Report - 18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248

Report Overview

Submitted URL
18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-02-04 06:37:02
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.7 kB	58 kB	34.120.237.76
img1.baidu.com	50158	2021-03-25T13:17:58Z	2023-03-12T11:23:15Z	5.8 kB	300 kB	1.193.146.35
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.189.35.180
img2.baidu.com	50786	2021-03-25T13:17:58Z	2023-03-12T11:23:13Z	4.9 kB	1.0 MB	183.134.239.1
t13.baidu.com	32653	2021-01-09T14:57:25Z	2023-03-12T11:23:14Z	1.1 kB	183 kB	185.10.104.124
s22.cnzz.com	87635	2012-05-30T12:09:17Z	2023-03-12T16:31:15Z	394 B	671 B	180.97.251.250
t15.baidu.com	33050	2021-01-09T17:16:17Z	2023-03-12T11:23:14Z	2.1 kB	657 kB	185.10.104.124
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
18495.url.tudown.com	unknown	2018-07-14T00:19:51Z	2023-02-04T07:36:50Z	20 kB	86 kB	154.218.151.71
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	1.3 kB	12 kB	103.235.46.191
t14.baidu.com	32559	2021-01-22T21:20:42Z	2023-03-12T11:23:14Z	1.1 kB	143 kB	185.10.104.124
img0.baidu.com	50126	2021-03-25T13:17:59Z	2023-03-12T11:23:13Z	2.4 kB	407 kB	183.134.239.1
js.passport.qihucdn.com	273795	2014-08-12T03:08:07Z	2023-03-12T11:11:59Z	324 B	462 B	101.198.192.7
s6.qhres2.com	910970	2022-01-25T09:18:01Z	2023-03-12T11:12:00Z	298 B	1.1 kB	54.230.111.11
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.20.226
ocsp2.globalsign.com	1544	2012-05-23T20:10:04Z	2023-03-13T05:14:17Z	367 B	1.9 kB	104.18.20.226
api.share.baidu.com	44629	2013-04-25T16:45:11Z	2023-03-13T05:37:01Z	377 B	114 B	112.34.113.148
s.360.cn	19814	2012-07-10T18:01:51Z	2023-03-13T09:22:08Z	460 B	238 B	101.198.2.147
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.0 kB	8.0 kB	95.101.11.115
push.zhanzhang.baidu.com	57139	2015-07-22T07:44:02Z	2023-03-13T05:37:01Z	290 B	750 B	182.61.201.94

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-18
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.201.94 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-18 14:13:26 Times Seen18955 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	18495.url.tudown.com/template/company/42xz/js/soft.js	9.9 kB	2023-03-12	2023-06-15
Pretty URL 18495.url.tudown.com/template/company/42xz/js/soft.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-06-15 06:04:36 Times Seen205 Hash 5e32a0f26da3d6f80a8ba482448e7314 c5724c4245049e753a66805f2fe986c620071141 d2acdf1a20ffb5f140291d37fd878d834918e465e977c487720816d7bf69cf31 Loading...

	unknown	0 B	2023-03-07	2024-04-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-19 02:16:51 Times Seen36951620 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d	105 B	2023-03-07	2024-04-14
Pretty URL js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d IP 101.198.192.7 ASN #55992 Beijing Qihu Technology Company Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:57:51 Last Seen2024-04-14 23:50:53 Times Seen385 Hash 06b5672f6400f1eb3255c53b8716ec1b f35120a5317fa4f91b98abb29d0ee3ad899b55f7 42e703267bb95fd28b350c6f27fd014f39e6d88443a50b7322c14b76bb513e99 Loading...

	s6.qhres2.com/static/ab77b6ea7f3fbf79.js	478 B	2023-03-07	2024-04-15
Pretty URL s6.qhres2.com/static/ab77b6ea7f3fbf79.js IP 54.230.111.11 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-15 19:30:50 Times Seen2387 Hash 5dd27f8f2b042194c3cdabd62fd80110 c035036a939799d4c29b9c0f7229ae1953d03109 928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a Loading...

	18495.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 18495.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

	18495.url.tudown.com/template/company/42xz/js/jquery.js	120 kB	2023-03-12	2023-11-20
Pretty URL 18495.url.tudown.com/template/company/42xz/js/jquery.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen235 Hash 1925d85004d53931fe7e1cb8e1d658fb fc6192892c227e2a2f5a68e31b08d83ab0458355 b26e0c2001d8d9f1947b20033e77665409f3504f832556ce2ee9dfb01ef7a041 Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:28:52 Last Seen2023-03-13 16:28:52 Times Seen1 Hash 5f0331da766dc474a660cf36024c3d79 d7ce61423ade0e05076a17c0fd83705fec4d0b1d 9a23b74470bed18c98cbb7133b24d8590eede222beb441995b7e8bee4a4a579b Loading...

	18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe	254 B	2023-03-09	2023-12-23
Pretty URL 18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

		Size	First Seen	Last Seen
	#1 Write - fa85d85498e61666775145658e0c17ed	143 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash fa85d85498e61666775145658e0c17ed 0c7232cecdccc72b25160d2732cc180c3fe73160 ba9029ca999756c61255a5964826bb7f12d35e3dd5255cbc1cbfe47438995591 Loading...

	#2 Write - 49ab76f98f0ffd3c06e5f9e8fd523616	87 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 12:57:51 Last Seen2024-04-14 23:50:53 Times Seen258 Hash 49ab76f98f0ffd3c06e5f9e8fd523616 8ff32ae013817b78b340ba1c1ee24f34ca2d8b2a dacba7ea3ae581abd50497c748a9455c720f9c23b96c3826f9d45ef4db4f8db0 Loading...

	#3 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-14
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-14 17:35:46 Times Seen2523 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#4 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

	#5 Write - f6c66fa781641bc152896d4d331fb47c	107 B	2023-03-12	2023-11-20
Pretty Observations First Seen2023-03-12 11:06:54 Last Seen2023-11-20 08:42:33 Times Seen234 Hash f6c66fa781641bc152896d4d331fb47c 75058381be5febb338d4b018ff21ddeb72634f79 1b60638050239eb6f376f41ed7c52f5fa636ff1b2899f86fc62f093fdd6b3e8b Loading...

HTTP Transactions (124)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81713f952b51a865ad9764cde68e3fdb
278c3a9c4bb2a0ffb7375f90d89a1ba6e90a766a
c2eb0d8a24ecb51af28f1c71db4b9a95c568dcf6c94b41ee8c78787a4ebebcef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C2EB0D8A24ECB51AF28F1C71DB4B9A95C568DCF6C94B41EE8C78787A4EBEBCEF"
Last-Modified: Fri, 03 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8135
Expires: Sat, 04 Feb 2023 08:52:26 GMT
Date: Sat, 04 Feb 2023 06:36:51 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e051e6e01b12b9ad6e0014603f93431a
ada9efe77054d8593f2687fb3a7eada8908ef7e8
c41be8ffe176ca674efb0588164fdfd237754c6b5b461f8f46387b96ae7d6090

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C41BE8FFE176CA674EFB0588164FDFD237754C6B5B461F8F46387B96AE7D6090"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17952
Expires: Sat, 04 Feb 2023 11:36:03 GMT
Date: Sat, 04 Feb 2023 06:36:51 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9a76feabb767086ae0fa54e0ffbf763f
3655d78994a1e9838340669462728b67c8c12e54
bf215ab858c7785b7c01f7d3d437a918f056f00fe9b065820e1cdd09b7bba8f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BF215AB858C7785B7C01F7D3D437A918F056F00FE9B065820E1CDD09B7BBA8F9"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12552
Expires: Sat, 04 Feb 2023 10:06:03 GMT
Date: Sat, 04 Feb 2023 06:36:51 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 05:43:35 GMT
content-type: application/json
age: 3196
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: PXMi4+yBvKCYSBaAsMrakRvkxrwJ8gxdRtJf3zx0R3r7/GW7I/e/YQcYvGqSSyGXNLDr0bJ2jYY=
x-amz-request-id: 51W20BGX53AEX19C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 05:52:43 GMT
age: 2648
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 06:36:51 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Pragma, Backoff, Retry-After, Content-Length, Last-Modified, Expires, Cache-Control, ETag, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 05:49:07 GMT
age: 2864
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

154.218.151.71

200 OK

6.5 kB

URL HTTP/1.1
18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (310), with CRLF, LF line terminators
Size
6.5 kB (6492 bytes)
Hash
d928a31d17a9e9c6672b85bfaf6ad41a
b79d67124ed746e76f0f8a156540977c5eec8337
15ece21af07a72250b9965bb1a924f8fd69149cdfdfc8cbaef45f1438309ab6c

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /xiaz/plants.vs.zombies-v2.2@248_27706.exe HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16292
Expires: Sat, 04 Feb 2023 11:08:23 GMT
Date: Sat, 04 Feb 2023 06:36:51 GMT
Connection: keep-alive

push.services.mozilla.com/

54.189.35.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.35.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HNHXlrrvJadnxWZIIaHatg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: +7oY4Zlw+j/ZIc1qiMogOEr9y0M=

18495.url.tudown.com/template/company/42xz/css/common.css

154.218.151.71

200 OK

1.9 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/css/common.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.9 kB (1933 bytes)
Hash
625ff65f2c44178957f32d288dd56ddf
cb918d56e4595594c56cab503ed56f84379e862d
2436857c00ba0ab148e7c16f63712844f5bb62e23379751d6dddd82abe667ac5

HTTP Headers

GET /template/company/42xz/css/common.css HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea53-1ccb"
Expires: Sat, 04 Feb 2023 18:36:52 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

18495.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
18495.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

18495.url.tudown.com/template/company/42xz/css/soft.css

154.218.151.71

200 OK

6.6 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/css/soft.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
6.6 kB (6556 bytes)
Hash
669589d0ffba3898ecf26c242eaed555
f6a564b66491cf102d5961fb95294d84192c9f11
00947ca9960fa7f5ad71c5f5343ded6e595dec626a9da917da58305fdc98e356

HTTP Headers

GET /template/company/42xz/css/soft.css HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: text/css
Last-Modified: Thu, 05 Nov 2020 12:04:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea55-6438"
Expires: Sat, 04 Feb 2023 18:36:52 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

18495.url.tudown.com/template/company/42xz/js/soft.js

154.218.151.71

200 OK

3.6 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/js/soft.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
3.6 kB (3643 bytes)
Hash
67be5352d7d3355ae57faad8a6221355
30f4a9a4a3dede0d2d72725ffa28958f45053e7e
1a59b7c5be683676fa54951bf4129899c3980e78c1f956c287f7cc0c001a857d

HTTP Headers

GET /template/company/42xz/js/soft.js HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:42 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea5a-26b2"
Expires: Sat, 04 Feb 2023 18:36:52 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fc91044ea257e54846f8dd907b48d29e
6d2231e05dabe5ee55f8dbf8687d7b7a92c25d64
8e77e1a87ab035ed1affd01159d1c899e46d7c247d0bc085dd57d1b1c6fed830

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8E77E1A87AB035ED1AFFD01159D1C899E46D7C247D0BC085DD57D1B1C6FED830"
Last-Modified: Thu, 02 Feb 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4967
Expires: Sat, 04 Feb 2023 07:59:40 GMT
Date: Sat, 04 Feb 2023 06:36:53 GMT
Connection: keep-alive

18495.url.tudown.com/uploads/images/logo.png?n=5g5yjzmgrds3raxjusiotjno46xkdz4qq3ul7ehiscs6ta5i&w=250

154.218.151.71

200 OK

3.5 kB

URL HTTP/1.1
18495.url.tudown.com/uploads/images/logo.png?n=5g5yjzmgrds3raxjusiotjno46xkdz4qq3ul7ehiscs6ta5i&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.5 kB (3465 bytes)
Hash
a5dc02731c3f735ce163bb0ea03b16d3
c5990d1d0f8862cd4ca3d0f5c7901cde194faca0
9dc3782a86f800b1f48b0facb8a2bc22f7fdb509873713bff13f911d7d7b8486

HTTP Headers

GET /uploads/images/logo.png?n=5g5yjzmgrds3raxjusiotjno46xkdz4qq3ul7ehiscs6ta5i&w=250 HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

18495.url.tudown.com/uploads/images/481836.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/481836.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/481836.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3854596382,2878485949&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/136668.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/136668.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/136668.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3672415628,631277731&fm=253&fmt=auto&app=138&f=JPEG?w=482&h=265

18495.url.tudown.com/template/company/42xz/images/tab_line.png

154.218.151.71

200 OK

1.2 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/images/tab_line.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 190 x 7\012- data
Size
1.2 kB (1155 bytes)
Hash
4c54d42f73e777c70b63b1854b994bb5
6b751c2e611f485d04805ccc3ef84ba5c7868775
b86451a9f18cc0bffd106863661cecbc4abc2364f2898e3bc0796992f3ebbd06

HTTP Headers

GET /template/company/42xz/images/tab_line.png HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/png
Content-Length: 1155
Last-Modified: Thu, 05 Nov 2020 12:04:39 GMT
Connection: keep-alive
ETag: "5fa3ea57-483"
Accept-Ranges: bytes

18495.url.tudown.com/template/company/42xz/images/dian1.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/images/dian1.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1110 bytes)
Hash
de5d5d1c8fb00bc14f9512dd323b9ed8
9c7c5df21afb7b686932c96ecf7877e1e6adf243
982f48c65cf01077b0606401f082c15ee15f183903d5170f06d0bb3ae3b9b685

HTTP Headers

GET /template/company/42xz/images/dian1.png HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/png
Content-Length: 1110
Last-Modified: Thu, 05 Nov 2020 12:04:54 GMT
Connection: keep-alive
ETag: "5fa3ea66-456"
Accept-Ranges: bytes

18495.url.tudown.com/uploads/images/734665.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/734665.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/734665.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=148410135,1299247152&fm=253&fmt=auto&app=138&f=JPEG?w=479&h=1024

18495.url.tudown.com/uploads/images/531825.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/531825.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/531825.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3778258229,1875708781&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/template/company/42xz/js/jquery.js

154.218.151.71

200 OK

46 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/js/jquery.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (65479), with CRLF line terminators
Size
46 kB (45799 bytes)
Hash
49fcb7f2a26c0656e22b75bfe591667f
f277ecd02517fc0f243fd9d882178473d4def06b
9ee94398fbe5a57c715dfdfe1b8d05ea964dd9947dba57dad68ee38ea381a2be

HTTP Headers

GET /template/company/42xz/js/jquery.js HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:52 GMT
Content-Type: application/javascript
Last-Modified: Thu, 05 Nov 2020 12:04:50 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"5fa3ea62-1d491"
Expires: Sat, 04 Feb 2023 18:36:52 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

ocsp.globalsign.com/gsrsaovsslca2018

104.18.20.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
c45b5d23d78c603a4f679957cc907c55
c0c6131e462224b19bf52c269ffda26be7dcc3ce
7acbb574f2c3ce64da98b8bf9e8af19ba063535e4cbf9fadaf803c34381178dd

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:09:39 GMT
ETag: "c0c6131e462224b19bf52c269ffda26be7dcc3ce"
Last-Modified: Sat, 04 Feb 2023 04:09:40 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1512
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 794165014843b527-OSL

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Sat, 04 Feb 2023 09:28:26 GMT
Date: Sat, 04 Feb 2023 06:36:53 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Sat, 04 Feb 2023 09:28:26 GMT
Date: Sat, 04 Feb 2023 06:36:53 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Sat, 04 Feb 2023 09:28:26 GMT
Date: Sat, 04 Feb 2023 06:36:53 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Sat, 04 Feb 2023 09:28:26 GMT
Date: Sat, 04 Feb 2023 06:36:53 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8267 bytes)
Hash
99bf0073acf75f9e04b52a96bf47797b
fa68da2c92fa89ed3dafe9915e064fca022af21f
961b77616486483e5767f214d2417275b9c995614128acab3521b6cd2f8866e2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0567732b-c9d0-4bac-89d8-3dc6a16e522c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8267
x-amzn-requestid: 8bf1f9c3-4508-489e-9f45-3ce50df74b0b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEW0HM6IAMFXog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd80f8-2e7c768d54981cf1634830db;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:47:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: slDJVVNZDwjopU0kXbAvAJw4A0I_hGKXbRf9O15sXxmvu0JXe8yuPA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:17:59 GMT
etag: "fa68da2c92fa89ed3dafe9915e064fca022af21f"
content-type: image/jpeg
age: 29934
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7992 bytes)
Hash
65cd12302c9ca5468dbc9a98155970e0
a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1
8463155faca74f13ec4500fed98289d8bfbdc4a989d1cb7580736018eadf1000

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4e245a51-5c03-4b84-b42a-29fa3a7806e9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7992
x-amzn-requestid: ba4f95d9-6081-4b34-955c-bbe8e7b2335c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEEjGsdIAMF84w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8083-7666baa66ccdec9b5fec8736;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A3c6sSs_b8KkREPa26a8X9NTEZpHGDjElR9hT-NXwg6dYpeuRNZXfA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
etag: "a0c63213c3021e40f8ea54f2da6a5c165ed5cfd1"
content-type: image/jpeg
age: 30392
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 30380
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/206579.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/206579.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/206579.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2974140527,791421799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

18495.url.tudown.com/uploads/images/857856.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/857856.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/857856.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2554001494,2982271634&fm=224&app=112&f=JPEG?w=500&h=500

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14071 bytes)
Hash
9ab97f766ee1ed6ebbb2b3889a9157b4
f87f165404dec4d65531e6e25146cb77601f3616
f3d0f76f956371b1733a526f10a8253fc3396a459d7af59380d8e8db7dee8ec2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc5300360-6063-4d18-8dd2-28dbcf47d371.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14071
x-amzn-requestid: 40cb363f-2c4d-4361-9fe1-10e4c8b2fe29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fiTo4Ek2oAMFs6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d73305-6cb63d3c49f9f84e639467f6;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 03:01:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: b7r7phj8i49RMSuWufxF1L34K9udWa0mJ4dY12izM9ofwAuCFBGEZQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:05 GMT
age: 31728
etag: "f87f165404dec4d65531e6e25146cb77601f3616"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f8fa6a-620a-4d0c-aec7-0863ae11b871.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14221 bytes)
Hash
83ac46e378ad452aeb212d709ab70232
7514ed93fd2f256e5aad386fdd0ebc723785291b
e199498691268526a6ecfe58abb88ced8661272cd7ad8270811c84fb15dbb547

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F62f8fa6a-620a-4d0c-aec7-0863ae11b871.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14221
x-amzn-requestid: a74ee3d4-6163-4dec-ab62-97279cf52282
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3ERhIAMFh1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-3e5d4b3d39919497215866df;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3TIbnpwYk9CIeoXeW4T-ouwV7X1y-LgKV7wB4XJwFKSKx248jIJyBQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:39 GMT
age: 30494
etag: "7514ed93fd2f256e5aad386fdd0ebc723785291b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/557549.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/557549.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/557549.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1238913684,398514549&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=398

18495.url.tudown.com/uploads/images/67327.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/67327.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/67327.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2311729909,995902721&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200

18495.url.tudown.com/uploads/images/292517.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/292517.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/292517.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1677365075,3202113398&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/880479.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/880479.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/880479.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1178444266,632526794&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=426

18495.url.tudown.com/uploads/images/857310.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/857310.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/857310.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1538948376,1368609904&fm=224&app=112&f=PNG?w=500&h=500

18495.url.tudown.com/uploads/images/236076.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/236076.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/236076.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2919101970,2613881782&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

18495.url.tudown.com/uploads/images/471261.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/471261.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/471261.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=584437732,2268459894&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400

18495.url.tudown.com/uploads/images/624638.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/624638.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/624638.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=858552630,3355006432&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500

18495.url.tudown.com/uploads/images/145036.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/145036.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/145036.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=890478861,1298540812&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=302

18495.url.tudown.com/uploads/images/924935.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/924935.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/924935.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:53 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=3264223961,2173061826&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/505367.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/505367.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/505367.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=3388332642,1139882778&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/222486.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/222486.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/222486.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=284852671,127318131&fm=253&fmt=auto&app=138&f=JPEG?w=701&h=500

18495.url.tudown.com/uploads/images/585780.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/585780.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/585780.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3422795707,1191374492&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300

push.zhanzhang.baidu.com/push.js

182.61.201.94

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.201.94:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 06:36:54 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 06:36:54 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=6C30955220AAC8D5E3D6BC2BBE8AA5D5:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 06:36:54 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

18495.url.tudown.com/uploads/images/210210.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/210210.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/210210.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1409919467,1656180023&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/109557.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/109557.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/109557.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/359264.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/359264.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/359264.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2486204366,1818670457&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/957465.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/957465.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/957465.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3511892000,1824655894&fm=253&app=120&f=PNG?w=800&h=1280

18495.url.tudown.com/uploads/images/615177.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/615177.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/615177.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=1509955901,1996398254&fm=253&app=120&f=JPEG?w=1280&h=800

18495.url.tudown.com/template/company/42xz/images/dian2.png

154.218.151.71

200 OK

1.1 kB

URL HTTP/1.1
18495.url.tudown.com/template/company/42xz/images/dian2.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
GIF image data, version 89a, 4 x 4\012- data
Size
1.1 kB (1106 bytes)
Hash
3cb1caaf45a919b2028a853add556aa8
c8b93e13049ae31ad5dcb2d267c8b3ee6a4466e8
039b652744162c3c599998f28f50e7154d297ce5028e7e4954f7d7354c5374a1

HTTP Headers

GET /template/company/42xz/images/dian2.png HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/template/company/42xz/css/soft.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/png
Content-Length: 1106
Last-Modified: Thu, 05 Nov 2020 12:04:53 GMT
Connection: keep-alive
ETag: "5fa3ea65-452"
Accept-Ranges: bytes

18495.url.tudown.com/uploads/images/789700.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/789700.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/789700.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=4236532794,2495700365&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501

18495.url.tudown.com/uploads/images/348562.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/348562.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/348562.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3082888856,4264739488&fm=253&fmt=auto&app=138&f=JPEG?w=700&h=500

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
472447b47f0ed18cd19beb6cf7d5eda6
8db28ea2447ef4a4bb50cf28479225525961e972
875f382504b27b8c5a3b3d7dae31a97ef10756a40f0ec2deb30cfc30132f3699

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://18495.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 06:36:53 GMT
Etag: 85e28f00a717ad4a3e39412f7b8d5ad0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=2A0EF2FD4BD73933; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

img2.baidu.com/it/u=2311729909,995902721&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200

183.134.239.1

200 OK

9.7 kB

URL HTTP/2
img2.baidu.com/it/u=2311729909,995902721&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.7 kB (9652 bytes)
Hash
f9f333d5bb81ba3c7b29035d2e20d184
f5bf2f9011f7b0b830c313cb29670961166c0889
b177baec96380314284f54d43d3337132856f89bf7f717bfe15f31f9400e2621

HTTP Headers

GET /it/u=2311729909,995902721&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 9652
expires: Mon, 20 Feb 2023 11:49:00 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: f9f333d5bb81ba3c7b29035d2e20d184
age: 5494
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 11:49:00 GMT
ohc-cache-hit: nb7ct59 [4], qdix171 [4]
ohc-file-size: 9652
x-cache-status: HIT
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2d1a15af936b883451dbf3d75568f863
fc4961b5f0041dc198464c6dda01183cb07ef0ae
b85ef4c0fe7a48d851368152ecd1cf3f17611ed52c2a11936e5d3ae01d932e9d

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Wed, 08 Feb 2023 04:50:17 GMT
ETag: "fc4961b5f0041dc198464c6dda01183cb07ef0ae"
Last-Modified: Sat, 04 Feb 2023 04:50:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3496
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79416509e8611c12-OSL

img2.baidu.com/it/u=3672415628,631277731&fm=253&fmt=auto&app=138&f=JPEG?w=482&h=265

183.134.239.1

200 OK

14 kB

URL HTTP/2
img2.baidu.com/it/u=3672415628,631277731&fm=253&fmt=auto&app=138&f=JPEG?w=482&h=265
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 482x265, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13750 bytes)
Hash
fd601c0dc5ef58bbdd307eca1b19e00d
78c5464632c902d8f390f6503f182cbacb25f8b7
2e5447b27fe4502505693f64593910baa6e3655683ac7dcde3ad3353bba74c5f

HTTP Headers

GET /it/u=3672415628,631277731&fm=253&fmt=auto&app=138&f=JPEG?w=482&h=265 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 13750
expires: Tue, 21 Feb 2023 10:21:12 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: fd601c0dc5ef58bbdd307eca1b19e00d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 10:21:12 GMT
ohc-cache-hit: nb7ct52 [1], czix230 [4]
ohc-file-size: 13750
x-cache-status: MISS
X-Firefox-Spdy: h2

t14.baidu.com/it/u=1677365075,3202113398&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t14.baidu.com/it/u=1677365075,3202113398&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (38751 bytes)
Hash
07f199283ce4c378ede496c395bd8daf
e5500ad063d752962280567c97e552123b1b9ebb
9c6f4254ef321886f03697da4d85c34513a9c7b32c814cc5c6af9bcddecc8e76

HTTP Headers

GET /it/u=1677365075,3202113398&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpeg
Content-Length: 38751
Connection: keep-alive
Expires: Fri, 24 Feb 2023 03:26:37 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 07f199283ce4c378ede496c395bd8daf
Age: 347979
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 03:26:37 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache52 [4], csix83 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 38751
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=3854596382,2878485949&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

58 kB

URL HTTP/1.1
t13.baidu.com/it/u=3854596382,2878485949&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
58 kB (57928 bytes)
Hash
0054a6a26b17fa46af3c250af31da10d
43c09a61bc4f849dd55f3d87139dc44d6332e60c
82ea0b0ec7377be1467a510c3fde4a3ca9ed506c8c56395221c2f6622ce20c5c

HTTP Headers

GET /it/u=3854596382,2878485949&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpeg
Content-Length: 57928
Connection: keep-alive
Expires: Tue, 21 Feb 2023 21:34:34 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 0054a6a26b17fa46af3c250af31da10d
Age: 1069340
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 21:34:34 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], jnuncache58 [4], qdix126 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 57928
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=3388332642,1139882778&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

74 kB

URL HTTP/1.1
t13.baidu.com/it/u=3388332642,1139882778&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
74 kB (73950 bytes)
Hash
5a60f30cabcec75eaea1c997a2d887e1
1791f8793ac179301a9e65c0cda33b78a342c5f5
1f054c55df00c25f695113de13be9b6519f92425dfe61d7c804693efc42ef2c6

HTTP Headers

GET /it/u=3388332642,1139882778&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpeg
Content-Length: 73950
Connection: keep-alive
Expires: Sat, 04 Feb 2023 23:41:25 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 5a60f30cabcec75eaea1c997a2d887e1
Age: 2019790
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 23:41:24 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache55 [1], bdix240 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 73950
X-Cache-Status: HIT
Timing-Allow-Origin: *

18495.url.tudown.com/uploads/images/515157.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/515157.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/515157.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3339499544,2554994596&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

t13.baidu.com/it/u=3778258229,1875708781&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

50 kB

URL HTTP/1.1
t13.baidu.com/it/u=3778258229,1875708781&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
50 kB (49679 bytes)
Hash
ffda7742d06a2d7a544484c3ab101af6
dd611bf6bd339b2a944f0ad413e0db90e3e89342
f1768c462e298fdcc23590cd607139fbbf218fd71d8a5f33e0d1d53d163ead39

HTTP Headers

GET /it/u=3778258229,1875708781&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpeg
Content-Length: 49679
Connection: keep-alive
Expires: Wed, 15 Feb 2023 02:55:25 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: ffda7742d06a2d7a544484c3ab101af6
Age: 353797
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 16 Jan 2023 02:55:25 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [2], zhuzuncache53 [4], wzix88 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 49679
X-Cache-Status: HIT
Timing-Allow-Origin: *

t14.baidu.com/it/u=3264223961,2173061826&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

63 kB

URL HTTP/1.1
t14.baidu.com/it/u=3264223961,2173061826&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
63 kB (63328 bytes)
Hash
4774ecc88476effa687e04eae9292298
6f12cb7f2577623eb6901c9d6cafbac2532514c2
8486db17601fae9e48c972edcdc59a46178b0ab9e9f3dfe22de7b210d3a71775

HTTP Headers

GET /it/u=3264223961,2173061826&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpeg
Content-Length: 63328
Connection: keep-alive
Expires: Tue, 28 Feb 2023 19:15:07 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 4774ecc88476effa687e04eae9292298
Age: 359960
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 29 Jan 2023 19:15:07 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache50 [1], xaix219 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 63328
X-Cache-Status: HIT
Timing-Allow-Origin: *

img1.baidu.com/it/u=4236532794,2495700365&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501

1.193.146.35

200 OK

19 kB

URL HTTP/2
img1.baidu.com/it/u=4236532794,2495700365&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x501, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18608 bytes)
Hash
acee3e9523acbe0058b7990433f6523e
b26cfa6c1918038220ce82cabbfc318ea7d5dcbf
efdc6a214ab019b86af054e4d94aa3139d26fa5534144caf80f16088325ac222

HTTP Headers

GET /it/u=4236532794,2495700365&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=501 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 18608
expires: Wed, 22 Feb 2023 02:21:06 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: acee3e9523acbe0058b7990433f6523e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 02:21:06 GMT
ohc-cache-hit: ly5ct62 [1], bdix192 [2]
ohc-file-size: 18608
x-cache-status: MISS
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/786344.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/786344.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/786344.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3927920603,2173831038&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/541313.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/541313.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/541313.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1464025207,1601930707&fm=224&app=112&f=JPEG?w=500&h=500

img2.baidu.com/it/u=148410135,1299247152&fm=253&fmt=auto&app=138&f=JPEG?w=479&h=1024

183.134.239.1

200 OK

25 kB

URL HTTP/2
img2.baidu.com/it/u=148410135,1299247152&fm=253&fmt=auto&app=138&f=JPEG?w=479&h=1024
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 479x1024, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24766 bytes)
Hash
4d22b1f204b2d2b8d4c299179c7cb047
5be8d8b3bbeb9f31007a56adcd596b43735eae0f
2d3c93479864799958fe00dbc1e89b98ea68c4cd0f15d7bb04d98e512652a015

HTTP Headers

GET /it/u=148410135,1299247152&fm=253&fmt=auto&app=138&f=JPEG?w=479&h=1024 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 24766
expires: Mon, 06 Mar 2023 03:19:03 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 4d22b1f204b2d2b8d4c299179c7cb047
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 03:19:03 GMT
ohc-cache-hit: nb7ct57 [1], czix102 [2]
ohc-file-size: 24766
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3082888856,4264739488&fm=253&fmt=auto&app=138&f=JPEG?w=700&h=500

183.134.239.1

200 OK

27 kB

URL HTTP/2
img2.baidu.com/it/u=3082888856,4264739488&fm=253&fmt=auto&app=138&f=JPEG?w=700&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 700x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (26610 bytes)
Hash
f3dd3209c1ecc267ea8a01f89369a81f
13f1cc3e833bc6da876da16f0a6ba080d2a158a8
9b3acbc78b008bed28f2027df4c50dcae1fa60aaa8780467d702d56bbed7ec8f

HTTP Headers

GET /it/u=3082888856,4264739488&fm=253&fmt=auto&app=138&f=JPEG?w=700&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 26610
expires: Mon, 20 Feb 2023 04:46:19 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: f3dd3209c1ecc267ea8a01f89369a81f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 04:46:19 GMT
ohc-cache-hit: nb7ct60 [1], bdix222 [4]
ohc-file-size: 26610
x-cache-status: MISS
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/339564.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/339564.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/339564.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=2984372504,817641720&fm=253&app=138&f=JPEG?w=800&h=500

18495.url.tudown.com/uploads/images/160198.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/160198.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/160198.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=88574731,3460932504&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375

t14.baidu.com/it/u=1464025207,1601930707&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t14.baidu.com/it/u=1464025207,1601930707&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (39408 bytes)
Hash
f9a188f54fce5ef5640948251066761d
e1c83e9c6d7fcf40526c91d3c3e7f211ea1010ae
07a49bf93a7d98902380045ed0c04ad26844f8b14d5903e17c37a901814e7c97

HTTP Headers

GET /it/u=1464025207,1601930707&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpeg
Content-Length: 39408
Connection: keep-alive
Expires: Tue, 07 Feb 2023 18:14:41 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: f9a188f54fce5ef5640948251066761d
Age: 2019459
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 18:14:41 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache52 [4], qdix80 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39408
X-Cache-Status: HIT
Timing-Allow-Origin: *

18495.url.tudown.com/uploads/images/446453.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/446453.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/446453.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:54 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500

img2.baidu.com/it/u=3422795707,1191374492&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300

183.134.239.1

200 OK

7.6 kB

URL HTTP/2
img2.baidu.com/it/u=3422795707,1191374492&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.6 kB (7582 bytes)
Hash
753cf260d54eb818df955811164fcafc
5c081881beb9748cc8ae1b89b975de6f6f4411cd
565b095105879e9d4198c3278b58abc1d539d916f7f231e34897017a19db6772

HTTP Headers

GET /it/u=3422795707,1191374492&fm=253&fmt=auto&app=138&f=JPEG?w=300&h=300 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 7582
expires: Mon, 20 Feb 2023 02:55:39 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 753cf260d54eb818df955811164fcafc
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 02:55:39 GMT
ohc-cache-hit: nb7ct53 [1], qdix53 [2]
ohc-file-size: 7582
x-cache-status: MISS
X-Firefox-Spdy: h2

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=797643078&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24839&r=0&ww=1280&u=http%3A%2F%2F18495.url.tudown.com%2Fxiaz%2Fplants.vs.zombies-v2.2%40248_27706.exe&tt=%E7%BD%91%E7%BB%9C%E7%9C%9F%E5%AE%9E%E6%8D%95%E9%B1%BC%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=797643078&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24839&r=0&ww=1280&u=http%3A%2F%2F18495.url.tudown.com%2Fxiaz%2Fplants.vs.zombies-v2.2%40248_27706.exe&tt=%E7%BD%91%E7%BB%9C%E7%9C%9F%E5%AE%9E%E6%8D%95%E9%B1%BC%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=797643078&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=24839&r=0&ww=1280&u=http%3A%2F%2F18495.url.tudown.com%2Fxiaz%2Fplants.vs.zombies-v2.2%40248_27706.exe&tt=%E7%BD%91%E7%BB%9C%E7%9C%9F%E5%AE%9E%E6%8D%95%E9%B1%BC%E6%B8%B8%E6%88%8F%E4%B8%8B%E8%BD%BD(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-%E5%AE%A2%E6%88%B7%E7%AB%AF%E4%B8%8B%E8%BD%BDV6.37.142_IOS%2F%E5%AE%89%E5%8D%93%E9%80%9A%E7%94%A8%E7%89%88 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://18495.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 06:36:54 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=667B88955C19644C; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

api.share.baidu.com/s.gif?l=http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

112.34.113.148

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe
IP
112.34.113.148:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 06:36:55 GMT

img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

1.193.146.35

200 OK

14 kB

URL HTTP/2
img1.baidu.com/it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (13528 bytes)
Hash
3994120c8ee26ddd543bb5b842e4e137
fa939c0e7db0a6aa3d216180ecce175a7de4265e
d3c3f03706d10933bfe9500927e5f1bc7f4775b39942a9dc414e977a6e0aeb0d

HTTP Headers

GET /it/u=1194076453,1425750803&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 13528
expires: Mon, 20 Feb 2023 21:52:09 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 3994120c8ee26ddd543bb5b842e4e137
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 21:52:09 GMT
ohc-cache-hit: ly5ct55 [1], czix203 [4]
ohc-file-size: 13528
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=858552630,3355006432&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500

1.193.146.35

200 OK

20 kB

URL HTTP/2
img1.baidu.com/it/u=858552630,3355006432&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20514 bytes)
Hash
d82c62735442dd56e1e47b58dd50eb8c
e796c30465e11b76eb981714d0005df0d5aa1cd5
f73b251782143eff7a760f452a938cbf4074587c64c49f84f07ba13934063e29

HTTP Headers

GET /it/u=858552630,3355006432&fm=253&fmt=auto&app=120&f=JPEG?w=800&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 20514
expires: Mon, 27 Feb 2023 09:55:58 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: d82c62735442dd56e1e47b58dd50eb8c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 28 Jan 2023 09:55:58 GMT
ohc-cache-hit: ly5ct54 [1], bdix198 [4]
ohc-file-size: 20514
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1178444266,632526794&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=426

1.193.146.35

200 OK

14 kB

URL HTTP/2
img1.baidu.com/it/u=1178444266,632526794&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=426
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x426, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (14524 bytes)
Hash
fa1276781b0ab8e7cfb85abbc6635f9b
3ed76312db14b02e3c2781ddac1bfe282116ca47
2f183a3bed2afbacbb5a283f5c9fa971f8e2f384c167d8fb9eeb29a84bc11363

HTTP Headers

GET /it/u=1178444266,632526794&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=426 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 14524
expires: Tue, 28 Feb 2023 02:59:52 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: fa1276781b0ab8e7cfb85abbc6635f9b
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 02:59:52 GMT
ohc-cache-hit: ly5ct64 [1], xaix144 [4]
ohc-file-size: 14524
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2974140527,791421799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

183.134.239.1

200 OK

19 kB

URL HTTP/2
img0.baidu.com/it/u=2974140527,791421799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x707, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (18920 bytes)
Hash
1684019bfaa5643c66db1ad16d4f277a
456390bc2d3a891372eb0c77e0fa718338f0b907
dd5f6b1bc8b5d7a197b5090e96ff175bce05170ae1528510b1dc6b9296daf3d1

HTTP Headers

GET /it/u=2974140527,791421799&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 18920
expires: Wed, 22 Feb 2023 03:07:32 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 1684019bfaa5643c66db1ad16d4f277a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 03:07:32 GMT
ohc-cache-hit: nb7ct53 [1], suzix109 [4]
ohc-file-size: 18920
x-cache-status: MISS
X-Firefox-Spdy: h2

s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130

180.97.251.250

200 OK

20 B

URL HTTP/2
s22.cnzz.com/z_stat.php?id=1275003130&web_id=1275003130
IP
180.97.251.250:0
ASN
#4134 Chinanet

File type
data
Size
20 B (20 bytes)
Hash
7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2

HTTP Headers

GET /z_stat.php?id=1275003130&web_id=1275003130 HTTP/1.1
Host: s22.cnzz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://18495.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: application/javascript
content-length: 20
date: Sat, 04 Feb 2023 06:03:00 GMT
vary: Accept-Encoding
x-powered-by: PHP/5.5.25
last-modified: Sat, 04 Feb 2023 06:03:00 GMT
cache-control: max-age=1800,s-maxage=3600
content-encoding: gzip
ali-swift-global-savetime: 1675490580
via: cache18.l2ea120-8[75,75,200-0,M], cache30.l2ea120-8[77,0], cache8.cn2205[0,0,200-0,H], cache17.cn2205[0,0]
age: 2035
x-cache: HIT TCP_MEM_HIT dirn:13:697875226
x-swift-savetime: Sat, 04 Feb 2023 06:03:00 GMT
x-swift-cachetime: 3600
timing-allow-origin: *
eagleid: b461fb2d16754926151023511e
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/533558.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/533558.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/533558.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2918160468,939598698&fm=253&fmt=auto?w=1280&h=800

img0.baidu.com/it/u=2486204366,1818670457&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

183.134.239.1

200 OK

7.6 kB

URL HTTP/2
img0.baidu.com/it/u=2486204366,1818670457&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.6 kB (7632 bytes)
Hash
44b02c95ba6c1bfa83105e96b9dad5c9
c031d56c629072d03ae12499229c2c7bcf4d69a7
d337638bc7c76921b27466a64bb362ea27bdf64270ab3c9885ac7debd7b4d62c

HTTP Headers

GET /it/u=2486204366,1818670457&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 7632
expires: Sat, 18 Feb 2023 04:28:32 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 44b02c95ba6c1bfa83105e96b9dad5c9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:28:32 GMT
ohc-cache-hit: nb7ct54 [1], bdix220 [2]
ohc-file-size: 7632
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=284852671,127318131&fm=253&fmt=auto&app=138&f=JPEG?w=701&h=500

183.134.239.1

200 OK

37 kB

URL HTTP/2
img2.baidu.com/it/u=284852671,127318131&fm=253&fmt=auto&app=138&f=JPEG?w=701&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 701x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
37 kB (36844 bytes)
Hash
d0a950b3c26f477d192d8cf972dd53ec
0cb1bc561504b7e1b3d99c1cf4b2f232e1f33184
6f20af05aaaa0f1e7b5bb8ee0017e13d6252209baf765b675caab7cc8ff4a023

HTTP Headers

GET /it/u=284852671,127318131&fm=253&fmt=auto&app=138&f=JPEG?w=701&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 36844
expires: Mon, 06 Feb 2023 04:08:59 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: d0a950b3c26f477d192d8cf972dd53ec
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 07 Jan 2023 04:08:59 GMT
ohc-cache-hit: nb7ct61 [1], qdix83 [4]
ohc-file-size: 36844
x-cache-status: MISS
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/801395.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/801395.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/801395.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1798021489,1468780476&fm=253&fmt=auto&app=138&f=JPEG?w=355&h=500

img2.baidu.com/it/u=3339499544,2554994596&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

183.134.239.1

200 OK

24 kB

URL HTTP/2
img2.baidu.com/it/u=3339499544,2554994596&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (23932 bytes)
Hash
21c62b68016a1b5c0a14b80236efafe9
326e66210a84061b1898c322c652d2f23f790f0b
c5554efd5607792de2ff31bb6ba0a93483cc6c124975d6e67dcb60c349b88048

HTTP Headers

GET /it/u=3339499544,2554994596&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 23932
expires: Mon, 27 Feb 2023 13:30:53 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 21c62b68016a1b5c0a14b80236efafe9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 28 Jan 2023 13:30:53 GMT
ohc-cache-hit: nb7ct55 [1], xaix68 [4]
ohc-file-size: 23932
x-cache-status: MISS
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/774266.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/774266.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/774266.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500

img2.baidu.com/it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500

183.134.239.1

200 OK

26 kB

URL HTTP/2
img2.baidu.com/it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 354x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25642 bytes)
Hash
48f050ec213e6150303f6932590386e7
4445e7ca76beabcb8e51b5b51a6a055943c9ec40
1adb80a7132f8027a51b5870c2611b80c74a1302c08481e3cc4007fd056036ba

HTTP Headers

GET /it/u=3703390478,297776897&fm=253&fmt=auto&app=138&f=JPEG?w=354&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 25642
expires: Tue, 21 Feb 2023 07:20:59 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 48f050ec213e6150303f6932590386e7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 07:20:59 GMT
ohc-cache-hit: nb7ct58 [1], xaix211 [2]
ohc-file-size: 25642
x-cache-status: MISS
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/758714.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/758714.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/758714.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3300357739,4041733719&fm=253&app=120&f=JPEG?w=1280&h=800

18495.url.tudown.com/uploads/images/850910.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/850910.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/850910.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500

18495.url.tudown.com/uploads/images/303063.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/303063.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/303063.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1947962905,77713644&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750

img1.baidu.com/it/u=2919101970,2613881782&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

1.193.146.35

200 OK

32 kB

URL HTTP/2
img1.baidu.com/it/u=2919101970,2613881782&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31568 bytes)
Hash
81258ba1e242c48e83b09b94f7df023d
5591c3a5459ca8ff678467ffcb344447fca9fe3a
9e230f2cc80a1a908e745b90f7247466eacc800e27d0da890cda4af68f1ebf3b

HTTP Headers

GET /it/u=2919101970,2613881782&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 31568
expires: Tue, 21 Feb 2023 05:33:57 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 81258ba1e242c48e83b09b94f7df023d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 05:33:57 GMT
ohc-cache-hit: ly5ct68 [1], czix199 [2]
ohc-file-size: 31568
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1238913684,398514549&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=398

1.193.146.35

200 OK

9.3 kB

URL HTTP/2
img1.baidu.com/it/u=1238913684,398514549&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=398
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 224x398, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
9.3 kB (9264 bytes)
Hash
0629e4fb0df8ac6d5638cf5428305300
c9d93ebbae1891b00643d6cd5053807f42d2cc4b
5391034d3e572a27a75f232eb674023836fbe3a1bbe960d5e70d4e5149f7e97e

HTTP Headers

GET /it/u=1238913684,398514549&fm=253&fmt=auto&app=138&f=JPEG?w=224&h=398 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 9264
expires: Tue, 14 Feb 2023 21:27:28 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 0629e4fb0df8ac6d5638cf5428305300
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 21:27:28 GMT
ohc-cache-hit: ly5ct50 [1], bdix80 [4]
ohc-file-size: 9264
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=890478861,1298540812&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=302

1.193.146.35

200 OK

12 kB

URL HTTP/2
img1.baidu.com/it/u=890478861,1298540812&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=302
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 236x302, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
12 kB (12282 bytes)
Hash
ca4e36a899b4cf9d3a8b98dc59cb56d2
64950e273b6ed274dc62af1cc1d2e2a8d587038a
c5457dbead75141f9519a1e0a69467c8a5a8f1e03417955f278698abf5a137f1

HTTP Headers

GET /it/u=890478861,1298540812&fm=253&fmt=auto&app=138&f=JPEG?w=236&h=302 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 12282
expires: Sun, 26 Feb 2023 03:59:36 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: ca4e36a899b4cf9d3a8b98dc59cb56d2
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 03:59:36 GMT
ohc-cache-hit: ly5ct61 [1], qdix99 [4]
ohc-file-size: 12282
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=584437732,2268459894&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400

1.193.146.35

200 OK

16 kB

URL HTTP/2
img1.baidu.com/it/u=584437732,2268459894&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
16 kB (15486 bytes)
Hash
92333852b13fe3da50e02b5cb512f5c7
98c847af7f8426c7afe2d3a61aef440988c880a5
f8d079180b55f43ad475c54f0dd173e436046d2c3af9ccf08ce5b02e78994461

HTTP Headers

GET /it/u=584437732,2268459894&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:54 GMT
content-type: image/webp
content-length: 15486
expires: Fri, 03 Mar 2023 07:27:42 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 92333852b13fe3da50e02b5cb512f5c7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 01 Feb 2023 07:27:42 GMT
ohc-cache-hit: ly5ct66 [1], csix115 [2]
ohc-file-size: 15486
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=88574731,3460932504&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375

1.193.146.35

200 OK

28 kB

URL HTTP/2
img1.baidu.com/it/u=88574731,3460932504&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x375, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (28042 bytes)
Hash
539eda41ca1dd9c096a1a2edce7488b9
7b0643f31b5ca5036ff8008b5aa24dc5eed53c6b
eafc14d7cef996fc878353dcc04fcb5562b86da091f5f14d1c0b64fc81188d71

HTTP Headers

GET /it/u=88574731,3460932504&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=375 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 28042
expires: Sun, 26 Feb 2023 03:21:50 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 539eda41ca1dd9c096a1a2edce7488b9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 27 Jan 2023 03:21:50 GMT
ohc-cache-hit: ly5ct62 [1], xiangyix168 [2]
ohc-file-size: 28042
x-cache-status: MISS
X-Firefox-Spdy: h2

18495.url.tudown.com/uploads/images/233855.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/233855.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/233855.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410

img0.baidu.com/it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500

183.134.239.1

200 OK

59 kB

URL HTTP/2
img0.baidu.com/it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1379x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
59 kB (58656 bytes)
Hash
120fd386cdb5658928d783d763f51d51
4d17c05c9fe805d79b77ccba93a0e912cc389154
1780fd0dc02e9881f8656537f281584957e79665b0948e36d2c4ca8eab2b4af8

HTTP Headers

GET /it/u=3687507557,1328220146&fm=253&fmt=auto&app=138&f=JPEG?w=1379&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 58656
expires: Wed, 01 Mar 2023 08:34:46 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 120fd386cdb5658928d783d763f51d51
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 30 Jan 2023 08:34:46 GMT
ohc-cache-hit: nb7ct58 [1], wzix117 [2]
ohc-file-size: 58656
x-cache-status: MISS
X-Firefox-Spdy: h2

t15.baidu.com/it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

60 kB

URL HTTP/1.1
t15.baidu.com/it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
60 kB (59853 bytes)
Hash
332a195c9bc9c9ea18b527cb53535dca
792d0e5893a32fa7cfe38a7e17b503a1506dc72c
55a03c97a93b477cea6480796fc9ed11a169e721046477c52755a6f3f127a54b

HTTP Headers

GET /it/u=1928007667,2265831670&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 59853
Connection: keep-alive
Expires: Sun, 26 Feb 2023 01:54:34 GMT
Last-Modified: Tue, 06 Jan 1970 00:00:00 GMT
ETag: 332a195c9bc9c9ea18b527cb53535dca
Age: 359169
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 01:54:34 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache59 [1], xaix95 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 59853
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=1409919467,1656180023&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

62 kB

URL HTTP/1.1
t15.baidu.com/it/u=1409919467,1656180023&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
62 kB (62374 bytes)
Hash
45d5ff7049b99a1b3e76a2f7863b300e
bbf756454f757750570dfd75381830460687d50c
20dfbc96a2f7e588493878b2de6c70235f9d1347fa30612663dc95c663d4a2a3

HTTP Headers

GET /it/u=1409919467,1656180023&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 62374
Connection: keep-alive
Expires: Sat, 04 Feb 2023 07:52:47 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 45d5ff7049b99a1b3e76a2f7863b300e
Age: 2013939
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 05 Jan 2023 07:52:47 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache65 [2], czix147 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 62374
X-Cache-Status: HIT
Timing-Allow-Origin: *

18495.url.tudown.com/uploads/images/421825.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/421825.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/421825.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=1510345786,3294139156&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185

18495.url.tudown.com/uploads/images/749222.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/749222.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/749222.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500

t15.baidu.com/it/u=2554001494,2982271634&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

48 kB

URL HTTP/1.1
t15.baidu.com/it/u=2554001494,2982271634&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
48 kB (48332 bytes)
Hash
ee9ee39b48246f73205017f0215bd879
273844993041eaec87bd07d27e9f9c1620b9e5b8
c61fad178a3443a24367b7f906274e38af9bd6767cce4a7fc33d69a623bfea5b

HTTP Headers

GET /it/u=2554001494,2982271634&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 48332
Connection: keep-alive
Expires: Fri, 03 Mar 2023 07:23:29 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: ee9ee39b48246f73205017f0215bd879
Age: 184846
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 01 Feb 2023 07:23:28 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache56 [1], xaix134 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 48332
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=3927920603,2173831038&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t15.baidu.com/it/u=3927920603,2173831038&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (39280 bytes)
Hash
f06c04728cf1b41a661f8e127f9bc280
c731024c59d6650037941d9dc71de19c6174cc81
3775e60f4a98c138b388bb2a56aea641d45c16bf0de4fe3c7bdf8de800094e3f

HTTP Headers

GET /it/u=3927920603,2173831038&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 39280
Connection: keep-alive
Expires: Wed, 08 Feb 2023 08:19:41 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: f06c04728cf1b41a661f8e127f9bc280
Age: 191741
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 09 Jan 2023 08:19:41 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache53 [1], suzix105 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39280
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=1538948376,1368609904&fm=224&app=112&f=PNG?w=500&h=500

185.10.104.124

200 OK

390 kB

URL HTTP/1.1
t15.baidu.com/it/u=1538948376,1368609904&fm=224&app=112&f=PNG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
390 kB (390042 bytes)
Hash
a4036752c67a6d4054f03c4bf00d69dc
af18e3a83a600e3427ad0b926450f93b3b7ad43e
f8e1da78693de1b0be1a30245910032bad62fb2af8bd0a27454462ca44019126

HTTP Headers

GET /it/u=1538948376,1368609904&fm=224&app=112&f=PNG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/png
Content-Length: 390042
Connection: keep-alive
Expires: Sat, 25 Feb 2023 11:26:10 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: a4036752c67a6d4054f03c4bf00d69dc
Age: 709784
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 26 Jan 2023 11:26:10 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache64 [2], suzix200 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 390042
X-Cache-Status: HIT

18495.url.tudown.com/uploads/images/817804.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
18495.url.tudown.com/uploads/images/817804.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/817804.jpg HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3737705681,4137654514&fm=253&fmt=auto&app=120&f=JPEG?w=175&h=500

img1.baidu.com/it/u=2918160468,939598698&fm=253&fmt=auto?w=1280&h=800

1.193.146.35

200 OK

47 kB

URL HTTP/2
img1.baidu.com/it/u=2918160468,939598698&fm=253&fmt=auto?w=1280&h=800
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
47 kB (46908 bytes)
Hash
b204c01c45cabefd79fac98cea1a8273
13c30dbaed0b19e2c72f1f35bafc37595b12ab03
54d3f63285c18782eb771f7c8bc1d4bda29901dbcbbc98b82941c16bc44c8319

HTTP Headers

GET /it/u=2918160468,939598698&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 46908
expires: Thu, 02 Mar 2023 16:53:16 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: b204c01c45cabefd79fac98cea1a8273
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 16:53:16 GMT
ohc-cache-hit: ly5ct53 [1], csix119 [4]
ohc-file-size: 46908
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1798021489,1468780476&fm=253&fmt=auto&app=138&f=JPEG?w=355&h=500

1.193.146.35

200 OK

27 kB

URL HTTP/2
img1.baidu.com/it/u=1798021489,1468780476&fm=253&fmt=auto&app=138&f=JPEG?w=355&h=500
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 355x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (27004 bytes)
Hash
1d4b682db8b9451abad0a3b63f6c4452
76a685f0d956902781ed5f34ea27d07331981107
ea138c24dec4be882f699ae863a25614d3331e9bbc99a6d56572cdb8573011aa

HTTP Headers

GET /it/u=1798021489,1468780476&fm=253&fmt=auto&app=138&f=JPEG?w=355&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 27004
expires: Sat, 18 Feb 2023 02:51:55 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 1d4b682db8b9451abad0a3b63f6c4452
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 02:51:55 GMT
ohc-cache-hit: ly5ct56 [1], qdix243 [4]
ohc-file-size: 27004
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1947962905,77713644&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750

1.193.146.35

200 OK

46 kB

URL HTTP/2
img1.baidu.com/it/u=1947962905,77713644&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x750, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
46 kB (45546 bytes)
Hash
d35018b4c502901f48e86df89a07fdc1
49d13d314f8b20e263f7b519b0534db8f25560d7
b251e61e7dfcc0d7e56b955390ef72386fb3cf04483eacc90e48071532889975

HTTP Headers

GET /it/u=1947962905,77713644&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=750 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 45546
expires: Sat, 18 Feb 2023 21:01:38 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: d35018b4c502901f48e86df89a07fdc1
age: 7882
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 21:01:38 GMT
ohc-cache-hit: ly5ct53 [4], suzix209 [2]
ohc-file-size: 45546
x-cache-status: HIT
X-Firefox-Spdy: h2

t15.baidu.com/it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

53 kB

URL HTTP/1.1
t15.baidu.com/it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
53 kB (53286 bytes)
Hash
d029f82b46f0bfb3246b512b09f6d250
1cb5ca0dda851e98767de910cfd53c574ce715f4
c386112dc1486bb5ccf3b322e2b514813e80cf17513de32f792b0880750f1e90

HTTP Headers

GET /it/u=3845678196,3736557820&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 53286
Connection: keep-alive
Expires: Sat, 11 Feb 2023 22:37:31 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: d029f82b46f0bfb3246b512b09f6d250
Age: 1855693
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 22:37:30 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache63 [1], qdix100 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 53286
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410

183.134.239.1

200 OK

19 kB

URL HTTP/2
img2.baidu.com/it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 410x410, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19444 bytes)
Hash
af5a409edb2a104a6bfa09d94184e470
f2e028b0bb8d5ef75bc270a2d8937477e2af12d2
cf2188013c468d9137160a4e9e8eb8cccfbe931f309ed485bdb513474b8b2451

HTTP Headers

GET /it/u=976054514,2806933368&fm=253&fmt=auto&app=120&f=JPEG?w=410&h=410 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 19444
expires: Tue, 14 Feb 2023 12:39:47 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: af5a409edb2a104a6bfa09d94184e470
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 12:39:47 GMT
ohc-cache-hit: nb7ct54 [1], xaix76 [4]
ohc-file-size: 19444
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=1510345786,3294139156&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185

1.193.146.35

200 OK

10 kB

URL HTTP/2
img1.baidu.com/it/u=1510345786,3294139156&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185
IP
1.193.146.35:0
ASN
#139018 Henan Luoyang IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 270x185, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
10 kB (10240 bytes)
Hash
691637ffece1e07fcf85265d8ac33fd9
0f3ad86d9a8b751fa400fe0052bd029ece9edde5
c619b1b3a93d51f358f5bc50139a2ce9a9cef540cba7624e4b56c207ed311a2f

HTTP Headers

GET /it/u=1510345786,3294139156&fm=253&fmt=auto&app=138&f=JPEG?w=270&h=185 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 10240
expires: Tue, 14 Feb 2023 08:37:26 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 691637ffece1e07fcf85265d8ac33fd9
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 08:37:26 GMT
ohc-cache-hit: ly5ct55 [1], csix55 [4]
ohc-file-size: 10240
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3737705681,4137654514&fm=253&fmt=auto&app=120&f=JPEG?w=175&h=500

183.134.239.1

200 OK

24 kB

URL HTTP/2
img2.baidu.com/it/u=3737705681,4137654514&fm=253&fmt=auto&app=120&f=JPEG?w=175&h=500
IP
183.134.239.1:0
ASN
#4134 Chinanet

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 175x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (24162 bytes)
Hash
926d89004e3cd1ec5bf3a48208960b93
b72c89f1b3ac7ed2f842b6170ae72fc5630f88de
ed69ab37d9017c13fb34524a9ee7898db64106d4eb9e76aa8d28a2ddc3837db8

HTTP Headers

GET /it/u=3737705681,4137654514&fm=253&fmt=auto&app=120&f=JPEG?w=175&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://18495.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 06:36:55 GMT
content-type: image/webp
content-length: 24162
expires: Tue, 14 Feb 2023 08:12:51 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 926d89004e3cd1ec5bf3a48208960b93
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 15 Jan 2023 08:12:51 GMT
ohc-cache-hit: nb7ct54 [1], suzix97 [4]
ohc-file-size: 24162
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2984372504,817641720&fm=253&app=138&f=JPEG?w=800&h=500

113.219.142.35

200 OK

102 kB

URL HTTP/1.1
img0.baidu.com/it/u=2984372504,817641720&fm=253&app=138&f=JPEG?w=800&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 800x500, components 3\012- data
Size
102 kB (102047 bytes)
Hash
456dd0927d4946835b4b084874639174
940fdae14e7ced435d7f2a804b6c01320ccc3984
9385bcd40829789b643cb8b068f58d9505142b376adcfc2e25369a6b2f0a91ce

HTTP Headers

GET /it/u=2984372504,817641720&fm=253&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 102047
Connection: keep-alive
Expires: Tue, 28 Feb 2023 02:58:34 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 456dd0927d4946835b4b084874639174
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 29 Jan 2023 02:58:34 GMT
Ohc-Cache-HIT: chenzct68 [1], bdix227 [4]
Ohc-File-Size: 102047
X-Cache-Status: MISS

img2.baidu.com/it/u=3511892000,1824655894&fm=253&app=120&f=PNG?w=800&h=1280

180.97.198.35

200 OK

805 kB

URL HTTP/1.1
img2.baidu.com/it/u=3511892000,1824655894&fm=253&app=120&f=PNG?w=800&h=1280
IP
180.97.198.35:0
ASN
#140292 CHINATELECOM Jiangsu province Suzhou 5G network

File type
PNG image data, 800 x 1280, 8-bit/color RGBA, non-interlaced\012- data
Size
805 kB (804655 bytes)
Hash
c0c7c43d002a264a0acf0ac4495e8902
53ccfc3457eeeabea4165431136e0075616c05c2
6eb9b14ba2f013852d439f37386105d830b7d93975f42aec3cfc565c329f38d1

HTTP Headers

GET /it/u=3511892000,1824655894&fm=253&app=120&f=PNG?w=800&h=1280 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/png
Content-Length: 804655
Connection: keep-alive
Expires: Sun, 19 Feb 2023 22:16:34 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: c0c7c43d002a264a0acf0ac4495e8902
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 20 Jan 2023 22:16:34 GMT
Ohc-Cache-HIT: suz4ct53 [1], czix243 [4]
Ohc-File-Size: 804655
X-Cache-Status: MISS

img0.baidu.com/it/u=3300357739,4041733719&fm=253&app=120&f=JPEG?w=1280&h=800

113.219.142.35

200 OK

110 kB

URL HTTP/1.1
img0.baidu.com/it/u=3300357739,4041733719&fm=253&app=120&f=JPEG?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
110 kB (109909 bytes)
Hash
97f141b31c39bfbd1b0a52b512d729f7
5b65a0188c4c18a2807334beb61aa57b546ace16
d9663ca92716eb4cd221f6a722ddabbe17085e8d813f992005f32752cb527e41

HTTP Headers

GET /it/u=3300357739,4041733719&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 109909
Connection: keep-alive
Expires: Mon, 13 Feb 2023 02:52:54 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 97f141b31c39bfbd1b0a52b512d729f7
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 14 Jan 2023 02:52:54 GMT
Ohc-Cache-HIT: chenzct79 [1], bdix216 [4]
Ohc-File-Size: 109909
X-Cache-Status: MISS

js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d

101.198.192.7

200 OK

117 B

URL HTTP/1.1
js.passport.qihucdn.com/11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d
IP
101.198.192.7:0
ASN
#55992 Beijing Qihu Technology Company Limited

File type
HTML document, ASCII text, with no line terminators
Size
117 B (117 bytes)
Hash
807bb08bf1c51aaff763edb0f02719ef
6e089da63e5751494b32d77031df30ec3c8be067
7eb411ad7be2e6af85645f2a2b6401bf6085fe4e0436d004f33710bb84a7be4e

HTTP Headers

GET /11.0.1.js?d10ea2610e3a9b90fa9990ffc6bf559d HTTP/1.1
Host: js.passport.qihucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 06:36:57 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 28 Nov 2018 07:43:20 GMT
Cache-Control: max-age=600
Expires: Sat, 04 Feb 2023 06:46:57 GMT
KCS-Via: REVALIDATED from w-fc01.hkht;MISS from w-sc01.hkht
Content-Encoding: gzip

img0.baidu.com/it/u=1509955901,1996398254&fm=253&app=120&f=JPEG?w=1280&h=800

113.219.142.35

200 OK

107 kB

URL HTTP/1.1
img0.baidu.com/it/u=1509955901,1996398254&fm=253&app=120&f=JPEG?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2017 (Windows), datetime=2019:04:01 17:23:12], baseline, precision 8, 1280x800, components 3\012- data
Size
107 kB (106774 bytes)
Hash
4ea61bfb320e9f250591dc30d955f30e
e6bdcf37df2b2655de418af2ecffee266a3efb6e
2472d1de6b554ce3ac4f66707994b36057f49a1e2c2effaa8ee10c3be9c2c4b0

HTTP Headers

GET /it/u=1509955901,1996398254&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://18495.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 06:36:55 GMT
Content-Type: image/jpeg
Content-Length: 106774
Connection: keep-alive
Expires: Sun, 05 Mar 2023 14:44:35 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 4ea61bfb320e9f250591dc30d955f30e
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 03 Feb 2023 14:44:35 GMT
Ohc-Cache-HIT: chenzct65 [1], qdix229 [4]
Ohc-File-Size: 106774
X-Cache-Status: MISS

s6.qhres2.com/static/ab77b6ea7f3fbf79.js

54.230.111.11

200 OK

478 B

URL HTTP/1.1
s6.qhres2.com/static/ab77b6ea7f3fbf79.js
IP
54.230.111.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (478), with no line terminators
Size
478 B (478 bytes)
Hash
5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a

HTTP Headers

GET /static/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s6.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Content-Length: 478
Connection: keep-alive
Date: Mon, 26 Sep 2022 01:48:25 GMT
X-QSTATIC-HIT: 1
Last-Modified: Mon, 01 Jan 2018 00:00:00 GMT
ETag: W/"b300475a05992239"
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, immutable
Expires: Thu, 23 Sep 2032 01:48:25 GMT
KCS-Via: HIT from w-fc01.lato;MISS from w-sc02.lato
Accept-Ranges: bytes
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: prwkOM_zIkcs8nyPpdasCjq6kN4uD-Lmt3GPdSs_6Zq3j7Ddf1MuRg==
Age: 11335713

18495.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
18495.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 18495.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/xiaz/plants.vs.zombies-v2.2@248_27706.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675492649; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675492649

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 06:36:58 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

s.360.cn/so/zz.gif?url=http%3A%2F%2F18495.url.tudown.com%2Fxiaz%2Fplants.vs.zombies-v2.2%40248_27706.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a620671702e_38a492b@920.

101.198.2.147

200 OK

0 B

URL HTTP/1.1
s.360.cn/so/zz.gif?url=http%3A%2F%2F18495.url.tudown.com%2Fxiaz%2Fplants.vs.zombies-v2.2%40248_27706.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a620671702e_38a492b@920.
IP
101.198.2.147:0
ASN
#23724 IDC, China Telecommunications Corporation

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /so/zz.gif?url=http%3A%2F%2F18495.url.tudown.com%2Fxiaz%2Fplants.vs.zombies-v2.2%40248_27706.exe&sid=d10ea2610e3a9b90fa9990ffc6bf559d&token=de1x0ee.a620671702e_38a492b@920. HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://18495.url.tudown.com/

HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Sat, 04 Feb 2023 06:36:58 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Tue, 31 May 2022 08:31:22 GMT
Connection: keep-alive
ETag: "6295d25a-0"
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL