121.36.202.172:8002/?lzplay.zip
121.36.202.172302 Found 24 B URL User Request GET HTTP/1.1 121.36.202.172:8002/?lzplay.zip
IP 121.36.202.172:8002
ASN #55990 Huawei Cloud Service data center
File type HTML document, ASCII text, with CRLF line terminators
Hash 02f64fc77e8ef44c488221ff85ceec42
8d9c2b43ecdd5766a951db6a21b5f4f9dd1cc6f9
c6c206b28533e3bdc3e73754da71d7119640d85cb48448d039efece8fd05986d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?lzplay.zip HTTP/1.1
Host: 121.36.202.172:8002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.15.11
Date: Tue, 16 Apr 2024 08:50:42 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4
Location: http://121.36.202.172:5002/?lzplay.zip
121.36.202.172:5002/?lzplay.zip
121.36.202.172200 OK 2.7 kB URL User Request GET HTTP/1.1 121.36.202.172:5002/?lzplay.zip
IP 121.36.202.172:5002
ASN #55990 Huawei Cloud Service data center
File type HTML document, Unicode text, UTF-8 text, with very long lines (310), with CRLF line terminators
Hash eb172d1fcdf54e3e077f8d554a609978
f0f9344a105ae1245c93246a48f39d56121fc950
65c0d090be280ff4386a57bb7fc554e454f7c78a038d0cb1b85f5d979195a7dc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?lzplay.zip HTTP/1.1
Host: 121.36.202.172:5002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.15.11
Date: Tue, 16 Apr 2024 08:50:43 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.3.4
sdk.51.la/js-sdk-pro.min.js
47.246.44.239200 OK 13 kB URL GET HTTP/1.1 sdk.51.la/js-sdk-pro.min.js
IP 47.246.44.239:80
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Requested by http://121.36.202.172:5002/?lzplay.zip
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (34110)
Hash 24bb520e9517f2ed3ed987b46aeaf723
846723563d7dd2bff3954f93633b11af0103adc8
d1f1bfe698f2ffb7b3e7a885a301d58f9554d45df0a31c3e8b53c84b33c80d27
GET /js-sdk-pro.min.js HTTP/1.1
Host: sdk.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 12846
Connection: keep-alive
Date: Tue, 02 Apr 2024 02:56:05 GMT
x-oss-request-id: 660B73C5A55499353760FC20
x-oss-cdn-auth: success
Accept-Ranges: bytes
x-oss-object-type: Normal
x-oss-storage-class: Standard
Content-MD5: JLtSDpUX8u0+2Ye0aur3Iw==
x-oss-server-time: 3
Ali-Swift-Global-Savetime: 1712026565
Via: cache15.l2de2[0,0,304-0,H], cache19.l2de2[0,0], ens-cache18.se2[0,0,200-0,H], ens-cache15.se2[1,0]
Vary: Accept-Encoding
Last-Modified: Thu, 08 Jun 2023 02:24:34 GMT
x-oss-hash-crc64ecma: 5143829838470429443
Content-Encoding: gzip
Age: 1230878
X-Cache: HIT TCP_MEM_HIT dirn:5:42691782
X-Swift-SaveTime: Tue, 02 Apr 2024 02:56:39 GMT
X-Swift-CacheTime: 1295966
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
EagleId: 2ff62ca317132574437183881e
res.cloudflareip.com/style_mini.css
111.174.9.41200 OK 1.1 kB URL GET HTTP/1.1 res.cloudflareip.com/style_mini.css
IP 111.174.9.41:80
ASN #136194 Huangshi, Hubei Province, P.R.China.
Requested by http://121.36.202.172:5002/?lzplay.zip
File type ASCII text, with very long lines (4015), with no line terminators
Hash c786435568e3d8cf8814056cf2a084fc
e21ba6c23313b3752f5d978398a0cfbd3b7f1c19
762e8458878c9a9123a677c0ba9b4351ae82fff44324463ed5d434984919e51c
GET /style_mini.css HTTP/1.1
Host: res.cloudflareip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Tue, 16 Apr 2024 08:50:44 GMT
Content-Type: text/css
Content-Length: 1094
Connection: keep-alive
Last-Modified: Sun, 24 Mar 2024 08:32:34 GMT
ETag: "FuIbpsIzE7N1L12Xg5igz707fxwZ.gz"
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Age: 1975178
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Content-Disposition: inline; filename="style_mini.css"; filename*=utf-8''style_mini.css
Content-Md5: x4ZDVWjj2M+IFAVs8qCE/A==
Content-Transfer-Encoding: binary
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:jjh3247;QNM3
X-M-Reqid: OIEAAOx9KrQnsr8X
X-Qiniu-Zone: 0
X-Qnm-Cache: Hit
X-Reqid: jQgAAAAIMkEUsr8X
X-Svr: IO
Ohc-Global-Saved-Time: Sun, 24 Mar 2024 12:09:42 GMT
Ohc-Cache-HIT: hs6ct76 [2]
Ohc-File-Size: 1094
X-Cache-Status: HIT
res.cloudflareip.com/layer.js
111.174.9.41200 OK 7.9 kB URL GET HTTP/1.1 res.cloudflareip.com/layer.js
IP 111.174.9.41:80
ASN #136194 Huangshi, Hubei Province, P.R.China.
Requested by http://121.36.202.172:5002/?lzplay.zip
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (22680), with CRLF line terminators
Hash b4a07ebd1e78576d03052a287de2a939
83e7183990e32ec734e330d5ddba9bcb3278d31c
439a7f54e8c4ab2d9d9e5d85d4d3b16b73f7d50f456cb791ae8440b1946cc84f
GET /layer.js HTTP/1.1
Host: res.cloudflareip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Tue, 16 Apr 2024 08:50:44 GMT
Content-Type: text/javascript
Content-Length: 7897
Connection: keep-alive
Last-Modified: Sun, 24 Mar 2024 08:32:34 GMT
ETag: "FoPnGDmQ4y7HNOMw1d26m8syeNMc.gz"
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Age: 1975178
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Content-Disposition: inline; filename="layer.js"; filename*=utf-8''layer.js
Content-Md5: tKB+vR54V20DBSoofeKpOQ==
Content-Transfer-Encoding: binary
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:xs1181;QNM3
X-M-Reqid: dygAAC5Tn6snsr8X
X-Qiniu-Zone: 0
X-Qnm-Cache: Hit
X-Reqid: FukAAACHM2_Tsb8X
X-Svr: IO
Ohc-Global-Saved-Time: Sun, 24 Mar 2024 12:05:04 GMT
Ohc-Cache-HIT: hs6ct60 [2]
Ohc-File-Size: 7897
X-Cache-Status: HIT
res.cloudflareip.com/jquery.min.js
111.174.9.41200 OK 31 kB URL GET HTTP/1.1 res.cloudflareip.com/jquery.min.js
IP 111.174.9.41:80
ASN #136194 Huangshi, Hubei Province, P.R.China.
Requested by http://121.36.202.172:5002/?lzplay.zip
File type JavaScript source, ASCII text, with very long lines (65450), with CRLF line terminators
Hash 567eec7717cb514434c657d90e88afd2
8c235957586ac868bff7a0b4827cf163cf82d9de
3e2a2e48864b44198261695e5e93ffa4cb2395f6836db0e920974718d11f24d4
GET /jquery.min.js HTTP/1.1
Host: res.cloudflareip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Tue, 16 Apr 2024 08:50:44 GMT
Content-Type: text/javascript
Content-Length: 30841
Connection: keep-alive
Last-Modified: Sun, 24 Mar 2024 08:32:34 GMT
ETag: "FowjWVdYashov_egtIJ88WPPgtne.gz"
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Age: 610265
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Content-Disposition: inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Content-Md5: Vn7sdxfLUUQ0xlfZDoiv0g==
Content-Transfer-Encoding: binary
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:jjh3231;QNM3
X-M-Reqid: lb8AANTbhziJi8QX
X-Qiniu-Zone: 0
X-Qnm-Cache: Hit
X-Reqid: BYYAAAAIuK_tsb8X
X-Svr: IO
Ohc-Global-Saved-Time: Sun, 24 Mar 2024 12:06:57 GMT
Ohc-Cache-HIT: hs6ct56 [2]
Ohc-File-Size: 30841
X-Cache-Status: HIT
res.cloudflareip.com/layer.css
111.174.9.41200 OK 2.8 kB URL GET HTTP/1.1 res.cloudflareip.com/layer.css
IP 111.174.9.41:80
ASN #136194 Huangshi, Hubei Province, P.R.China.
Requested by http://121.36.202.172:5002/?lzplay.zip
File type ASCII text, with very long lines (14271), with no line terminators
Hash c234eb06d5f32055092294e78957f17d
f15ee0bcb9694f32f5e1d524f2653aa0dd043402
5cdf3edb27b0c9f8e48918c486e9ae65a9e5beab806b64c4a7bc5bac53c0f540
GET /layer.css HTTP/1.1
Host: res.cloudflareip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Tue, 16 Apr 2024 08:50:44 GMT
Content-Type: text/css
Content-Length: 2804
Connection: keep-alive
Last-Modified: Sun, 24 Mar 2024 08:32:34 GMT
ETag: "FvFe4Ly5aU8y9eHVJPJlOqDdBDQC.gz"
Cache-Control: public, max-age=31536000
Content-Encoding: gzip
Age: 681027
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Content-Disposition: inline; filename="layer.css"; filename*=utf-8''layer.css
Content-Md5: wjTrBtXzIFUJIpTniVfxfQ==
Content-Transfer-Encoding: binary
Vary: Accept-Encoding
X-Log: X-Log
X-M-Log: QNM:jjh3236;QNM3
X-M-Reqid: AZ4AAN1lQYQtS8QX
X-Qiniu-Zone: 0
X-Qnm-Cache: Hit
X-Reqid: HlcAAABJqq7tsb8X
X-Svr: IO
Ohc-Global-Saved-Time: Sun, 24 Mar 2024 12:06:57 GMT
Ohc-Cache-HIT: hs6ct60 [2]
Ohc-File-Size: 2804
X-Cache-Status: HIT
res.cloudflareip.com/theme/default/layer.css?v=3.5.1
111.174.9.41404 Not Found 30 B URL GET HTTP/1.1 res.cloudflareip.com/theme/default/layer.css?v=3.5.1
IP 111.174.9.41:80
ASN #136194 Huangshi, Hubei Province, P.R.China.
Requested by http://121.36.202.172:5002/?lzplay.zip
Hash dae2f3dd9baf239b45dd8bc1408e67de
5e415fd3ee90548957bb73ce748eca52a65a01b3
63f167d2adce5d2b33fc90c8a437615e605ac1ab3dd8b6e028dbc502da3b663e
GET /theme/default/layer.css?v=3.5.1 HTTP/1.1
Host: res.cloudflareip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: JSP3/2.0.14
Date: Tue, 16 Apr 2024 08:50:44 GMT
Content-Type: application/json
Content-Length: 30
Connection: keep-alive
Accept-Ranges: none
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
X-Log: X-Log
X-M-Log: QNM:yzh160;QNM3/404
X-M-Reqid: MxkAAAjIx4eRtsYX
X-Qnm-Cache: Hit
X-Reqid: YYYAAAAiGMCDtsYX
X-Svr: IO
Ohc-Cache-HIT: hs6ct77 [1]
Ohc-File-Size: 30
X-Cache-Status: MISS
X-Error-Info: Origin
collect-v6.51.la/v6/collect?dt=4
203.107.86.226403 0 B URL POST HTTP/1.1 collect-v6.51.la/v6/collect?dt=4
IP 203.107.86.226:80
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
Requested by http://121.36.202.172:5002/?lzplay.zip
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v6/collect?dt=4 HTTP/1.1
Host: collect-v6.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Length: 288
Origin: http://121.36.202.172:5002
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403
Date: Tue, 16 Apr 2024 08:50:44 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: aliyungf_tc=5e32132a1f4ea9b60da4c815f818413f5353c821338feab7f915555511dceb53; Path=/; HttpOnly
acw_tc=ac11000117132574448075592e3451aed902359c8f837552e0c9fbc817ae3c;path=/;HttpOnly;Max-Age=1800
Server: nginx
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Origin: http://121.36.202.172:5002
Access-Control-Allow-Credentials: true
121.36.202.172:5002/favicon.ico
121.36.202.172200 OK 1.6 kB URL GET HTTP/1.1 121.36.202.172:5002/favicon.ico
IP 121.36.202.172:5002
ASN #55990 Huawei Cloud Service data center
Requested by http://121.36.202.172:5002/?lzplay.zip
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Hash 985e992614e48c9b6a7120d4c5363ffb
16d52f10f93c423749f8fa4fb58d7c3d5cf89444
673b32775e4009e8e48b394f81fd1241ffbf27202805ff036225bfa006a65a9e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: 121.36.202.172:5002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/?lzplay.zip
Cookie: __vtins__JLEnGBtgpV2uB763=%7B%22sid%22%3A%20%22ef937ae0-e8af-5d3b-b025-6ae1b8b88b81%22%2C%20%22vd%22%3A%201%2C%20%22stt%22%3A%200%2C%20%22dr%22%3A%200%2C%20%22expires%22%3A%201713259244332%2C%20%22ct%22%3A%201713257444332%7D; __51uvsct__JLEnGBtgpV2uB763=1; __51vcke__JLEnGBtgpV2uB763=4862d22e-0d30-5241-913a-475ad4a517bb; __51vuft__JLEnGBtgpV2uB763=1713257444337
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.15.11
Date: Tue, 16 Apr 2024 08:50:45 GMT
Content-Type: image/x-icon
Content-Length: 1572
Last-Modified: Tue, 08 Aug 2023 02:33:08 GMT
Connection: keep-alive
ETag: "64d1a964-624"
Accept-Ranges: bytes
121.36.202.172:5002/1e.png
121.36.202.172200 OK 2.5 kB URL GET HTTP/1.1 121.36.202.172:5002/1e.png
IP 121.36.202.172:5002
ASN #55990 Huawei Cloud Service data center
Requested by http://121.36.202.172:5002/?lzplay.zip
File type PNG image data, 400 x 400, 8-bit/color RGB, non-interlaced
Hash dec9a73e1b1e6043e517ab34e5855c9b
7fdebf32167e3e29f8afef9054a8bd482951069c
591d03d9b33b89daf2a91b2793b80afb96bf43d5186bf94a19a43df4186055cd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /1e.png HTTP/1.1
Host: 121.36.202.172:5002
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/?lzplay.zip
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.15.11
Date: Tue, 16 Apr 2024 08:50:45 GMT
Content-Type: image/png
Content-Length: 2457
Last-Modified: Sun, 31 Mar 2024 10:45:18 GMT
Connection: keep-alive
ETag: "66093ebe-999"
Accept-Ranges: bytes
hm.baidu.com/hm.js?45ba4dc1b55a5ee4efd99d409c3caff1
103.235.46.191200 OK 11 kB URL GET HTTP/1.1 hm.baidu.com/hm.js?45ba4dc1b55a5ee4efd99d409c3caff1
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://121.36.202.172:5002/?lzplay.zip
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type JavaScript source, ASCII text, with very long lines (628)
Hash ed171913d5e95573ea5177d9b01bf3e6
7039f87e290b5c3216f154625f5fca6a8f727013
c33eb27b53413d92f94dcfab26f88cb99ed33af909599b5c5c027d52fe3915d6
GET /hm.js?45ba4dc1b55a5ee4efd99d409c3caff1 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11266
Content-Type: application/javascript
Date: Tue, 16 Apr 2024 08:50:45 GMT
Etag: a43d7b8ec9f702ba8bef3cfed3ef4e30
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=8EB1761E98F8FFE7; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1115447632&si=45ba4dc1b55a5ee4efd99d409c3caff1&v=1.3.0&lv=1&sn=41476&r=0&ww=1280&u=http%3A%2F%2F121.36.202.172%3A5002%2F%3Flzplay.zip&tt=%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81%E8%AE%BF%E9%97%AE
103.235.46.191200 OK 43 B URL GET HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1115447632&si=45ba4dc1b55a5ee4efd99d409c3caff1&v=1.3.0&lv=1&sn=41476&r=0&ww=1280&u=http%3A%2F%2F121.36.202.172%3A5002%2F%3Flzplay.zip&tt=%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81%E8%AE%BF%E9%97%AE
IP 103.235.46.191:443
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://121.36.202.172:5002/?lzplay.zip
Certificate IssuerGlobalSign nv-sa
Subjectbaidu.com
Fingerprint97:42:D5:98:27:D6:22:88:CF:59:C3:FF:75:86:8D:D5:D3:12:A0:AF
ValidityThu, 06 Jul 2023 01:51:06 GMT - Tue, 06 Aug 2024 01:51:05 GMT
File type GIF image data, version 89a, 1 x 1
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=1024&et=0&ja=0&ln=en-us&lo=0&rnd=1115447632&si=45ba4dc1b55a5ee4efd99d409c3caff1&v=1.3.0&lv=1&sn=41476&r=0&ww=1280&u=http%3A%2F%2F121.36.202.172%3A5002%2F%3Flzplay.zip&tt=%E8%BE%93%E5%85%A5%E5%AF%86%E7%A0%81%E8%AE%BF%E9%97%AE HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://121.36.202.172:5002/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Apr 2024 08:50:46 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=7C4FBFF34ADC31C0; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff