Report - 12804.url.tudown.com/down/type34.6.0.0@376

Report Overview

Submitted URL
12804.url.tudown.com/down/type34.6.0.0@376_33660.exe
IP
154.218.151.71
ASN
#137951 Clayer Limited
Submitted
2023-02-04 11:54:04
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
18

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
t13.baidu.com	32653	2021-01-09T14:57:25Z	2023-03-12T11:23:14Z	2.5 kB	301 kB	185.10.104.124
jspassport.ssl.qhimg.com	82940	2015-06-19T09:16:50Z	2023-03-13T05:33:17Z	406 B	492 B	54.230.111.122
img2.baidu.com	50786	2021-03-25T13:17:58Z	2023-03-12T11:23:13Z	8.3 kB	1.1 MB	42.81.98.35
img1.baidu.com	50158	2021-03-25T13:17:58Z	2023-03-12T11:23:15Z	4.7 kB	396 kB	58.42.14.35
img0.baidu.com	50126	2021-03-25T13:17:59Z	2023-03-12T11:23:13Z	6.6 kB	958 kB	113.219.142.35
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.33.119.27
12804.url.tudown.com	unknown	2017-06-17T08:04:45Z	2023-03-12T11:45:32Z	28 kB	264 kB	154.218.151.71
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.185.138.177
ocsp.globalsign.com	2075	2012-07-20T19:46:16Z	2023-03-13T05:09:19Z	359 B	1.9 kB	104.18.21.226
t14.baidu.com	32559	2021-01-22T21:20:42Z	2023-03-12T11:23:14Z	1.1 kB	124 kB	185.10.104.124
s.360.cn	19814	2012-07-10T18:01:51Z	2023-03-13T09:22:08Z	450 B	238 B	171.8.167.90
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	58 kB	34.120.237.76
api.share.baidu.com	44629	2013-04-25T16:45:11Z	2023-03-13T05:37:01Z	367 B	114 B	182.61.201.93
t15.baidu.com	33050	2021-01-09T17:16:17Z	2023-03-12T11:23:14Z	1.4 kB	200 kB	185.10.104.124
push.zhanzhang.baidu.com	57139	2015-07-22T07:44:02Z	2023-03-13T05:37:01Z	290 B	750 B	182.61.240.101
s.ssl.qhres2.com	89936	2021-10-26T00:09:20Z	2023-03-13T05:33:18Z	379 B	1.1 kB	54.230.111.78
hm.baidu.com	8254	2012-05-26T10:38:45Z	2023-03-13T05:32:36Z	1.2 kB	12 kB	103.235.46.191

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-04	medium	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	Malware
2023-02-04	medium	12804.url.tudown.com/js/orsxg5a.script	Malware
2023-02-04	medium	12804.url.tudown.com/template/company/955yx/js/searchword.js	Malware
2023-02-04	medium	12804.url.tudown.com/template/company/955yx/js/week_rank.js	Malware
2023-02-04	medium	12804.url.tudown.com/template/company/955yx/js/script_index2.js	Malware
2023-02-04	medium	12804.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js	Malware
2023-02-04	medium	12804.url.tudown.com/template/company/955yx/js/api.js	Malware
2023-02-04	medium	12804.url.tudown.com/template/company/955yx/js/gb.js	Malware
2023-02-04	medium	12804.url.tudown.com/static/api/http://12804.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465418	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba	106 B	2023-03-07	2024-04-25
Pretty URL jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba IP 54.230.111.122 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-25 10:56:17 Times Seen1003 Hash fdffada99a6e326385c9d6d22006b6c8 f69101fdeeb5282659ebffa17ec82e89a0cd09f9 c58c444af409b74761d5cb4a86fde4b48ee2d4701252b439834f01868c8cb955 Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-25
Pretty URL push.zhanzhang.baidu.com/push.js IP 182.61.240.101 ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-25 23:22:48 Times Seen19000 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	12804.url.tudown.com/js/orsxg5a.script	944 B	2023-03-12	2023-03-18
Pretty URL 12804.url.tudown.com/js/orsxg5a.script IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 115782a87f98ee819affba9c5fc37d4e e3e7eb2067add7793da4221acd4edc9776600c41 54f9e7c3cf8bb6599a306d4cf9a19259071fc3dab0865d538c8e03335889194b Loading...

	12804.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js	105 kB	2023-03-12	2023-10-24
Pretty URL 12804.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:08:24 Last Seen2023-10-24 19:35:40 Times Seen351 Hash 8863bdd7f7fe5848592bff2c09143e1a 331f37f2aed6810d21e2228c8a09f27295edc421 940897dee05b029e9f2611c314893ee723ee8d35bbc804a622f9e4b2818a22f3 Loading...

	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	254 B	2023-03-09	2023-12-23
Pretty URL 12804.url.tudown.com/down/type34.6.0.0@376_33660.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 08:02:19 Last Seen2023-12-23 16:26:58 Times Seen1789 Hash c86ce41b80900dd60765c9dddb425e66 29681365731cf7d3bbaf1cf9d121090ef34624a5 a7d6678bd92dd9f38310914883d14c408d73826eeccbe32b7cdaf9f77c6c589b Loading...

	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	203 B	2023-03-12	2023-04-22
Pretty URL 12804.url.tudown.com/down/type34.6.0.0@376_33660.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:37 Last Seen2023-04-22 04:15:56 Times Seen299 Hash 07cb696e67abd7114f27a401542b9e41 41736483962044cfacf98bd0e52ce48580c6defa 7e9f0a1f73de7e28f37bcfc500a10ae14c245a16020b85741de2960504dfda7a Loading...

	s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js	478 B	2023-03-07	2024-04-25
Pretty URL s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js IP 54.230.111.78 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-25 10:56:19 Times Seen2401 Hash 5dd27f8f2b042194c3cdabd62fd80110 c035036a939799d4c29b9c0f7229ae1953d03109 928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a Loading...

	12804.url.tudown.com/template/company/955yx/js/gb.js	30 kB	2023-03-12	2023-10-24
Pretty URL 12804.url.tudown.com/template/company/955yx/js/gb.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:08:24 Last Seen2023-10-24 19:35:40 Times Seen304 Hash 13a2674dadfca44c2045c95326bc0e58 c1acd63f4ee088f4dee816891bd3d1755fc43e05 77c2b039e831224c4e2aa191faf12f9bd5129afb255a000aae27a32a45c4fa1a Loading...

	12804.url.tudown.com/template/company/955yx/js/searchword.js	4.0 kB	2023-03-12	2023-10-24
Pretty URL 12804.url.tudown.com/template/company/955yx/js/searchword.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:08:24 Last Seen2023-10-24 19:35:40 Times Seen307 Hash 8d60e9d0d1342c3a48b2d0419c24bd20 b17fe5fe02c4ea6f70f5992dfe6e349cb706a878 16a18537cbf03e45953477c8fe12b6690a799f15575dffbdfcb6dae3a84df77c Loading...

	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	1.2 kB	2023-03-12	2023-04-05
Pretty URL 12804.url.tudown.com/down/type34.6.0.0@376_33660.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:37 Last Seen2023-04-05 01:37:11 Times Seen255 Hash dc87b0eb21fac25bd39cdf6ca3d6cec3 e8e46baa12a25ee3eb51b96364d7fc8ccdc01f4f 3d202add2284bb510f8d1415e2b50985d330b29b948610483eb7f0e92b16ceae Loading...

	12804.url.tudown.com/template/company/955yx/js/week_rank.js	656 B	2023-03-12	2023-04-22
Pretty URL 12804.url.tudown.com/template/company/955yx/js/week_rank.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:37 Last Seen2023-04-22 04:15:56 Times Seen301 Hash 00ac918b54dd742e0ec507274205038a 6a2976eb86376f33eb4f7b587f71296f07940da5 11624c98f05816c06f80e2ea5ef22376ce5509cb2c076003f9d5f27ac81f4ec9 Loading...

	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	377 B	2023-03-12	2023-03-26
Pretty URL 12804.url.tudown.com/down/type34.6.0.0@376_33660.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:11:12 Last Seen2023-03-26 03:53:54 Times Seen2 Hash 5162c335c15f4fdc6fddca836185ba5a 3fa72057decd6862c6140e1792566c6cbf4a1021 30d3cb965aa12b6b48a8c1210b82c8031deb4b25f075460af5d0f17838c6dcc0 Loading...

	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	445 B	2023-03-12	2023-04-22
Pretty URL 12804.url.tudown.com/down/type34.6.0.0@376_33660.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:37 Last Seen2023-04-22 04:15:56 Times Seen299 Hash 476e614f8d9af463d70e19ebf88cc8e0 83f4e5da14fff7db70591ddb05f2996789ee7994 e14aa0a7deb62b9689555813981f859299e8c5f98ddbc2b310d67349c1fd952f Loading...

	12804.url.tudown.com/template/company/955yx/js/api.js	22 B	2023-03-12	2023-10-24
Pretty URL 12804.url.tudown.com/template/company/955yx/js/api.js IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 06:08:24 Last Seen2023-10-24 19:35:40 Times Seen308 Hash 143a35d673d243f56603ac04a89d8099 677acddc2a341ec711d74ecfd05bb919208c23df ab368ffd11e345075f085c40cfdd9254280e0db19ed65e2668c287b17508170f Loading...

	12804.url.tudown.com/down/type34.6.0.0@376_33660.exe	802 B	2023-03-12	2023-04-22
Pretty URL 12804.url.tudown.com/down/type34.6.0.0@376_33660.exe IP 154.218.151.71 ASN #137951 Clayer Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 11:06:37 Last Seen2023-04-22 04:15:56 Times Seen299 Hash 41f8b24f3016e2bcd2a6a26c37b52f4c c0dbe5916484ea885d98b22841fe588ccd68628c 4826cbcbccd6e2f40a5fc3796599858ecd6341333394e8fad48f7fe87de052d9 Loading...

	hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7	30 kB	2023-03-13	2023-03-13
Pretty URL hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 16:42:53 Last Seen2023-03-13 16:42:53 Times Seen1 Hash c8298f4f8208de9db23f5ef18d4df394 86c097032a9466f23b66044a4274ea70d72fb190 afebca2d24a56fe724b1491c6d6fe5481dd23607cad573efdb0afa595b9a78dd Loading...

		Size	First Seen	Last Seen
	#1 Write - 74312d9fd3d0d77a65b4edf6f7a9d543	169 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 12:43:11 Last Seen2024-04-24 09:12:37 Times Seen2524 Hash 74312d9fd3d0d77a65b4edf6f7a9d543 f8f99b78a90612dba2ab0f2f96d35ef3c77cd3c6 e3932ed210d0dfb6820eacc496a3e5a609b8f011515b9324fe93b5d956a11f08 Loading...

	#2 Write - 9104ef1ddb84ab257a9e746454b00ff8	310 B	2023-03-12	2023-03-18
Pretty Observations First Seen2023-03-12 14:02:34 Last Seen2023-03-18 07:38:54 Times Seen1 Hash 9104ef1ddb84ab257a9e746454b00ff8 abbc574006d442cf8207f6547e94799ac4aa2aaf 08cfa2671ab17fd81b2902c4c81aa0924c009028f346513b84a77417ae47d036 Loading...

	#3 Write - f04a989cc6934d966005f208d8a76486	109 B	2023-03-07	2024-04-21
Pretty Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-21 21:29:48 Times Seen831 Hash f04a989cc6934d966005f208d8a76486 01706cd8417e937eeb6f353c8fcf3fbfd73b9c33 405d1b31aee0ca88643371e6ae67d3f53bebb2a2ba8ebc69cf7449f788a2d04c Loading...

	#4 Write - 87092ed67515a683295f7ec956ddd5d1	88 B	2023-03-07	2024-04-21
Pretty Observations First Seen2023-03-07 01:24:56 Last Seen2024-04-21 21:29:48 Times Seen913 Hash 87092ed67515a683295f7ec956ddd5d1 06020f6c6f95424c00eba0bb9a5d8c544116c668 1c78737754efd40c05f7c5d9cb5ea93256f0d10f0cd935eae2e4208c7f9464d6 Loading...

HTTP Transactions (164)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1cdc095521e9ee2606059be447d1fdd5
02b5d0a5b5823e2338daf7e144700babe2a213af
8bda3aabcf331c2bfcc4c7023cd797c760fd301dc353641bb95048e072f66c66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8BDA3AABCF331C2BFCC4C7023CD797C760FD301DC353641BB95048E072F66C66"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16264
Expires: Sat, 04 Feb 2023 16:24:57 GMT
Date: Sat, 04 Feb 2023 11:53:53 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19801
Expires: Sat, 04 Feb 2023 17:23:54 GMT
Date: Sat, 04 Feb 2023 11:53:53 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Alert, Retry-After, Content-Length, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 04 Feb 2023 11:36:14 GMT
content-type: application/json
age: 1059
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8016
Expires: Sat, 04 Feb 2023 14:07:29 GMT
Date: Sat, 04 Feb 2023 11:53:53 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: oJYXh06P5Ue+rk06mSPfDpN2P0gu0e+57f2mW7Rp+5RYomYSBhlXfe19jclak7o4AEt/wBrYDMQ=
x-amz-request-id: NTPEH9AB61SQT292
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 04 Feb 2023 11:23:58 GMT
age: 1795
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 04 Feb 2023 11:53:53 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 04 Feb 2023 11:07:19 GMT
age: 2794
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dedf9c519ac38c4bece9c5bc895787d7
4911175c3f8a435978c5301c33c7a99a5e00a1d5
bddd7e3a4939f863642a7c5348c1c8b9bc569b35c10a27f4cf5ec71f7e6b9698

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BDDD7E3A4939F863642A7C5348C1C8B9BC569B35C10A27F4CF5EC71F7E6B9698"
Last-Modified: Fri, 03 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10435
Expires: Sat, 04 Feb 2023 14:47:48 GMT
Date: Sat, 04 Feb 2023 11:53:53 GMT
Connection: keep-alive

12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

154.218.151.71

200 OK

8.6 kB

URL HTTP/1.1
12804.url.tudown.com/down/type34.6.0.0@376_33660.exe
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Size
8.6 kB (8590 bytes)
Hash
06bedadff78d77dc64e19863d8ee60cd
b1fb7de10c5ff58a7858a0bcbc75a4316bee8d90
6e92ba346f2c95a5ef60e27559c644ec9a7d538a2ec3853054d6da10d021bb85

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /down/type34.6.0.0@376_33660.exe HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:53 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

push.services.mozilla.com/

54.185.138.177

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.185.138.177:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 064RurQ2XxaXk83HF/3gfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kZJcm58K7tuPLsK8DhTi5AMCgUo=

12804.url.tudown.com/js/orsxg5a.script

154.218.151.71

200 OK

531 B

URL HTTP/1.1
12804.url.tudown.com/js/orsxg5a.script
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document, ASCII text, with CRLF line terminators
Size
531 B (531 bytes)
Hash
39fd4f4c17d424445d9f437c99c9d40a
84a56ab95c669d43c757a5f9a312d5f3a37f73fa
45f58e7b2e72c9f2734889b73ef5c3f2d3e1fb9ac69995afe1561ec4a7943d15

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /js/orsxg5a.script HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12804.url.tudown.com/template/company/955yx/js/searchword.js

154.218.151.71

200 OK

1.3 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/js/searchword.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
1.3 kB (1287 bytes)
Hash
95c12a0f8944cbd1c05e11f7a72875dd
22430886820419d75b8da5721af251bdeb6811d1
36e33550c0a108df269183b53afe7f8c86316cc7e24a84ee3804e8ae12c627eb

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/955yx/js/searchword.js HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86ff1-fb5"
Expires: Sat, 04 Feb 2023 23:53:54 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12804.url.tudown.com/template/company/955yx/js/week_rank.js

154.218.151.71

200 OK

656 B

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/js/week_rank.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with CRLF line terminators
Size
656 B (656 bytes)
Hash
00ac918b54dd742e0ec507274205038a
6a2976eb86376f33eb4f7b587f71296f07940da5
11624c98f05816c06f80e2ea5ef22376ce5509cb2c076003f9d5f27ac81f4ec9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/955yx/js/week_rank.js HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: application/javascript
Content-Length: 656
Last-Modified: Tue, 15 Jun 2021 09:16:32 GMT
Connection: keep-alive
ETag: "60c86ff0-290"
Expires: Sat, 04 Feb 2023 23:53:54 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

12804.url.tudown.com/template/company/955yx/js/script_index2.js

154.218.151.71

200 OK

2.3 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/js/script_index2.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ISO-8859 text, with CRLF line terminators
Size
2.3 kB (2263 bytes)
Hash
e3f1b130f72b9756f002c6bbbc284fb7
d51b59da45422005ca5f02b66cb02eaf1b44a8fd
3c0e569d33461414b263a4a7e6602577873e4843bb450d5de979f263d02644c9

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/955yx/js/script_index2.js HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86ff2-1f77"
Expires: Sat, 04 Feb 2023 23:53:54 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12804.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js

154.218.151.71

200 OK

41 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/js/jquery-1.8.3.min.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with very long lines (65483)
Size
41 kB (40969 bytes)
Hash
aef63d51fe884fe89d488a2abc96381b
ed39edfb824178566b87b08164c7d382a119705b
51826bef0d69d08144d8605e1c56e1602cb1b6f620f854972c31080cf17d11f5

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/955yx/js/jquery-1.8.3.min.js HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-198c3"
Expires: Sat, 04 Feb 2023 23:53:54 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12804.url.tudown.com/template/company/955yx/js/api.js

154.218.151.71

200 OK

22 B

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/js/api.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
ASCII text, with CRLF line terminators
Size
22 B (22 bytes)
Hash
143a35d673d243f56603ac04a89d8099
677acddc2a341ec711d74ecfd05bb919208c23df
ab368ffd11e345075f085c40cfdd9254280e0db19ed65e2668c287b17508170f

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/955yx/js/api.js HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: application/javascript
Content-Length: 22
Last-Modified: Tue, 15 Jun 2021 09:16:34 GMT
Connection: keep-alive
ETag: "60c86ff2-16"
Expires: Sat, 04 Feb 2023 23:53:54 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes

12804.url.tudown.com/template/company/955yx/css/gb.css

154.218.151.71

200 OK

47 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/css/gb.css
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with very long lines (393), with CRLF line terminators
Size
47 kB (47262 bytes)
Hash
50dd1318432db01d440645564e53edc9
ee0cb6adb44f515312f771197c6c08b951cb7689
2b908ce7540ed6b03b07bdec7eb7eb504b76e78b3304474f40af3b8f3afb2135

HTTP Headers

GET /template/company/955yx/css/gb.css HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:54 GMT
Content-Type: text/css
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-30c0d"
Expires: Sat, 04 Feb 2023 23:53:54 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

12804.url.tudown.com/template/company/955yx/js/gb.js

154.218.151.71

200 OK

7.7 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/js/gb.js
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
7.7 kB (7698 bytes)
Hash
2a105ecd23c8abe20d0f84a4d10903a7
f3a1339005455be7df05412b2bde5d33ed096da0
9e8e3180840152689c4d7732c3660da6c766645aad88f695c041720ff5ec0a67

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /template/company/955yx/js/gb.js HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: application/javascript
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60c86fef-7685"
Expires: Sat, 04 Feb 2023 23:53:55 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ae58d39edb7923f0dac8e7b20767f306
827e75323edf1548d2b898b96caaec9556893e3a
2c18f66718230665099bdc4a96dbed4e667ff233f9853aebd3e0802235c658d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C18F66718230665099BDC4A96DBED4E667FF233F9853AEBD3E0802235C658D8"
Last-Modified: Thu, 02 Feb 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7892
Expires: Sat, 04 Feb 2023 14:05:27 GMT
Date: Sat, 04 Feb 2023 11:53:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11013
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11013
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:55 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1b25bf82638deaab60981e1315ee0849
e3bd912fd1a890e64ee6746a78a674db7ff77039
a99b0dfa9ca7176b21cc2d65963a1b6eb6d534b3767d02ef06cc207a63331ebf

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A99B0DFA9CA7176B21CC2D65963A1B6EB6D534B3767D02EF06CC207A63331EBF"
Last-Modified: Sat, 04 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11013
Expires: Sat, 04 Feb 2023 14:57:28 GMT
Date: Sat, 04 Feb 2023 11:53:55 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8527 bytes)
Hash
6661b7263315f5eb3cd2465f671e1fcd
b7b5831c6b3ccc41d7a980b6088adc10ff8785f1
eb25507950d81db4b54a1af7fadaceee1bcff780eb28b6a04dbfb3886785f5b7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a6c7026-85a2-4419-bd6b-ba1bac463dda.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8527
x-amzn-requestid: f95a2821-ae89-4ea9-93b2-43e570285df3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyEC3FyboAMFe0A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8078-7e2177f11d5715d4092cad2c;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: dcFgY5x3Ef0J__7wGn3llTjZ9as5nX1H4HErIT3VlKfeQaQTjymW2g==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:33 GMT
etag: "b7b5831c6b3ccc41d7a980b6088adc10ff8785f1"
content-type: image/jpeg
age: 49402
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.1 kB (9141 bytes)
Hash
f7101f6e43855cb76ce48271a847ffbd
8e674830a97d8ce3818132fda197db4f0289d316
e78a83a4024e238bcdec3b9c4d5c12a99f49aabd57e34952f6a4cc8ed4422f55

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcae6042d-d677-4e39-b4e4-858988eb847b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9141
x-amzn-requestid: ed7db574-6bca-4f3e-8879-c3e836549339
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD8zE5lIAMF1HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8051-4480112f11d4ced0037d1ad8;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6kDIOqhM4aVL80sF02uFu2TuGbiBE7_L_S2W7x-P46hO5YZFmuL9nQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:13:30 GMT
age: 49225
etag: "8e674830a97d8ce3818132fda197db4f0289d316"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11565 bytes)
Hash
e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lsQxPtozrh2Ty1T-3d-1crDfi8HgVKRafOXb1UFl033bCx3kAzTS7w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 21:48:04 GMT
age: 50751
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.2 kB (7249 bytes)
Hash
d7afd5ce8fb9ec7b62e528bf97705e49
afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3
b2d93ba6c0ed2c858d91afba1c81251afbffa41c779be2e9203994dcfb7bbc9d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5c030376-7935-4601-969c-86a91f4f5e85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7249
x-amzn-requestid: 007ce521-ed5c-4074-a314-684ad0df2e22
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD9GH5goAMF_ag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8053-7060f02b767c90371991a190;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5fTV_e56nzjiXo4Guu67WXDDvp3nrjB0Yfyy6ByjcDSx23J-8r0fmQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 49414
etag: "afbf22f5d8f54adcb00e8980a9b22f2c5b6703c3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9743 bytes)
Hash
518bba9a8770e8ff15229a68be5bddc3
139f944b3f4279e640901f7a6b993f1a49b51a22
0591e73dec2190752677f06525bc993dc8c7a5aa20984a5eda64c323188e2b1d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2a517af0-06bb-4ad2-b66e-3627ca6b60a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9743
x-amzn-requestid: b6c1caa9-72e4-476f-9c3d-4a746c410ba3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EHLJoAMF_TA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-1289ef383fbad59621eda6d0;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nIp2nUVnamnoTpFwrN1L4K1dqjYvcDGuV2yFqYskkXb14k72AZsjMg==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:08:41 GMT
age: 49514
etag: "139f944b3f4279e640901f7a6b993f1a49b51a22"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5174 bytes)
Hash
e5b4e4f15da3323c73974c3f1cdb5d74
1f14971d0cf979cc34ff191849dc43d86e8ac463
5893d7e5b2fd9de92829b303c42d0c07ff32b3f6b8705b6f5b4a784315c8808e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ec84086-8ac2-4887-bc81-86003255ab99.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5174
x-amzn-requestid: 35630c70-3bad-47b4-94bb-09c873632194
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fyD7EFAHIAMFQQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dd8046-317b1fbb3bee0f377697bf3d;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 21:44:38 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OD5cy75AkNMwTIvIool2nKbKgr5Jpo1Plm_X_YPr3rdPbg86_V2fdA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 03 Feb 2023 22:10:21 GMT
age: 49414
etag: "1f14971d0cf979cc34ff191849dc43d86e8ac463"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

12804.url.tudown.com/template/company/955yx/images/home.png

154.218.151.71

200 OK

1.3 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/images/home.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 22 x 22, 8-bit/color RGBA, non-interlaced\012- data
Size
1.3 kB (1270 bytes)
Hash
302b4d0465daebb6a02b59b721d92a41
20d18d0cb9f052ec48b775ec2de2e8ce1a233c1e
a7fa550286b2b0974ab70bbadbe26cfa5b6770da8a71445b3b3f87abd896d3f2

HTTP Headers

GET /template/company/955yx/images/home.png HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/template/company/955yx/css/gb.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/png
Content-Length: 1270
Last-Modified: Tue, 15 Jun 2021 09:16:32 GMT
Connection: keep-alive
ETag: "60c86ff0-4f6"
Accept-Ranges: bytes

12804.url.tudown.com/static/api/http://12804.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465418

154.218.151.71

404 Not Found

146 B

URL HTTP/1.1
12804.url.tudown.com/static/api/http://12804.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465418
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /static/api/http://12804.url.tudown.com/template/company/955yx/js/share.js?v=89860593.js?cdnversion=465418 HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

12804.url.tudown.com/uploads/images/481750.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/481750.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/481750.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2531747096,3390494620&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/622106.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/622106.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/622106.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2762903417,203884732&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/781405.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/781405.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/781405.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3419313249,3550778672&fm=253&fmt=auto&app=120&f=JPEG?w=560&h=535

12804.url.tudown.com/uploads/images/121962.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/121962.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/121962.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2918729760,2340825081&fm=253&fmt=auto&app=138&f=JPEG?w=150&h=120

12804.url.tudown.com/uploads/images/160054.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/160054.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/160054.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2932591613,194713924&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=281

12804.url.tudown.com/uploads/images/932259.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/932259.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/932259.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=925997618,3741724389&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=334

push.zhanzhang.baidu.com/push.js

182.61.240.101

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
182.61.240.101:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Sat, 04 Feb 2023 11:53:55 GMT
Etag: "4078521116"
Expires: Sun, 04 Feb 2024 11:53:55 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=85A1BCA42DE36105E38F30D7BFCF59D8:FG=1; max-age=31536000; expires=Sun, 04-Feb-24 11:53:55 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

t13.baidu.com/it/u=2762903417,203884732&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

40 kB

URL HTTP/1.1
t13.baidu.com/it/u=2762903417,203884732&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
40 kB (39694 bytes)
Hash
a7b0a5f37f3b23acaccbe844e509ccaf
3523e75840c17a55d53e08f1599a1cf73ce7a596
79b7630524161a8fc2ac68f09a3166ecb38c373b05b4c1b100b1c7fe2ca9d06a

HTTP Headers

GET /it/u=2762903417,203884732&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpeg
Content-Length: 39694
Connection: keep-alive
Expires: Sun, 26 Feb 2023 07:12:06 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: a7b0a5f37f3b23acaccbe844e509ccaf
Age: 556107
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 27 Jan 2023 07:12:06 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache58 [1], czix163 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 39694
X-Cache-Status: HIT
Timing-Allow-Origin: *

t13.baidu.com/it/u=2531747096,3390494620&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t13.baidu.com/it/u=2531747096,3390494620&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (38957 bytes)
Hash
e3ba37c306eb1faf6e13c4787a33ccdf
781ef73c9269a59524021bfbf34838846ac37991
5f5ae8cd181e235c0504cf649cfe9f71aa764268e798885aa847c6fd8eda802e

HTTP Headers

GET /it/u=2531747096,3390494620&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpeg
Content-Length: 38957
Connection: keep-alive
Expires: Fri, 03 Mar 2023 19:06:41 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: e3ba37c306eb1faf6e13c4787a33ccdf
Age: 37362
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 01 Feb 2023 19:06:41 GMT
Ohc-Cache-HIT: fra01-sys-jomo7.fra01.baidu.com [4], zhuzuncache51 [1], xaix186 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 38957
X-Cache-Status: HIT
Timing-Allow-Origin: *

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
896527e9b74cc1e9b5b97c09ad3b321c
77f8053e0989f43e0820de5d8ca4fa2c011dabf0
c3e179932c16e93245a00ae2c3575f1e6c0e7632a8bde1898e9e27c0b9b41e4c

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Wed, 08 Feb 2023 10:09:59 GMT
ETag: "77f8053e0989f43e0820de5d8ca4fa2c011dabf0"
Last-Modified: Sat, 04 Feb 2023 10:10:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2508
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7943356c2be9b523-OSL

12804.url.tudown.com/uploads/images/354872.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/354872.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/354872.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=2132978343,3494159982&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/160559.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/160559.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/160559.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3489858004,588994262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

12804.url.tudown.com/uploads/images/999002.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/999002.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/999002.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=571008181,2799222386&fm=253&app=120&f=JPEG?w=1422&h=800

12804.url.tudown.com/uploads/images/361029.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/361029.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/361029.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=236305182,3032447140&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200

12804.url.tudown.com/uploads/images/34417.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/34417.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/34417.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3978242597,2173715815&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

t14.baidu.com/it/u=2132978343,3494159982&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

39 kB

URL HTTP/1.1
t14.baidu.com/it/u=2132978343,3494159982&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
39 kB (38792 bytes)
Hash
1755875aad2b97a57cba5b566ca56069
85ff88a3f44a5edde0c9a2fbe7bb9153874cdf1f
fbfcdfd52101bf963c17db087e494b90c1fabdf312a264b48b7064ede8735a28

HTTP Headers

GET /it/u=2132978343,3494159982&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 38792
Connection: keep-alive
Expires: Tue, 07 Feb 2023 15:44:03 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 1755875aad2b97a57cba5b566ca56069
Age: 2072832
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 15:44:02 GMT
Ohc-Cache-HIT: fra01-sys-jomo4.fra01.baidu.com [2], zhuzuncache60 [1], suzix140 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 38792
X-Cache-Status: HIT
Timing-Allow-Origin: *

12804.url.tudown.com/template/company/955yx/images/litterstar.png

154.218.151.71

200 OK

1.7 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/images/litterstar.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 73 x 143, 8-bit colormap, non-interlaced\012- data
Size
1.7 kB (1706 bytes)
Hash
d130270dc6abd41d1d40acbe01e36739
5dec8c0c88e9c3dfb13cbfc7d1d9818baa7ee96c
8b31f0ef117010f8ad5e5c8c73ede7468072e1cb08f994fce90ada97f461b59b

HTTP Headers

GET /template/company/955yx/images/litterstar.png HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/template/company/955yx/css/gb.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/png
Content-Length: 1706
Last-Modified: Tue, 15 Jun 2021 09:16:33 GMT
Connection: keep-alive
ETag: "60c86ff1-6aa"
Accept-Ranges: bytes

12804.url.tudown.com/uploads/images/800320.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/800320.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/800320.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3892276928,2071996742&fm=253&app=138&f=JPEG?w=500&h=889

api.share.baidu.com/s.gif?l=http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

182.61.201.93

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe
IP
182.61.201.93:0
ASN
#38365 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Sat, 04 Feb 2023 11:53:56 GMT

12804.url.tudown.com/uploads/images/276288.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/276288.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/276288.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=644985597,781025333&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1918

12804.url.tudown.com/uploads/images/120072.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/120072.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/120072.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=294990675,548373592&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/893177.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/893177.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/893177.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=2938893668,2106611319&fm=224&app=112&f=JPEG?w=500&h=500

img2.baidu.com/it/u=236305182,3032447140&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200

42.81.98.35

200 OK

4.0 kB

URL HTTP/2
img2.baidu.com/it/u=236305182,3032447140&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 200x200, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
4.0 kB (3950 bytes)
Hash
1a235ffc5f1a815e55a9e5393fbe7a73
d3d98059344f2cea5e3ea68ac5786d43e385a7a2
e7044bcfdf85539cadb2f1e267012875256429feb2d41bd69554812cde39b582

HTTP Headers

GET /it/u=236305182,3032447140&fm=253&fmt=auto&app=138&f=JPEG?w=200&h=200 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 3950
expires: Mon, 20 Feb 2023 05:17:25 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 1a235ffc5f1a815e55a9e5393fbe7a73
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 05:17:25 GMT
ohc-cache-hit: tj5ct54 [1], qdix130 [4]
ohc-file-size: 3950
x-cache-status: MISS
X-Firefox-Spdy: h2

t15.baidu.com/it/u=294990675,548373592&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

29 kB

URL HTTP/1.1
t15.baidu.com/it/u=294990675,548373592&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
29 kB (29264 bytes)
Hash
cecddc59ac7b1abbaeb159c4e39db6f5
95cf2644fc1dc72d797d88970751d72d70523f11
7d3fb025d5a500cf4972861758606ffe67a0d1b12e0869880923c0da79df45b0

HTTP Headers

GET /it/u=294990675,548373592&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 29264
Connection: keep-alive
Expires: Mon, 27 Feb 2023 06:51:43 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: cecddc59ac7b1abbaeb159c4e39db6f5
Age: 381661
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 06:51:43 GMT
Ohc-Cache-HIT: fra01-sys-jomo3.fra01.baidu.com [2], zhuzuncache63 [1], qdix76 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 29264
X-Cache-Status: HIT
Timing-Allow-Origin: *

t15.baidu.com/it/u=2938893668,2106611319&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

91 kB

URL HTTP/1.1
t15.baidu.com/it/u=2938893668,2106611319&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
91 kB (91204 bytes)
Hash
dc001a057c5b5938f3a2ab93fca8dd9c
1bdf094a45488a80ae252acabeaf228c564f3487
49496aa7dcd2cae348d7c1b0170c3e28891a6e5f27fe0089985e8565447359ac

HTTP Headers

GET /it/u=2938893668,2106611319&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 91204
Connection: keep-alive
Expires: Sat, 11 Feb 2023 02:35:09 GMT
Last-Modified: Sun, 11 Jan 1970 00:00:00 GMT
ETag: dc001a057c5b5938f3a2ab93fca8dd9c
Age: 1873302
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 12 Jan 2023 02:35:09 GMT
Ohc-Cache-HIT: fra01-sys-jomo6.fra01.baidu.com [4], zhuzuncache57 [4], xiangyix72 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 91204
X-Cache-Status: HIT
Timing-Allow-Origin: *

img1.baidu.com/it/u=2918729760,2340825081&fm=253&fmt=auto&app=138&f=JPEG?w=150&h=120

58.42.14.35

200 OK

5.7 kB

URL HTTP/2
img1.baidu.com/it/u=2918729760,2340825081&fm=253&fmt=auto&app=138&f=JPEG?w=150&h=120
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 150x120, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.7 kB (5694 bytes)
Hash
a6d338e990ca7f7f42e45f3c19679733
e21c6977545eaeeada2a8c42335631f5fd8a99f2
be6a05b5a3520bca58fb5b749a480cb4f4f3711d47c90462926160cf66763268

HTTP Headers

GET /it/u=2918729760,2340825081&fm=253&fmt=auto&app=138&f=JPEG?w=150&h=120 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 5694
expires: Sun, 19 Feb 2023 12:04:23 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: a6d338e990ca7f7f42e45f3c19679733
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 20 Jan 2023 12:04:23 GMT
ohc-cache-hit: gyct60 [1], qdix157 [4]
ohc-file-size: 5694
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=925997618,3741724389&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=334

58.42.14.35

200 OK

15 kB

URL HTTP/2
img1.baidu.com/it/u=925997618,3741724389&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=334
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x334, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
15 kB (15236 bytes)
Hash
086cea989804f511a785de95c32c1108
cf03fe6e96e89a3bd50a9ee75d4bbfe1e55f732e
71b9a893a78b9601c0243b433b8f120a90b71c2a20a4c11bc06055610cc4b567

HTTP Headers

GET /it/u=925997618,3741724389&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=334 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 15236
expires: Mon, 20 Feb 2023 12:32:20 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 086cea989804f511a785de95c32c1108
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 12:32:20 GMT
ohc-cache-hit: gyct57 [1], czix57 [4]
ohc-file-size: 15236
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3978242597,2173715815&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707

42.81.98.35

200 OK

22 kB

URL HTTP/2
img2.baidu.com/it/u=3978242597,2173715815&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x707, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
22 kB (22398 bytes)
Hash
14588f7e4af307f526dd90393decd73c
3764c660d8e351f658d3794e403e7df2e67d2d1c
c435472a1a5a386f180f0954f77b151221344e5bc89afa86a566d6977ffb6952

HTTP Headers

GET /it/u=3978242597,2173715815&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=707 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 22398
expires: Fri, 10 Feb 2023 01:55:22 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 14588f7e4af307f526dd90393decd73c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 01:55:22 GMT
ohc-cache-hit: tj5ct53 [1], qdix177 [4]
ohc-file-size: 22398
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3419313249,3550778672&fm=253&fmt=auto&app=120&f=JPEG?w=560&h=535

42.81.98.35

200 OK

18 kB

URL HTTP/2
img2.baidu.com/it/u=3419313249,3550778672&fm=253&fmt=auto&app=120&f=JPEG?w=560&h=535
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 560x535, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (18522 bytes)
Hash
1af5ce0f617f2618a35f31f1f49334b7
4f7f20afa046a9b6d270a5d7ec1aba712a1d25e6
1cebdec399ac7fb1a01f8a1a3c956fd0f9f52610d52f572753d18b897bdbc1ad

HTTP Headers

GET /it/u=3419313249,3550778672&fm=253&fmt=auto&app=120&f=JPEG?w=560&h=535 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 18522
expires: Thu, 02 Mar 2023 04:02:18 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 1af5ce0f617f2618a35f31f1f49334b7
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 04:02:18 GMT
ohc-cache-hit: tj5ct57 [2], xiangyix236 [4]
ohc-file-size: 18522
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2932591613,194713924&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=281

113.219.142.35

200 OK

32 kB

URL HTTP/2
img0.baidu.com/it/u=2932591613,194713924&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=281
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x281, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
32 kB (31942 bytes)
Hash
dc5f6215dd0b1f4c7227452203a9db3a
69b7308f2108ac18e3f3abe2a9da3229f3c6fb2e
7e213503934b99989417c7624e89479a67e972aecc41b77eb46a11b9e67d61c4

HTTP Headers

GET /it/u=2932591613,194713924&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=281 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 31942
expires: Fri, 24 Feb 2023 11:21:37 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: dc5f6215dd0b1f4c7227452203a9db3a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 11:21:37 GMT
ohc-cache-hit: chenzct67 [1], xiangyix100 [2]
ohc-file-size: 31942
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/694425.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/694425.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/694425.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4071208146,1908421947&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350

12804.url.tudown.com/uploads/images/356359.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/356359.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/356359.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400

12804.url.tudown.com/uploads/images/964495.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/964495.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/964495.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=3801753224,1519685346&fm=253&app=120&f=JPEG?w=1422&h=800

12804.url.tudown.com/uploads/images/99854.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/99854.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/99854.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=2098225162,3321434586&fm=253&app=120&f=JPEG?w=1280&h=800

s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js

54.230.111.78

200 OK

478 B

URL HTTP/2
s.ssl.qhres2.com/ssl/ab77b6ea7f3fbf79.js
IP
54.230.111.78:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (478), with no line terminators
Size
478 B (478 bytes)
Hash
5dd27f8f2b042194c3cdabd62fd80110
c035036a939799d4c29b9c0f7229ae1953d03109
928131ab2183d971cdbfe2ed1329200212d0021db70574a35c89ae169c0f6e0a

HTTP Headers

GET /ssl/ab77b6ea7f3fbf79.js HTTP/1.1
Host: s.ssl.qhres2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12804.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 478
date: Fri, 06 Jan 2023 02:40:18 GMT
x-qstatic-hit: 1
last-modified: Mon, 01 Jan 2018 00:00:00 GMT
etag: W/"67d74adaac6d2f43"
access-control-allow-origin: *
cache-control: max-age=315360000, immutable
expires: Mon, 03 Jan 2033 02:40:18 GMT
kcs-via: HIT from w-fc03.lato;MISS from w-sc01.lato
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rULn4AxCOvr4JP_a4ItsGjZ86mJtvdpxkMHMXaWCfkglMcW7NF1Pog==
age: 2538818
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/156408.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/156408.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/156408.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3395640963,3704212994&fm=253&fmt=auto&app=138&f=JPG?w=265&h=136

img1.baidu.com/it/u=3489858004,588994262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889

58.42.14.35

200 OK

38 kB

URL HTTP/2
img1.baidu.com/it/u=3489858004,588994262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x889, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (38406 bytes)
Hash
66ada9292d240b59d68b307647bd49fa
9fa61a1d9bfaf0dbd4b878a24ef0fa2e0c2c9367
d591e5bfca293eb899821a18de26e06a1c00365055e95dc3c30362ce7d60c36a

HTTP Headers

GET /it/u=3489858004,588994262&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 38406
expires: Thu, 23 Feb 2023 10:22:27 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 66ada9292d240b59d68b307647bd49fa
age: 271379
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 10:22:27 GMT
ohc-cache-hit: gyct59 [4], xiangyix86 [2]
ohc-file-size: 38406
x-cache-status: HIT
X-Firefox-Spdy: h2

12804.url.tudown.com/template/company/955yx/images/bgs.png

154.218.151.71

200 OK

101 kB

URL HTTP/1.1
12804.url.tudown.com/template/company/955yx/images/bgs.png
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 500 x 900, 8-bit/color RGBA, non-interlaced\012- data
Size
101 kB (101362 bytes)
Hash
1621ecee9c5f80ff96ab42e1ee259f58
5867acc872a638e86b981dbd81632c219a8093ec
f7809c07dbf542cc134fa715f678d4fba323bffdc649c9fb85a866b55b0c47f9

HTTP Headers

GET /template/company/955yx/images/bgs.png HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/template/company/955yx/css/gb.css

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:55 GMT
Content-Type: image/png
Content-Length: 101362
Last-Modified: Tue, 15 Jun 2021 09:16:31 GMT
Connection: keep-alive
ETag: "60c86fef-18bf2"
Accept-Ranges: bytes

t14.baidu.com/it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400

185.10.104.124

200 OK

47 kB

URL HTTP/1.1
t14.baidu.com/it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 400x400, components 3\012- data
Size
47 kB (47226 bytes)
Hash
3bdad709eac831aafb548e9b7751ebb7
b65c347000e2647f8632d118c8edf8c88d640bec
94c9628d601ed3a00688a7f594c96acb4d3147d03c50d338afa7653c89d8cd3f

HTTP Headers

GET /it/u=602985293,2551316718&fm=224&app=112&f=JPEG?w=400&h=400 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 47226
Connection: keep-alive
Expires: Fri, 24 Feb 2023 19:24:11 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 3bdad709eac831aafb548e9b7751ebb7
Age: 724375
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 19:24:11 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [2], zhuzuncache52 [1], xiangyix102 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 47226
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=4071208146,1908421947&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350

42.81.98.35

200 OK

5.7 kB

URL HTTP/2
img2.baidu.com/it/u=4071208146,1908421947&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 350x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
5.7 kB (5668 bytes)
Hash
5542bb0f5194e392ef02123eb7fcbe2e
cc26f9707c737b37dda91af65e975933bd8c5bc6
a88eea80e97e641ad83bf99732c33fc2f1335a3c9d2e7fb6596c23a79464da9a

HTTP Headers

GET /it/u=4071208146,1908421947&fm=253&fmt=auto&app=138&f=JPEG?w=350&h=350 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 5668
expires: Sat, 04 Mar 2023 04:32:35 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 5542bb0f5194e392ef02123eb7fcbe2e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 02 Feb 2023 04:32:35 GMT
ohc-cache-hit: tj5ct56 [1], csix56 [4]
ohc-file-size: 5668
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=571008181,2799222386&fm=253&app=120&f=JPEG?w=1422&h=800

42.81.98.35

200 OK

139 kB

URL HTTP/1.1
img2.baidu.com/it/u=571008181,2799222386&fm=253&app=120&f=JPEG?w=1422&h=800
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
139 kB (138629 bytes)
Hash
ade066dbdcb6f3335589cbf08f288b12
02989d23553ffabff9a151510a76bfe0a9f153bb
eec1adf1a396e6e7b08f72473aa9792f8b152a96f5528dd9fce6975bf2689627

HTTP Headers

GET /it/u=571008181,2799222386&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 138629
Connection: keep-alive
Expires: Fri, 10 Feb 2023 21:24:09 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: ade066dbdcb6f3335589cbf08f288b12
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 21:24:09 GMT
Ohc-Cache-HIT: tj5ct51 [2], xiangyix158 [2]
Ohc-File-Size: 138629
X-Cache-Status: MISS

12804.url.tudown.com/uploads/images/362084.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/362084.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/362084.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=642720602,2636034757&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=716

12804.url.tudown.com/uploads/images/498789.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/498789.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/498789.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=919719485,1616636353&fm=253&fmt=auto?w=1280&h=800

12804.url.tudown.com/uploads/images/903075.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/903075.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/903075.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t14.baidu.com/it/u=1738563677,1054407183&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/617732.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/617732.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/617732.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=518278225,3610822463&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/942907.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/942907.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/942907.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3833388121,827270344&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=766

img0.baidu.com/it/u=644985597,781025333&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1918

113.219.142.35

200 OK

96 kB

URL HTTP/2
img0.baidu.com/it/u=644985597,781025333&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1918
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x1918, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
96 kB (95990 bytes)
Hash
2288cd0714b936f31f7e9925808983ef
bd77427cef349b2d25f9e988551bbac2868dbf0b
45c09d1973cf9dcfa72fc8491903f7ff0ad1da403b58421e670c3a0a05f89501

HTTP Headers

GET /it/u=644985597,781025333&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=1918 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:56 GMT
content-type: image/webp
content-length: 95990
expires: Fri, 10 Feb 2023 21:09:33 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 2288cd0714b936f31f7e9925808983ef
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 11 Jan 2023 21:09:33 GMT
ohc-cache-hit: chenzct69 [1], wzix109 [4]
ohc-file-size: 95990
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3892276928,2071996742&fm=253&app=138&f=JPEG?w=500&h=889

58.42.14.35

200 OK

43 kB

URL HTTP/1.1
img1.baidu.com/it/u=3892276928,2071996742&fm=253&app=138&f=JPEG?w=500&h=889
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x889, components 3\012- data
Size
43 kB (42812 bytes)
Hash
3a15832bacd4b656b7167c1d444d13e2
52b77df86a23c03d054e6e36f378a9d011c1eafd
bdae3f3899f0234ed2a805a2c341e220d9ed04fcff42ee392513fd7a0e4dcd6a

HTTP Headers

GET /it/u=3892276928,2071996742&fm=253&app=138&f=JPEG?w=500&h=889 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 42812
Connection: keep-alive
Expires: Wed, 15 Feb 2023 02:47:41 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 3a15832bacd4b656b7167c1d444d13e2
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Mon, 16 Jan 2023 02:47:41 GMT
Ohc-Cache-HIT: gyct60 [1], xaix120 [4]
Ohc-File-Size: 42812
X-Cache-Status: MISS

img0.baidu.com/it/u=3395640963,3704212994&fm=253&fmt=auto&app=138&f=JPG?w=265&h=136

113.219.142.35

200 OK

7.5 kB

URL HTTP/2
img0.baidu.com/it/u=3395640963,3704212994&fm=253&fmt=auto&app=138&f=JPG?w=265&h=136
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 265x136, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
7.5 kB (7476 bytes)
Hash
bb61b005398fb56c48b12479a04b9065
df489bfcea08184bbe1e55744b0d03aa934953b5
5a1eed16570eecdd713f8dcabf58e41a7a23372c4b72a7d062f2d76d21474062

HTTP Headers

GET /it/u=3395640963,3704212994&fm=253&fmt=auto&app=138&f=JPG?w=265&h=136 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 7476
expires: Mon, 06 Mar 2023 11:53:57 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: bb61b005398fb56c48b12479a04b9065
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 04 Feb 2023 11:53:56 GMT
ohc-cache-hit: chenzct69 [1], xiangyix69 [2]
ohc-file-size: 7476
x-cache-status: MISS
X-Firefox-Spdy: h2

t14.baidu.com/it/u=1738563677,1054407183&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

36 kB

URL HTTP/1.1
t14.baidu.com/it/u=1738563677,1054407183&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
36 kB (36505 bytes)
Hash
6da49ecac61793d36d817e3f99b331fb
76992663d1a118dd4185dc9b4cc2c19ee8630d07
135756b1ff58e59d25accca45d6c377a16443ffd208802e57ce6961e3b6ca588

HTTP Headers

GET /it/u=1738563677,1054407183&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t14.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpeg
Content-Length: 36505
Connection: keep-alive
Expires: Sat, 18 Feb 2023 01:29:57 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 6da49ecac61793d36d817e3f99b331fb
Age: 726044
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 19 Jan 2023 01:29:57 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache50 [1], csix88 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 36505
X-Cache-Status: HIT
Timing-Allow-Origin: *

hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?dd9836db2e433f487a0aa434b7b3deb7
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (633)
Size
11 kB (11271 bytes)
Hash
ec134770d84ba6aee932235518819fcb
b2049b93cd262e87dc444776fd6912c16f72b0d9
33052184803cfb40aefb1ba9edebc00e9257aaf150179b1e68344379b34242cb

HTTP Headers

GET /hm.js?dd9836db2e433f487a0aa434b7b3deb7 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12804.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11271
Content-Type: application/javascript
Date: Sat, 04 Feb 2023 11:53:56 GMT
Etag: 88b4996fc6fcd615e32a32ef40bfe7c8
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=BB6EF1956BE8B6B3; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

t13.baidu.com/it/u=518278225,3610822463&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

69 kB

URL HTTP/1.1
t13.baidu.com/it/u=518278225,3610822463&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
69 kB (68730 bytes)
Hash
4cbd13f08689eb9dde8edc34c98843fe
8dec1358a878a2d00ba0ce335dbce91c53a515bb
4d67b3045182feab551ced72a4bd81e20140b83a6d4dacf7edf750079d317780

HTTP Headers

GET /it/u=518278225,3610822463&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpeg
Content-Length: 68730
Connection: keep-alive
Expires: Sun, 05 Feb 2023 06:47:27 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 4cbd13f08689eb9dde8edc34c98843fe
Age: 2040334
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 06:47:26 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache62 [1], suzix62 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 68730
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=642720602,2636034757&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=716

42.81.98.35

200 OK

58 kB

URL HTTP/2
img2.baidu.com/it/u=642720602,2636034757&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=716
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x716, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
58 kB (58336 bytes)
Hash
c90343fc78b76a841d2db979f469ee2d
74825d6f042a2c76a7cba4aa0e466a824e062ee1
878ebbe86c729d3c6f3b7820b6cd8697799c1a63c3ebaaba16f43608368dbbe0

HTTP Headers

GET /it/u=642720602,2636034757&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=716 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 58336
expires: Tue, 21 Feb 2023 16:59:24 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: c90343fc78b76a841d2db979f469ee2d
age: 153508
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 16:59:24 GMT
ohc-cache-hit: tj5ct52 [4], wzix116 [4]
ohc-file-size: 58336
x-cache-status: HIT
X-Firefox-Spdy: h2

img0.baidu.com/it/u=919719485,1616636353&fm=253&fmt=auto?w=1280&h=800

113.219.142.35

200 OK

28 kB

URL HTTP/2
img0.baidu.com/it/u=919719485,1616636353&fm=253&fmt=auto?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
28 kB (28248 bytes)
Hash
c163b17939f9564234a4ef835eaae129
3482c4b0dc684760d3d02cac86487935d46e28a1
c2b0ee7056448ee70183f915844db98232315cdddbcc149cf880bbabb62b592e

HTTP Headers

GET /it/u=919719485,1616636353&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 28248
expires: Fri, 24 Feb 2023 08:55:09 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: c163b17939f9564234a4ef835eaae129
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 25 Jan 2023 08:55:09 GMT
ohc-cache-hit: chenzct52 [1], wzix52 [4]
ohc-file-size: 28248
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/856029.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/856029.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/856029.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=4106691203,1891598399&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/353519.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/353519.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/353519.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=647329524,4277617722&fm=253&app=120&f=JPEG?w=1280&h=800

12804.url.tudown.com/index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675511672108

154.218.151.71

200 OK

8.7 kB

URL HTTP/1.1
12804.url.tudown.com/index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675511672108
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Size
8.7 kB (8685 bytes)
Hash
59b7b4f90a594692663ae16f7e4c3d25
ba44cf2a7c3155be550014625cdfe552c0e141b0
30003676fd89a6681eb9ba13b86dfab59d59f24738a73a777312a44f949b335c

HTTP Headers

GET /index.php?m=content&c=index&a=get_searchkey&pc_hash=WrCDxe&_=1675511672108 HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12804.url.tudown.com/uploads/images/644013.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/644013.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/644013.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img0.baidu.com/it/u=3378133988,651244564&fm=253&app=120&f=JPEG?w=1280&h=800

12804.url.tudown.com/uploads/images/459169.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/459169.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/459169.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1667079470,24568140&fm=253&fmt=auto&app=138&f=JPEG?w=712&h=500

12804.url.tudown.com/uploads/images/370839.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/370839.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/370839.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1564936366,2730791944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=350

t15.baidu.com/it/u=4106691203,1891598399&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

33 kB

URL HTTP/1.1
t15.baidu.com/it/u=4106691203,1891598399&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
33 kB (33312 bytes)
Hash
9e9161e803d04212dec66bb73b745ef5
3ccd2e59ddaf7b87f0ecac02c3c8915dd34fe51a
9196479ea4499ac8ae637cfe7eca24aaf46ba8203dad229901840a0ecc895951

HTTP Headers

GET /it/u=4106691203,1891598399&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpeg
Content-Length: 33312
Connection: keep-alive
Expires: Sat, 04 Mar 2023 04:55:14 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 9e9161e803d04212dec66bb73b745ef5
Age: 30417
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Thu, 02 Feb 2023 04:55:14 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [2], zhuzuncache53 [1], csix119 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33312
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=3833388121,827270344&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=766

42.81.98.35

200 OK

33 kB

URL HTTP/2
img2.baidu.com/it/u=3833388121,827270344&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=766
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x766, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
33 kB (32956 bytes)
Hash
5d5ec6d6345ea1749032d5da4f1f30a8
d6317de2db5d367e8273618fe75b366e30a1bf63
d5788af2fecb1104c22647101dd3174a1337403fe1e21611f5cc6539146b6302

HTTP Headers

GET /it/u=3833388121,827270344&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=766 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 32956
expires: Thu, 02 Mar 2023 10:01:50 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 5d5ec6d6345ea1749032d5da4f1f30a8
age: 211686
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 31 Jan 2023 10:01:50 GMT
ohc-cache-hit: tj5ct65 [4], csix109 [2]
ohc-file-size: 32956
x-cache-status: HIT
X-Firefox-Spdy: h2

s.360.cn/so/zz.gif?url=http%3A%2F%2F12804.url.tudown.com%2Fdown%2Ftype34.6.0.0%40376_33660.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b036f623835_2657f32@d0b.

171.8.167.90

200 OK

0 B

URL HTTP/1.1
s.360.cn/so/zz.gif?url=http%3A%2F%2F12804.url.tudown.com%2Fdown%2Ftype34.6.0.0%40376_33660.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b036f623835_2657f32@d0b.
IP
171.8.167.90:0
ASN
#137687 Luoyang, Henan Province, P.R.China.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /so/zz.gif?url=http%3A%2F%2F12804.url.tudown.com%2Fdown%2Ftype34.6.0.0%40376_33660.exe&sid=d182b3f28525f2db83acfaaf6e696dba&token=de1x8e2.b036f623835_2657f32@d0b. HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/

HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Mon, 29 Oct 2018 06:10:47 GMT
Connection: keep-alive
ETag: "5bd6a467-0"
Accept-Ranges: bytes

img2.baidu.com/it/u=1564936366,2730791944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=350

42.81.98.35

200 OK

27 kB

URL HTTP/2
img2.baidu.com/it/u=1564936366,2730791944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=350
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x350, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
27 kB (27204 bytes)
Hash
6d5715bd79eb50d6e686f1c9df4c0444
4926d19b4709cedf008bd3ff8710ba23f48d8218
36d606e328eeac5ca358129cc06fb1f48a844a2e41bd05fbb2a3e5fdb7503d7f

HTTP Headers

GET /it/u=1564936366,2730791944&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=350 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 27204
expires: Thu, 23 Feb 2023 12:36:05 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 6d5715bd79eb50d6e686f1c9df4c0444
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 12:36:05 GMT
ohc-cache-hit: tj5ct51 [1], qdix210 [4]
ohc-file-size: 27204
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=1667079470,24568140&fm=253&fmt=auto&app=138&f=JPEG?w=712&h=500

113.219.142.35

200 OK

20 kB

URL HTTP/2
img0.baidu.com/it/u=1667079470,24568140&fm=253&fmt=auto&app=138&f=JPEG?w=712&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 712x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
20 kB (20278 bytes)
Hash
86f24c09882f706ca8eb2270ea671613
76d7d9efa25f885b12ca45203b7a976c83b5857c
bf24124444d3a9c1908e9046a8cddd003132c11ba74210da269fc2a82e56da18

HTTP Headers

GET /it/u=1667079470,24568140&fm=253&fmt=auto&app=138&f=JPEG?w=712&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 20278
expires: Thu, 23 Feb 2023 12:48:40 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 86f24c09882f706ca8eb2270ea671613
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Tue, 24 Jan 2023 12:48:40 GMT
ohc-cache-hit: chenzct68 [1], czix214 [4]
ohc-file-size: 20278
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/236348.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/236348.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/236348.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500

12804.url.tudown.com/uploads/images/524119.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/524119.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/524119.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1388280153,821147864&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

img1.baidu.com/it/u=3801753224,1519685346&fm=253&app=120&f=JPEG?w=1422&h=800

58.42.14.35

200 OK

118 kB

URL HTTP/1.1
img1.baidu.com/it/u=3801753224,1519685346&fm=253&app=120&f=JPEG?w=1422&h=800
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1422x800, components 3\012- data
Size
118 kB (117640 bytes)
Hash
20353bcda7a023efc740b4e27a44be2a
780a14d20fb570245d2f32841224710fc775b27d
eddd15447590e62f863a02ffe61cffed6c86e465a2d1168959575c253c52de08

HTTP Headers

GET /it/u=3801753224,1519685346&fm=253&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:56 GMT
Content-Type: image/jpeg
Content-Length: 117640
Connection: keep-alive
Expires: Fri, 24 Feb 2023 14:34:44 GMT
Last-Modified: Thu, 15 Jan 1970 00:00:00 GMT
ETag: 20353bcda7a023efc740b4e27a44be2a
Age: 280084
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 25 Jan 2023 14:34:44 GMT
Ohc-Cache-HIT: gyct59 [4], suzix243 [4]
Ohc-File-Size: 117640
X-Cache-Status: HIT

img2.baidu.com/it/u=2098225162,3321434586&fm=253&app=120&f=JPEG?w=1280&h=800

49.79.225.35

200 OK

130 kB

URL HTTP/1.1
img2.baidu.com/it/u=2098225162,3321434586&fm=253&app=120&f=JPEG?w=1280&h=800
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
130 kB (129808 bytes)
Hash
35acacbb607b2956a05bc7cabd95d4f5
de867187a65c9080598a64ab5492ff706f5102bb
450ca77ab20101caeee3f03e05503c3836492f4ab04faa5f11732fdb09e83161

HTTP Headers

GET /it/u=2098225162,3321434586&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpeg
Content-Length: 129808
Connection: keep-alive
Expires: Sun, 12 Feb 2023 19:34:03 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 35acacbb607b2956a05bc7cabd95d4f5
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 13 Jan 2023 19:34:03 GMT
Ohc-Cache-HIT: ntct61 [1], czix78 [4]
Ohc-File-Size: 129808
X-Cache-Status: MISS

12804.url.tudown.com/uploads/images/683596.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/683596.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/683596.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t15.baidu.com/it/u=3307679162,4014621668&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/180310.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/180310.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/180310.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img1.baidu.com/it/u=49254398,2769923046&fm=253&fmt=auto&app=120&f=JPEG?w=666&h=1000

t15.baidu.com/it/u=3307679162,4014621668&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

44 kB

URL HTTP/1.1
t15.baidu.com/it/u=3307679162,4014621668&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
44 kB (43962 bytes)
Hash
27ed60644f7f7d12f585757af6e0745b
e659ef424a7a422d2ea97c3811d05d5c552212e1
48a8727b3e37c8bc9c0b3cffb63be2d6be4db59a782abaea0dbc7f5771a52a7a

HTTP Headers

GET /it/u=3307679162,4014621668&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t15.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpeg
Content-Length: 43962
Connection: keep-alive
Expires: Sun, 05 Feb 2023 11:55:42 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 27ed60644f7f7d12f585757af6e0745b
Age: 2320961
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 11:55:42 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [2], zhuzuncache59 [1], wzix83 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 43962
X-Cache-Status: HIT
Timing-Allow-Origin: *

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1377340631&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43863&r=0&ww=1280&u=http%3A%2F%2F12804.url.tudown.com%2Fdown%2Ftype34.6.0.0%40376_33660.exe&tt=%E6%AC%A2%E8%BF%8E%E4%BD%BF%E7%94%A8%E4%B9%90%E9%B1%BCApp(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1377340631&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43863&r=0&ww=1280&u=http%3A%2F%2F12804.url.tudown.com%2Fdown%2Ftype34.6.0.0%40376_33660.exe&tt=%E6%AC%A2%E8%BF%8E%E4%BD%BF%E7%94%A8%E4%B9%90%E9%B1%BCApp(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1377340631&si=dd9836db2e433f487a0aa434b7b3deb7&v=1.3.0&lv=1&sn=43863&r=0&ww=1280&u=http%3A%2F%2F12804.url.tudown.com%2Fdown%2Ftype34.6.0.0%40376_33660.exe&tt=%E6%AC%A2%E8%BF%8E%E4%BD%BF%E7%94%A8%E4%B9%90%E9%B1%BCApp(%E4%B8%AD%E5%9B%BD)%E5%AE%98%E6%96%B9%E7%BD%91%E7%AB%99-ios%2F%E5%AE%89%E5%8D%93%2F%E6%89%8B%E6%9C%BA%E7%89%88app%E4%B8%8B%E8%BD%BDV4816.72875 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12804.url.tudown.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Sat, 04 Feb 2023 11:53:57 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=9A435D5A753CF4DB; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

img2.baidu.com/it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500

42.81.98.35

200 OK

25 kB

URL HTTP/2
img2.baidu.com/it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 524x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24978 bytes)
Hash
f3e676716ac0d96e6f4123c27196b606
e9e646cf27ee8e729bde10eaebea65a89e38e631
8b205d58d94760c2416881fb530c9cec626cc416e4cc451c644a36ac6ed720fd

HTTP Headers

GET /it/u=4111011894,4053120491&fm=253&fmt=auto&app=138&f=JPEG?w=524&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 24978
expires: Wed, 15 Feb 2023 06:01:48 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: f3e676716ac0d96e6f4123c27196b606
age: 521461
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 16 Jan 2023 06:01:48 GMT
ohc-cache-hit: tj5ct52 [4], xaix147 [4]
ohc-file-size: 24978
x-cache-status: HIT
X-Firefox-Spdy: h2

12804.url.tudown.com/api.php?op=digg&action=show&id=23038

154.218.151.71

404 Not Found

146 B

URL HTTP/1.1
12804.url.tudown.com/api.php?op=digg&action=show&id=23038
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
146 B (146 bytes)
Hash
8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

HTTP Headers

GET /api.php?op=digg&action=show&id=23038 HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 404 Not Found
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: text/html
Content-Length: 146
Connection: keep-alive

12804.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16

154.218.151.71

200 OK

8.6 kB

URL HTTP/1.1
12804.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Size
8.6 kB (8577 bytes)
Hash
baab827ecc0316ec280560968c992ab6
61af87c2acdac855e62591410a79626371867407
b2d6229f8c78d782ad602304b220bf5838c6d9a77f3597e2b3c5dd3c5c93371e

HTTP Headers

GET /index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16 HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

12804.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16

154.218.151.71

200 OK

8.5 kB

URL HTTP/1.1
12804.url.tudown.com/index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (371), with CRLF, LF line terminators
Size
8.5 kB (8512 bytes)
Hash
3f1be99d0523f6e699b96298f7d9cec6
4927635e05998caf61d5b787de0c393cdff77881
dbfcc4562987ce6272e91c5b83c5ceb6567bfdda04ed1a2b415929dfbfae1e77

HTTP Headers

GET /index.php?m=content&c=index&a=get_week_rank&catid=undefined&num=16 HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

img2.baidu.com/it/u=1388280153,821147864&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800

42.81.98.35

200 OK

94 kB

URL HTTP/2
img2.baidu.com/it/u=1388280153,821147864&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1422x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
94 kB (94020 bytes)
Hash
8a15ef819938ddd2ca02425ad314b70f
0a3904c5a7745bf47189c83854ab38b2ae1064e3
aa4d8b74ab594555e8eb49d47ba0e022b8f8becdf68254d2f506eceecf7f26de

HTTP Headers

GET /it/u=1388280153,821147864&fm=253&fmt=auto&app=120&f=JPEG?w=1422&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:57 GMT
content-type: image/webp
content-length: 94020
expires: Mon, 20 Feb 2023 06:53:54 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 8a15ef819938ddd2ca02425ad314b70f
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 06:53:54 GMT
ohc-cache-hit: tj5ct66 [1], czix197 [4]
ohc-file-size: 94020
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/557509.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/557509.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/557509.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=252652519,930334746&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500

12804.url.tudown.com/uploads/images/377399.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/377399.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/377399.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=1195700003,973030002&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/788394.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/788394.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/788394.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=1103894331,3435416922&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=291

img1.baidu.com/it/u=49254398,2769923046&fm=253&fmt=auto&app=120&f=JPEG?w=666&h=1000

58.42.14.35

200 OK

34 kB

URL HTTP/1.1
img1.baidu.com/it/u=49254398,2769923046&fm=253&fmt=auto&app=120&f=JPEG?w=666&h=1000
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 666x1000, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
34 kB (33508 bytes)
Hash
252cc7205c9da04d1b37af195ffceaea
491621baf83a774eebbd4cceb3bfe074feccb932
41def0b9f3de28e2a44c55bf976a607bfa836427a337f1dd9ec51f83a8350376

HTTP Headers

GET /it/u=49254398,2769923046&fm=253&fmt=auto&app=120&f=JPEG?w=666&h=1000 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/webp
Content-Length: 33508
Connection: keep-alive
Expires: Tue, 21 Feb 2023 02:16:32 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 252cc7205c9da04d1b37af195ffceaea
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 22 Jan 2023 02:16:31 GMT
Ohc-Cache-HIT: gyct56 [1], qdix66 [4]
Ohc-File-Size: 33508
X-Cache-Status: MISS

t13.baidu.com/it/u=1195700003,973030002&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

33 kB

URL HTTP/1.1
t13.baidu.com/it/u=1195700003,973030002&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
33 kB (33072 bytes)
Hash
df25b24e426a9a4b03546044e292870e
88c0b8b7b582fa7b161c0d890e82ecb399d05cb2
711c39a692d317a1c8c111f60d20f1676d06ceba7b8644b2ad4ba1d052dad4ea

HTTP Headers

GET /it/u=1195700003,973030002&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpeg
Content-Length: 33072
Connection: keep-alive
Expires: Tue, 07 Feb 2023 07:37:03 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: df25b24e426a9a4b03546044e292870e
Age: 2038987
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 07:37:02 GMT
Ohc-Cache-HIT: fra01-sys-jomo0.fra01.baidu.com [4], zhuzuncache59 [1], qdix104 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 33072
X-Cache-Status: HIT
Timing-Allow-Origin: *

12804.url.tudown.com/uploads/images/700582.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/700582.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/700582.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2528764270,3891143217&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

img0.baidu.com/it/u=252652519,930334746&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500

113.219.142.35

200 OK

26 kB

URL HTTP/2
img0.baidu.com/it/u=252652519,930334746&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
26 kB (25528 bytes)
Hash
1dbfd13ed383cf3048b26878c2360a44
6ba36d4db8f4deec5776d0c5b27e900f53ed45dc
b7973693f5db73e7c5c7dc3575eb63b6810b7d4b5cd07112f7f35ffe93f361ac

HTTP Headers

GET /it/u=252652519,930334746&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:58 GMT
content-type: image/webp
content-length: 25528
expires: Mon, 20 Feb 2023 14:30:23 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 1dbfd13ed383cf3048b26878c2360a44
age: 162729
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 14:30:23 GMT
ohc-cache-hit: chenzct59 [4], suzix59 [2]
ohc-file-size: 25528
x-cache-status: HIT
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/200940.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/200940.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/200940.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2837231489,836826710&fm=253&fmt=auto&app=138&f=PNG?w=500&h=379

12804.url.tudown.com/uploads/images/507767.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/507767.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/507767.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=1777928489,2479107019&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=480

12804.url.tudown.com/uploads/images/933015.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/933015.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/933015.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=4180698253,435028942&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/721570.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/721570.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/721570.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2251868659,3974194909&fm=253&fmt=auto&app=138&f=JPEG?w=522&h=500

img0.baidu.com/it/u=1103894331,3435416922&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=291

113.219.142.35

200 OK

18 kB

URL HTTP/2
img0.baidu.com/it/u=1103894331,3435416922&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=291
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x291, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
18 kB (17886 bytes)
Hash
faf16fe82c67cd33e908fd10b95535b4
965a5d109d521b161fec5c358f9fea13ae58f03a
f2f3ee928ec680e23a65ed5b7da3996bbcb1779bb6fc8bf1404e56553909d6fd

HTTP Headers

GET /it/u=1103894331,3435416922&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=291 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:58 GMT
content-type: image/webp
content-length: 17886
expires: Tue, 28 Feb 2023 02:26:46 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: faf16fe82c67cd33e908fd10b95535b4
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 29 Jan 2023 02:26:46 GMT
ohc-cache-hit: chenzct74 [1], xiangyix223 [4]
ohc-file-size: 17886
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/logo.png?n=4w53nznorhs3raxfrsloln5f4whie&w=250

154.218.151.71

200 OK

3.4 kB

URL HTTP/1.1
12804.url.tudown.com/uploads/images/logo.png?n=4w53nznorhs3raxfrsloln5f4whie&w=250
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type
PNG image data, 250 x 66, 8-bit colormap, non-interlaced\012- data
Size
3.4 kB (3390 bytes)
Hash
326aa5a03854b50492807276b4ecc078
ecb10880e67e38fb0977d8b047e5b0fbaab61cc2
ebb015f220dd56ee5a52f1a9bcf261bc3a88ad664532563dbb6cdc9f6cd1c80b

HTTP Headers

GET /uploads/images/logo.png?n=4w53nznorhs3raxfrsloln5f4whie&w=250 HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive

t13.baidu.com/it/u=4180698253,435028942&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

41 kB

URL HTTP/1.1
t13.baidu.com/it/u=4180698253,435028942&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 100x100, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
41 kB (41132 bytes)
Hash
284aa3a20c516191556039edcea4d46b
68a2e4e3c778ad08e89a6636842e2d7a3c48e525
11f126fe55b7134c959d55cedd6e1aeadeecf904965aa82319f455704b9c1786

HTTP Headers

GET /it/u=4180698253,435028942&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpeg
Content-Length: 41132
Connection: keep-alive
Expires: Fri, 10 Feb 2023 21:33:58 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 284aa3a20c516191556039edcea4d46b
Age: 2038800
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Wed, 11 Jan 2023 21:33:58 GMT
Ohc-Cache-HIT: fra01-sys-jomo2.fra01.baidu.com [4], zhuzuncache59 [1], wzix119 [1]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 41132
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=2528764270,3891143217&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

42.81.98.35

200 OK

25 kB

URL HTTP/2
img2.baidu.com/it/u=2528764270,3891143217&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
25 kB (24688 bytes)
Hash
66a26de624464912a5eac2c272090cbb
0cb74294c1717440a11ff684e6062db604c7f5ad
9092f7ecc1c324b671b763ddd2306af310ebd47d5ad32b18e705ee4ee4aa152e

HTTP Headers

GET /it/u=2528764270,3891143217&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:58 GMT
content-type: image/webp
content-length: 24688
expires: Sun, 05 Mar 2023 02:57:53 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: 66a26de624464912a5eac2c272090cbb
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 03 Feb 2023 02:57:53 GMT
ohc-cache-hit: tj5ct68 [1], czix74 [4]
ohc-file-size: 24688
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=1777928489,2479107019&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=480

42.81.98.35

200 OK

30 kB

URL HTTP/2
img2.baidu.com/it/u=1777928489,2479107019&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=480
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 640x480, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
30 kB (30414 bytes)
Hash
971d0c4c4aa82908170492f5832607b8
e231d3f0d3212f2128e7028be6522074f4dac072
00671e34a22b8abd0f3b6470e46a28e21ed2bfd2ce37fbee8a44432a7f08d6f5

HTTP Headers

GET /it/u=1777928489,2479107019&fm=253&fmt=auto&app=138&f=JPEG?w=640&h=480 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:58 GMT
content-type: image/webp
content-length: 30414
expires: Wed, 22 Feb 2023 01:48:24 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: 971d0c4c4aa82908170492f5832607b8
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 23 Jan 2023 01:48:24 GMT
ohc-cache-hit: tj5ct61 [1], qdix121 [4]
ohc-file-size: 30414
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=647329524,4277617722&fm=253&app=120&f=JPEG?w=1280&h=800

113.219.142.35

200 OK

169 kB

URL HTTP/1.1
img0.baidu.com/it/u=647329524,4277617722&fm=253&app=120&f=JPEG?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
169 kB (169147 bytes)
Hash
7464ae6cdf86444c0701ba147087fcef
1dc6e4f5520a16a6a11d3e2eac5743574ba57b52
f681f8ae1f21091c1b1b11f8c3dd3663a7e2126c929e9e50233e83ff7007bd58

HTTP Headers

GET /it/u=647329524,4277617722&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:57 GMT
Content-Type: image/jpeg
Content-Length: 169147
Connection: keep-alive
Expires: Tue, 14 Feb 2023 03:17:15 GMT
Last-Modified: Mon, 05 Jan 1970 00:00:00 GMT
ETag: 7464ae6cdf86444c0701ba147087fcef
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 15 Jan 2023 03:17:15 GMT
Ohc-Cache-HIT: chenzct66 [2], xaix89 [2]
Ohc-File-Size: 169147
X-Cache-Status: MISS

12804.url.tudown.com/uploads/images/556986.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/556986.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/556986.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2520478630,1430925515&fm=253&fmt=auto&app=138&f=JPEG?w=582&h=500

img0.baidu.com/it/u=2837231489,836826710&fm=253&fmt=auto&app=138&f=PNG?w=500&h=379

113.219.142.35

200 OK

44 kB

URL HTTP/2
img0.baidu.com/it/u=2837231489,836826710&fm=253&fmt=auto&app=138&f=PNG?w=500&h=379
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image\012- data
Size
44 kB (44054 bytes)
Hash
6026bc82f279f5e4ef87fd68133d90db
edbb5fafa6062bd9fe2928e2f5f372fd1d0fc428
7a155746135b77f25b6bfab2fc59bfdb2e9c04c50a3aaae039efc35832e8f7c2

HTTP Headers

GET /it/u=2837231489,836826710&fm=253&fmt=auto&app=138&f=PNG?w=500&h=379 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:58 GMT
content-type: image/webp
content-length: 44054
expires: Wed, 08 Feb 2023 11:35:29 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 6026bc82f279f5e4ef87fd68133d90db
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 11:35:29 GMT
ohc-cache-hit: chenzct64 [1], czix116 [4]
ohc-file-size: 44054
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/958379.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/958379.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/958379.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=998546231,2627594&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

img1.baidu.com/it/u=2251868659,3974194909&fm=253&fmt=auto&app=138&f=JPEG?w=522&h=500

58.42.14.35

200 OK

14 kB

URL HTTP/2
img1.baidu.com/it/u=2251868659,3974194909&fm=253&fmt=auto&app=138&f=JPEG?w=522&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 522x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
14 kB (14012 bytes)
Hash
0496317610d9a5a22dd674e9dda46e62
18c20fa403f189926e3efac2c8a9b21fb6553598
b8c7507a59e2b67613259c11135aa9507b54b105e5e6d14ae766a46a354737db

HTTP Headers

GET /it/u=2251868659,3974194909&fm=253&fmt=auto&app=138&f=JPEG?w=522&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:58 GMT
content-type: image/webp
content-length: 14012
expires: Sun, 05 Mar 2023 07:17:23 GMT
last-modified: Fri, 09 Jan 1970 00:00:00 GMT
etag: 0496317610d9a5a22dd674e9dda46e62
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 03 Feb 2023 07:17:23 GMT
ohc-cache-hit: gyct56 [2], csix56 [4]
ohc-file-size: 14012
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/375118.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/375118.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/375118.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=4253177709,3679019934&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400

12804.url.tudown.com/uploads/images/134794.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/134794.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/134794.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=3378133988,651244564&fm=253&fmt=auto?w=1280&h=800

12804.url.tudown.com/uploads/images/984822.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/984822.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/984822.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280

12804.url.tudown.com/uploads/images/25008.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/25008.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/25008.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=2781183149,676470470&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

img0.baidu.com/it/u=2520478630,1430925515&fm=253&fmt=auto&app=138&f=JPEG?w=582&h=500

113.219.142.35

200 OK

23 kB

URL HTTP/2
img0.baidu.com/it/u=2520478630,1430925515&fm=253&fmt=auto&app=138&f=JPEG?w=582&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 582x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
23 kB (22662 bytes)
Hash
1ecd83b1cdcf91f1ac576c4d6dcd9d59
0113dc1762b600f0fbbf274ca01b1720528a1dce
c20abb7b7d42daf2ccc2f01dbf23331667161ecf964f73d3f48cf308461d6586

HTTP Headers

GET /it/u=2520478630,1430925515&fm=253&fmt=auto&app=138&f=JPEG?w=582&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 22662
expires: Wed, 08 Feb 2023 04:07:16 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: 1ecd83b1cdcf91f1ac576c4d6dcd9d59
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Mon, 09 Jan 2023 04:07:16 GMT
ohc-cache-hit: chenzct67 [1], csix92 [4]
ohc-file-size: 22662
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/30031.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/30031.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/30031.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638

img0.baidu.com/it/u=3378133988,651244564&fm=253&app=120&f=JPEG?w=1280&h=800

113.219.142.35

200 OK

220 kB

URL HTTP/1.1
img0.baidu.com/it/u=3378133988,651244564&fm=253&app=120&f=JPEG?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
220 kB (220355 bytes)
Hash
591fcd2ee53669f9a0609c7c4958c1fe
d25171121cb43048feab102af6516be143bbc499
99b8cf06dd49268084defe53a331947df5c63af65bdf23ebd7f7272c4f97c33f

HTTP Headers

GET /it/u=3378133988,651244564&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:58 GMT
Content-Type: image/jpeg
Content-Length: 220355
Connection: keep-alive
Expires: Mon, 27 Feb 2023 13:55:15 GMT
Last-Modified: Thu, 08 Jan 1970 00:00:00 GMT
ETag: 591fcd2ee53669f9a0609c7c4958c1fe
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 28 Jan 2023 13:55:15 GMT
Ohc-Cache-HIT: chenzct85 [2], suzix200 [2]
Ohc-File-Size: 220355
X-Cache-Status: MISS

12804.url.tudown.com/uploads/images/869781.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/869781.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/869781.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=4092263864,1641878710&fm=253&app=120&f=JPEG?w=1280&h=800

img2.baidu.com/it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280

42.81.98.35

200 OK

97 kB

URL HTTP/2
img2.baidu.com/it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x1280, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
97 kB (96608 bytes)
Hash
9f7c254f6e2701c08c28ca9ff5213d2c
aa546a68f7b71c61e2e52a1cd4b625a334e6a759
19bd124740c85c912ff1fc4d766fc81b86fb14f8d4f6838c8352c6e156a2c312

HTTP Headers

GET /it/u=3177038747,470637396&fm=253&fmt=auto?w=800&h=1280 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 96608
expires: Mon, 20 Feb 2023 10:51:57 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 9f7c254f6e2701c08c28ca9ff5213d2c
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 21 Jan 2023 10:51:57 GMT
ohc-cache-hit: tj5ct59 [1], suzix104 [4]
ohc-file-size: 96608
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/86981.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/86981.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/86981.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=4114631815,1463011445&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/67133.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/67133.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/67133.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3572222837,121085746&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=731

img2.baidu.com/it/u=4253177709,3679019934&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400

42.81.98.35

200 OK

11 kB

URL HTTP/2
img2.baidu.com/it/u=4253177709,3679019934&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 400x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
11 kB (10976 bytes)
Hash
5ce28e8423547a1867288b68b6867c50
ebc8ba66bc0763df2715155b297884aeb733b968
6b8f9e50c9575bef6fc341a95856338e4634b6b1f3c27db1978603aa4a701398

HTTP Headers

GET /it/u=4253177709,3679019934&fm=253&fmt=auto&app=138&f=JPEG?w=400&h=400 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 10976
expires: Mon, 27 Feb 2023 10:04:48 GMT
last-modified: Wed, 07 Jan 1970 00:00:00 GMT
etag: 5ce28e8423547a1867288b68b6867c50
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sat, 28 Jan 2023 10:04:48 GMT
ohc-cache-hit: tj5ct52 [1], wzix105 [2]
ohc-file-size: 10976
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/517875.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/517875.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/517875.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=2600301718,2735652905&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500

img1.baidu.com/it/u=998546231,2627594&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500

58.42.14.35

200 OK

35 kB

URL HTTP/2
img1.baidu.com/it/u=998546231,2627594&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
35 kB (35260 bytes)
Hash
1acdaf02b7912b2f8b233b8751ad4c8a
fe92400c1172154f972c93442912f3f18eaab8b5
f679cd76294c3ca51e5599245ca93c79184fe3055151022b6518f97d750a01f4

HTTP Headers

GET /it/u=998546231,2627594&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 35260
expires: Sat, 25 Feb 2023 02:22:19 GMT
last-modified: Mon, 05 Jan 1970 00:00:00 GMT
etag: 1acdaf02b7912b2f8b233b8751ad4c8a
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 26 Jan 2023 02:22:19 GMT
ohc-cache-hit: gyct56 [1], xiangyix56 [4]
ohc-file-size: 35260
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=2781183149,676470470&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500

42.81.98.35

200 OK

38 kB

URL HTTP/2
img2.baidu.com/it/u=2781183149,676470470&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 800x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
38 kB (38402 bytes)
Hash
07d022e71c6e0d7cb9b226fa7fd5560d
b00be8dd02cf82bfd41ffcfea18254b5da43abbe
1cedd22adc0ee111fe52c6d7d363d294eafe5e08e0dab6e460b19e22f7ca0712

HTTP Headers

GET /it/u=2781183149,676470470&fm=253&fmt=auto&app=138&f=JPEG?w=800&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 38402
expires: Fri, 17 Feb 2023 08:21:09 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: 07d022e71c6e0d7cb9b226fa7fd5560d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 08:21:09 GMT
ohc-cache-hit: tj5ct68 [1], qdix186 [4]
ohc-file-size: 38402
x-cache-status: MISS
X-Firefox-Spdy: h2

t13.baidu.com/it/u=4114631815,1463011445&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

46 kB

URL HTTP/1.1
t13.baidu.com/it/u=4114631815,1463011445&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
46 kB (46407 bytes)
Hash
0b19437f0edba83d16fc208ff04cc9ef
6fe404b20cdb5b2adc768ea1e2d24a4f204a89b1
ca5f9846c909f9f68ad804ab03da0a6d91e3df329598106b7b90f2adf89b37a9

HTTP Headers

GET /it/u=4114631815,1463011445&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpeg
Content-Length: 46407
Connection: keep-alive
Expires: Mon, 06 Feb 2023 14:45:06 GMT
Last-Modified: Sat, 10 Jan 1970 00:00:00 GMT
ETag: 0b19437f0edba83d16fc208ff04cc9ef
Age: 2040065
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sat, 07 Jan 2023 14:45:06 GMT
Ohc-Cache-HIT: fra01-sys-jomo1.fra01.baidu.com [4], zhuzuncache51 [4], bdix195 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 46407
X-Cache-Status: HIT
Timing-Allow-Origin: *

12804.url.tudown.com/uploads/images/777484.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/777484.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/777484.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2958945660,1305960227&fm=253&fmt=auto&app=138&f=JPEG?w=334&h=500

img1.baidu.com/it/u=2600301718,2735652905&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500

58.42.14.35

200 OK

19 kB

URL HTTP/2
img1.baidu.com/it/u=2600301718,2735652905&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 281x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
19 kB (19448 bytes)
Hash
940bdacb46fcf9e5e190eead6fe5d7d0
dbb99f786feff141c0c168816b721c6dcdc7b7b1
dbc193b23ddd84b09c824fd5b4a107069d5b98580169f7070c3263964afab16b

HTTP Headers

GET /it/u=2600301718,2735652905&fm=253&fmt=auto&app=138&f=JPEG?w=281&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 19448
expires: Tue, 21 Feb 2023 02:56:07 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 940bdacb46fcf9e5e190eead6fe5d7d0
age: 793175
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 02:56:07 GMT
ohc-cache-hit: gyct53 [4], czix124 [2]
ohc-file-size: 19448
x-cache-status: HIT
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/553979.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/553979.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/553979.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://img2.baidu.com/it/u=3106084175,2776644671&fm=253&app=120&f=JPEG?w=1280&h=800

img1.baidu.com/it/u=3572222837,121085746&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=731

58.42.14.35

200 OK

24 kB

URL HTTP/2
img1.baidu.com/it/u=3572222837,121085746&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=731
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x731, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
24 kB (23728 bytes)
Hash
d76f661623fd4abe336286f5f6eaaf5e
570fa7a7e129bdb0272e6bfd136c17b60e508adf
5b423348ac2945e2b2f442a5a62242e2f97c41c80e8eb9f762b58232dee3bae1

HTTP Headers

GET /it/u=3572222837,121085746&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=731 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 23728
expires: Tue, 21 Feb 2023 04:08:03 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: d76f661623fd4abe336286f5f6eaaf5e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 04:08:03 GMT
ohc-cache-hit: gyct62 [1], suzix67 [4]
ohc-file-size: 23728
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/uploads/images/519245.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/519245.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/519245.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: http://t13.baidu.com/it/u=2026357231,1274254347&fm=224&app=112&f=JPEG?w=500&h=500

12804.url.tudown.com/uploads/images/25785.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/25785.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/25785.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img1.baidu.com/it/u=3657497261,12670201&fm=253&fmt=auto&app=120&f=JPEG?w=889&h=500

12804.url.tudown.com/uploads/images/31641.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/31641.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/31641.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img2.baidu.com/it/u=518394472,1008597378&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500

12804.url.tudown.com/uploads/images/124542.jpg

154.218.151.71

301 Moved Permanently

0 B

URL HTTP/1.1
12804.url.tudown.com/uploads/images/124542.jpg
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /uploads/images/124542.jpg HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpg; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://img0.baidu.com/it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905

t13.baidu.com/it/u=2026357231,1274254347&fm=224&app=112&f=JPEG?w=500&h=500

185.10.104.124

200 OK

29 kB

URL HTTP/1.1
t13.baidu.com/it/u=2026357231,1274254347&fm=224&app=112&f=JPEG?w=500&h=500
IP
185.10.104.124:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Size
29 kB (29126 bytes)
Hash
84752e968c1a07331217d5e4e924ad12
1f2fbceecab976d64b34b284a761ad428b28c45c
676c4c4d308bb87d44739357f97cec445c432c47adf4cfefd1f67a6db5ee6ac7

HTTP Headers

GET /it/u=2026357231,1274254347&fm=224&app=112&f=JPEG?w=500&h=500 HTTP/1.1
Host: t13.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpeg
Content-Length: 29126
Connection: keep-alive
Expires: Tue, 07 Feb 2023 05:28:56 GMT
Last-Modified: Fri, 09 Jan 1970 00:00:00 GMT
ETag: 84752e968c1a07331217d5e4e924ad12
Age: 2040281
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 05:28:56 GMT
Ohc-Cache-HIT: fra01-sys-jomo5.fra01.baidu.com [4], zhuzuncache51 [4], suzix70 [4]
Ohc-Response-Time: 1 0 0 0 0 0
Ohc-File-Size: 29126
X-Cache-Status: HIT
Timing-Allow-Origin: *

img2.baidu.com/it/u=4092263864,1641878710&fm=253&app=120&f=JPEG?w=1280&h=800

42.81.98.35

200 OK

273 kB

URL HTTP/1.1
img2.baidu.com/it/u=4092263864,1641878710&fm=253&app=120&f=JPEG?w=1280&h=800
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
273 kB (273402 bytes)
Hash
2a3cf76cde6a5e4460fce475d6be59ec
94510c454407bde911996a3ee1d723355bc32370
b46adc8418f219871fd6546ab9d308c507a9b5b2a89a3c3e247d4de0d90498cd

HTTP Headers

GET /it/u=4092263864,1641878710&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpeg
Content-Length: 273402
Connection: keep-alive
Expires: Tue, 07 Feb 2023 11:19:43 GMT
Last-Modified: Tue, 13 Jan 1970 00:00:00 GMT
ETag: 2a3cf76cde6a5e4460fce475d6be59ec
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Sun, 08 Jan 2023 11:19:43 GMT
Ohc-Cache-HIT: tj5ct63 [2], bdix187 [4]
Ohc-File-Size: 273402
X-Cache-Status: MISS

img0.baidu.com/it/u=2958945660,1305960227&fm=253&fmt=auto&app=138&f=JPEG?w=334&h=500

113.219.142.35

200 OK

13 kB

URL HTTP/2
img0.baidu.com/it/u=2958945660,1305960227&fm=253&fmt=auto&app=138&f=JPEG?w=334&h=500
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 334x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
13 kB (12730 bytes)
Hash
a96d7b4ab3c5d7ef7563da2e2e94591d
89ad7e1b20945a039bfb8f030728e8615b7d1090
851f42fec5f5fd537f4580675e9655bf207eb50334e2dd4d9f862757f8e6b3b5

HTTP Headers

GET /it/u=2958945660,1305960227&fm=253&fmt=auto&app=138&f=JPEG?w=334&h=500 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 12730
expires: Fri, 17 Feb 2023 12:36:09 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: a96d7b4ab3c5d7ef7563da2e2e94591d
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 12:36:09 GMT
ohc-cache-hit: chenzct67 [1], suzix130 [4]
ohc-file-size: 12730
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638

113.219.142.35

200 OK

29 kB

URL HTTP/2
img0.baidu.com/it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x638, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
29 kB (29422 bytes)
Hash
abe88d977fbbececae72b3167e36966e
abf82fad41c012c9f7684b14eebe05576bc7b339
f05e685b21d7b49464dc2d670124547bdceee1d33058573c0b9fbe041f5f3223

HTTP Headers

GET /it/u=97040658,2737538612&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=638 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 29422
expires: Sat, 18 Feb 2023 04:11:41 GMT
last-modified: Sun, 04 Jan 1970 00:00:00 GMT
etag: abe88d977fbbececae72b3167e36966e
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 04:11:41 GMT
ohc-cache-hit: chenzct52 [1], qdix124 [4]
ohc-file-size: 29422
x-cache-status: MISS
X-Firefox-Spdy: h2

img2.baidu.com/it/u=3106084175,2776644671&fm=253&app=120&f=JPEG?w=1280&h=800

49.79.225.35

200 OK

66 kB

URL HTTP/1.1
img2.baidu.com/it/u=3106084175,2776644671&fm=253&app=120&f=JPEG?w=1280&h=800
IP
49.79.225.35:0
ASN
#131325 CHINATELECOM JIANGSU province NANTONG MAN network

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1280x800, components 3\012- data
Size
66 kB (65487 bytes)
Hash
74bc7e8b7221d5aed6da4d4138e68f42
63c59c3bc0a67a3415559fd182c5be87c7c42d90
5fbff76cc16f5099a30d9b6c610dd4826529944ed410c4e2d5bda1d16d3bd316

HTTP Headers

GET /it/u=3106084175,2776644671&fm=253&app=120&f=JPEG?w=1280&h=800 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://12804.url.tudown.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Sat, 04 Feb 2023 11:53:59 GMT
Content-Type: image/jpeg
Content-Length: 65487
Connection: keep-alive
Expires: Sun, 05 Feb 2023 13:41:29 GMT
Last-Modified: Wed, 07 Jan 1970 00:00:00 GMT
ETag: 74bc7e8b7221d5aed6da4d4138e68f42
Age: 196770
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Ohc-Global-Saved-Time: Fri, 06 Jan 2023 13:41:29 GMT
Ohc-Cache-HIT: ntct52 [4], czix124 [2]
Ohc-File-Size: 65487
X-Cache-Status: HIT

img2.baidu.com/it/u=518394472,1008597378&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500

42.81.98.35

200 OK

36 kB

URL HTTP/2
img2.baidu.com/it/u=518394472,1008597378&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500
IP
42.81.98.35:0
ASN
#58542 Tianjij,300000

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
36 kB (36318 bytes)
Hash
6ad7b7a25e499b09d985e71a07ab1588
f249d8d348bccff99c658c01ea7d87891d6a36cd
335d6d1370938c9ea81045bb77f0aafdcb10cd5882d3b26e691d2d9f81e7e2de

HTTP Headers

GET /it/u=518394472,1008597378&fm=253&fmt=auto&app=138&f=JPEG?w=889&h=500 HTTP/1.1
Host: img2.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 36318
expires: Sat, 18 Feb 2023 16:45:46 GMT
last-modified: Sun, 11 Jan 1970 00:00:00 GMT
etag: 6ad7b7a25e499b09d985e71a07ab1588
age: 127254
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Thu, 19 Jan 2023 16:45:46 GMT
ohc-cache-hit: tj5ct62 [4], suzix138 [4]
ohc-file-size: 36318
x-cache-status: HIT
X-Firefox-Spdy: h2

img0.baidu.com/it/u=3378133988,651244564&fm=253&fmt=auto?w=1280&h=800

113.219.142.35

200 OK

168 kB

URL HTTP/2
img0.baidu.com/it/u=3378133988,651244564&fm=253&fmt=auto?w=1280&h=800
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 1280x800, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
168 kB (168454 bytes)
Hash
a15380e9fcdb732967b6eb3026b31b03
8075f6377af3b67d72d961340296f6c960b20aa8
117c73f640537d1b8adf4c744c5e3e3dd5f1f2878c098060bd15db771eb2328c

HTTP Headers

GET /it/u=3378133988,651244564&fm=253&fmt=auto?w=1280&h=800 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 168454
expires: Sun, 05 Feb 2023 07:31:32 GMT
last-modified: Tue, 06 Jan 1970 00:00:00 GMT
etag: a15380e9fcdb732967b6eb3026b31b03
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Fri, 06 Jan 2023 07:31:32 GMT
ohc-cache-hit: chenzct52 [2], wzix52 [4]
ohc-file-size: 168454
x-cache-status: MISS
X-Firefox-Spdy: h2

img1.baidu.com/it/u=3657497261,12670201&fm=253&fmt=auto&app=120&f=JPEG?w=889&h=500

58.42.14.35

200 OK

44 kB

URL HTTP/2
img1.baidu.com/it/u=3657497261,12670201&fm=253&fmt=auto&app=120&f=JPEG?w=889&h=500
IP
58.42.14.35:0
ASN
#139203 Guizhou GuiAn IDC

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 889x500, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
44 kB (44440 bytes)
Hash
b194e9fa768154749c73de4933586be6
589436fd9d63a0a403e03b21245a8511cc524df4
e0f89e63a66b35ff06edb6969700f35933057d756ce1ca88575ed141a3d32c06

HTTP Headers

GET /it/u=3657497261,12670201&fm=253&fmt=auto&app=120&f=JPEG?w=889&h=500 HTTP/1.1
Host: img1.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 44440
expires: Tue, 21 Feb 2023 02:43:23 GMT
last-modified: Thu, 08 Jan 1970 00:00:00 GMT
etag: b194e9fa768154749c73de4933586be6
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Sun, 22 Jan 2023 02:43:23 GMT
ohc-cache-hit: gyct51 [1], czix51 [4]
ohc-file-size: 44440
x-cache-status: MISS
X-Firefox-Spdy: h2

img0.baidu.com/it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905

113.219.142.35

200 OK

56 kB

URL HTTP/2
img0.baidu.com/it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905
IP
113.219.142.35:0
ASN
#63838 Hengyang

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 500x905, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
56 kB (56350 bytes)
Hash
bec30330094a6d614b040b659191fada
f46bdbf45be5b2adf30fe64748d8b8b2cc96a258
284463d6ecaa75576925fddd5df8a0440308d0adf51c000443492ebe663ffdee

HTTP Headers

GET /it/u=2099595416,2246468256&fm=253&fmt=auto&app=138&f=JPEG?w=500&h=905 HTTP/1.1
Host: img0.baidu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://12804.url.tudown.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: JSP3/2.0.14
date: Sat, 04 Feb 2023 11:53:59 GMT
content-type: image/webp
content-length: 56350
expires: Fri, 17 Feb 2023 12:27:46 GMT
last-modified: Sat, 10 Jan 1970 00:00:00 GMT
etag: bec30330094a6d614b040b659191fada
accept-ranges: bytes
access-control-allow-origin: *
timing-allow-origin: *
ohc-global-saved-time: Wed, 18 Jan 2023 12:27:46 GMT
ohc-cache-hit: chenzct58 [1], czix114 [2]
ohc-file-size: 56350
x-cache-status: MISS
X-Firefox-Spdy: h2

12804.url.tudown.com/favicon.ico

154.218.151.71

200 OK

0 B

URL HTTP/1.1
12804.url.tudown.com/favicon.ico
IP
154.218.151.71:0
ASN
#137951 Clayer Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 12804.url.tudown.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://12804.url.tudown.com/down/type34.6.0.0@376_33660.exe
Cookie: Hm_lvt_dd9836db2e433f487a0aa434b7b3deb7=1675511673; Hm_lpvt_dd9836db2e433f487a0aa434b7b3deb7=1675511673

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 04 Feb 2023 11:54:00 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Tue, 30 Jul 2019 15:51:36 GMT
Connection: keep-alive
ETag: "5d406788-0"
Accept-Ranges: bytes

jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba

54.230.111.122

200 OK

0 B

URL HTTP/2
jspassport.ssl.qhimg.com/11.0.1.js?d182b3f28525f2db83acfaaf6e696dba
IP
54.230.111.122:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /11.0.1.js?d182b3f28525f2db83acfaaf6e696dba HTTP/1.1
Host: jspassport.ssl.qhimg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://12804.url.tudown.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/x-javascript
last-modified: Wed, 28 Nov 2018 07:43:20 GMT
kcs-via: HIT from w-fc01.lato;REVALIDATED from w-sc01.lato
date: Sat, 04 Feb 2023 11:49:39 GMT
cache-control: max-age=600
expires: Sat, 04 Feb 2023 11:59:30 GMT
x-cache: Hit from cloudfront
via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2fQfbZwber1Mkwvo_QzdQq1og2geSn5t6CXoMVlFfBUko_ejiFN-lQ==
age: 265
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML