Report - 12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402

Report Overview

Submitted URL
12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-01-23 09:12:18
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	341 B	796 B	93.184.220.29
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	359 B	1.9 kB	104.18.21.226
t15.baidu.com	33050	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	150 kB	185.10.104.124
js.passport.qihucdn.com	273795	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	324 B	462 B	101.198.192.7
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.224.181.225
img1.baidu.com	50158	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	418 kB	125.64.104.35
api.share.baidu.com	44629	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	477 B	114 B	182.61.201.93
t14.baidu.com	32559	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	354 B	24 kB	185.10.104.124
t13.baidu.com	32653	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	218 kB	185.10.104.124
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.76.226
push.zhanzhang.baidu.com	57139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	290 B	750 B	112.34.113.148
img0.baidu.com	50126	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.8 kB	424 kB	36.99.3.35
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	12 kB	103.235.46.191
s6.qhres2.com	910970	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	298 B	1.1 kB	54.230.111.35
s.360.cn	19814	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	644 B	238 B	180.163.251.230
12646.url.tudown.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	24 kB	86 kB	154.218.151.71
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
img2.baidu.com	50786	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.3 kB	581 kB	36.99.3.35
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	367 B	1.9 kB	104.18.21.226
s22.cnzz.com	87635	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	675 B	180.97.251.250

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-23	medium	12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	12646.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 12646.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 06:08:04 Last Seen2023-03-13 06:08:04 Times Seen1 Hash c50fb88148bcb068d0d0bb0ed86e9db9 fc2c6d174e0db3eaa1283bd64ac18f6e7da854fb f7bd9e4a90561d832615163a29e25a20be0f20201a5e9f6d81d4578c1969aa94 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 04:47:21 Times Seen37111272 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-26
Pretty URL push.zhanzhang.baidu.com/push.js IP 112.34.113.148 ASN #9808 China Mobile Communications Group Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-26 16:09:47 Times Seen19027 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	12646.url.tudown.com/template/company/42xz/js/soft.js	9.9 kB	2023-03-12	2023-06-15
Pretty URL 12646.url.tudown.com/template/company/42xz/js/soft.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-06-15 06:04:36 Times Seen205 Hash 5e32a0f26da3d6f80a8ba482448e7314 c5724c4245049e753a66805f2fe986c620071141 d2acdf1a20ffb5f140291d37fd878d834918e465e977c487720816d7bf69cf31 Loading...

	js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d	105 B	2023-03-07	2024-04-24
Pretty URL js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d IP 101.198.192.7 ASN #55992 Beijing Qihu Technology Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:51 Last Seen2024-04-24 09:12:38 Times Seen387 Hash 06b5672f6400f1eb3255c53b8716ec1b f35120a5317fa4f91b98abb29d0ee3ad899b55f7 42e703267bb95fd28b350c6f27fd014f39e6d88443a50b7322c14b76bb513e99 Loading...

	s6.qhres2.com/static/ab77b6ea7f3fbf79.js	478 B	2023-03-07	2024-04-25
Pretty URL s6.qhres2.com/static/ab77b6ea7f3fbf79.js IP 54.230.111.35 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-25 10:56:19 Times Seen2401 Hash 5dd27f8f2b042194c3cdabd62fd80110 c035036a939799d4c29b9c0f7229ae1953d03109 928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a Loading...

	12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe	254 B	2023-03-09	2023-12-23
Pretty URL 12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-26
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-26 08:30:56 Times Seen2525 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

	#3 Write - f6c66fa781641bc152896d4d331fb47c	107 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash f6c66fa781641bc152896d4d331fb47c 75058381be5febb338d4b018ff21ddeb72634f79 1b60638050239eb6f376f41ed7c52f5fa636ff1b2899f86fc62f093fdd6b3e8b Loading...

	#4 Write - fa85d85498e61666775145658e0c17ed	143 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash fa85d85498e61666775145658e0c17ed 0c7232cecdccc72b25160d2732cc180c3fe73160 ba9029ca999756c61255a5964826bb7f12d35e3dd5255cbc1cbfe47438995591 Loading...

	#5 Write - 49ab76f98f0ffd3c06e5f9e8fd523616	87 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 12:57:51 Last Seen2024-04-24 09:12:37 Times Seen259 Hash 49ab76f98f0ffd3c06e5f9e8fd523616 8ff32ae013817b78b340ba1c1ee24f34ca2d8b2a dacba7ea3ae581abd50497c748a9455c720f9c23b96c3826f9d45ef4db4f8db0 Loading...

HTTP Transactions (123)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8461
Expires: Mon, 23 Jan 2023 11:33:08 GMT
Date: Mon, 23 Jan 2023 09:12:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4714c95a0c854e38f9be444f9343bf14
07ce5eb635448f2b3bafbe51e4dfeef47cdf4f7b
4d47e08c9afb704096e93a51f6e95c0dc7c7bc31e67ded39998ff37ed56e0965

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4D47E08C9AFB704096E93A51F6E95C0DC7C7BC31E67DED39998FF37ED56E0965"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13793
Expires: Mon, 23 Jan 2023 13:02:00 GMT
Date: Mon, 23 Jan 2023 09:12:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
31c8743c2b5202ce0228bac5aad7229b
4b5eee8e1ecbfc992505003be58e265ff3a0ee0a
8b3b47ea29fc02b8a08ee2a340a05ab23e391f0eb3b8d6beb17516706bb2e94d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B3B47EA29FC02B8A08EE2A340A05AB23E391F0EB3B8D6BEB17516706BB2E94D"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9323
Expires: Mon, 23 Jan 2023 11:47:30 GMT
Date: Mon, 23 Jan 2023 09:12:07 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Content-Type, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 23 Jan 2023 08:42:36 GMT
content-type: application/json
age: 1771
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: dUAtYLbFRTLBso6garWHrStijvNAxMNVJAikZRPs7OIXPoyQ6GGzzBer18sDK2+bSHfTZMCYli02mjXpkogJyw==
x-amz-request-id: SVB6FQ4T9T5EVV1S
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 23 Jan 2023 08:47:39 GMT
age: 1468
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Mon, 23 Jan 2023 09:12:07 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 23 Jan 2023 08:17:30 GMT
age: 3278
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3434
Cache-Control: max-age=89513
Content-Type: application/ocsp-response
Date: Mon, 23 Jan 2023 09:12:08 GMT
Etag: "63ccfca7-1d7"
Expires: Tue, 24 Jan 2023 10:04:01 GMT
Last-Modified: Sun, 22 Jan 2023 09:06:47 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

154.218.151.71

200 OK

6.5 kB

URL HTTP/1.1
12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (311), with CRLF, LF line terminators
Size
6.5 kB (6469 bytes)
Hash
5f494191c7c71b4b1a45975979475af6
dced7d335ad862246cc21383e9bb7192ac7f8206
446b694df6b423d75d6bde05bfebcfe7dd412aa6ad32ae8e2f57ed2355735bd8

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:08 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.services.mozilla.com/

44.224.181.225

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.224.181.225:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ea4H4bTUIwdDDg8cYPrAiw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xEID6MAkBLClHK5IKEOnjjkRVBE=

12646.url.tudown.com/template/company/42xz/css/soft.css

154.218.151.71

200 OK

6.6 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/css/soft.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
6.6 kB (6556 bytes)
Hash
669589d0ffba3898ecf26c242eaed555
f6a564b66491cf102d5961fb95294d84192c9f11
00947ca9960fa7f5ad71c5f5343ded6e595dec626a9da917da58305fdc98e356

HTTP Headers

GET /template/company/42xz/css/soft.css HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:08 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea55-6438"
Expires: Mon, 23 Jan 2023 21:12:08 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12646.url.tudown.com/template/company/42xz/css/common.css

154.218.151.71

200 OK

1.9 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/css/common.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.9 kB (1933 bytes)
Hash
625ff65f2c44178957f32d288dd56ddf
cb918d56e4595594c56cab503ed56f84379e862d
2436857c00ba0ab148e7c16f63712844f5bb62e23379751d6dddd82abe667ac5

HTTP Headers

GET /template/company/42xz/css/common.css HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:08 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea53-1ccb"
Expires: Mon, 23 Jan 2023 21:12:08 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12646.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
12646.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:08 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12646.url.tudown.com/template/company/42xz/js/soft.js

154.218.151.71

200 OK

3.6 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/js/soft.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
3.6 kB (3643 bytes)
Hash
67be5352d7d3355ae57faad8a6221355
30f4a9a4a3dede0d2d72725ffa28958f45053e7e
1a59b7c5be683676fa54951bf4129899c3980e78c1f956c287f7cc0c001a857d

HTTP Headers

GET /template/company/42xz/js/soft.js HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:08 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea5a-26b2"
Expires: Mon, 23 Jan 2023 21:12:08 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12646.url.tudown.com/uploads/images/671010.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/671010.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/671010.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4148803095,2906783091&fm=253&fmt=auto&app=138&f=JPEG?w=740&h=500

12646.url.tudown.com/uploads/images/111023.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/111023.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/111023.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1738734957,2025461122&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=666

12646.url.tudown.com/uploads/images/287053.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/287053.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/287053.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1544056117,1167291343&fm=253&fmt=auto&app=138&f=JPEG?w=439&h=464

12646.url.tudown.com/uploads/images/433467.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/433467.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/433467.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905

12646.url.tudown.com/uploads/images/logo.png?n=422jx2mywps3raxixwx6jo5w46tzdzukqdtjlgpiqkzojofn4w7yg&w=250

154.218.151.71

200 OK

3.8 kB

URL HTTP/1.1
12646.url.tudown.com/uploads/images/logo.png?n=422jx2mywps3raxixwx6jo5w46tzdzukqdtjlgpiqkzojofn4w7yg&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.8 kB (3812 bytes)
Hash
405445478b5868faaa315d75e31d6b08
48fa2bf864e3424bf17910a49309151ccecbc43a
05eee47e2901d9c56172fd0f1ab6156e0ec9e414b3b4536e8c42ef1e0c6ce423

HTTP Headers

GET /uploads/images/logo.png?n=422jx2mywps3raxixwx6jo5w46tzdzukqdtjlgpiqkzojofn4w7yg&w=250 HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

12646.url.tudown.com/template/company/42xz/images/tab_line.png

154.218.151.71

200 OK

1.2 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/images/tab_line.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 190 x 7\012- data
Size
1.2 kB (1155 bytes)
Hash
4c54d42f73e777c70b63b1854b994bb5
6b751c2e611f485d04805ccc3ef84ba5c7868775
b86451a9f18cc0bffd106863661cecbc4abc2364f2898e3bc0796992f3ebbd06

HTTP Headers

GET /template/company/42xz/images/tab_line.png HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/png
Content-Length: 1155
Last-Modified: Thu, 05 Nov 2020 12:04:39 GMT
Connection: keep-alive
ETag: "5fa3ea57-483"
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aff1c8f8bde400381877e95444ca236d
c532f6f9daa1d1685b4a4b75c2ab171f1731f78e
02cbcddfab60c295e61e716b7880c5acc66533a2cc2b151b4c9674109eacb71a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "02CBCDDFAB60C295E61E716B7880C5ACC66533A2CC2B151B4C9674109EACB71A"
Last-Modified: Mon, 23 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20829
Expires: Mon, 23 Jan 2023 14:59:18 GMT
Date: Mon, 23 Jan 2023 09:12:09 GMT
Connection: keep-alive

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
96426b8d462171c1ea848ea196db325a
25b8fc5a23d0bf02a3809d59472cd972d8528ab6
6941e1fb273720cda3a858c32e07289afe914597d6f991523de4d318213daa37

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Fri, 27 Jan 2023 05:47:17 GMT
ETag: "25b8fc5a23d0bf02a3809d59472cd972d8528ab6"
Last-Modified: Mon, 23 Jan 2023 05:47:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2659
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78df67f39bcfb51b-OSL

12646.url.tudown.com/template/company/42xz/js/jquery.js

154.218.151.71

200 OK

46 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/js/jquery.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (65479), with CRLF line terminators
Size
46 kB (45799 bytes)
Hash
49fcb7f2a26c0656e22b75bfe591667f
f277ecd02517fc0f243fd9d882178473d4def06b
9ee94398fbe5a57c715dfdfe1b8d05ea964dd9947dba57dad68ee38ea381a2be

HTTP Headers

GET /template/company/42xz/js/jquery.js HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:08 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea62-1d491"
Expires: Mon, 23 Jan 2023 21:12:08 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12646.url.tudown.com/uploads/images/842762.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/842762.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/842762.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3762035869,1743347936&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312

12646.url.tudown.com/uploads/images/311692.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/311692.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/311692.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3045581000,3607603397&fm=253&fmt=auto&app=120&f=JPEG?w=1024&h=576

12646.url.tudown.com/uploads/images/939994.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/939994.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/939994.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3609124776,3344642436&fm=253&fmt=auto&app=138&f=JPEG?w=646&h=500

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8602
Expires: Mon, 23 Jan 2023 11:35:31 GMT
Date: Mon, 23 Jan 2023 09:12:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8602
Expires: Mon, 23 Jan 2023 11:35:31 GMT
Date: Mon, 23 Jan 2023 09:12:09 GMT
Connection: keep-alive

12646.url.tudown.com/uploads/images/518256.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/518256.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/518256.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2953553867,856548141&fm=253&app=138&f=JPEG?w=800&h=500

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8602
Expires: Mon, 23 Jan 2023 11:35:31 GMT
Date: Mon, 23 Jan 2023 09:12:09 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d5528af26e629a9bfbf0c421146b921f
1e4f99245d551384bedfe9b59b5f9905127d87bf
989830d93a90c30051b948a26ce403fb4370587ed3407d8d77ad0ad9cc28eb7a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "989830D93A90C30051B948A26CE403FB4370587ED3407D8D77AD0AD9CC28EB7A"
Last-Modified: Sun, 22 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16611
Expires: Mon, 23 Jan 2023 13:49:00 GMT
Date: Mon, 23 Jan 2023 09:12:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8602
Expires: Mon, 23 Jan 2023 11:35:31 GMT
Date: Mon, 23 Jan 2023 09:12:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg

34.120.237.76

200 OK

3.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.8 kB (3814 bytes)
Hash
c664f89307d9f2cc8170ca0816708ef9
cc010d66fe22fce8e82f9bbc78fc3b836120ff0b
c77d9cae0c4132f2695322b8c33fa875a341948ffb6c3023ddb1d3ef41c9ae23

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe0a4afa9-05c4-4ab9-b9eb-17970c04dbbb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3814
x-amzn-requestid: 48468720-0305-4f17-862b-f2f854fdfe41
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKq8mEPnIAMFzXg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdbeb6-470a030661c749ae0fa14c31;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 22:54:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 9hQjtfheswJHTaBL6yZ9UoowbsfqvbNqzUb9EOzaAppGv-fHat8O1A==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 23:09:20 GMT
etag: "cc010d66fe22fce8e82f9bbc78fc3b836120ff0b"
content-type: image/jpeg
age: 36169
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69f6ce48-0095-4b2b-b098-c6f6de90570c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10052 bytes)
Hash
5401628b3bdd03eeee51f68177ac4d41
bb12e1d1bc5a87d3fa05371894a8bc8eb3d1bb29
3e231ba2e44699d88ed1e28510dad0762a57e0854a11d40f752421bd41738944

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F69f6ce48-0095-4b2b-b098-c6f6de90570c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10052
x-amzn-requestid: 10422f29-dc81-41f9-b03e-76fb2b0f4f87
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e2vnHFT9oAMFbmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c5c62d-780503606bec4fff6e911fc8;Sampled=0
x-amzn-remapped-date: Mon, 16 Jan 2023 21:48:29 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NQaGhmXW_zeKd-WXUxi_z0e3Ul1YrtBgIbPEEWRfQfG7d8C0JyZdXg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:56:00 GMT
age: 40569
etag: "bb12e1d1bc5a87d3fa05371894a8bc8eb3d1bb29"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ed6afa7-c805-4ddd-a71c-bc9bde7aee5a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11818 bytes)
Hash
e42f475b1e14cb9d0939ef39db8e1f91
dda57d67c7b5f32123d3c9956dec8f805138b3bf
ace1e5843457dc5493432ea113059e67827e6c95d6998a7465dea1eb0e723a1e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ed6afa7-c805-4ddd-a71c-bc9bde7aee5a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11818
x-amzn-requestid: e80dab53-5137-4776-a105-b1933e9bda6b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEqu6GhZIAMFWSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb57f8-696c3a7f103b96a23ed4abec;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 03:11:52 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 5bEvPaVPmareEYTNHUoTIEtCn0EKpBBafR11mjrvwPFVS_DLFKgm3w==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 04:07:43 GMT
age: 18266
etag: "dda57d67c7b5f32123d3c9956dec8f805138b3bf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F27144ba0-24e7-4177-b8d9-4121af2315c9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.1 kB (4085 bytes)
Hash
3d0dd6e84bd1708aec285a9153eafabc
2d2729ca550ecdca29a502eb76c68f4eed623032
3c0492fc05ab9a35cd8d833a031aa907a473f2ff22fed0732fa331a0c2939660

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F27144ba0-24e7-4177-b8d9-4121af2315c9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4085
x-amzn-requestid: 444720ab-9a4d-40f7-a2e2-e574d4e2928d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBP0uEeToAMFepA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c9f9b7-113188a040ff40ad479415cc;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 02:17:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: wbZuUg06OrIyirTvHtsdGz2ux_OxhbBMbPHy_52LjsmknZIf6bLDBw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 ee8246c5442dace7525c74f6a799bb46.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 10:24:16 GMT
age: 82073
etag: "2d2729ca550ecdca29a502eb76c68f4eed623032"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.4 kB (3411 bytes)
Hash
805711aaab303931f8966bbf73aeda52
2bd02a45c8b407e36a41a482b121ea3e14f7c722
66268668c1a970268d75beb1b57f66a759bedac76958a3359cb23104de40fbeb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F602ef184-7161-4092-91b7-61e14eef28a5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3411
x-amzn-requestid: 62afd364-e94f-45ff-ba6c-9b589fc53e5f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e-EyCEzrIAMFb8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c8b4d9-203f51040f82f12d535446c4;Sampled=0
x-amzn-remapped-date: Thu, 19 Jan 2023 03:11:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3Ke5d5WguVrF_Phnhu9ojzN5Md0VkYnFfxKNoh5HHrmHwPI90IAIdA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 23 Jan 2023 05:22:52 GMT
age: 13757
etag: "2bd02a45c8b407e36a41a482b121ea3e14f7c722"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7982 bytes)
Hash
8ec35d753b6b816abcd14030255a7b76
a67bd0fa5beb10935442bef246bf4f52ec6e74bd
9adfddc8877a8ea9f1c3bcc0af99548cb11dc4e1d62a706bf9b2a5cc6d72e82f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faf2abec1-a455-47b9-9aaf-69794032330f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7982
x-amzn-requestid: 59d91715-b444-445e-bd6b-268fc630024b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fKezLExAIAMFSeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cdab47-1e12e8f335ea162532ce6aca;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 21:31:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R-9qgCHHj8iD9FEwYhzLoXAQvdrO6D6qRIWAvyQJyfB-LHDGUjvmzA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 21:47:59 GMT
age: 41050
etag: "a67bd0fa5beb10935442bef246bf4f52ec6e74bd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12646.url.tudown.com/uploads/images/553841.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/553841.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/553841.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1870909094,3152053285&fm=224&app=112&f=JPEG?w=500&h=500

12646.url.tudown.com/uploads/images/215068.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/215068.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/215068.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2178342176,334136329&fm=224&app=112&f=JPEG?w=500&h=500

12646.url.tudown.com/uploads/images/547705.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/547705.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/547705.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2963972600,467430340&fm=253&fmt=auto&app=138&f=JPEG?w=817&h=500

12646.url.tudown.com/uploads/images/438451.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/438451.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/438451.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=994974079,3103316515&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304

12646.url.tudown.com/uploads/images/199393.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/199393.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/199393.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=691017598,1672055796&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=438

12646.url.tudown.com/uploads/images/746562.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/746562.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/746562.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:09 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2587860714,1218417261&fm=253&fmt=auto&app=138&f=JPEG?w=822&h=500

12646.url.tudown.com/uploads/images/920930.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/920930.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/920930.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3890515155,698450370&fm=253&fmt=auto&app=138&f=JPEG?w=170&h=198

12646.url.tudown.com/uploads/images/401897.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/401897.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/401897.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=12504738,1935742948&fm=253&app=120&f=JPEG?w=1422&h=800

12646.url.tudown.com/uploads/images/594820.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/594820.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/594820.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=888062323,3123000522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

push.zhanzhang.baidu.com/push.js

112.34.113.148

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
112.34.113.148:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Mon, 23 Jan 2023 09:12:10 GMT
Etag: "4078521116"
Expires: Tue, 23 Jan 2024 09:12:10 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=1C286924CF4255EC7E612AC712C0CB71:FG=1; max-age=31536000; expires=Tue, 23-Jan-24 09:12:10 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

12646.url.tudown.com/uploads/images/738128.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/738128.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/738128.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3475017141,1283094648&fm=253&app=120&f=JPEG?w=1422&h=800

12646.url.tudown.com/uploads/images/677580.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/677580.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/677580.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1058416952,3850939019&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

12646.url.tudown.com/uploads/images/368332.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/368332.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/368332.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=638417828,1329192011&fm=224&app=112&f=JPEG?w=500&h=500

12646.url.tudown.com/uploads/images/153864.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/153864.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/153864.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281

12646.url.tudown.com/uploads/images/674263.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/674263.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/674263.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500

12646.url.tudown.com/uploads/images/622572.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/622572.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/622572.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2610518565,3169428047&fm=224&app=112&f=JPEG?w=500&h=500

12646.url.tudown.com/uploads/images/501664.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/501664.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/501664.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=327744268,3936377700&fm=253&fmt=auto&app=138&f=PNG?w=280&h=280

img2.baidu.com/it/u=2953553867,856548141&fm=253&app=138&f=JPEG?w=800&h=500

36.99.3.35

200 OK

65 kB

URL HTTP/1.1
img2.baidu.com/it/u=2953553867,856548141&fm=253&app=138&f=JPEG?w=800&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x500, components 3\012- data
Size
65 kB (64641 bytes)
Hash
7443e73d889f56da3756bf53743d9fd2
be76b5b172ef8058394c5de4e1d785943114b9f4
8f7ed69370cbf2b160e384667dc1786301bc3382f70d097a9a66c7c34d49d7ef

HTTP Headers

GET /it/u=2953553867,856548141&fm=253&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpeg
Content-Length: 64641
Connection: keep-alive
Expires: Fri, 17 Feb 2023 15:11:32 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 7443e73d889f56da3756bf53743d9fd2
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 15:11:32 GMT
Ohc-Cache-HIT: ly4ct81 [1], suzix81 [4]
Ohc-File-Size: 64641
X-Cache-Status: MISS

img0.baidu.com/it/u=4148803095,2906783091&fm=253&fmt=auto&app=138&f=JPEG?w=740&h=500

36.99.3.35

200 OK

40 kB

URL HTTP/2
img0.baidu.com/it/u=4148803095,2906783091&fm=253&fmt=auto&app=138&f=JPEG?w=740&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 740x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
40 kB (40188 bytes)
Hash
5b6847091c66efd9b57bbac1864a9810
19e98b8f651bb9a4ad4581b5515fcea3bded5962
2a9c77319ae0c9ea7a87283ddedca2f16e8263464c13e6c0893ee33e9a65a7e2

HTTP Headers

GET /it/u=4148803095,2906783091&fm=253&fmt=auto&app=138&f=JPEG?w=740&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 40188
expires: Sat, 11 Feb 2023 12:36:24 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 5b6847091c66efd9b57bbac1864a9810
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 12 Jan 2023 12:36:24 GMT
ohc-cache-hit: ly4ct86 [1], xaix86 [2]
ohc-file-size: 40188
x-cache-status: MISS
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
ba1b3f2c90593b5eea69894cc7d94cb8
75cb807f0777a6f43b72c4dc60814c9e3989a948
d0beadb192bd4be2557ff8812954497f09c361fe1bd55c2056a78956ab50f967

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12646.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Mon, 23 Jan 2023 09:12:09 GMT
Etag: ff29148fb0f9995f82b81936d5517a7d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=D44390FA9EE8B1D3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

12646.url.tudown.com/template/company/42xz/images/dian1.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/images/dian1.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1110 bytes)
Hash
de5d5d1c8fb00bc14f9512dd323b9ed8
9c7c5df21afb7b686932c96ecf7877e1e6adf243
982f48c65cf01077b0606401f082c15ee15f183903d5170f06d0bb3ae3b9b685

HTTP Headers

GET /template/company/42xz/images/dian1.png HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/png
Content-Length: 1110
Last-Modified: Thu, 05 Nov 2020 12:04:54 GMT
Connection: keep-alive
ETag: "5fa3ea66-456"
Accept-Ranges: bytes

12646.url.tudown.com/uploads/images/778575.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/778575.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/778575.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2738387667,1157168934&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

12646.url.tudown.com/template/company/42xz/images/dian2.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
12646.url.tudown.com/template/company/42xz/images/dian2.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1106 bytes)
Hash
3cb1caaf45a919b2028a853add556aa8
c8b93e13049ae31ad5dcb2d267c8b3ee6a4466e8
039b652744162c3c599998f28f50e7154d297ce5028e7e4954f7d7354c5374a1

HTTP Headers

GET /template/company/42xz/images/dian2.png HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/png
Content-Length: 1106
Last-Modified: Thu, 05 Nov 2020 12:04:53 GMT
Connection: keep-alive
ETag: "5fa3ea65-452"
Accept-Ranges: bytes

img1.baidu.com/it/u=3045581000,3607603397&fm=253&fmt=auto&app=120&f=JPEG?w=1024&h=576

125.64.104.35

200 OK

36 kB

URL HTTP/2
img1.baidu.com/it/u=3045581000,3607603397&fm=253&fmt=auto&app=120&f=JPEG?w=1024&h=576
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1024x576, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
36 kB (36292 bytes)
Hash
eb6edd7483393665ba33d26f02c65c84
52cca68e83075f4fdc98ce87b59ea0a8314ad16f
0b806c1421c134e4fa29490de84bf45681eb34e8a6c53e9f4b9beae7425607a2

HTTP Headers

GET /it/u=3045581000,3607603397&fm=253&fmt=auto&app=120&f=JPEG?w=1024&h=576 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 36292
expires: Tue, 07 Feb 2023 02:30:33 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: eb6edd7483393665ba33d26f02c65c84
age: 115215
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 08 Jan 2023 02:30:33 GMT
ohc-cache-hit: dy2ct105 [4], czix105 [4]
ohc-file-size: 36292
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1544056117,1167291343&fm=253&fmt=auto&app=138&f=JPEG?w=439&h=464

125.64.104.35

200 OK

11 kB

URL HTTP/2
img1.baidu.com/it/u=1544056117,1167291343&fm=253&fmt=auto&app=138&f=JPEG?w=439&h=464
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 439x464, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10814 bytes)
Hash
be13f0ddc525454aa35260d468bb015d
1d5bafd4216480a5140375ab62d1acfa893648c8
b4bb824ae0c468346367b03b322503b549cb298a236f8dbd694d02302c070659

HTTP Headers

GET /it/u=1544056117,1167291343&fm=253&fmt=auto&app=138&f=JPEG?w=439&h=464 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 10814
expires: Wed, 22 Feb 2023 00:30:33 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: be13f0ddc525454aa35260d468bb015d
age: 21970
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 00:30:33 GMT
ohc-cache-hit: dy2ct72 [4], xaix72 [2]
ohc-file-size: 10814
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3762035869,1743347936&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312

125.64.104.35

200 OK

6.3 kB

URL HTTP/2
img1.baidu.com/it/u=3762035869,1743347936&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x312, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
6.3 kB (6268 bytes)
Hash
76f95cd8eca62843b8d07705e97a1baf
f962a3787058aa63610828be0ecd518ba39b9e22
565fb0996ad45b67569efc6a7a8ccd1d55fee1ebdd94d6d4afecb83556b78dac

HTTP Headers

GET /it/u=3762035869,1743347936&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=312 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 6268
expires: Tue, 14 Feb 2023 10:11:17 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 76f95cd8eca62843b8d07705e97a1baf
age: 363434
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 10:11:17 GMT
ohc-cache-hit: dy2ct72 [4], bdix72 [2]
ohc-file-size: 6268
x-cache-status: HIT
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1738734957,2025461122&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=666

125.64.104.35

200 OK

11 kB

URL HTTP/2
img1.baidu.com/it/u=1738734957,2025461122&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=666
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x666, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10796 bytes)
Hash
62e920fb40fa00a6e5adf4854a812f4f
345096d0757ef469df02b272b1995c3fabd70761
2a43bc040dd415c2f5cd6b7ff27b28fdc5fc044b55fad3f5938f76db78759bb7

HTTP Headers

GET /it/u=1738734957,2025461122&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=666 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 10796
expires: Fri, 10 Feb 2023 02:38:56 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 62e920fb40fa00a6e5adf4854a812f4f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 02:38:56 GMT
ohc-cache-hit: dy2ct58 [1], wzix58 [4]
ohc-file-size: 10796
x-cache-status: MISS
X-Firefox-Spdy: h2

api.share.baidu.com/s.gif?l=http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

182.61.201.93

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe
IP
182.61.201.93:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Mon, 23 Jan 2023 09:12:10 GMT

t14.baidu.com/it/u=2610518565,3169428047&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

23 kB

URL HTTP/1.1
t14.baidu.com/it/u=2610518565,3169428047&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
23 kB (23323 bytes)
Hash
ee0b43f3210f3e31046bb43a27065c15
f7cc27b7b77baaed8df7f74e6dc775755a89debd
bf0f655c71bbdac859f38e43ca738634cad03da3772765a4b20c6582bf3d111a

HTTP Headers

GET /it/u=2610518565,3169428047&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpeg
Content-Length: 23323
Connection: keep-alive
Expires: Fri, 17 Feb 2023 15:55:35 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: ee0b43f3210f3e31046bb43a27065c15
Age: 371230
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 18 Jan 2023 15:55:35 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache61 [2], qdix187 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 23323
X-Cache-Status: HIT
Timing-Allow-Origin: *

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.21.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
54b4257370c9efa368a34f01c13b2271
c2e7bb7d14e03e11e52e93880baec5a72c60a02c
f44e7a566cc157ee1825577b4adfe54f2415eaaf09b6650233ac2c08ce51eb73

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Fri, 27 Jan 2023 06:10:31 GMT
ETag: "c2e7bb7d14e03e11e52e93880baec5a72c60a02c"
Last-Modified: Mon, 23 Jan 2023 06:10:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1658
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 78df67fbd92bb4e8-OSL

12646.url.tudown.com/uploads/images/880241.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/880241.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/880241.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3817488793,36521555&fm=253&fmt=auto&app=138&f=JPEG?w=450&h=600

12646.url.tudown.com/uploads/images/60137.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/60137.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/60137.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1661814497,1251114525&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671

12646.url.tudown.com/uploads/images/870441.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/870441.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/870441.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2621396840,30449884&fm=253&fmt=auto&app=138&f=JPEG?w=317&h=499

img1.baidu.com/it/u=3609124776,3344642436&fm=253&fmt=auto&app=138&f=JPEG?w=646&h=500

125.64.104.35

200 OK

20 kB

URL HTTP/2
img1.baidu.com/it/u=3609124776,3344642436&fm=253&fmt=auto&app=138&f=JPEG?w=646&h=500
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 646x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20350 bytes)
Hash
4892a749e095200f6cc88db5f6f264e9
87fe9969f4d1e5b25bc6a66a2ceae66376f8ba61
c508c22b060b49b3af1ab38d1cec9f10608e13fc5a20db4098f6c1f3015a980b

HTTP Headers

GET /it/u=3609124776,3344642436&fm=253&fmt=auto&app=138&f=JPEG?w=646&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 20350
expires: Wed, 08 Feb 2023 21:03:53 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 4892a749e095200f6cc88db5f6f264e9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 21:03:53 GMT
ohc-cache-hit: dy2ct91 [1], csix91 [4]
ohc-file-size: 20350
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905

36.99.3.35

200 OK

56 kB

URL HTTP/2
img0.baidu.com/it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x905, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
56 kB (56350 bytes)
Hash
bec30330094a6d614b040b659191fada
f46bdbf45be5b2adf30fe64748d8b8b2cc96a258
284463d6ecaa75576925fddd5df8a0440308d0adf51c000443492ebe663ffdee

HTTP Headers

GET /it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 56350
expires: Fri, 17 Feb 2023 12:27:46 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: bec30330094a6d614b040b659191fada
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 12:27:46 GMT
ohc-cache-hit: ly4ct95 [1], czix114 [4]
ohc-file-size: 56350
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=994974079,3103316515&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304

36.99.3.35

200 OK

11 kB

URL HTTP/2
img0.baidu.com/it/u=994974079,3103316515&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x304, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10654 bytes)
Hash
b9d14cb9204c70008797db9bb0da545d
2884c30dc159120af93155f5b2987130deec13a4
e46578e4d1715d0f499e2c405ab641e95bcb1354974678954213fea94c2b5eb0

HTTP Headers

GET /it/u=994974079,3103316515&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 10654
expires: Tue, 21 Feb 2023 11:38:25 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: b9d14cb9204c70008797db9bb0da545d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 11:38:25 GMT
ohc-cache-hit: ly4ct90 [1], xaix151 [4]
ohc-file-size: 10654
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=888062323,3123000522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

36.99.3.35

200 OK

12 kB

URL HTTP/2
img2.baidu.com/it/u=888062323,3123000522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (12346 bytes)
Hash
8837bb24fe5771274ba10c9b77c32a31
ed29804c7b24926b57c3b2d466fb9f2b9b7f8fc5
b715ef5d6e2b758f2ffcc7a84e9a6c06e7bb5c36ecfc0c3dc6b51c4934442a28

HTTP Headers

GET /it/u=888062323,3123000522&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 12346
expires: Tue, 31 Jan 2023 12:15:20 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 8837bb24fe5771274ba10c9b77c32a31
age: 23158
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 01 Jan 2023 12:15:20 GMT
ohc-cache-hit: ly4ct98 [4], csix98 [2]
ohc-file-size: 12346
x-cache-status: HIT
X-Firefox-Spdy: h2

img2.baidu.com/it/u=1058416952,3850939019&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

36.99.3.35

200 OK

22 kB

URL HTTP/2
img2.baidu.com/it/u=1058416952,3850939019&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (21606 bytes)
Hash
18071d602e6e62f3d21669e18c3ffcc7
1af7858ca13d6934c752af58b9c471b9ba236344
83385746ff8d376d2cc67e0a0206175060b9e4cc42dc2f3c51bc8f0694b5fdda

HTTP Headers

GET /it/u=1058416952,3850939019&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 21606
expires: Fri, 17 Feb 2023 06:35:56 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 18071d602e6e62f3d21669e18c3ffcc7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 06:35:56 GMT
ohc-cache-hit: ly4ct94 [1], czix122 [4]
ohc-file-size: 21606
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3890515155,698450370&fm=253&fmt=auto&app=138&f=JPEG?w=170&h=198

36.99.3.35

200 OK

4.9 kB

URL HTTP/2
img2.baidu.com/it/u=3890515155,698450370&fm=253&fmt=auto&app=138&f=JPEG?w=170&h=198
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 170x198, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.9 kB (4882 bytes)
Hash
11e0ff068194a43f900eab02108a19b3
41275924e29a24a9a358d4be1322bc85185cd8eb
e1471974f4607a9ce99bf87c0265bcfb0c6e2ef8f7516772f1fd12d066b3119b

HTTP Headers

GET /it/u=3890515155,698450370&fm=253&fmt=auto&app=138&f=JPEG?w=170&h=198 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 4882
expires: Mon, 06 Feb 2023 04:37:09 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 11e0ff068194a43f900eab02108a19b3
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 04:37:09 GMT
ohc-cache-hit: ly4ct88 [1], csix88 [2]
ohc-file-size: 4882
x-cache-status: MISS
X-Firefox-Spdy: h2

12646.url.tudown.com/uploads/images/43190.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/43190.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/43190.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2467790899,2214742682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304

12646.url.tudown.com/uploads/images/38093.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/38093.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/38093.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2279520874,1220153587&fm=253&app=120&f=JPEG?w=1280&h=800

12646.url.tudown.com/uploads/images/736573.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/736573.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/736573.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4241172321,3067053686&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1549450174&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=45879&r=0&ww=1280&u=http%3A%2F%2F12646.url.tudown.com%2Fdown%2F%25E5%2593%2588%25E5%25A7%2586%25E5%25A4%25AA%25E9%2583%258E%25E7%25AC%25AC%25E5%259B%259B%25E5%25AD%25A3%25E5%2585%25A8%25E9%259B%2586%25E7%2599%25BE%25E5%25BA%25A6%25E4%25BA%2591%25E7%25BD%2591%25E7%259B%2598%40402_2.exe&tt=%E5%87%AF%E5%8F%91k8%E6%97%97%E8%88%B0%E5%8E%85ag%E7%99%BB%E5%BD%95(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1549450174&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=45879&r=0&ww=1280&u=http%3A%2F%2F12646.url.tudown.com%2Fdown%2F%25E5%2593%2588%25E5%25A7%2586%25E5%25A4%25AA%25E9%2583%258E%25E7%25AC%25AC%25E5%259B%259B%25E5%25AD%25A3%25E5%2585%25A8%25E9%259B%2586%25E7%2599%25BE%25E5%25BA%25A6%25E4%25BA%2591%25E7%25BD%2591%25E7%259B%2598%40402_2.exe&tt=%E5%87%AF%E5%8F%91k8%E6%97%97%E8%88%B0%E5%8E%85ag%E7%99%BB%E5%BD%95(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1549450174&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=45879&r=0&ww=1280&u=http%3A%2F%2F12646.url.tudown.com%2Fdown%2F%25E5%2593%2588%25E5%25A7%2586%25E5%25A4%25AA%25E9%2583%258E%25E7%25AC%25AC%25E5%259B%259B%25E5%25AD%25A3%25E5%2585%25A8%25E9%259B%2586%25E7%2599%25BE%25E5%25BA%25A6%25E4%25BA%2591%25E7%25BD%2591%25E7%259B%2598%40402_2.exe&tt=%E5%87%AF%E5%8F%91k8%E6%97%97%E8%88%B0%E5%8E%85ag%E7%99%BB%E5%BD%95(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99%2F%E6%89%8B%E6%9C%BA%E6%9C%80%E6%96%B0%E7%89%88%E4%B8%8B%E8%BD%BD HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12646.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Mon, 23 Jan 2023 09:12:10 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=12E869C95367D93D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img2.baidu.com/it/u=2963972600,467430340&fm=253&fmt=auto&app=138&f=JPEG?w=817&h=500

36.99.3.35

200 OK

39 kB

URL HTTP/2
img2.baidu.com/it/u=2963972600,467430340&fm=253&fmt=auto&app=138&f=JPEG?w=817&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 817x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
39 kB (39448 bytes)
Hash
4feec49cdfe748adbfbe2540fb2a8c81
52977e670ff0bfef4eb92cc2ef86b7270762ea0f
6837a0983ab4e2997b13f3defffd05e9d6e1a0f3440d717cc6576788afb15d6e

HTTP Headers

GET /it/u=2963972600,467430340&fm=253&fmt=auto&app=138&f=JPEG?w=817&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 39448
expires: Sun, 05 Feb 2023 13:01:50 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 4feec49cdfe748adbfbe2540fb2a8c81
age: 191026
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 13:01:50 GMT
ohc-cache-hit: ly4ct89 [4], wzix89 [4]
ohc-file-size: 39448
x-cache-status: HIT
X-Firefox-Spdy: h2

12646.url.tudown.com/uploads/images/807538.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/807538.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/807538.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3498999805,3651009368&fm=224&app=112&f=JPEG?w=500&h=500

12646.url.tudown.com/uploads/images/359629.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/359629.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/359629.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=141490481,2574890035&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=465

img2.baidu.com/it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281

36.99.3.35

200 OK

24 kB

URL HTTP/2
img2.baidu.com/it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x281, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (24470 bytes)
Hash
9b2ba0020723f2839267a1ed6c71882d
36a1e8d7504e207c284d47e653882ec871687fa5
3b08ef96670093c7afd0c587813471bbf7acefee7ebe0904c1ab3d7c7b2962fb

HTTP Headers

GET /it/u=4130603076,2346847886&fm=253&fmt=auto?w=500&h=281 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 24470
expires: Mon, 20 Feb 2023 06:23:21 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9b2ba0020723f2839267a1ed6c71882d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:23:21 GMT
ohc-cache-hit: ly4ct73 [1], bdix148 [4]
ohc-file-size: 24470
x-cache-status: MISS
X-Firefox-Spdy: h2

12646.url.tudown.com/uploads/images/326401.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/326401.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/326401.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3677174601,3476162483&fm=253&app=120&f=JPEG?w=1280&h=800

img2.baidu.com/it/u=2587860714,1218417261&fm=253&fmt=auto&app=138&f=JPEG?w=822&h=500

36.99.3.35

200 OK

45 kB

URL HTTP/2
img2.baidu.com/it/u=2587860714,1218417261&fm=253&fmt=auto&app=138&f=JPEG?w=822&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 822x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
45 kB (45166 bytes)
Hash
0539f514f7dd077a886dbd1fccf15f3e
59ec712c81b6e65417a2b74e404267476a04e0c6
b9f77c7c50bfbbe21c67c2dbe08e2b6f6b9f813a25fa1968f594106938027da3

HTTP Headers

GET /it/u=2587860714,1218417261&fm=253&fmt=auto&app=138&f=JPEG?w=822&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 45166
expires: Sun, 12 Feb 2023 12:52:58 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 0539f514f7dd077a886dbd1fccf15f3e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 13 Jan 2023 12:52:58 GMT
ohc-cache-hit: ly4ct57 [1], wzix57 [4]
ohc-file-size: 45166
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=327744268,3936377700&fm=253&fmt=auto&app=138&f=PNG?w=280&h=280

36.99.3.35

200 OK

30 kB

URL HTTP/2
img0.baidu.com/it/u=327744268,3936377700&fm=253&fmt=auto&app=138&f=PNG?w=280&h=280
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image\012- data
Size
30 kB (30452 bytes)
Hash
9f72ab8594b023e8e42f085f2a8b2d10
56e43352835cec839de507ec903555f64a1bba77
a1da1fb8079bb9c72a744aa165f4cefe82c5098d37d6df5446f424fcc9d5fbd4

HTTP Headers

GET /it/u=327744268,3936377700&fm=253&fmt=auto&app=138&f=PNG?w=280&h=280 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 30452
expires: Tue, 21 Feb 2023 08:25:46 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 9f72ab8594b023e8e42f085f2a8b2d10
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 08:25:46 GMT
ohc-cache-hit: ly4ct73 [1], xaix73 [2]
ohc-file-size: 30452
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=691017598,1672055796&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=438

36.99.3.35

200 OK

31 kB

URL HTTP/2
img2.baidu.com/it/u=691017598,1672055796&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=438
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 658x438, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
31 kB (31426 bytes)
Hash
211d0ab373cadbbac8ce9a843f9fbf17
b449471b30807ecfeaf6899bfc6a2ea9c1abd9ba
8a90c8cbd6bc618763e3f70ce2786528833702880f456c2b02a7f21d6083fcd9

HTTP Headers

GET /it/u=691017598,1672055796&fm=253&fmt=auto&app=120&f=JPEG?w=658&h=438 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:10 GMT
content-type: image/webp
content-length: 31426
expires: Sat, 18 Feb 2023 01:45:09 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 211d0ab373cadbbac8ce9a843f9fbf17
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 01:45:09 GMT
ohc-cache-hit: ly4ct71 [1], czix143 [2]
ohc-file-size: 31426
x-cache-status: MISS
X-Firefox-Spdy: h2

12646.url.tudown.com/uploads/images/872689.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/872689.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/872689.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2858881226,3364858545&fm=224&app=112&f=JPEG?w=470&h=500

12646.url.tudown.com/uploads/images/523891.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/523891.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/523891.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=4107556145,2197776600&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667

img0.baidu.com/it/u=1661814497,1251114525&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671

36.99.3.35

200 OK

22 kB

URL HTTP/2
img0.baidu.com/it/u=1661814497,1251114525&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x671, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22016 bytes)
Hash
9a21e5a1437cacb9ea28e276e4c6a1b2
5ac9a4374f76a20fa3893844f42ba749be700d12
3cebfeb78d046bf11f9563a351e7d29bc0abb6c8e277ba41606afc7481a8d0f3

HTTP Headers

GET /it/u=1661814497,1251114525&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=671 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 22016
expires: Mon, 06 Feb 2023 08:09:44 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 9a21e5a1437cacb9ea28e276e4c6a1b2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 08:09:44 GMT
ohc-cache-hit: ly4ct54 [1], czix54 [4]
ohc-file-size: 22016
x-cache-status: MISS
X-Firefox-Spdy: h2

t15.baidu.com/it/u=1870909094,3152053285&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

35 kB

URL HTTP/1.1
t15.baidu.com/it/u=1870909094,3152053285&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
35 kB (35288 bytes)
Hash
791d368faf7b43983d47c698be5cedc8
1e9be94cde480638d87bcad143cadd9c26f66dc4
bdd48cea84334e48bbddddc44a5baaf02c488a38ff3ee42457d5ed394ad59e1a

HTTP Headers

GET /it/u=1870909094,3152053285&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 35288
Connection: keep-alive
Expires: Thu, 02 Feb 2023 23:21:05 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 791d368faf7b43983d47c698be5cedc8
Age: 993977
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 03 Jan 2023 23:21:05 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache50 [4], bdix67 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 35288
X-Cache-Status: HIT
Timing-Allow-Origin: *

12646.url.tudown.com/uploads/images/110203.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/110203.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/110203.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1245082095,4060935924&fm=253&fmt=auto&app=138&f=JPEG?w=580&h=435

t13.baidu.com/it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

64 kB

URL HTTP/1.1
t13.baidu.com/it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
64 kB (63836 bytes)
Hash
23ff52a9180ce32c627976178f696784
01ad874431bdf6adf60395117e5065b2687571a4
4e03acbe003d62ed6d3817a0d6c4891e3c434a908af3fcc8e1a35209c1dafaaf

HTTP Headers

GET /it/u=1413665729,950515299&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 63836
Connection: keep-alive
Expires: Sat, 04 Feb 2023 07:19:15 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 23ff52a9180ce32c627976178f696784
Age: 1558036
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 07:19:15 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], bduncache60 [4], xaix194 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 63836
X-Cache-Status: HIT
Timing-Allow-Origin: *

img0.baidu.com/it/u=2621396840,30449884&fm=253&fmt=auto&app=138&f=JPEG?w=317&h=499

36.99.3.35

200 OK

16 kB

URL HTTP/2
img0.baidu.com/it/u=2621396840,30449884&fm=253&fmt=auto&app=138&f=JPEG?w=317&h=499
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 317x499, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (16248 bytes)
Hash
1c0a89af9a77676fc7aca3fa2172aa8c
8dac181ca381c3032b6bca7bb2d82ca73373b3c5
9fe9f598fde2d852afa90787e066649e030be7d026c9a0915ae1a7f30277386b

HTTP Headers

GET /it/u=2621396840,30449884&fm=253&fmt=auto&app=138&f=JPEG?w=317&h=499 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 16248
expires: Sat, 18 Feb 2023 07:30:38 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 1c0a89af9a77676fc7aca3fa2172aa8c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 07:30:38 GMT
ohc-cache-hit: ly4ct71 [1], bdix128 [4]
ohc-file-size: 16248
x-cache-status: MISS
X-Firefox-Spdy: h2

t13.baidu.com/it/u=2178342176,334136329&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

65 kB

URL HTTP/1.1
t13.baidu.com/it/u=2178342176,334136329&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
65 kB (65012 bytes)
Hash
79ca66bc5d7533b804507a29f6687a0d
066608c65a3828695e311631b309e4f2f58930bf
9ff9ad39eff49be5e3eb13f6fd5b3e408a25ba024d9944c1cb93a4ddbe809057

HTTP Headers

GET /it/u=2178342176,334136329&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 65012
Connection: keep-alive
Expires: Sat, 18 Feb 2023 20:39:05 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 79ca66bc5d7533b804507a29f6687a0d
Age: 231788
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 20:39:05 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache55 [1], xiangyix55 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 65012
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=638417828,1329192011&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

56 kB

URL HTTP/1.1
t15.baidu.com/it/u=638417828,1329192011&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
56 kB (55628 bytes)
Hash
4cfc852e7e819a1fd342997155aa29e6
ab688a3eb2791d13a5b5c2203d5851ffdb48f504
1efbdbe2905433719c7e528e210370e29dfb19bdc18d9b3c780644c8452e833b

HTTP Headers

GET /it/u=638417828,1329192011&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 55628
Connection: keep-alive
Expires: Thu, 09 Feb 2023 07:38:21 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 4cfc852e7e819a1fd342997155aa29e6
Age: 167005
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 10 Jan 2023 07:38:21 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache53 [1], xaix176 [4]
Ohc-Response-Time: 1 0 0 0 0 2
Ohc-File-Size: 55628
X-Cache-Status: HIT
Timing-Allow-Origin: *

img0.baidu.com/it/u=3817488793,36521555&fm=253&fmt=auto&app=138&f=JPEG?w=450&h=600

36.99.3.35

200 OK

31 kB

URL HTTP/2
img0.baidu.com/it/u=3817488793,36521555&fm=253&fmt=auto&app=138&f=JPEG?w=450&h=600
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 450x600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
31 kB (31096 bytes)
Hash
686131674ddbbe948164cd2b4862782e
2772bd1b6f51a70ace2c3972ca5cf7d264cfa2e6
ef0831bf7951c03d911fd98e01c56f7252cd36dd8cbbd44d2249a1b3eac1fbf5

HTTP Headers

GET /it/u=3817488793,36521555&fm=253&fmt=auto&app=138&f=JPEG?w=450&h=600 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 31096
expires: Fri, 27 Jan 2023 16:39:13 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 686131674ddbbe948164cd2b4862782e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 28 Dec 2022 16:39:13 GMT
ohc-cache-hit: ly4ct56 [1], qdix129 [4]
ohc-file-size: 31096
x-cache-status: MISS
X-Firefox-Spdy: h2

t13.baidu.com/it/u=1312026429,3673514869&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

16 kB

URL HTTP/1.1
t13.baidu.com/it/u=1312026429,3673514869&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
16 kB (16199 bytes)
Hash
832378a8f7f5dcc9f854dd20642613e9
f49f5cdd6eb98b4616c0395ee38d9ea40c881b99
702c90d7966c6634e7ab382e6a321c3a509f1da19a6ecb8742ae4350f49e5cf3

HTTP Headers

GET /it/u=1312026429,3673514869&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 16199
Connection: keep-alive
Expires: Sun, 12 Feb 2023 18:30:07 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 832378a8f7f5dcc9f854dd20642613e9
Age: 830524
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 18:30:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache56 [1], qdix206 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 16199
X-Cache-Status: HIT
Timing-Allow-Origin: *

s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130

180.97.251.250

200 OK

20 B

URL HTTP/2
s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
IP
180.97.251.250:0
ASN
#4134 Chinanet

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /z_stat.php?id=1275003130&web_id=1275003130 HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12646.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Mon, 23 Jan 2023 08:49:08 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Mon, 23 Jan 2023 08:49:08 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1674463748
via: cache68.l2cn1836[0,0,200-0,H], cache60.l2cn1836[1,0], cache8.cn2205[20,19,200-0,M], cache13.cn2205[21,0]
age: 1383
x-cache: MISS TCP_REFRESH_MISS dirn:12:112013655
x-swift-savetime: Mon, 23 Jan 2023 09:12:11 GMT
x-swift-cachetime: 2217
timing-allow-origin: *
eagleid: b461fb2916744651312824863e
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2738387667,1157168934&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

36.99.3.35

200 OK

36 kB

URL HTTP/2
img2.baidu.com/it/u=2738387667,1157168934&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
36 kB (36466 bytes)
Hash
d84e757becafab3831147c038ffff69b
c1196ee753cece242632e36e1730ab82582d7a44
7ca91e5023a82e2e9af1292537aec98af4303e5e4851313100d530735fa9c978

HTTP Headers

GET /it/u=2738387667,1157168934&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 36466
expires: Wed, 22 Feb 2023 09:12:11 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: d84e757becafab3831147c038ffff69b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 09:12:11 GMT
ohc-cache-hit: ly4ct77 [1], czix177 [2]
ohc-file-size: 36466
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=4241172321,3067053686&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500

36.99.3.35

200 OK

31 kB

URL HTTP/2
img0.baidu.com/it/u=4241172321,3067053686&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 667x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
31 kB (31262 bytes)
Hash
5668c373e8df49f7de66931b26b45068
f0e5a5b18b0b862c7b1934b38ce13b9c67316f5e
054aa2571840caab3463aaab34f697c80448b25aa281ff9069d26b3931bec391

HTTP Headers

GET /it/u=4241172321,3067053686&fm=253&fmt=auto&app=138&f=JPEG?w=667&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 31262
expires: Tue, 24 Jan 2023 00:45:12 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 5668c373e8df49f7de66931b26b45068
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 25 Dec 2022 00:45:12 GMT
ohc-cache-hit: ly4ct62 [1], xaix173 [4]
ohc-file-size: 31262
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2467790899,2214742682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304

36.99.3.35

200 OK

16 kB

URL HTTP/2
img0.baidu.com/it/u=2467790899,2214742682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x304, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (16456 bytes)
Hash
e3d28d3256052ae8fdbe34f0005cebba
1616b044af211c984746d4160734a03f799afbcd
976e502bb923bb4befdba2367f30c4c44f1e357ab34b0295436c3817c87c3fad

HTTP Headers

GET /it/u=2467790899,2214742682&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=304 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 16456
expires: Fri, 10 Feb 2023 21:21:58 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: e3d28d3256052ae8fdbe34f0005cebba
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 21:21:58 GMT
ohc-cache-hit: ly4ct102 [1], wzix102 [4]
ohc-file-size: 16456
x-cache-status: MISS
X-Firefox-Spdy: h2

12646.url.tudown.com/uploads/images/316141.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/316141.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/316141.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=542082992,3071356042&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=773

img1.baidu.com/it/u=3475017141,1283094648&fm=253&app=120&f=JPEG?w=1422&h=800

125.64.104.35

200 OK

129 kB

URL HTTP/1.1
img1.baidu.com/it/u=3475017141,1283094648&fm=253&app=120&f=JPEG?w=1422&h=800
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
129 kB (129114 bytes)
Hash
03a1264990ef2dd328d9b0675e526dbb
e42fda0e9609801a6e29db6b4f6f1a1f6fa7acf7
3907aefb9948aee33b09f3cec9952002a305a5e180418a8bd44bf2e99dda857c

HTTP Headers

GET /it/u=3475017141,1283094648&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpeg
Content-Length: 129114
Connection: keep-alive
Expires: Mon, 06 Feb 2023 09:41:13 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 03a1264990ef2dd328d9b0675e526dbb
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 09:41:13 GMT
Ohc-Cache-HIT: dy2ct63 [1], czix131 [2]
Ohc-File-Size: 129114
X-Cache-Status: MISS

12646.url.tudown.com/uploads/images/192024.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/192024.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/192024.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3311441293,127023699&fm=253&fmt=auto&app=138&f=JPEG?w=720&h=404

12646.url.tudown.com/uploads/images/978975.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12646.url.tudown.com/uploads/images/978975.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/978975.jpg HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1329626756,4202590478&fm=224&app=112&f=JPEG?w=495&h=500

img1.baidu.com/it/u=141490481,2574890035&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=465

125.64.104.35

200 OK

29 kB

URL HTTP/2
img1.baidu.com/it/u=141490481,2574890035&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=465
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 658x465, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (28640 bytes)
Hash
818fa1aea6b8619a2a4d8e1694e47501
2604a62fa121f08bc393633aef7d629f1cfa48a1
f51bc3446474f75744babc107fe590971537bac6bc047efe14c57c43ee117576

HTTP Headers

GET /it/u=141490481,2574890035&fm=253&fmt=auto&app=138&f=JPEG?w=658&h=465 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 28640
expires: Tue, 21 Feb 2023 10:21:10 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 818fa1aea6b8619a2a4d8e1694e47501
age: 22232
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 10:21:10 GMT
ohc-cache-hit: dy2ct88 [4], bdix88 [2]
ohc-file-size: 28640
x-cache-status: HIT
X-Firefox-Spdy: h2

t13.baidu.com/it/u=1329626756,4202590478&fm=224&app=112&f=JPEG?w=495&h=500

185.10.104.124

200 OK

26 kB

URL HTTP/1.1
t13.baidu.com/it/u=1329626756,4202590478&fm=224&app=112&f=JPEG?w=495&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 495x500, components 3\012- data
Size
26 kB (26347 bytes)
Hash
600171324f05d5e0a8aed88c122bcb33
545c8092fd55bb0064065b3c1bad2ae30467fed4
0c843a64dcea2eda2aaea4f95d1d4198fc13d23da0161d6d3ad4f384c8852913

HTTP Headers

GET /it/u=1329626756,4202590478&fm=224&app=112&f=JPEG?w=495&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 26347
Connection: keep-alive
Expires: Mon, 06 Feb 2023 23:23:04 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: 600171324f05d5e0a8aed88c122bcb33
Age: 993207
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 23:23:04 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache104 [4], bdix229 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 26347
X-Cache-Status: HIT

t15.baidu.com/it/u=3498999805,3651009368&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

58 kB

URL HTTP/1.1
t15.baidu.com/it/u=3498999805,3651009368&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
58 kB (57512 bytes)
Hash
02c71792996413adf8ba45f77f6a5158
c2b0c33812c343dc3902141ac0b810a9ef79a2a8
3ae1e493cf1f1d206981280336c9b6bcefca4cc949a3065a494986c3ffeb43bc

HTTP Headers

GET /it/u=3498999805,3651009368&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 57512
Connection: keep-alive
Expires: Fri, 10 Feb 2023 06:59:19 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 02c71792996413adf8ba45f77f6a5158
Age: 993190
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 06:59:18 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache61 [4], xaix61 [2]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 57512
X-Cache-Status: HIT
Timing-Allow-Origin: *

img0.baidu.com/it/u=1245082095,4060935924&fm=253&fmt=auto&app=138&f=JPEG?w=580&h=435

36.99.3.35

200 OK

11 kB

URL HTTP/2
img0.baidu.com/it/u=1245082095,4060935924&fm=253&fmt=auto&app=138&f=JPEG?w=580&h=435
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 580x435, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10624 bytes)
Hash
722f43a23b54c4946c1e1c383dc14e33
ef826edb56d72422f1b6e0196c8a9079a5f75b23
bbf36d817352499c1333ae570d63aac2712f51bbb99bf2d8c187b2291381fd69

HTTP Headers

GET /it/u=1245082095,4060935924&fm=253&fmt=auto&app=138&f=JPEG?w=580&h=435 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 10624
expires: Mon, 13 Feb 2023 11:20:10 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 722f43a23b54c4946c1e1c383dc14e33
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 14 Jan 2023 11:20:10 GMT
ohc-cache-hit: ly4ct67 [1], xaix67 [4]
ohc-file-size: 10624
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=12504738,1935742948&fm=253&app=120&f=JPEG?w=1422&h=800

36.99.3.35

200 OK

296 kB

URL HTTP/1.1
img2.baidu.com/it/u=12504738,1935742948&fm=253&app=120&f=JPEG?w=1422&h=800
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
296 kB (295788 bytes)
Hash
f016cf7a7e843e9fcbd338ef59669343
2752497f71e98c7f2fa27a49a0c2072830378db1
5bba7a873c3ff4ac51f1b87d578d1846d746299d1c3fd13dd3123d9d4932f0f8

HTTP Headers

GET /it/u=12504738,1935742948&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:10 GMT
Content-Type: image/jpeg
Content-Length: 295788
Connection: keep-alive
Expires: Thu, 02 Feb 2023 07:54:34 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: f016cf7a7e843e9fcbd338ef59669343
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Tue, 03 Jan 2023 07:54:34 GMT
Ohc-Cache-HIT: ly4ct60 [2], qdix60 [4]
Ohc-File-Size: 295788
X-Cache-Status: MISS

img0.baidu.com/it/u=4107556145,2197776600&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667

36.99.3.35

200 OK

29 kB

URL HTTP/2
img0.baidu.com/it/u=4107556145,2197776600&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x667, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29132 bytes)
Hash
312f5c538dcb4d83bf9b0dfe05e9ea0c
ded8c9a9c79237f2ebce6cb7d428183956756657
6cb850201e9c4310953b276f725b86a741aef34f7b10514ccccc8b27af5264bd

HTTP Headers

GET /it/u=4107556145,2197776600&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=667 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 29132
expires: Thu, 26 Jan 2023 19:55:40 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 312f5c538dcb4d83bf9b0dfe05e9ea0c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 27 Dec 2022 19:55:40 GMT
ohc-cache-hit: ly4ct89 [1], czix89 [4]
ohc-file-size: 29132
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3311441293,127023699&fm=253&fmt=auto&app=138&f=JPEG?w=720&h=404

125.64.104.35

200 OK

51 kB

URL HTTP/2
img1.baidu.com/it/u=3311441293,127023699&fm=253&fmt=auto&app=138&f=JPEG?w=720&h=404
IP
125.64.104.35:0
ASN
#38283 CHINANET SiChuan Telecom Internet Data Center

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 720x404, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
51 kB (50636 bytes)
Hash
0257fdbe5a74e8cd4ab6d286d278ff00
8e13732f76da722510e46498cd4cf349f483de2a
1072eda441518584b5db6cef3ba4ffade34cd56dacba6e75febdde6853fc0542

HTTP Headers

GET /it/u=3311441293,127023699&fm=253&fmt=auto&app=138&f=JPEG?w=720&h=404 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 50636
expires: Tue, 21 Feb 2023 10:28:04 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0257fdbe5a74e8cd4ab6d286d278ff00
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 10:28:04 GMT
ohc-cache-hit: dy2ct66 [1], bdix160 [4]
ohc-file-size: 50636
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=542082992,3071356042&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=773

36.99.3.35

200 OK

38 kB

URL HTTP/2
img0.baidu.com/it/u=542082992,3071356042&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=773
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x773, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (37898 bytes)
Hash
63ad87d1a9d59c297f8af6f0e734dce5
47afcb91a7f36b8f5a3959efc548e87a0f2b5416
17018af14aa8061eaceaad453f51e4e2e14b1ad7699a512e9edd3102ba7846d6

HTTP Headers

GET /it/u=542082992,3071356042&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=773 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12646.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Mon, 23 Jan 2023 09:12:11 GMT
content-type: image/webp
content-length: 37898
expires: Sat, 18 Feb 2023 15:05:45 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 63ad87d1a9d59c297f8af6f0e734dce5
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 15:05:45 GMT
ohc-cache-hit: ly4ct78 [1], wzix78 [4]
ohc-file-size: 37898
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3677174601,3476162483&fm=253&app=120&f=JPEG?w=1280&h=800

114.232.92.35

200 OK

120 kB

URL HTTP/1.1
img1.baidu.com/it/u=3677174601,3476162483&fm=253&app=120&f=JPEG?w=1280&h=800
IP
114.232.92.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
120 kB (120226 bytes)
Hash
0990af56e7208b9fd2c942e743703c9e
14443df088960a18ea4046682e40991247598f13
5d53e3974ef5b7ec001fb9e7a29ef0a9b8e241ceea2c21d3ae3e1fd7ca0882e3

HTTP Headers

GET /it/u=3677174601,3476162483&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 120226
Connection: keep-alive
Expires: Tue, 07 Feb 2023 00:46:04 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 0990af56e7208b9fd2c942e743703c9e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 00:46:04 GMT
Ohc-Cache-HIT: nt2ct73 [1], suzix232 [4]
Ohc-File-Size: 120226
X-Cache-Status: MISS

img0.baidu.com/it/u=2279520874,1220153587&fm=253&app=120&f=JPEG?w=1280&h=800

36.99.3.35

200 OK

85 kB

URL HTTP/1.1
img0.baidu.com/it/u=2279520874,1220153587&fm=253&app=120&f=JPEG?w=1280&h=800
IP
36.99.3.35:0
ASN
#139018 Henan Luoyang IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
85 kB (84896 bytes)
Hash
84306639b8f51b8fb518e469b73e36d5
daaa743189fe9bf3e3e600f39e2f60b4fb9b2015
beccc79bae8c62e07fe6b4914c21e0eff00920bd7c767d2a901b8cf0706359f0

HTTP Headers

GET /it/u=2279520874,1220153587&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:11 GMT
Content-Type: image/jpeg
Content-Length: 84896
Connection: keep-alive
Expires: Sun, 05 Feb 2023 09:21:06 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 84306639b8f51b8fb518e469b73e36d5
Age: 18056
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 09:21:06 GMT
Ohc-Cache-HIT: ly4ct83 [4], bdix233 [2]
Ohc-File-Size: 84896
X-Cache-Status: HIT

js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d

101.198.192.7

200 OK

117 B

URL HTTP/1.1
js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
IP
101.198.192.7:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
HTML document, ASCII text, with no line terminators
Size
117 B (117 bytes)
Hash
807bb08bf1c51aaff763edb0f02719ef
6e089da63e5751494b32d77031df30ec3c8be067
7eb411ad7be2e6af85645f2a2b6401bf6085fe4e0436d004f33710bb84a7be4e

HTTP Headers

GET /11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d HTTP/1.1
Host: js.passport.qihucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/

HTTP/1.1 200 OK
Date: Mon, 23 Jan 2023 09:12:12 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 07:43:20 GMT
Cache-Control: max-age=600
Expires: Mon, 23 Jan 2023 09:22:12 GMT
KCS-Via: REVALIDATED from w-fc01.hkht;MISS from w-sc01.hkht
Content-Encoding: gzip

s6.qhres2.com/static/ab77b6ea7f3fbf79.js

54.230.111.35

200 OK

478 B

URL HTTP/1.1
s6.qhres2.com/static/ab77b6ea7f3fbf79.js
IP
54.230.111.35:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (478), with no line terminators
Size
478 B (478 bytes)
Hash
5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a

HTTP Headers

GET /static/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s6.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 478
Connection: keep-alive
Date: Mon, 26 Sep 2022 01:48:25 GMT
X-QSTATIC-HIT: 1
Last-Modified: Mon, 01 Jan 2018 00:00:00 GMT
ETag: W/"b300475a05992239"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Expires: Thu, 23 Sep 2032 01:48:25 GMT
KCS-Via: HIT from w-fc01.lato;MISS from w-sc02.lato
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: q_s0vVySQcPVZX4EWfGWtAmG6M3c8hp9NbCDH_PheG7NRLkdTwEO-A==
Age: 10308227

t13.baidu.com/it/u=2858881226,3364858545&fm=224&app=112&f=JPEG?w=470&h=500

185.10.104.124

200 OK

44 kB

URL HTTP/1.1
t13.baidu.com/it/u=2858881226,3364858545&fm=224&app=112&f=JPEG?w=470&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 470x500, components 3\012- data
Size
44 kB (43841 bytes)
Hash
8bfbc4d44ce96c4ad070aee8fe8245c6
88cf5224569a6ff941028330a14591b4b7c11017
0b67de3b3d45a3ed15ce9bf4c29f8a465d93cf956fef8bb3f1304b6c2b5a7ce0

HTTP Headers

GET /it/u=2858881226,3364858545&fm=224&app=112&f=JPEG?w=470&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12646.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Mon, 23 Jan 2023 09:12:12 GMT
Content-Type: image/jpeg
Content-Length: 43841
Connection: keep-alive
Expires: Mon, 20 Feb 2023 08:56:09 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 8bfbc4d44ce96c4ad070aee8fe8245c6
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 21 Jan 2023 08:56:09 GMT
Ohc-Upstream-Trace: 58.20.204.55
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache55 [1], bdix85 [4]
Ohc-Response-Time: 1 0 0 0 1248 1248
Ohc-File-Size: 43841
X-Cache-Status: MISS
Timing-Allow-Origin: *

s.360.cn/so/zz.gif?url=http%3A%2F%2F12646.url.tudown.com%2Fdown%2F%25E5%2593%2588%25E5%25A7%2586%25E5%25A4%25AA%25E9%2583%258E%25E7%25AC%25AC%25E5%259B%259B%25E5%25AD%25A3%25E5%2585%25A8%25E9%259B%2586%25E7%2599%25BE%25E5%25BA%25A6%25E4%25BA%2591%25E7%25BD%2591%25E7%259B%2598%40402_2.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a22_621004e@38a99%bB990%

180.163.251.230

200 OK

0 B

URL HTTP/1.1
s.360.cn/so/zz.gif?url=http%3A%2F%2F12646.url.tudown.com%2Fdown%2F%25E5%2593%2588%25E5%25A7%2586%25E5%25A4%25AA%25E9%2583%258E%25E7%25AC%25AC%25E5%259B%259B%25E5%25AD%25A3%25E5%2585%25A8%25E9%259B%2586%25E7%2599%25BE%25E5%25BA%25A6%25E4%25BA%2591%25E7%25BD%2591%25E7%259B%2598%40402_2.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a22_621004e@38a99%bB990%
IP
180.163.251.230:0
ASN
#4812 China Telecom Group

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /so/zz.gif?url=http%3A%2F%2F12646.url.tudown.com%2Fdown%2F%25E5%2593%2588%25E5%25A7%2586%25E5%25A4%25AA%25E9%2583%258E%25E7%25AC%25AC%25E5%259B%259B%25E5%25AD%25A3%25E5%2585%25A8%25E9%259B%2586%25E7%2599%25BE%25E5%25BA%25A6%25E4%25BA%2591%25E7%25BD%2591%25E7%259B%2598%40402_2.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a22_621004e@38a99%bB990% HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/

HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Mon, 23 Jan 2023 09:12:12 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Fri, 27 Jul 2018 07:11:18 GMT
Connection: keep-alive
ETag: "5b5ac596-0"
Accept-Ranges: bytes

12646.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
12646.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12646.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12646.url.tudown.com/down/%E5%93%88%E5%A7%86%E5%A4%AA%E9%83%8E%E7%AC%AC%E5%9B%9B%E5%AD%A3%E5%85%A8%E9%9B%86%E7%99%BE%E5%BA%A6%E4%BA%91%E7%BD%91%E7%9B%98@402_2.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1674465129; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1674465129

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jan 2023 09:12:13 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations