3134
Expires: Wed, 25 Jan 2023 11:47:13 GMT
Date: Wed, 25 Jan 2023 10:54:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
04512fea22644dc0d22c3f3a665f6645
0e213646abfc6d9560ba562362fd9e9115be8354
124d9534f75506b8e8c7535ee7295ac4e6cf5a8249a0edac6940839e56043181

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "124D9534F75506B8E8C7535EE7295AC4E6CF5A8249A0EDAC6940839E56043181"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15676
Expires: Wed, 25 Jan 2023 15:16:15 GMT
Date: Wed, 25 Jan 2023 10:54:59 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 25 Jan 2023 10:35:12 GMT
content-type: application/json
age: 1187
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6cd4f1da1215c7473500807c185f2449
b14db0c67cf1f5faf85648ed8f94baf2dd03808b
9750518efd869da5ff74ba65a196445bd4340c909157cc1a420f62c1d07224a0

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9750518EFD869DA5FF74BA65A196445BD4340C909157CC1A420F62C1D07224A0"
Last-Modified: Mon, 23 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5698
Expires: Wed, 25 Jan 2023 12:29:57 GMT
Date: Wed, 25 Jan 2023 10:54:59 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: d5H5dwFFem600XEi6Kh0IWBkzxwBdbzjQOym7A0dMJVfMWVFDzjk5QzjTPvBSbBiMDvpnMPmNxjEQiCPEw2P0w==
x-amz-request-id: ZFHVEZ5XX90J20S3
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 25 Jan 2023 10:48:32 GMT
age: 387
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 25 Jan 2023 10:54:59 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 25 Jan 2023 10:41:40 GMT
age: 799
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e2970e1480a4759282d63bb213051e4
ed5194d4d25dfc199821129be5d74be0ce49197d
18e19ea4c9c262cb9a94f89172eef2604222e779346589d470bf2e95ea295563

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18E19EA4C9C262CB9A94F89172EEF2604222E779346589D470BF2E95EA295563"
Last-Modified: Tue, 24 Jan 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9336
Expires: Wed, 25 Jan 2023 13:30:36 GMT
Date: Wed, 25 Jan 2023 10:55:00 GMT
Connection: keep-alive

12441.url.tudown.com/down/office2003@394_2.exe

154.218.151.71

200 OK

6.5 kB

URL HTTP/1.1
12441.url.tudown.com/down/office2003@394_2.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
6.5 kB (6495 bytes)
Hash
692e51013dbe56445ddc0522b0726a1c
3c7d1dcb72806acb14a632c01fa6179547e93255
eddce8d3e17c538798d9068af7c891e3af773da6457a16890b7b543a246a7ef7

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /down/office2003@394_2.exe HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.services.mozilla.com/

100.20.30.105

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
100.20.30.105:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: xn+VLFyhT6C16h6B+n/oSg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: X0Fnt74GUMKwGP4tk3ER0BQssNQ=

12441.url.tudown.com/template/company/42xz/css/common.css

154.218.151.71

200 OK

1.9 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/css/common.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.9 kB (1933 bytes)
Hash
625ff65f2c44178957f32d288dd56ddf
cb918d56e4595594c56cab503ed56f84379e862d
2436857c00ba0ab148e7c16f63712844f5bb62e23379751d6dddd82abe667ac5

HTTP Headers

GET /template/company/42xz/css/common.css HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea53-1ccb"
Expires: Wed, 25 Jan 2023 22:55:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12441.url.tudown.com/template/company/42xz/css/soft.css

154.218.151.71

200 OK

6.6 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/css/soft.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
6.6 kB (6556 bytes)
Hash
669589d0ffba3898ecf26c242eaed555
f6a564b66491cf102d5961fb95294d84192c9f11
00947ca9960fa7f5ad71c5f5343ded6e595dec626a9da917da58305fdc98e356

HTTP Headers

GET /template/company/42xz/css/soft.css HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea55-6438"
Expires: Wed, 25 Jan 2023 22:55:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12441.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
12441.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12441.url.tudown.com/template/company/42xz/js/soft.js

154.218.151.71

200 OK

3.6 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/js/soft.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
3.6 kB (3643 bytes)
Hash
67be5352d7d3355ae57faad8a6221355
30f4a9a4a3dede0d2d72725ffa28958f45053e7e
1a59b7c5be683676fa54951bf4129899c3980e78c1f956c287f7cc0c001a857d

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/42xz/js/soft.js HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea5a-26b2"
Expires: Wed, 25 Jan 2023 22:55:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12441.url.tudown.com/uploads/images/911113.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/911113.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/911113.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=215469218,2550359939&fm=224&app=112&f=JPEG?w=500&h=500

12441.url.tudown.com/uploads/images/272004.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/272004.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/272004.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3105392263,1108592492&fm=224&app=112&f=JPEG?w=500&h=500

12441.url.tudown.com/uploads/images/726896.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/726896.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/726896.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1683299603,1030317218&fm=224&app=112&f=PNG?w=500&h=500

12441.url.tudown.com/uploads/images/696775.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/696775.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/696775.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3828806880,3054436164&fm=253&app=120&f=JPEG?w=800&h=1280

12441.url.tudown.com/uploads/images/logo.png?n=5gp3nzmfwps3raxgv6g6lknu46kkrzmtqhszjlxfschollvc42oi3zfyvxs37ay&w=250

154.218.151.71

200 OK

3.8 kB

URL HTTP/1.1
12441.url.tudown.com/uploads/images/logo.png?n=5gp3nzmfwps3raxgv6g6lknu46kkrzmtqhszjlxfschollvc42oi3zfyvxs37ay&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.8 kB (3829 bytes)
Hash
3c6a2fe88b6f72fff1fbb8c74f043201
35ab9d46cce975599bcf16361894bb4bd9bea068
67aa18756da5e46eac9d281e7257973332d9872f011c4295a8f85e44549543f8

HTTP Headers

GET /uploads/images/logo.png?n=5gp3nzmfwps3raxgv6g6lknu46kkrzmtqhszjlxfschollvc42oi3zfyvxs37ay&w=250 HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c6a0dcd28b9e50bc813b8d067f6a74b
65b7850c6a51528bdde393c6789e30664773fbdd
8aa1ffed18b6d8689a9fdc4fd5e0c6abdd21d27eec4e24b37463bb64a790fd99

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8AA1FFED18B6D8689A9FDC4FD5E0C6ABDD21D27EEC4E24B37463BB64A790FD99"
Last-Modified: Tue, 24 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21329
Expires: Wed, 25 Jan 2023 16:50:30 GMT
Date: Wed, 25 Jan 2023 10:55:01 GMT
Connection: keep-alive

12441.url.tudown.com/template/company/42xz/images/tab_line.png

154.218.151.71

200 OK

1.2 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/images/tab_line.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 190 x 7\012- data
Size
1.2 kB (1155 bytes)
Hash
4c54d42f73e777c70b63b1854b994bb5
6b751c2e611f485d04805ccc3ef84ba5c7868775
b86451a9f18cc0bffd106863661cecbc4abc2364f2898e3bc0796992f3ebbd06

HTTP Headers

GET /template/company/42xz/images/tab_line.png HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/png
Content-Length: 1155
Last-Modified: Thu, 05 Nov 2020 12:04:39 GMT
Connection: keep-alive
ETag: "5fa3ea57-483"
Accept-Ranges: bytes

12441.url.tudown.com/uploads/images/131346.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/131346.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/131346.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=361379517,1180922377&fm=253&fmt=auto?w=500&h=666

12441.url.tudown.com/uploads/images/649554.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/649554.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/649554.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=156742818,3939356844&fm=224&app=112&f=JPEG?w=500&h=500

12441.url.tudown.com/uploads/images/816096.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/816096.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/816096.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=495767018,3879542817&fm=253&fmt=auto&app=138&f=JPEG?w=650&h=420

12441.url.tudown.com/template/company/42xz/js/jquery.js

154.218.151.71

200 OK

46 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/js/jquery.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (65479), with CRLF line terminators
Size
46 kB (45799 bytes)
Hash
49fcb7f2a26c0656e22b75bfe591667f
f277ecd02517fc0f243fd9d882178473d4def06b
9ee94398fbe5a57c715dfdfe1b8d05ea964dd9947dba57dad68ee38ea381a2be

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/42xz/js/jquery.js HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:00 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea62-1d491"
Expires: Wed, 25 Jan 2023 22:55:00 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4650
Expires: Wed, 25 Jan 2023 12:12:31 GMT
Date: Wed, 25 Jan 2023 10:55:01 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4650
Expires: Wed, 25 Jan 2023 12:12:31 GMT
Date: Wed, 25 Jan 2023 10:55:01 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8308 bytes)
Hash
91b2e12a39dc4f63b9d52e8800cce1f2
42d5b4b4a091778d98c351f0002d8656449d0243
d4dbc79e3383e83f861ccf8cde3e78ba427a66cd3fa99c17e23ec935867de4ad

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F67efee66-d227-4c28-89a3-8fd7f382049b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8308
x-amzn-requestid: 1988d3b3-5e1a-41fd-83f5-092eddb9185f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fNys5GDKoAMFdbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cefe52-2349fde60b7db8a34c996717;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 21:38:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5_1j_Z6HZ3DSGFPAACJduM5D9eAqMQT42GgI61x8dHAmPQtUexpEYQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 24 Jan 2023 22:06:36 GMT
age: 46105
etag: "42d5b4b4a091778d98c351f0002d8656449d0243"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
176ab888cb4eeee86431993b3ef960e2
0eb79ca64f0f6b29837d1d7dfe12d38a3d5c3822
47984ce01d5a6281b9f2841cb119d3623e0d4202602f354628469e9158a2d6fa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "47984CE01D5A6281B9F2841CB119D3623E0D4202602F354628469E9158A2D6FA"
Last-Modified: Tue, 24 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4650
Expires: Wed, 25 Jan 2023 12:12:31 GMT
Date: Wed, 25 Jan 2023 10:55:01 GMT
Connection: keep-alive

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7da858f1-3099-4d35-9bf6-fae2a155404c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8676 bytes)
Hash
05ff19472d4870833d7c6b495099a86c
6ad7424d14301c62a93ea71843238d2ff0699a02
1f2c62b3be1147d1ed12d1e28caa86c97684d5c5da87ebe3a709ce01cd878abb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7da858f1-3099-4d35-9bf6-fae2a155404c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8676
x-amzn-requestid: eaa1dff1-44ea-47ff-b211-1dd709d9b259
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLP5IGAHIAMFm9w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdf9d3-3ccb4f9322744f546fff8a9a;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 03:06:59 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3ImH7pi4LZOZo6IqNquoa5C97jI9U0LdwbEKSDU1Cf4R9pITWYhyAw==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 04:04:43 GMT
age: 24618
etag: "6ad7424d14301c62a93ea71843238d2ff0699a02"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc3762f9-ecc0-4ad9-9272-0a3e8e55d247.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6231 bytes)
Hash
c7d50173f78bef1429160a353679dd91
695d7913e35a7e086d76c38d7c6f43462b0896df
4c761d1f9fd523750102aea0cce3f8c3cd92918d4c59853415745278292afa4b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcc3762f9-ecc0-4ad9-9272-0a3e8e55d247.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6231
x-amzn-requestid: 85406169-05a4-4ba9-8a20-5ed2badec48a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEXPmGB_oAMF7Zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb38ca-607a23df395511207f5958cd;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 00:58:50 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: t8iFgYP3qA9gX0Cr2RgSJzQZ3QNTBHyEKwmKqYYx9EXdM60WOp6AaQ==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 06:25:50 GMT
age: 16151
etag: "695d7913e35a7e086d76c38d7c6f43462b0896df"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
87377a4714ff6d2aef3c4572d2f2a02a
6ed0aa6fd03c0a598f154180b74935f95085c0f9
8a2021df681aac6732de7cf0a2e247a83445eab9a831efa5eb3e340eddeb2a38

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sun, 29 Jan 2023 08:30:36 GMT
ETag: "6ed0aa6fd03c0a598f154180b74935f95085c0f9"
Last-Modified: Wed, 25 Jan 2023 08:30:37 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 303
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f0796318a2b517-OSL

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5974ff5e-ff49-4276-8943-5768c589b551.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8736 bytes)
Hash
8b458c619b07de23b3620f392b0f56f6
e45a3cfee589406e1ea0f1ebd6e8d321487474e1
9927c7a8e606180964b6e052e1eb2bacb007d05a46c1f04e28c48a74096d3c03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5974ff5e-ff49-4276-8943-5768c589b551.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8736
x-amzn-requestid: 65bdef1c-0389-4d16-b5fd-931d4753d75d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYVuF_4oAMF0Sw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca0757-1569aec44c54b7c87663feae;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3fzmJ8iZrVvBDurLOdAJXB6uuvk6KHvIBuKzMKAMSjKUzWICg1cCjQ==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 05:47:09 GMT
age: 18472
etag: "e45a3cfee589406e1ea0f1ebd6e8d321487474e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0e7609-9fe9-4d8e-8e5d-d900bbac3bcf.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9343 bytes)
Hash
946d8485d39fbe598dc6af86e735061d
4934319819697b4c89466949cd4ef93bb8b9c8b2
7bd130762bfaa189b24e3620e4a54b8e0cc7046ea2d917c37d11a8f248803840

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d0e7609-9fe9-4d8e-8e5d-d900bbac3bcf.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9343
x-amzn-requestid: 5786e270-1aae-45e2-b406-ad9ce4e90c20
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHH8hEcBIAMFyjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5383-3b3fb6220035b4e34db73fee;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:05:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ffDYSL3N0ZZ2vGX3d94Evnu0SeEkLWwv4HRHdyUYXQ19MstDR4jROA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 09:04:06 GMT
age: 6655
etag: "4934319819697b4c89466949cd4ef93bb8b9c8b2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12758 bytes)
Hash
7458f7a9b2070055df6f1d496794e43e
0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9
373097662c419eef9f4a19ce9f3bcead70f6eafbf0acf44806685eece43ce251

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F09ccbe5e-77b1-4d6d-98f5-a477f3861d8c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12758
x-amzn-requestid: c3540562-8c62-4957-9528-7ae952daebaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9gf1E87oAMFpsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c87acb-49fd3f78275937e24d23fca3;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 23:03:39 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: c5YOTqrEv9RLv_lKsrC377yost8auxYRPLubBFGjIWtnbueiGMJYGw==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 25 Jan 2023 07:33:54 GMT
age: 12067
etag: "0f5d2a6d846f4f8f85dd7e8089e643cacc57d8a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12441.url.tudown.com/uploads/images/286818.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/286818.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/286818.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2490557759,3024050032&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

12441.url.tudown.com/uploads/images/584654.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/584654.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/584654.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350

12441.url.tudown.com/uploads/images/132606.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/132606.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/132606.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=789303378,4063216615&fm=253&fmt=auto&app=138&f=GIF?w=640&h=467

12441.url.tudown.com/uploads/images/369754.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/369754.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/369754.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=480372950,107206618&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=611

12441.url.tudown.com/uploads/images/517451.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/517451.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/517451.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3353001573,3703188798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688

12441.url.tudown.com/uploads/images/170061.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/170061.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/170061.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699

t15.baidu.com/it/u=215469218,2550359939&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

14 kB

URL HTTP/1.1
t15.baidu.com/it/u=215469218,2550359939&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
14 kB (13803 bytes)
Hash
d1d1b11a0eb6335b890488dde8050fe2
b6341860d1aba967ee60db54d92c0d4802ebe8a2
64e54ebb5ba944f1d6a38d089fa5320639a44953ece4c69f0d617e57279ebef1

HTTP Headers

GET /it/u=215469218,2550359939&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpeg
Content-Length: 13803
Connection: keep-alive
Expires: Tue, 07 Feb 2023 18:54:25 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d1d1b11a0eb6335b890488dde8050fe2
Age: 1171142
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 18:54:25 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache58 [4], xiangyix240 [4]
Ohc-Response-Time: 1 0 0 0 0 3
Ohc-File-Size: 13803
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350

185.10.104.124

200 OK

16 kB

URL HTTP/1.1
t14.baidu.com/it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Size
16 kB (16276 bytes)
Hash
d4e764303a3eeca53f111a2ccd4bf643
14fef7fd2b41c8dccaed74b09a01fc8f513dc656
3dca47f7d4367d23b36ef6bb9cf86f31b65770b12582136c99a128a4760dd5f7

HTTP Headers

GET /it/u=1955930316,1150273715&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpeg
Content-Length: 16276
Connection: keep-alive
Expires: Sun, 05 Feb 2023 12:44:15 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d4e764303a3eeca53f111a2ccd4bf643
Age: 1170843
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 12:44:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache61 [2], qdix103 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 16276
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=156742818,3939356844&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

53 kB

URL HTTP/1.1
t13.baidu.com/it/u=156742818,3939356844&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
53 kB (53043 bytes)
Hash
624dd3e8fd2257516c3ee566518986ac
8049fb09f2072e2e5993449e7b3f1ff0a6851861
902fa413c309390611e2c169a9c63dd95629ed6ed4b33646a5bb50558c8936bd

HTTP Headers

GET /it/u=156742818,3939356844&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpeg
Content-Length: 53043
Connection: keep-alive
Expires: Wed, 22 Feb 2023 02:54:46 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 624dd3e8fd2257516c3ee566518986ac
Age: 136994
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 02:54:46 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [4], zhuzuncache54 [1], bdix141 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53043
X-Cache-Status: HIT
Timing-Allow-Origin: *

12441.url.tudown.com/uploads/images/996939.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/996939.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/996939.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=190584701,3964397965&fm=224&app=112&f=JPEG?w=350&h=350

12441.url.tudown.com/uploads/images/50711.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/50711.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/50711.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=1216087049,1633987925&fm=253&app=120&f=JPEG?w=1422&h=800

t13.baidu.com/it/u=1683299603,1030317218&fm=224&app=112&f=PNG?w=500&h=500

185.10.104.124

200 OK

307 kB

URL HTTP/1.1
t13.baidu.com/it/u=1683299603,1030317218&fm=224&app=112&f=PNG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
307 kB (306594 bytes)
Hash
e1999ffd8f276545ca883bf09cce05fc
dd0ae75e6c0144af72e6598fa806a011b2768272
60a8b37c51966091c7ab299a7501d17fc70e2b89bb20884fdcef9b14d6331151

HTTP Headers

GET /it/u=1683299603,1030317218&fm=224&app=112&f=PNG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/png
Content-Length: 306594
Connection: keep-alive
Expires: Thu, 02 Feb 2023 02:48:13 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: e1999ffd8f276545ca883bf09cce05fc
Age: 1169774
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 03 Jan 2023 02:48:13 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache63 [2], bdix105 [3]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 306594
X-Cache-Status: HIT

12441.url.tudown.com/uploads/images/18553.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/18553.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/18553.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2597466744,3347582294&fm=253&app=120&f=JPEG?w=200&h=200

12441.url.tudown.com/uploads/images/848729.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/848729.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/848729.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1277210242,329471598&fm=224&app=112&f=JPEG?w=500&h=500

12441.url.tudown.com/uploads/images/400551.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/400551.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/400551.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800

12441.url.tudown.com/uploads/images/90171.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/90171.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/90171.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3211716428,2450027420&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560

t15.baidu.com/it/u=190584701,3964397965&fm=224&app=112&f=JPEG?w=350&h=350

185.10.104.124

200 OK

25 kB

URL HTTP/1.1
t15.baidu.com/it/u=190584701,3964397965&fm=224&app=112&f=JPEG?w=350&h=350
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 350x350, components 3\012- data
Size
25 kB (24858 bytes)
Hash
0eec0e0237fb11b843dc4d8d177a8c89
7bc050b98ed0e2652d1398012acb8f0df8618c38
f5f9a5f0112d61f94c1746eb3611104f7a9c8bd714b351421f8b153acbbbc5ae

HTTP Headers

GET /it/u=190584701,3964397965&fm=224&app=112&f=JPEG?w=350&h=350 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 24858
Connection: keep-alive
Expires: Sat, 04 Feb 2023 07:53:31 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 0eec0e0237fb11b843dc4d8d177a8c89
Age: 1173067
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 07:53:31 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache58 [1], czix188 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 24858
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=1277210242,329471598&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t13.baidu.com/it/u=1277210242,329471598&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (39090 bytes)
Hash
c56a594bafbb3e6e523f26d2b67eb004
a6b5ae2dae87782a172ff267acfca5561c132e68
7c382464e7fd73b80c94e1a6f1873901324a2d7e6a8bf75241fbdf0faf02a726

HTTP Headers

GET /it/u=1277210242,329471598&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 39090
Connection: keep-alive
Expires: Tue, 07 Feb 2023 11:52:55 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: c56a594bafbb3e6e523f26d2b67eb004
Age: 1170315
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 11:52:55 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache60 [1], czix155 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39090
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=3105392263,1108592492&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

37 kB

URL HTTP/1.1
t15.baidu.com/it/u=3105392263,1108592492&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
37 kB (37179 bytes)
Hash
551eb5bc16e625cbee37678cf26a708e
4f79bc9ef5bcd0187d312b170d56689165e538fb
fb3a7077d60acd6b8917fe877c0fa91bb836700a6b2c603f38f9a1c1cb89eae7

HTTP Headers

GET /it/u=3105392263,1108592492&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 37179
Connection: keep-alive
Expires: Wed, 22 Feb 2023 14:02:09 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 551eb5bc16e625cbee37678cf26a708e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 14:02:09 GMT
Ohc-Upstream-Trace: 58.20.204.56
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache56 [4], suzix85 [4]
Ohc-Response-Time: 1 0 0 0 243 243
Ohc-File-Size: 37179
X-Cache-Status: MISS
Timing-Allow-Origin: *

img1.baidu.com/it/u=495767018,3879542817&fm=253&fmt=auto&app=138&f=JPEG?w=650&h=420

119.96.52.35

200 OK

8.0 kB

URL HTTP/2
img1.baidu.com/it/u=495767018,3879542817&fm=253&fmt=auto&app=138&f=JPEG?w=650&h=420
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 650x420, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
8.0 kB (7972 bytes)
Hash
b30dea4a9c2ba694d072d5811c0a7f85
f113f37dbe75ea3d357e0ad05dd2e2f6611e17ea
108d8be55ce439107d314b69ecba400a83d45f67804d2f8f6d7525d44cbfec50

HTTP Headers

GET /it/u=495767018,3879542817&fm=253&fmt=auto&app=138&f=JPEG?w=650&h=420 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 7972
expires: Mon, 20 Feb 2023 16:39:10 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: b30dea4a9c2ba694d072d5811c0a7f85
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 16:39:10 GMT
ohc-cache-hit: wh4ct58 [1], suzix96 [4]
ohc-file-size: 7972
x-cache-status: MISS
X-Firefox-Spdy: h2

12441.url.tudown.com/uploads/images/345920.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/345920.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/345920.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2699921481,827172208&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

12441.url.tudown.com/uploads/images/942861.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/942861.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/942861.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2560484167,498899990&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

img0.baidu.com/it/u=2597466744,3347582294&fm=253&app=120&f=JPEG?w=200&h=200

118.112.225.35

200 OK

5.4 kB

URL HTTP/1.1
img0.baidu.com/it/u=2597466744,3347582294&fm=253&app=120&f=JPEG?w=200&h=200
IP
118.112.225.35:0
ASN
#4134 Chinanet

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Size
5.4 kB (5442 bytes)
Hash
a75ab1bca19fd26995c1f959477f5fbd
e2577f1b99c607e1961cb7de18db87647ea35a30
5da0bc5c28ee2400f5d7e734779d6fa0dce04ab697751089ebd3cad6108a00fd

HTTP Headers

GET /it/u=2597466744,3347582294&fm=253&app=120&f=JPEG?w=200&h=200 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 5442
Connection: keep-alive
Expires: Sun, 05 Feb 2023 21:47:00 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: a75ab1bca19fd26995c1f959477f5fbd
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 21:47:00 GMT
Ohc-Cache-HIT: cd6ct85 [1], xaix214 [4]
Ohc-File-Size: 5442
X-Cache-Status: MISS

12441.url.tudown.com/uploads/images/786319.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/786319.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/786319.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2067035217,501997824&fm=253&app=138&f=JPEG?w=800&h=500

12441.url.tudown.com/uploads/images/799800.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/799800.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/799800.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1510827784,2169095313&fm=253&app=120&f=JPEG?w=1422&h=800

12441.url.tudown.com/uploads/images/389729.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/389729.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/389729.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2412254335,3045779806&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
41d2cd9fd600bb91ad59f62e586f1644
340019bea6b5b65f8d10023462f9554835bac8bb
d25e2b750fff0550d2d90466565c1bd491d9cd77ec118b428e550e733faa5cef

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12441.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Wed, 25 Jan 2023 10:55:02 GMT
Etag: 758a43352c31327269acf95122a7c9fc
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=88C3CED89B2378E0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

12441.url.tudown.com/uploads/images/310501.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/310501.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/310501.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=4047985184,664300682&fm=224&app=112&f=JPEG?w=500&h=500

t14.baidu.com/it/u=4047985184,664300682&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

63 kB

URL HTTP/1.1
t14.baidu.com/it/u=4047985184,664300682&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
63 kB (62655 bytes)
Hash
8a0a42f125a4b7620ee9a97947033d9e
fa2cde1c6a5fecb6dad3308ddbb89748adb0c634
22ae3117a88f45a0ba891a56960751a5f15217867dfe95c497cf69d8b764bf6d

HTTP Headers

GET /it/u=4047985184,664300682&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 62655
Connection: keep-alive
Expires: Wed, 01 Feb 2023 08:07:29 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 8a0a42f125a4b7620ee9a97947033d9e
Age: 1171763
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 02 Jan 2023 08:07:29 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache60 [4], suzix209 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 62655
X-Cache-Status: HIT
Timing-Allow-Origin: *

12441.url.tudown.com/template/company/42xz/images/dian1.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/images/dian1.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1110 bytes)
Hash
de5d5d1c8fb00bc14f9512dd323b9ed8
9c7c5df21afb7b686932c96ecf7877e1e6adf243
982f48c65cf01077b0606401f082c15ee15f183903d5170f06d0bb3ae3b9b685

HTTP Headers

GET /template/company/42xz/images/dian1.png HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/png
Content-Length: 1110
Last-Modified: Thu, 05 Nov 2020 12:04:54 GMT
Connection: keep-alive
ETag: "5fa3ea66-456"
Accept-Ranges: bytes

img1.baidu.com/it/u=2490557759,3024050032&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

119.96.52.35

200 OK

21 kB

URL HTTP/2
img1.baidu.com/it/u=2490557759,3024050032&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
21 kB (21130 bytes)
Hash
498a30224b829c7be0210c6e0cfa5727
42d47beecd440aa3ada66ad8b2c48e59afb2bb5c
61c8363a4aafab61a7db3edb0f9c36a52699a119c48d6c6de7e2e7acdebefa7b

HTTP Headers

GET /it/u=2490557759,3024050032&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 21130
expires: Wed, 22 Feb 2023 02:25:01 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 498a30224b829c7be0210c6e0cfa5727
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:25:01 GMT
ohc-cache-hit: wh4ct61 [1], xaix147 [2]
ohc-file-size: 21130
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=3828806880,3054436164&fm=253&app=120&f=JPEG?w=800&h=1280

118.112.225.35

200 OK

104 kB

URL HTTP/1.1
img0.baidu.com/it/u=3828806880,3054436164&fm=253&app=120&f=JPEG?w=800&h=1280
IP
118.112.225.35:0
ASN
#4134 Chinanet

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x1280, components 3\012- data
Size
104 kB (104319 bytes)
Hash
07ca7d6b72ba5cab5a749010ad28f964
a4fed56391c13cf5c07163a7fce67ef3b8142f1b
388f018f57bf33a88a5e3e15474b86c409e7cced55847be5ca44584d7e6c0eb8

HTTP Headers

GET /it/u=3828806880,3054436164&fm=253&app=120&f=JPEG?w=800&h=1280 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:01 GMT
Content-Type: image/jpeg
Content-Length: 104319
Connection: keep-alive
Expires: Tue, 31 Jan 2023 15:36:27 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 07ca7d6b72ba5cab5a749010ad28f964
Age: 65928
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 01 Jan 2023 15:36:27 GMT
Ohc-Cache-HIT: cd6ct69 [4], suzix231 [4]
Ohc-File-Size: 104319
X-Cache-Status: HIT

12441.url.tudown.com/template/company/42xz/images/dian2.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
12441.url.tudown.com/template/company/42xz/images/dian2.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1106 bytes)
Hash
3cb1caaf45a919b2028a853add556aa8
c8b93e13049ae31ad5dcb2d267c8b3ee6a4466e8
039b652744162c3c599998f28f50e7154d297ce5028e7e4954f7d7354c5374a1

HTTP Headers

GET /template/company/42xz/images/dian2.png HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/png
Content-Length: 1106
Last-Modified: Thu, 05 Nov 2020 12:04:53 GMT
Connection: keep-alive
ETag: "5fa3ea65-452"
Accept-Ranges: bytes

img1.baidu.com/it/u=3211716428,2450027420&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560

119.96.52.35

200 OK

23 kB

URL HTTP/2
img1.baidu.com/it/u=3211716428,2450027420&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 420x560, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
23 kB (22996 bytes)
Hash
527f19845f693ce28d294c8a91073e3d
dc59bbae0d4afb7027a1eb32938aa3b006d1433e
9218d38aa6485668e9c74404bcd49b4ee16366127cc34ad0e741690af878d1fd

HTTP Headers

GET /it/u=3211716428,2450027420&fm=253&fmt=auto&app=138&f=JPEG?w=420&h=560 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 22996
expires: Wed, 25 Jan 2023 16:42:33 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 527f19845f693ce28d294c8a91073e3d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 26 Dec 2022 16:42:33 GMT
ohc-cache-hit: wh4ct68 [1], xaix142 [4]
ohc-file-size: 22996
x-cache-status: MISS
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2e590e1486b261b7f5672b2e4e264a87
91bb8eaf1a07f3a880ed73ee9a3a89b812f6f38c
f5ed9d2fd54192294de3ed62b62900ddfdfd230f07481b9092d6807c44b98a5c

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Sun, 29 Jan 2023 09:31:39 GMT
ETag: "91bb8eaf1a07f3a880ed73ee9a3a89b812f6f38c"
Last-Modified: Wed, 25 Jan 2023 09:31:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1034
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78f07969ba9eb51b-OSL

push.zhanzhang.baidu.com/push.js

112.34.113.148

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
112.34.113.148:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Wed, 25 Jan 2023 10:55:02 GMT
Etag: "4078521116"
Expires: Thu, 25 Jan 2024 10:55:02 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=96D6E4C5E97EA9BA47A7C7535834967B:FG=1; max-age=31536000; expires=Thu, 25-Jan-24 10:55:02 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

12441.url.tudown.com/uploads/images/352820.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/352820.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/352820.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1290045820,3813654257&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180

12441.url.tudown.com/uploads/images/450240.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/450240.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/450240.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1198001402,2502885747&fm=253&fmt=auto?w=1422&h=800

12441.url.tudown.com/uploads/images/221576.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/221576.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/221576.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2869376944,240111503&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

12441.url.tudown.com/uploads/images/364518.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/364518.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/364518.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=466228858,693931524&fm=224&app=112&f=JPEG?w=500&h=500

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1774496423&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=28246&r=0&ww=1280&u=http%3A%2F%2F12441.url.tudown.com%2Fdown%2Foffice2003%40394_2.exe&tt=ag%E5%B8%81%E6%B8%B8(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1774496423&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=28246&r=0&ww=1280&u=http%3A%2F%2F12441.url.tudown.com%2Fdown%2Foffice2003%40394_2.exe&tt=ag%E5%B8%81%E6%B8%B8(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1774496423&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=28246&r=0&ww=1280&u=http%3A%2F%2F12441.url.tudown.com%2Fdown%2Foffice2003%40394_2.exe&tt=ag%E5%B8%81%E6%B8%B8(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99v5.5.31 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12441.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Wed, 25 Jan 2023 10:55:02 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A5D6533AAD37239B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img1.baidu.com/it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699

119.96.52.35

200 OK

43 kB

URL HTTP/2
img1.baidu.com/it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x699, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
43 kB (42942 bytes)
Hash
b51278d62b15849f870278cc2ff4e802
39d5624a6f113803937b1362c7d89f98e3ff3596
1334f698f5ddd5fc0e640faf434f8c30af2e14171112edfd6994b6c9c1309f43

HTTP Headers

GET /it/u=3415786549,1590726208&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=699 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 42942
expires: Wed, 22 Feb 2023 12:25:17 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: b51278d62b15849f870278cc2ff4e802
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 12:25:17 GMT
ohc-cache-hit: wh4ct56 [1], qdix103 [2]
ohc-file-size: 42942
x-cache-status: MISS
X-Firefox-Spdy: h2

t14.baidu.com/it/u=466228858,693931524&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

64 kB

URL HTTP/1.1
t14.baidu.com/it/u=466228858,693931524&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
64 kB (63568 bytes)
Hash
5a3c9b6af72e31399458e2b07241b7f7
b5bb10be17f5671be734b85ce1681408e2b4bca4
aff2b4ea310479eadbc48c7488dbfc3a2a88a98712504378a7e00c9f34d25548

HTTP Headers

GET /it/u=466228858,693931524&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 63568
Connection: keep-alive
Expires: Wed, 22 Feb 2023 03:02:24 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 5a3c9b6af72e31399458e2b07241b7f7
Age: 26273
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 03:02:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [4], zhuzuncache64 [4], xaix97 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 63568
X-Cache-Status: HIT
Timing-Allow-Origin: *

img1.baidu.com/it/u=361379517,1180922377&fm=253&fmt=auto?w=500&h=666

119.96.52.35

200 OK

18 kB

URL HTTP/2
img1.baidu.com/it/u=361379517,1180922377&fm=253&fmt=auto?w=500&h=666
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x666, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (18526 bytes)
Hash
51755800a95a363182a79ce4fae6feed
3fd195843ed6c6bceb509a31f1692748d94ecd9e
5553151d55c3457bc6390ac5bc9203137ca8d4f28cf9fdcc3503db892a9c86dd

HTTP Headers

GET /it/u=361379517,1180922377&fm=253&fmt=auto?w=500&h=666 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 18526
expires: Thu, 09 Feb 2023 10:08:41 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 51755800a95a363182a79ce4fae6feed
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 10 Jan 2023 10:08:41 GMT
ohc-cache-hit: wh4ct61 [1], wzix61 [4]
ohc-file-size: 18526
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=480372950,107206618&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=611

119.96.52.35

200 OK

22 kB

URL HTTP/2
img1.baidu.com/it/u=480372950,107206618&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=611
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 658x611, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22374 bytes)
Hash
bb360b825fab4596ec25e0223de57644
6ec001bc1f5edf596bab8c3c8289aba7deced7f9
5f2177ee15c81900463b66fd780a89fefe04ea10460a9f4b14a24207d681dbc4

HTTP Headers

GET /it/u=480372950,107206618&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=611 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 22374
expires: Fri, 17 Feb 2023 05:15:57 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: bb360b825fab4596ec25e0223de57644
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 05:15:57 GMT
ohc-cache-hit: wh4ct52 [1], wzix52 [4]
ohc-file-size: 22374
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800

119.96.52.35

200 OK

46 kB

URL HTTP/2
img0.baidu.com/it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
46 kB (46040 bytes)
Hash
75267b8758347ce0a64418b3ca458308
c8f40ab25950608e7988eb466195da589eedf9b3
34f0cbbfe7c18e0196df95adc695b9d204c17cc6cee7a6cdc63740d1cc0018c6

HTTP Headers

GET /it/u=1197081998,3390289667&fm=253&fmt=auto&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 46040
expires: Sat, 04 Feb 2023 03:40:47 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 75267b8758347ce0a64418b3ca458308
age: 22262
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 05 Jan 2023 03:40:47 GMT
ohc-cache-hit: wh4ct67 [4], xiangyix67 [2]
ohc-file-size: 46040
x-cache-status: HIT
X-Firefox-Spdy: h2

12441.url.tudown.com/uploads/images/129974.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/129974.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/129974.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1961932304,1767046630&fm=253&fmt=auto&app=138&f=JPEG?w=769&h=500

12441.url.tudown.com/uploads/images/279262.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/279262.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/279262.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3983821376,693308332&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=388

img0.baidu.com/it/u=2067035217,501997824&fm=253&app=138&f=JPEG?w=800&h=500

118.112.225.35

200 OK

51 kB

URL HTTP/1.1
img0.baidu.com/it/u=2067035217,501997824&fm=253&app=138&f=JPEG?w=800&h=500
IP
118.112.225.35:0
ASN
#4134 Chinanet

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x500, components 3\012- data
Size
51 kB (50682 bytes)
Hash
c0fc80b1fcb5beacdc011b7e6f1c0e30
0b86142ec8708d959743438e96cd4f1de9903ca0
3918aeff8bc84e0948d2da688e3b8d5e84dfa6001af211f0aa5f0d157e787082

HTTP Headers

GET /it/u=2067035217,501997824&fm=253&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 50682
Connection: keep-alive
Expires: Mon, 06 Feb 2023 15:32:21 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: c0fc80b1fcb5beacdc011b7e6f1c0e30
Age: 557
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 15:32:21 GMT
Ohc-Cache-HIT: cd6ct69 [4], czix206 [2]
Ohc-File-Size: 50682
X-Cache-Status: HIT

12441.url.tudown.com/uploads/images/254110.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/254110.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/254110.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2412793942,4111203969&fm=253&fmt=auto&app=138&f=PNG?w=500&h=566

12441.url.tudown.com/uploads/images/833530.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/833530.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/833530.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=199387386,2089285301&fm=253&fmt=auto&app=138&f=JPG?w=800&h=500

12441.url.tudown.com/uploads/images/845210.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/845210.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/845210.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3706903065,1447992231&fm=253&fmt=auto&app=138&f=JPEG?w=425&h=600

img2.baidu.com/it/u=1216087049,1633987925&fm=253&app=120&f=JPEG?w=1422&h=800

119.96.52.35

200 OK

134 kB

URL HTTP/1.1
img2.baidu.com/it/u=1216087049,1633987925&fm=253&app=120&f=JPEG?w=1422&h=800
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
134 kB (134082 bytes)
Hash
021999d6bd147ffd060fb9e137035f36
44bfc05f9536c739ee989acc7325c5f2ce4a3689
a7c07302528f057aa446a3dbd723d0b8ae49c5f439fa900dd8facd54041a4daf

HTTP Headers

GET /it/u=1216087049,1633987925&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 134082
Connection: keep-alive
Expires: Sun, 12 Feb 2023 13:43:37 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 021999d6bd147ffd060fb9e137035f36
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 13:43:37 GMT
Ohc-Cache-HIT: wh4ct61 [2], czix141 [4]
Ohc-File-Size: 134082
X-Cache-Status: MISS

12441.url.tudown.com/uploads/images/288419.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/288419.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/288419.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=415071252,2905613793&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130

180.97.251.250

200 OK

20 B

URL HTTP/2
s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
IP
180.97.251.250:0
ASN
#4134 Chinanet

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /z_stat.php?id=1275003130&web_id=1275003130 HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12441.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Wed, 25 Jan 2023 10:12:58 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Wed, 25 Jan 2023 10:12:58 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1674641578
via: cache68.l2cn1836[0,0,200-0,H], cache28.l2cn1836[0,0], cache8.cn2205[0,0,200-0,H], cache6.cn2205[3,0]
age: 2525
x-cache: HIT TCP_MEM_HIT dirn:13:248457381
x-swift-savetime: Wed, 25 Jan 2023 10:18:10 GMT
x-swift-cachetime: 3288
timing-allow-origin: *
eagleid: b461fb1a16746441030182623e
X-Firefox-Spdy: h2

img1.baidu.com/it/u=2560484167,498899990&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

119.96.52.35

200 OK

66 kB

URL HTTP/2
img1.baidu.com/it/u=2560484167,498899990&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
66 kB (66432 bytes)
Hash
caaa30944a070eaac34c0a1421108e2d
e9a1c054c5fe2e7004d0e74878f99224469f00ce
121fc3714ba45b310d5b84bf04e493ec4856f61fe257ae5a58fd0753407a835c

HTTP Headers

GET /it/u=2560484167,498899990&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 66432
expires: Wed, 22 Feb 2023 03:01:19 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: caaa30944a070eaac34c0a1421108e2d
age: 26267
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:01:19 GMT
ohc-cache-hit: wh4ct55 [4], xaix247 [2]
ohc-file-size: 66432
x-cache-status: HIT
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1510827784,2169095313&fm=253&app=120&f=JPEG?w=1422&h=800

118.112.225.35

200 OK

140 kB

URL HTTP/1.1
img0.baidu.com/it/u=1510827784,2169095313&fm=253&app=120&f=JPEG?w=1422&h=800
IP
118.112.225.35:0
ASN
#4134 Chinanet

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
140 kB (139777 bytes)
Hash
4e5ac3253d1111d5242f83fe280d5d40
c3d8c2a7adfe679952a72f62da3a2821d943f1b5
f69d1a3fce1e743afadbcc30aa746613553b4268125bc327770761fb28eba9d2

HTTP Headers

GET /it/u=1510827784,2169095313&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:02 GMT
Content-Type: image/jpeg
Content-Length: 139777
Connection: keep-alive
Expires: Thu, 23 Feb 2023 06:42:30 GMT
Last-Modified: Mon, 12 Jan 1970 00:00:00 GMT
ETag: 4e5ac3253d1111d5242f83fe280d5d40
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 24 Jan 2023 06:42:30 GMT
Ohc-Cache-HIT: cd6ct59 [2], suzix162 [4]
Ohc-File-Size: 139777
X-Cache-Status: MISS

12441.url.tudown.com/uploads/images/907287.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/907287.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/907287.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1961172537,857042196&fm=224&app=112&f=JPEG?w=500&h=500

js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d

101.198.192.7

200 OK

117 B

URL HTTP/1.1
js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
IP
101.198.192.7:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
HTML document, ASCII text, with no line terminators
Size
117 B (117 bytes)
Hash
807bb08bf1c51aaff763edb0f02719ef
6e089da63e5751494b32d77031df30ec3c8be067
7eb411ad7be2e6af85645f2a2b6401bf6085fe4e0436d004f33710bb84a7be4e

HTTP Headers

GET /11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d HTTP/1.1
Host: js.passport.qihucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/

HTTP/1.1 200 OK
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 07:43:20 GMT
Cache-Control: max-age=600
Expires: Wed, 25 Jan 2023 11:05:03 GMT
KCS-Via: HIT from w-fc01.hkht;MISS from w-sc01.hkht
Content-Encoding: gzip

12441.url.tudown.com/uploads/images/94357.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/94357.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/94357.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3047439696,203865399&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

img2.baidu.com/it/u=789303378,4063216615&fm=253&fmt=auto&app=138&f=GIF?w=640&h=467

119.96.52.35

200 OK

177 kB

URL HTTP/2
img2.baidu.com/it/u=789303378,4063216615&fm=253&fmt=auto&app=138&f=GIF?w=640&h=467
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
GIF image data, version 89a, 640 x 467\012- data
Size
177 kB (176756 bytes)
Hash
78d856590b8f34140b86bbd2917d585a
55bcae5ff46d488361a69e454dff3f8628539220
4e6de07ab997c5e735ded37c27205c4b45fe5ea0afb65061ba38c3521764422a

HTTP Headers

GET /it/u=789303378,4063216615&fm=253&fmt=auto&app=138&f=GIF?w=640&h=467 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/gif
content-length: 176756
expires: Thu, 23 Feb 2023 07:34:00 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 78d856590b8f34140b86bbd2917d585a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 07:34:00 GMT
ohc-cache-hit: wh4ct66 [2], bdix164 [3]
ohc-file-size: 176756
x-cache-status: MISS
X-Firefox-Spdy: h2

t15.baidu.com/it/u=1961172537,857042196&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

27 kB

URL HTTP/1.1
t15.baidu.com/it/u=1961172537,857042196&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
27 kB (26714 bytes)
Hash
6fe24e19b0f6369fc494efe1fe0c2f77
9d8b029f2ce7d279c5c2bda71db6e1aad2dc44c0
c46ee8993e733ddf51921e6509761547689726477353b0540c7b929ba1a3cd51

HTTP Headers

GET /it/u=1961172537,857042196&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpeg
Content-Length: 26714
Connection: keep-alive
Expires: Mon, 30 Jan 2023 10:57:19 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 6fe24e19b0f6369fc494efe1fe0c2f77
Age: 28377
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 31 Dec 2022 10:57:18 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache52 [1], suzix187 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 26714
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=2699921481,827172208&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

119.96.52.35

200 OK

30 kB

URL HTTP/2
img2.baidu.com/it/u=2699921481,827172208&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (30294 bytes)
Hash
99b3a8bf37cc61dae9b5ab1d847a4073
66b6f025914905ae7f059cffd1c88337413e79e3
42b0b11ace4e7cf96400e54398746e0a2488bb450884a15409c63e6ad2c7f514

HTTP Headers

GET /it/u=2699921481,827172208&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 30294
expires: Fri, 03 Feb 2023 04:28:24 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 99b3a8bf37cc61dae9b5ab1d847a4073
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 04 Jan 2023 04:28:24 GMT
ohc-cache-hit: wh4ct53 [1], wzix89 [2]
ohc-file-size: 30294
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2412254335,3045779806&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170

119.96.52.35

200 OK

4.9 kB

URL HTTP/2
img0.baidu.com/it/u=2412254335,3045779806&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 130x170, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.9 kB (4926 bytes)
Hash
12055e83d6901819ac9d4554e2b048da
77c9f80477e49bd4691bdf9a0d48e23a28a5d095
8faebb08f8d214ad6ed825eb189e34ca8a4e39ca8ff78016d0cbe506fa382da4

HTTP Headers

GET /it/u=2412254335,3045779806&fm=253&fmt=auto&app=138&f=JPEG?w=130&h=170 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 4926
expires: Fri, 03 Feb 2023 13:23:08 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 12055e83d6901819ac9d4554e2b048da
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 04 Jan 2023 13:23:08 GMT
ohc-cache-hit: wh4ct63 [1], csix63 [2]
ohc-file-size: 4926
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=3353001573,3703188798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688

119.96.52.35

200 OK

39 kB

URL HTTP/2
img0.baidu.com/it/u=3353001573,3703188798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x688, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
39 kB (38608 bytes)
Hash
b34da9f1967d287640bc694e4ab8a586
d329d067bc17cfd87f77e2efeefb51c2fb6e1fe6
422f3018723bc1e6f81d9a9d5c66e2f12162a5b0eaf1168f522d49702a586097

HTTP Headers

GET /it/u=3353001573,3703188798&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=688 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 38608
expires: Sun, 19 Feb 2023 20:55:02 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: b34da9f1967d287640bc694e4ab8a586
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 20:55:02 GMT
ohc-cache-hit: wh4ct56 [1], suzix111 [4]
ohc-file-size: 38608
x-cache-status: MISS
X-Firefox-Spdy: h2

s6.qhres2.com/static/ab77b6ea7f3fbf79.js

54.230.111.11

200 OK

478 B

URL HTTP/1.1
s6.qhres2.com/static/ab77b6ea7f3fbf79.js
IP
54.230.111.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (478), with no line terminators
Size
478 B (478 bytes)
Hash
5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a

HTTP Headers

GET /static/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s6.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 478
Connection: keep-alive
Date: Mon, 26 Sep 2022 01:48:25 GMT
X-QSTATIC-HIT: 1
Last-Modified: Mon, 01 Jan 2018 00:00:00 GMT
ETag: W/"b300475a05992239"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Expires: Thu, 23 Sep 2032 01:48:25 GMT
KCS-Via: HIT from w-fc01.lato;MISS from w-sc02.lato
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: YcciXRsVoaNzRZp-oGPdX2C1DGNcQFJHxQyrh7wSUO6LzgtiWzgbeg==
Age: 10487198

img0.baidu.com/it/u=1290045820,3813654257&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180

119.96.52.35

200 OK

11 kB

URL HTTP/2
img0.baidu.com/it/u=1290045820,3813654257&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 280x180, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (11230 bytes)
Hash
482f51bbd0ab69a6283d11831068194c
cb2a5c93a3ae375b928f021203b908380b22ca56
16e8715821e49bfc59bf0e2cbfcbe407e28228dcebcff541a4a9e11cd6f711df

HTTP Headers

GET /it/u=1290045820,3813654257&fm=253&fmt=auto&app=138&f=JPEG?w=280&h=180 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 11230
expires: Sun, 05 Feb 2023 08:12:01 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 482f51bbd0ab69a6283d11831068194c
age: 122456
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 08:12:01 GMT
ohc-cache-hit: wh4ct67 [4], czix130 [2]
ohc-file-size: 11230
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=199387386,2089285301&fm=253&fmt=auto&app=138&f=JPG?w=800&h=500

119.96.52.35

200 OK

32 kB

URL HTTP/1.1
img2.baidu.com/it/u=199387386,2089285301&fm=253&fmt=auto&app=138&f=JPG?w=800&h=500
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31572 bytes)
Hash
c1733bd95f474b8f06fc683184a173ef
739e6fee05a6d981b600120b69efee0429ef309c
da611a26a711e2dcab78e48c1a3cfc12ee7369e6d83106c39525b3e08cebc37e

HTTP Headers

GET /it/u=199387386,2089285301&fm=253&fmt=auto&app=138&f=JPG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/webp
Content-Length: 31572
Connection: keep-alive
Expires: Thu, 16 Feb 2023 02:48:48 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: c1733bd95f474b8f06fc683184a173ef
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 17 Jan 2023 02:48:48 GMT
Ohc-Cache-HIT: wh4ct63 [1], bdix241 [2]
Ohc-File-Size: 31572
X-Cache-Status: MISS

12441.url.tudown.com/uploads/images/963303.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/963303.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/963303.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3640963258,3727474664&fm=224&app=112&f=JPEG?w=500&h=500

12441.url.tudown.com/uploads/images/989411.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/989411.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/989411.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2141134280,549958465&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

img2.baidu.com/it/u=1198001402,2502885747&fm=253&fmt=auto?w=1422&h=800

119.96.52.35

200 OK

93 kB

URL HTTP/2
img2.baidu.com/it/u=1198001402,2502885747&fm=253&fmt=auto?w=1422&h=800
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
93 kB (93310 bytes)
Hash
bdde5195904a8425e0cbac570e54f735
8f62ab6bae60ec4db66a45eb052307383f088965
a21dd148790eaa74bd0595ca32a72f26a790304af766c2eb2f0589e074b3e21f

HTTP Headers

GET /it/u=1198001402,2502885747&fm=253&fmt=auto?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 93310
expires: Mon, 20 Feb 2023 13:02:14 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: bdde5195904a8425e0cbac570e54f735
age: 89789
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 13:02:14 GMT
ohc-cache-hit: wh4ct57 [4], suzix170 [2]
ohc-file-size: 93310
x-cache-status: HIT
X-Firefox-Spdy: h2

12441.url.tudown.com/uploads/images/785997.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/785997.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/785997.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1527325839,3265889126&fm=253&app=138&f=JPEG?w=800&h=500

img2.baidu.com/it/u=2869376944,240111503&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

119.96.52.35

200 OK

38 kB

URL HTTP/2
img2.baidu.com/it/u=2869376944,240111503&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (37890 bytes)
Hash
c80433b395f3db818aadee47c292d273
6494dbabbecda7936e6b5a745134532d1b71bd07
e6b2da2137eec0347d7be564cd48b341b28e6be08f6fe43ad3de44c442ceb250

HTTP Headers

GET /it/u=2869376944,240111503&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:02 GMT
content-type: image/webp
content-length: 37890
expires: Wed, 22 Feb 2023 20:43:56 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: c80433b395f3db818aadee47c292d273
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 20:43:56 GMT
ohc-cache-hit: wh4ct64 [1], xiangyix150 [4]
ohc-file-size: 37890
x-cache-status: MISS
X-Firefox-Spdy: h2

12441.url.tudown.com/uploads/images/763769.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12441.url.tudown.com/uploads/images/763769.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/763769.jpg HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681

img2.baidu.com/it/u=1961932304,1767046630&fm=253&fmt=auto&app=138&f=JPEG?w=769&h=500

119.96.52.35

200 OK

42 kB

URL HTTP/2
img2.baidu.com/it/u=1961932304,1767046630&fm=253&fmt=auto&app=138&f=JPEG?w=769&h=500
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 769x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
42 kB (41700 bytes)
Hash
dafd810c22e1f6b604afe4d4c8604184
36b6cbc9a894c207bb3cb8122f2d01755deb34ca
9c13d4e76855c06dd3a7df785442295028de1237874477cb8c26ab703d35630f

HTTP Headers

GET /it/u=1961932304,1767046630&fm=253&fmt=auto&app=138&f=JPEG?w=769&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 41700
expires: Mon, 30 Jan 2023 16:12:31 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: dafd810c22e1f6b604afe4d4c8604184
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 31 Dec 2022 16:12:31 GMT
ohc-cache-hit: wh4ct61 [1], xaix175 [2]
ohc-file-size: 41700
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=3983821376,693308332&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=388

119.96.52.35

200 OK

51 kB

URL HTTP/2
img0.baidu.com/it/u=3983821376,693308332&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=388
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 690x388, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
51 kB (51082 bytes)
Hash
9f0f060d681642a77c1be60804d019b1
517bf17771bf45b7a6dd7f5d0b4cbc20f7db6e84
bbc95736616898e1a748e8628e41f462178c36892c020f81d1328208dfa04feb

HTTP Headers

GET /it/u=3983821376,693308332&fm=253&fmt=auto&app=120&f=JPEG?w=690&h=388 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 51082
expires: Tue, 31 Jan 2023 08:05:48 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 9f0f060d681642a77c1be60804d019b1
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 01 Jan 2023 08:05:48 GMT
ohc-cache-hit: wh4ct51 [1], bdix220 [2]
ohc-file-size: 51082
x-cache-status: MISS
X-Firefox-Spdy: h2

api.share.baidu.com/s.gif?l=http://12441.url.tudown.com/down/office2003@394_2.exe

182.61.201.93

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://12441.url.tudown.com/down/office2003@394_2.exe
IP
182.61.201.93:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://12441.url.tudown.com/down/office2003@394_2.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Wed, 25 Jan 2023 10:55:03 GMT

img2.baidu.com/it/u=2412793942,4111203969&fm=253&fmt=auto&app=138&f=PNG?w=500&h=566

119.96.52.35

200 OK

109 kB

URL HTTP/2
img2.baidu.com/it/u=2412793942,4111203969&fm=253&fmt=auto&app=138&f=PNG?w=500&h=566
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x566, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
109 kB (109002 bytes)
Hash
f91789b7f7ffc24ff74aa180d0669785
be755720aae16161b14a39335e29acbdc3116a08
ac2b53e934b4ed89941450885469b2158ea1f986fe0c152c8ed95fd0e29e2c9e

HTTP Headers

GET /it/u=2412793942,4111203969&fm=253&fmt=auto&app=138&f=PNG?w=500&h=566 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 109002
expires: Sun, 12 Feb 2023 21:22:54 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: f91789b7f7ffc24ff74aa180d0669785
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 21:22:54 GMT
ohc-cache-hit: wh4ct56 [1], xiangyix224 [4]
ohc-file-size: 109002
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3706903065,1447992231&fm=253&fmt=auto&app=138&f=JPEG?w=425&h=600

119.96.52.35

200 OK

28 kB

URL HTTP/2
img2.baidu.com/it/u=3706903065,1447992231&fm=253&fmt=auto&app=138&f=JPEG?w=425&h=600
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 425x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (27946 bytes)
Hash
838a550eda8e3b6e4309b614d4161ddb
7ffdda15aea8bfd6cee868bde69a36ec39fa919c
dfd3daa64cae47d5522a5a59490d00d3844ae38b2c8f7c0594858fc1370a6d69

HTTP Headers

GET /it/u=3706903065,1447992231&fm=253&fmt=auto&app=138&f=JPEG?w=425&h=600 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 27946
expires: Sun, 05 Feb 2023 17:42:06 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 838a550eda8e3b6e4309b614d4161ddb
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 17:42:06 GMT
ohc-cache-hit: wh4ct57 [1], xaix100 [4]
ohc-file-size: 27946
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=415071252,2905613793&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

119.96.52.35

200 OK

76 kB

URL HTTP/2
img1.baidu.com/it/u=415071252,2905613793&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
76 kB (76416 bytes)
Hash
e440648515732d2a3c303793e2019f0d
ef9fc1670e2b34d8e39e2e407f31a2fc7264e5bc
ac532f6e25fff61cc717e5701c03a2c15c8ce919b6984441585de85e5e0ce230

HTTP Headers

GET /it/u=415071252,2905613793&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 76416
expires: Sat, 18 Feb 2023 05:50:13 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: e440648515732d2a3c303793e2019f0d
age: 22375
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 05:50:13 GMT
ohc-cache-hit: wh4ct55 [4], qdix217 [2]
ohc-file-size: 76416
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3047439696,203865399&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

119.96.52.35

200 OK

42 kB

URL HTTP/2
img2.baidu.com/it/u=3047439696,203865399&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x707, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
42 kB (42046 bytes)
Hash
131b34ace431e6e4f42c4328ca9c83d9
64457a720868975b44a5dce67826019234b64a5f
68bd0cdfde25baf4580454155e913896655fae765097cef158a181eb173fbc20

HTTP Headers

GET /it/u=3047439696,203865399&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 42046
expires: Wed, 22 Feb 2023 07:03:58 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 131b34ace431e6e4f42c4328ca9c83d9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 07:03:58 GMT
ohc-cache-hit: wh4ct50 [1], suzix50 [4]
ohc-file-size: 42046
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2141134280,549958465&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

119.96.52.35

200 OK

46 kB

URL HTTP/2
img2.baidu.com/it/u=2141134280,549958465&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
46 kB (46216 bytes)
Hash
75ad254749f2bdc3a6751e91a691cbb4
4dce2495a122a23867ab3294c240162c72e87d87
881d0aadb5f6e31cc99a876d3cb9c1d390389da6a933fa9c34a3519cb55b002d

HTTP Headers

GET /it/u=2141134280,549958465&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 46216
expires: Fri, 17 Feb 2023 16:06:48 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 75ad254749f2bdc3a6751e91a691cbb4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 16:06:48 GMT
ohc-cache-hit: wh4ct63 [1], qdix85 [2]
ohc-file-size: 46216
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681

119.96.52.35

200 OK

19 kB

URL HTTP/2
img2.baidu.com/it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681
IP
119.96.52.35:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x681, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18988 bytes)
Hash
fc144a19de6edc8fac134a63b616f86e
edf8b5ec243bdafe7002c8adc201c958432ba825
a17bd83bd92e7b4f579877358861a1703ccfffb7ec0c419fb55ca80723b9293b

HTTP Headers

GET /it/u=2635514434,3493085581&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=681 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12441.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Wed, 25 Jan 2023 10:55:03 GMT
content-type: image/webp
content-length: 18988
expires: Sun, 19 Feb 2023 07:32:00 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: fc144a19de6edc8fac134a63b616f86e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 07:32:00 GMT
ohc-cache-hit: wh4ct50 [1], wzix77 [4]
ohc-file-size: 18988
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1527325839,3265889126&fm=253&app=138&f=JPEG?w=800&h=500

118.112.225.35

200 OK

70 kB

URL HTTP/1.1
img0.baidu.com/it/u=1527325839,3265889126&fm=253&app=138&f=JPEG?w=800&h=500
IP
118.112.225.35:0
ASN
#4134 Chinanet

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x500, components 3\012- data
Size
70 kB (70227 bytes)
Hash
b4848be0b4288c82d0afec34c47996da
b75b61273e2e363cf2f2b119ad1c42945522dd28
bd74355b01130e99d965b6221779fb0b41a30da71043339eb914d2bac3d25a94

HTTP Headers

GET /it/u=1527325839,3265889126&fm=253&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:03 GMT
Content-Type: image/jpeg
Content-Length: 70227
Connection: keep-alive
Expires: Fri, 24 Feb 2023 10:51:03 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: b4848be0b4288c82d0afec34c47996da
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 10:51:03 GMT
Ohc-Cache-HIT: cd6ct80 [1], suzix146 [4]
Ohc-File-Size: 70227
X-Cache-Status: MISS

s.360.cn/so/zz.gif?url=http%3A%2F%2F12441.url.tudown.com%2Fdown%2Foffice2003%40394_2.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a22_641903e@33a090b29e0c

171.8.167.90

200 OK

0 B

URL HTTP/1.1
s.360.cn/so/zz.gif?url=http%3A%2F%2F12441.url.tudown.com%2Fdown%2Foffice2003%40394_2.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a22_641903e@33a090b29e0c
IP
171.8.167.90:0
ASN
#137687 Luoyang, Henan Province, P.R.China.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /so/zz.gif?url=http%3A%2F%2F12441.url.tudown.com%2Fdown%2Foffice2003%40394_2.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a22_641903e@33a090b29e0c HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/

HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Wed, 25 Jan 2023 10:55:04 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Tue, 23 Jul 2019 07:36:18 GMT
Connection: keep-alive
ETag: "5d36b8f2-0"
Accept-Ranges: bytes

12441.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
12441.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12441.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12441.url.tudown.com/down/office2003@394_2.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1674644101; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1674644101

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 Jan 2023 10:55:04 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

t14.baidu.com/it/u=3640963258,3727474664&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

64 kB

URL HTTP/1.1
t14.baidu.com/it/u=3640963258,3727474664&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
64 kB (64377 bytes)
Hash
e38afc01042c636cef3e44ea8d57859a
d1df894bbb40dd2f7c6f9b826b754e6a8411ac07
eafc849ffcd6c46dfdbc2f56e7a4873a33e3f6685c5e53da0827eaf66047ab75

HTTP Headers

GET /it/u=3640963258,3727474664&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12441.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Wed, 25 Jan 2023 10:55:05 GMT
Content-Type: image/jpeg
Content-Length: 64377
Connection: keep-alive
Expires: Wed, 22 Feb 2023 20:45:42 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: e38afc01042c636cef3e44ea8d57859a
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 23 Jan 2023 20:45:41 GMT
Ohc-Upstream-Trace: 58.20.204.62
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache62 [2], bdix178 [4]
Ohc-Response-Time: 1 0 0 1 1620 1620
Ohc-File-Size: 64377
X-Cache-Status: MISS
Timing-Allow-Origin: *

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML