Report - cf6h.com/

Report Overview

Submitted URL
cf6h.com/
IP
160.202.96.233
ASN
#46261 QUICKPACKET
Submitted
2022-09-23 12:44:08
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
30

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
kzeaa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	423 B	66.150.130.123
kvhwww.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	749 kB	172.67.162.45
ddcdn.comtucdncom.com	240637	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	427 B	465 kB	172.247.77.90
ggt999.oss-cn-hangzhou.aliyuncs.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	400 B	339 kB	47.110.177.104
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.25
api.share.baidu.com	44629	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	317 B	114 B	39.156.68.163
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.9 kB	23.36.76.226
kvhcc.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	422 B	78.46.107.74
mei.netlbtu.com	917912	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	48 kB	172.64.140.29
nvhaaa.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	788 B	388 kB	104.21.234.41
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	104.18.32.68
kvezz.com	237784	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	423 B	104.143.94.110
www.cf6h.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	4.0 kB	160.202.96.233
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.191.251.76
dimg04.c-ctrip.com	139731	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	826 B	2.7 MB	104.110.17.24
www.henniu468.site	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.5 kB	1.1 MB	173.231.12.252
p3.douyinpic.com	23536	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	762 B	1.3 MB	47.246.44.224
acoossi.top	489936	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	1.0 MB	104.21.234.201
si1.go2yd.com	325918	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	382 B	707 kB	163.171.140.79
p.qlogo.cn	48578	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.1 kB	6.1 MB	43.154.254.32
p26.toutiaoimg.com	75286	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	866 B	981 kB	182.118.39.171
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	347 B	1.9 kB	104.18.21.226
www.tupku.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	377 B	1.6 MB	172.67.200.40
kvevv.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	422 B	64.32.13.142
push.zhanzhang.baidu.com	57139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	270 B	750 B	180.101.212.103
kvteee.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	367 kB	104.21.233.123
img.syhy.top	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	776 B	674 kB	23.225.48.163
s2.loli.net	100401	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	389 B	906 kB	172.67.69.40
acoossn.top	475526	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	401 kB	104.21.37.222
zhibo128x1.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	646 kB	154.83.25.141
38qptu4.oss-cn-hangzhou.aliyuncs.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	300 kB	47.110.177.110
vcawmm.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	252 kB	45.61.212.171
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	6.9 kB	93.184.220.29
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	58 kB	34.120.237.76
kvhaa.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	786 B	844 B	78.46.107.74
cbu01.alicdn.com	44205	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	99 kB	47.246.44.251
884329.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	394 B	424 kB	47.75.19.14
img.x956.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	395 B	182 B	3.36.126.81
img.999997.co	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	396 B	182 B	23.225.222.2
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
baidu.hnmaccms.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	673 B	662 B	143.92.57.79
aooacctp.vip	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	373 B	90 kB	172.67.161.53
hm.baidu.com	8254	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	25 kB	103.235.46.191
p9.toutiaoimg.com	59405	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	846 B	896 kB	4.34.42.102
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	12 kB	23.36.77.32
cf6h.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	193 B	160.202.96.233
zerossl.ocsp.sectigo.com	4049	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	672 B	2.4 kB	172.64.155.188
ocsp.digicert.cn	37572	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	974 B	47.246.44.205
kveff.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	393 B	422 B	78.46.107.74
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	12 kB	104.18.20.226
nkiun.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	254 B	17 kB	8.210.99.166

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-23	medium	hnmaccms.xyz	Sinkholed
2022-09-23	medium	hnmaccms.xyz	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed
2022-09-23	medium	henniu468.site	Sinkholed

JavaScript (19)

	URL	Size	First Seen	Last Seen
	www.henniu468.site/template/dfcc/static/js/jquery.lazyload.min.js	3.4 kB	2023-03-07	2024-04-25
Pretty URL www.henniu468.site/template/dfcc/static/js/jquery.lazyload.min.js IP 173.231.12.252 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2024-04-25 01:43:39 Times Seen4075 Hash 112c8d1b40b3e62e883c743e9d71e0bf 338318e930487b2791a7bcf53ad4601630cc41e2 ad79ce7e34d1a788809bb853031133de2ae45f3c19ac4955dae46c7490188c2e Loading...

	www.cf6h.com/tj.js	520 B	2023-03-07	2023-03-10
Pretty URL www.cf6h.com/tj.js IP 160.202.96.233 ASN #46261 QUICKPACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:50:41 Last Seen2023-03-10 13:40:17 Times Seen1 Hash 5d76174cce8c3c8b7710635377826efb e4bc8c6c75beb4efdf4bd4341bc60969587d1ea0 9222d5bf5c6a3526121b7e12099124ccf4c57a6b0060944d92a8e2d751e2e1f9 Loading...

	www.henniu468.site/template/dfcc/static/js/jquery.min.js	97 kB	2023-03-07	2024-04-25
Pretty URL www.henniu468.site/template/dfcc/static/js/jquery.min.js IP 173.231.12.252 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-25 02:53:38 Times Seen118687 Hash 4f252523d4af0b478c810c2547a63e19 5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb 668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404 Loading...

	www.henniu468.site/template/dfcc/html9/ads/dulian.js	1.2 kB	2023-03-07	2023-03-17
Pretty URL www.henniu468.site/template/dfcc/html9/ads/dulian.js IP 173.231.12.252 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2023-03-17 12:40:01 Times Seen1 Hash ab8109df9ff9b03818638c5f97842738 d7760e98e134b5e605729724974dc94cf1d49092 38a2e803f07a2d784823887c51953a6d0d451eb8553a8404b6b80e2768229101 Loading...

	www.henniu468.site/	126 B	2023-03-07	2024-04-18
Pretty URL www.henniu468.site/ IP 173.231.12.252 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2024-04-18 08:18:14 Times Seen697 Hash 2f869be15fc72c6b1c27b0722717f7b9 4c14a9d014274a315deb6c2066659a5472de3281 86ab4a35529048ff85c373322d7b7cc6bf047551f014c721a210c01c5a070db6 Loading...

	hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2b	30 kB	2023-03-07	2023-03-07
Pretty URL hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2b IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:50:41 Last Seen2023-03-07 23:50:41 Times Seen1 Hash 9fd32aa32aed33d915b571b881519daf 63a1c47598cfe11e9c510ba2cafc7af51644fa15 068e85babcde119dc639d45d8a3d15ef6b2ca84b9be846c2a3d991b77f8df25e Loading...

	push.zhanzhang.baidu.com/push.js	281 B	2023-03-07	2024-04-25
Pretty URL push.zhanzhang.baidu.com/push.js IP 180.101.212.103 ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-25 07:54:35 Times Seen18993 Hash 1bb5a3267c9865ad4abe8d937734b62b b5478dd2edb3e64242eced1db2dbd945ef81f592 674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2 Loading...

	www.cf6h.com/common.js	1.5 kB	2023-03-07	2023-03-17
Pretty URL www.cf6h.com/common.js IP 160.202.96.233 ASN #46261 QUICKPACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2023-03-17 12:40:02 Times Seen1 Hash 18ac90c0a88951615363d6ee8ceed9a2 e894023834a6c5102cdc4459c57251866382504b 9c78d58924be5f7e66557483cc53def1aa55c8839bda5d6911118d6e709255e9 Loading...

	www.henniu468.site/	254 B	2023-03-07	2023-04-14
Pretty URL www.henniu468.site/ IP 173.231.12.252 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2023-04-14 00:52:17 Times Seen34 Hash 05f0373ea7e281c385907cb6386e0545 f3bf9f91dcc0e52ce2366cf0880e880539b5f7fc ea2cf285809c5418877d8d21b5fcef883d144ec6bb364bd429c8f54d90da7f19 Loading...

	www.henniu468.site/logo.html	448 B	2023-03-07	2023-04-05
Pretty URL www.henniu468.site/logo.html IP 173.231.12.252 ASN #18450 WEBNX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:48 Last Seen2023-04-05 02:01:03 Times Seen113 Hash 85ed82b5f9fb4040d4c6e5165e458e6b 43a80e8dedae9ef5e4500d129cfecaf39bbeb2e5 7e40c67aca6c28510901aca57be804353d55494e7a0890d3fd3f31b7243f77ee Loading...

	www.cf6h.com/index.php	404 B	2023-03-07	2024-04-18
Pretty URL www.cf6h.com/index.php IP 160.202.96.233 ASN #46261 QUICKPACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:09 Last Seen2024-04-18 08:01:19 Times Seen2975 Hash 91862680df880ab56f799547b01a5900 bd184fe6e0e046873c1a606c89ce2d3eed4b689f 6520359b93c2e43efd5a58f422af308b43c718769a0989344a10f00b345ca0b2 Loading...

	baidu.hnmaccms.xyz/news/data.php	387 B	2023-03-07	2023-03-08
Pretty URL baidu.hnmaccms.xyz/news/data.php IP 143.92.57.79 ASN #64050 BGPNET Global ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:33:08 Last Seen2023-03-08 03:22:27 Times Seen1 Hash 7bf93f05605373ba4c293190ee843ed4 19ececb557ab70d6af87a1a1e4f07db7189d0e8f 50b18fc01a3606217834ed4ad5c3011ab0fb98399e947f37c0b6385098b23e76 Loading...

	hm.baidu.com/hm.js?82f3b0bae8771d461088741e02da3503	30 kB	2023-03-07	2023-03-07
Pretty URL hm.baidu.com/hm.js?82f3b0bae8771d461088741e02da3503 IP 103.235.46.191 ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:50:41 Last Seen2023-03-07 23:50:41 Times Seen1 Hash 57a178db4585d86d1896731f6553246e 6998e30a0f7face4d41285d7237f1b3ed832ebd7 7241dd58885c87dab450b15d84df91328b1406afaae99e83c452417aafa26f52 Loading...

	www.cf6h.com/index.php	34 B	2023-03-07	2023-03-07
Pretty URL www.cf6h.com/index.php IP 160.202.96.233 ASN #46261 QUICKPACKET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:50:41 Last Seen2023-03-07 23:50:41 Times Seen1 Hash ea02a17595f0adc91e583ab36d17cea6 d334bafe046715d375260ff76b26cbfd8b5f3a1c 164b1b623aeb182a9fe78e0b6555d7edefbbce3ed9174bc0f9920268d7fc9f80 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 0beb34d9358fcb9722b8134045056d1a	475 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 23:50:41 Last Seen2023-03-07 23:50:41 Times Seen1 Hash 0beb34d9358fcb9722b8134045056d1a 71e232b14e90c2fc3d0eb5cd387a1606fe5d8d9f 1459ef30608af3953615e39ee3062d2364febba6ee30eb01e80a1428123e59e0 Loading...

		Size	First Seen	Last Seen
	#1 Write - 21f37ce4b8104a0cd74f82f708db5ecb	262 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:10:48 Last Seen2023-03-17 12:40:02 Times Seen1 Hash 21f37ce4b8104a0cd74f82f708db5ecb dfd0219186e47db95d5116fb2bd0d499713da0be 7238b7cd10440376e05f7c38fa7b082e61916da6e871eced2a3a1cef9b8ac89e Loading...

	#2 Write - 8929e44acfed2c6b02aa9ef181390272	499 B	2023-03-07	2023-05-31
Pretty Observations First Seen2023-03-07 01:10:48 Last Seen2023-05-31 05:40:33 Times Seen10 Hash 8929e44acfed2c6b02aa9ef181390272 9e477dbf0eb3d83174ce6b3258ab13911ba0969a 9a8b808ab7947e38bae770de004bdaf78cf40682f8299bfb0996a6427f728d42 Loading...

	#3 Write - 418587dbcfb5fba2befb1a4a97ff1689	456 B	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 23:50:41 Last Seen2023-03-07 23:50:41 Times Seen1 Hash 418587dbcfb5fba2befb1a4a97ff1689 811b600b156599a97f0d817087acb639673f2a31 c82152ba6d7cdad11918cb076a093d5d9bb8c2b235836d106ebdb33f2ff97495 Loading...

	#4 Write - 470ef98466c889f34d4087cb64703723	42 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:10:48 Last Seen2023-03-17 12:40:02 Times Seen1 Hash 470ef98466c889f34d4087cb64703723 04910e7791680225ec7254f22830fd4ce3e968f3 1e0e38892c39dcb13ae1d279e0e1ec3781164e92d21c39093013f3f724417b47 Loading...

HTTP Transactions (123)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 12:14:07 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vb1PvIaF4Cefzq6N8ZKFuodGxorYaDMK8g3e-XXmfqW0hq-92jv3Ow==
Age: 1789

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9013
Expires: Fri, 23 Sep 2022 15:14:10 GMT
Date: Fri, 23 Sep 2022 12:43:57 GMT
Connection: keep-alive

cf6h.com/

160.202.96.233

301 Moved Permanently

0 B

URL HTTP/1.1
cf6h.com/
IP
160.202.96.233:0
ASN
#46261 QUICKPACKET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.cf6h.com/index.php

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.25

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.25:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qs9cbvUaXki-UMcpeOCIrb-9NWoBYxG_CNMbhNoMctzAQhe81nbTLQ==
age: 29323
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 12:27:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 64S3yfihUXalBfPjgOh3ip0yuOXHX7XEnJPYsSNHDd0UbCoqTn6d4g==
Age: 2435

www.cf6h.com/index.php

160.202.96.233

200 OK

801 B

URL HTTP/1.1
www.cf6h.com/index.php
IP
160.202.96.233:0
ASN
#46261 QUICKPACKET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Size
801 B (801 bytes)
Hash
b153a9f7064d6a484e0ad1a520dd3326
3eaedf76393c60fb2f9c1886a7de34fc8ac344f8
8d9dea1e284146e802e0da9c84f9054f4374e3f208d90b60b21d86f4d03926f7

HTTP Headers

GET /index.php HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: text/html
Content-Length: 801
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5756
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:43:57 GMT
Last-Modified: Fri, 23 Sep 2022 11:08:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

www.cf6h.com/common.js

160.202.96.233

200 OK

757 B

URL HTTP/1.1
www.cf6h.com/common.js
IP
160.202.96.233:0
ASN
#46261 QUICKPACKET

File type
HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Size
757 B (757 bytes)
Hash
ae4f9ffe7a2eeb4f281eec7788eba03b
09d7e9e07ddb8f412b4e904bbfd609edef5353bf
8bce791cc2ad839158815f6e0a8a1073de39f96f4e6c2135e13736cd5f620aca

HTTP Headers

GET /common.js HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.cf6h.com/tj.js

160.202.96.233

200 OK

520 B

URL HTTP/1.1
www.cf6h.com/tj.js
IP
160.202.96.233:0
ASN
#46261 QUICKPACKET

File type
ASCII text, with CRLF line terminators
Size
520 B (520 bytes)
Hash
5d76174cce8c3c8b7710635377826efb
e4bc8c6c75beb4efdf4bd4341bc60969587d1ea0
9222d5bf5c6a3526121b7e12099124ccf4c57a6b0060944d92a8e2d751e2e1f9

HTTP Headers

GET /tj.js HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: application/x-javascript
Content-Length: 520
Connection: keep-alive

push.services.mozilla.com/

54.191.251.76

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.191.251.76:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s9OJFcB6wRiZSIiskMcFDw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kdVfZrGZucBEYWKPHReCiIdx7UU=

baidu.hnmaccms.xyz/news/index.php

143.92.57.79

200 OK

48 B

URL HTTP/1.1
baidu.hnmaccms.xyz/news/index.php
IP
143.92.57.79:0
ASN
#64050 BGPNET Global ASN

File type
HTML document, ASCII text, with no line terminators
Size
48 B (48 bytes)
Hash
046691e8308c2adf72fc25247e2f9e80
a47d4ddf558d878140dd88a539159659e781345e
49f190d90d221b19e342cf6425fbb173e894ca0531935a3b08eaf83d980a6268

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /news/index.php HTTP/1.1
Host: baidu.hnmaccms.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

www.cf6h.com/favicon.ico

160.202.96.233

200 OK

1.2 kB

URL HTTP/1.1
www.cf6h.com/favicon.ico
IP
160.202.96.233:0
ASN
#46261 QUICKPACKET

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Size
1.2 kB (1150 bytes)
Hash
7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:58 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 28 Sep 2022 12:43:58 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes

push.zhanzhang.baidu.com/push.js

180.101.212.103

200 OK

227 B

URL HTTP/1.1
push.zhanzhang.baidu.com/push.js
IP
180.101.212.103:0
ASN
#134770 CHINANET Jiangsu province Suzhou taihu IDC network

File type
ASCII text, with no line terminators
Size
227 B (227 bytes)
Hash
e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5

HTTP Headers

GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 23 Sep 2022 12:43:58 GMT
Etag: "4078521116"
Expires: Sat, 23 Sep 2023 12:43:58 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=5696EB7ECA0175034E983362C9ECCE40:FG=1; max-age=31536000; expires=Sat, 23-Sep-23 12:43:58 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding

baidu.hnmaccms.xyz/news/data.php

143.92.57.79

200 OK

198 B

URL HTTP/1.1
baidu.hnmaccms.xyz/news/data.php
IP
143.92.57.79:0
ASN
#64050 BGPNET Global ASN

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
198 B (198 bytes)
Hash
e5ed02dd259111ae901d7b346e339ed9
187f311ee5659899dddc59168ce56167fead6c25
25693308814e4da0a3e7fc64263b80507cdcc9a772325ca20b24bde47da8ad4f

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /news/data.php HTTP/1.1
Host: baidu.hnmaccms.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://baidu.hnmaccms.xyz/news/index.php

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
70ec48fc5e2fd086a34b8c5d38361c4a
c43ceda43c2e2cf74862157c583aa90cb4e809d1
34283c15b341a2b6e68dc63504d78c6e78a8f84d08a3dd6a0569401d2631a063

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34283C15B341A2B6E68DC63504D78C6E78A8F84D08A3DD6A0569401D2631A063"
Last-Modified: Wed, 21 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2086
Expires: Fri, 23 Sep 2022 13:18:45 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6094
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6094
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6094
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10127 bytes)
Hash
b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 53134
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5340 bytes)
Hash
3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:04:45 GMT
age: 52754
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8497 bytes)
Hash
7606ff88f05062b66970d9805f38987a
d47db5fcd83023b4a8de40a47d4510e183de387a
20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8497
x-amzn-requestid: ab65ba93-aad5-4845-b471-c50c14057c47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YvqujEsIoAMF8sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632957f6-6d4635bf713fd25147948c7b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 06:04:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SZ6p5NLxuGUoEOZujwPbDGwUO0dZgiITud8RWOaSW_VciGRgBidY2A==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 19:36:01 GMT
age: 61678
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10279 bytes)
Hash
8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6uqNnpll2kgC_0_t5e9yp0AgFAvprQq_GF_jgwj2sX2TE9S1l023Aw==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 03:58:47 GMT
age: 31512
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.5 kB (9484 bytes)
Hash
ae63806537bc1795029ac9e522b4abb1
47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781
369fe0af9bba20526bb10c7240a7571e72726fa653bbb70d8e56fabb13cf9358

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9484
x-amzn-requestid: ac493b06-28bc-4a84-ad7a-060617233da8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4ZDRHHiIAMFnow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd547-7944659e3cb7134b58da757f;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:36:07 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OzTpgbr1HluiZtdiVUrQjTV1KMWuynatd1A8L8excXJDJsnM45A3Hg==
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:12:35 GMT
age: 52284
etag: "47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (8029 bytes)
Hash
02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5ur411n5hU7eWb68iExZCUrhpCybRyTBHCi72ra8dS2kd3UhW8sb1A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:59:00 GMT
age: 53099
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.globalsign.com/gsrsaovsslca2018

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp.globalsign.com/gsrsaovsslca2018
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1432 bytes)
Hash
87ea5f00694cd292bc28477098148e7e
03a6e8306737ce30aa48ced653f4102df3143e19
0188bcac4cd87473536ce8c23873a740a57a2b4df270b8f671c5b04e33ff1d0e

HTTP Headers

POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:43:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:53:37 GMT
ETag: "03a6e8306737ce30aa48ced653f4102df3143e19"
Last-Modified: Fri, 23 Sep 2022 09:53:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2304
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e7feb9f0b69-OSL

dimg04.c-ctrip.com/images/0105w120009zd9z04DF2A.gif?proc=autoorient

104.110.17.24

200 OK

1.3 MB

URL HTTP/2
dimg04.c-ctrip.com/images/0105w120009zd9z04DF2A.gif?proc=autoorient
IP
104.110.17.24:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 750 x 150\012- data
Size
1.3 MB (1317280 bytes)
Hash
b276222bf91dc1de6f0ba4040c278453
63e94cf10f92df826f49b8424b6b21094a3ebc9d
f51a06df325fa2a2d1724a40d50ff038045e98bbf98fc732e98f3d220ed7d9ed

HTTP Headers

GET /images/0105w120009zd9z04DF2A.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/gif
content-length: 1317280
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
x-edgeconnect-midmile-rtt: 18
x-edgeconnect-origin-mex-latency: 135
cache-control: max-age=15370836
expires: Mon, 20 Mar 2023 10:24:35 GMT
date: Fri, 23 Sep 2022 12:43:59 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

dimg04.c-ctrip.com/images/0395b120009rrlhpqBCB7.gif

104.110.17.24

200 OK

1.4 MB

URL HTTP/2
dimg04.c-ctrip.com/images/0395b120009rrlhpqBCB7.gif
IP
104.110.17.24:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 960 x 240\012- data
Size
1.4 MB (1367629 bytes)
Hash
a82047b0c42a3d4707d251820bc2ea04
a215eb250a869a723bd87cc76830f193aea5fafc
feef5a64e954e16467f743c50f02ee1d8dc09fb3666ca4cc24ff74ed09b1360d

HTTP Headers

GET /images/0395b120009rrlhpqBCB7.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/gif
content-length: 1367629
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=11700212
expires: Sun, 05 Feb 2023 22:47:31 GMT
date: Fri, 23 Sep 2022 12:43:59 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2

api.share.baidu.com/s.gif?l=http://www.cf6h.com/index.php

39.156.68.163

200 OK

0 B

URL HTTP/1.1
api.share.baidu.com/s.gif?l=http://www.cf6h.com/index.php
IP
39.156.68.163:0
ASN
#9808 China Mobile Communications Group Co., Ltd.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /s.gif?l=http://www.cf6h.com/index.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/

HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 23 Sep 2022 12:43:59 GMT

www.henniu468.site/static/images/1.gif

173.231.12.252

200 OK

254 B

URL HTTP/2
www.henniu468.site/static/images/1.gif
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
GIF image data, version 89a, 16 x 17\012- data
Size
254 B (254 bytes)
Hash
b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /static/images/1.gif HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/gif
content-length: 254
last-modified: Fri, 24 Dec 2021 10:11:17 GMT
etag: "61c59cc5-fe"
expires: Sun, 23 Oct 2022 12:43:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.henniu468.site/template/dfcc/images/loading.svg

173.231.12.252

200 OK

506 B

URL HTTP/2
www.henniu468.site/template/dfcc/images/loading.svg
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
SVG Scalable Vector Graphics image\012- , ASCII text
Size
506 B (506 bytes)
Hash
bb36cf278bc5f407c3a64054c13dbbdf
ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2
fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/images/loading.svg HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Sun, 09 Jan 2022 08:39:24 GMT
etag: "61da9f3c-1fa"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d780d2d739de13b7f2df2dd6fabcc58
bb8125484bd5f71fce4791288253121d9bd21ace
ef9c0d38a1bf14f03faf59ac4576b8ef385bf658bf71bbd7544ee0093829f45b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF9C0D38A1BF14F03FAF59AC4576B8EF385BF658BF71BBD7544EE0093829F45B"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1267
Expires: Fri, 23 Sep 2022 13:05:06 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive

kvhaa.com/f0e76a5c8312a00241ad726bac0f2d0f.gif

78.46.107.74

301 Moved Permanently

162 B

URL HTTP/2
kvhaa.com/f0e76a5c8312a00241ad726bac0f2d0f.gif
IP
78.46.107.74:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/1.1
Host: kvhaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8d780d2d739de13b7f2df2dd6fabcc58
bb8125484bd5f71fce4791288253121d9bd21ace
ef9c0d38a1bf14f03faf59ac4576b8ef385bf658bf71bbd7544ee0093829f45b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF9C0D38A1BF14F03FAF59AC4576B8EF385BF658BF71BBD7544EE0093829F45B"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1267
Expires: Fri, 23 Sep 2022 13:05:06 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive

kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.gif

78.46.107.74

301 Moved Permanently

162 B

URL HTTP/2
kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.gif
IP
78.46.107.74:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /75c160dc06d6f81ac36aed8c45cf917e.gif HTTP/1.1
Host: kvhaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.henniu468.site/dingpiao.html

173.231.12.252

200 OK

157 B

URL HTTP/2
www.henniu468.site/dingpiao.html
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
HTML document, ASCII text, with CRLF line terminators
Size
157 B (157 bytes)
Hash
0b8a043fcaa1e7facac8c9f9df174ea0
37d27e0009f60ed3b3fd76df7471d434f447ef22
e3fa115b9e0d91f331fdb78e847d2d836301252cb19c3d605b6f08457c018c3b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dingpiao.html HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 157
last-modified: Wed, 14 Sep 2022 09:03:44 GMT
etag: "632198f0-9d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.henniu468.site/logo.html

173.231.12.252

200 OK

879 B

URL HTTP/2
www.henniu468.site/logo.html
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
HTML document, Unicode text, UTF-8 (with BOM) text
Size
879 B (879 bytes)
Hash
a4229e5d02151f80ae5438c1b96aeeff
84b0a174ce8032bb83a4b015d3122d6014540b89
94f1b6a919ebd8d414f1c423ef3ad76df2349a7782ae45a313d3b2743b6b31e0

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /logo.html HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 879
last-modified: Wed, 18 May 2022 08:37:40 GMT
etag: "6284b054-36f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.henniu468.site/template/dfcc/images/video-mask.png

173.231.12.252

200 OK

107 B

URL HTTP/2
www.henniu468.site/template/dfcc/images/video-mask.png
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
PNG image data, 1 x 46, 8-bit gray+alpha, non-interlaced\012- data
Size
107 B (107 bytes)
Hash
6a5ee87ff75437cb480df839f36004fd
eac66370f99601cb7febef320c9540d4593cd856
c9b6925bdd64dab63151c3106347fefb8c500d87ac3d87d9a82e9a1c561233aa

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/images/video-mask.png HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/template/dfcc/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/png
content-length: 107
last-modified: Tue, 04 Jan 2022 15:14:22 GMT
etag: "61d4644e-6b"
expires: Sun, 23 Oct 2022 12:43:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.henniu468.site/template/dfcc/images/video-play.png

173.231.12.252

200 OK

1.6 kB

URL HTTP/2
www.henniu468.site/template/dfcc/images/video-play.png
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1567 bytes)
Hash
be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/images/video-play.png HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/template/dfcc/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/png
content-length: 1567
last-modified: Tue, 04 Jan 2022 15:14:20 GMT
etag: "61d4644c-61f"
expires: Sun, 23 Oct 2022 12:43:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
105a9201c54bd968df20444047b2b993
40fc18a9cb97a487066f3eccd5aa8c945f1c7581
43e60198f9047956b59c70ec6ec4a5954faefdcc441a972e427a6abaf92e67cc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43E60198F9047956B59C70EC6EC4A5954FAEFDCC441A972E427A6ABAF92E67CC"
Last-Modified: Wed, 21 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18571
Expires: Fri, 23 Sep 2022 17:53:31 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fd918622e30f03ae3bcd9a42dc3c3e08
6862addb29076620044f06278876e4c92d36b9d9
9ff40323e542b35d1cb7e448cddb3a9571478b2ec2d6341d559ef4b0226c6584

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9FF40323E542B35D1CB7E448CDDB3A9571478B2EC2D6341D559EF4B0226C6584"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Fri, 23 Sep 2022 15:35:33 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.gif

78.46.107.74

301 Moved Permanently

162 B

URL HTTP/2
kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.gif
IP
78.46.107.74:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /31e8054b323ed9fba7f318a7aa6d013a.gif HTTP/1.1
Host: kvhcc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://kvtkkk.top/31e8054b323ed9fba7f318a7aa6d013a.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

aooacctp.vip/lm/ynv100.gif

172.67.161.53

200 OK

89 kB

URL HTTP/2
aooacctp.vip/lm/ynv100.gif
IP
172.67.161.53:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 267 x 160\012- data
Size
89 kB (89034 bytes)
Hash
482e725b00bf18359cae59cd413aea13
aaf8f22b9470066e250989a25a09a7486c3aaf28
85b083b68289347328190d67fe187ba65d44e1d0072a254fd9f06d3510133083

HTTP Headers

GET /lm/ynv100.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 89034
last-modified: Sun, 29 May 2022 06:37:35 GMT
etag: "629314af-15bca"
expires: Wed, 05 Oct 2022 09:07:30 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1568123
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86uzBLgyUu6HoesRV3nzlKGxcX8xAH5Z7av3Kt399LtklFuq7RO7aWLxNaAllu0Vi3E8WuSmL45qNYTuGAqp7KcY31U1d%2BnbpbcQNSwuGsmQY8G0RMQKgKKBuKL4DEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e847f5bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.henniu468.site/henniu.png

173.231.12.252

200 OK

5.0 kB

URL HTTP/2
www.henniu468.site/henniu.png
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
PNG image data, 120 x 50, 8-bit/color RGBA, non-interlaced\012- data
Size
5.0 kB (4973 bytes)
Hash
66a858de209ee39809102a15257bbd71
6856ccaf274c24cdbe62155da4847eafd3b7f3e9
478f7ef871afdab3f845e3f501b9ec980ff449f34651ebc7f0b5b5498ea60296

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /henniu.png HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/logo.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/png
content-length: 4973
last-modified: Wed, 18 May 2022 08:34:27 GMT
etag: "6284af93-136d"
expires: Sun, 23 Oct 2022 12:44:00 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

www.tupku.top/lm/031815-80.gif

172.67.200.40

200 OK

1.6 MB

URL HTTP/2
www.tupku.top/lm/031815-80.gif
IP
172.67.200.40:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 500 x 281\012- data
Size
1.6 MB (1626999 bytes)
Hash
17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435

HTTP Headers

GET /lm/031815-80.gif HTTP/1.1
Host: www.tupku.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 1626999
last-modified: Thu, 07 Jul 2022 15:13:11 GMT
etag: "62c6f807-18d377"
expires: Wed, 19 Oct 2022 07:27:47 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 324333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6RifjH9j8ETo1v9ht5dWviTO2n%2FpFzjPz8Z5hNMroGVvMDB4Rx8v7GNOAFsoI5w489S2QKSyqG9St0XhdgicNLnzrB7ZEXkYN7J79E9YI9%2FpnVnYAtis67hb%2BmweHWI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84a838b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif

172.64.140.29

200 OK

20 kB

URL HTTP/2
mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif
IP
172.64.140.29:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 560x314, components 3\012- data
Size
20 kB (19506 bytes)
Hash
ad1f30d4930167d4eff601f3fee06b8d
b0fa5f060045cad3ae25d6ce6e00758668a31f00
5605d7b7176cda10fc43bfe3ef7c57efda471a1d0ed5092aaca9e8426c747032

HTTP Headers

GET /upload/art/gif/gfdt/746bfd5d31fc37377d.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 19506
last-modified: Mon, 19 Sep 2022 11:44:46 GMT
etag: "53a261371dccd81:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4101
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8liHqVLPjQcyb2V%2FzVNYnCqU0S9sipDI9gY9ylOHojNttFJsbrMOpwiv1OwRomh6mBTy%2F8wQVLubw1bSyKPr26y43WH%2BcU9UXerDcMA%2F2SrfVC8qhPQYmu%2FY2Yk1qqxe4U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84cef971ba-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a169bb58aa0a0d2c22f35e367af1a99f
26357970a6f1bd5a8d3db76ce9cdaa1d55d4d5e6
b4c2228ffb4789ddbbb49b8ac273ec3a5452bb7e100e0b19d1d241bd7e0e885a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4C2228FFB4789DDBBB49B8AC273EC3A5452BB7E100E0B19D1D241BD7E0E885A"
Last-Modified: Tue, 20 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8342
Expires: Fri, 23 Sep 2022 15:03:02 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif

172.64.140.29

200 OK

13 kB

URL HTTP/2
mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif
IP
172.64.140.29:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 480x270, components 3\012- data
Size
13 kB (12943 bytes)
Hash
e1a576cbd51934165b0de029925eba4d
8225a3aa258bf5e6985492a834622a090376208f
7664f5c8b9e9611fc3d76c64ca431e0b96ba7d9bbc2ed1ebcc15b4037725b380

HTTP Headers

GET /upload/art/gif/20200421/170511-1.mp4_1587324106344.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 12943
last-modified: Mon, 19 Sep 2022 10:13:18 GMT
etag: "8789b67010ccd81:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2637
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXN9eJv2yK%2FAqAbh%2BRrNbP5QeX0gY8HW5NItM8IrUY6FrxYfblJLQRS6%2FeDMymW7rjGqsm0PGr%2BFtXSGLaKfD8NStbHz%2FUKZ%2BZmZrXd1EzCdybuJHG0GPgleGZhFq9oiBTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e853fce71ba-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
fd918622e30f03ae3bcd9a42dc3c3e08
6862addb29076620044f06278876e4c92d36b9d9
9ff40323e542b35d1cb7e448cddb3a9571478b2ec2d6341d559ef4b0226c6584

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9FF40323E542B35D1CB7E448CDDB3A9571478B2EC2D6341D559EF4B0226C6584"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Fri, 23 Sep 2022 15:35:33 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
f61cb5be8bbe166c985b59654b979aca
7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2
e8d020ba5e47e66db4222e044d69e10bf61b556cf94b041c8f8478e0796a80f6

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 00:29:17 GMT
Expires: Fri, 30 Sep 2022 00:29:16 GMT
Etag: "7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2"
Cache-Control: max-age=560115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e85383f0b69-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7b9cc16ad17e8a4ad65618c9e52839dc
fd612911490db6dc14fb7112ae4c009afdfeb0e2
c8629f2d2a5fb233968c04de428a3808b7529d5c36a9dd39d4c442a144abefc6

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8629F2D2A5FB233968C04DE428A3808B7529D5C36A9DD39D4C442A144ABEFC6"
Last-Modified: Wed, 21 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21567
Expires: Fri, 23 Sep 2022 18:43:27 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

kveff.com/68a7807de3933bf7079116fa9df99e6f.gif

78.46.107.74

301 Moved Permanently

162 B

URL HTTP/2
kveff.com/68a7807de3933bf7079116fa9df99e6f.gif
IP
78.46.107.74:0
ASN
#24940 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kveff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://kvteee.top/68a7807de3933bf7079116fa9df99e6f.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif

104.21.234.41

200 OK

159 kB

URL HTTP/2
nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
IP
104.21.234.41:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 80\012- data
Size
159 kB (158847 bytes)
Hash
a497c1ae73df54fe08463b3342b8d1d0
73ce4da38e2826e033444992cff2a827eb474c97
e9f7f7dc820dc334c1cf0e7ccb151c7483c7a64cc7c28f50de03fa2f65c34957

HTTP Headers

GET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/1.1
Host: nvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 158847
last-modified: Wed, 10 Aug 2022 09:44:15 GMT
etag: "62f37def-26c7f"
expires: Sat, 22 Oct 2022 08:46:05 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 100675
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNFXbL8QaLheRwbWPCFmk%2B%2Ftu53AA%2BKtOiCRxDedHZVI3oRwvyjPM0I%2BruVEEBFMw87WRNQxu2LdCfjjOg5rBVswAlM%2FNaM4i0jYXv3sgSaO1eyajkiWOt7T%2B8yf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84c9addcfb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif

104.21.234.41

200 OK

228 kB

URL HTTP/2
nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif
IP
104.21.234.41:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 80\012- data
Size
228 kB (228122 bytes)
Hash
4601340774cb7d8fba8b0d0958589aac
508edb26f4b3df0e3f7acbb9e911bbd8ab5fa9d1
e639e043b3af5a8a8ac432194d7504e4d5e86fc80a3a767edf426d73a3533951

HTTP Headers

GET /75c160dc06d6f81ac36aed8c45cf917e.gif HTTP/1.1
Host: nvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 228122
last-modified: Mon, 04 Jul 2022 12:16:06 GMT
etag: "62c2da06-37b1a"
expires: Sat, 22 Oct 2022 06:57:30 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 107190
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ahf%2BcG0kftPnfAIxBHp4Bg1QwZ93pOwea6UmJvps9R%2FN0jFZyuUXOGbg7vGoDDlP6YxlJNjSYmXsyyszHN2umeMu0But3UlGWy1Jxd9E4uYFMA%2B%2FTJ6Rd7ac%2BV0T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84c9a6dcfb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

www.henniu468.site/template/dfcc/static/js/jquery.lazyload.min.js

173.231.12.252

200 OK

393 kB

URL HTTP/2
www.henniu468.site/template/dfcc/static/js/jquery.lazyload.min.js
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
data
Size
393 kB (393020 bytes)
Hash
4368c8385b8f07b355cf45b6f6f3dbad
7e24a5df99be66fbe7c17c1fb9a247a5d85a67d9
67c97810fcac512c0abdc72cd1bbfb15d7f980039ae3f71eea74422c764c0104

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/static/js/jquery.lazyload.min.js HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:08:22 GMT
vary: Accept-Encoding
etag: W/"61d99ad6-d35"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2d6975531d1af887ecde3e1a93a10cb6
d1d81b12ea7be4cd9d53a2cd5213d734353cdce1
94f27e66e38e096854a35deae7761cc1d64fbe9db478d3a644bf15d65ca3f4b7

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:25:44 GMT
ETag: "d1d81b12ea7be4cd9d53a2cd5213d734353cdce1"
Last-Modified: Fri, 23 Sep 2022 09:25:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2375
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e85dfb0b503-OSL

zerossl.ocsp.sectigo.com/

172.64.155.188

200 OK

727 B

URL HTTP/1.1
zerossl.ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
727 B (727 bytes)
Hash
f61cb5be8bbe166c985b59654b979aca
7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2
e8d020ba5e47e66db4222e044d69e10bf61b556cf94b041c8f8478e0796a80f6

HTTP Headers

POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 00:29:17 GMT
Expires: Fri, 30 Sep 2022 00:29:16 GMT
Etag: "7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2"
Cache-Control: max-age=560115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e85a8ab0b69-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bf5f48032bdaff37c16afce38b0ba33a
776233ab05c1c68e0c5ec6d7710f3b8c4470ba5b
41e55e32955c6b60406a717d9e2fe00650cf7faa0f65830abb7b35812f6e8a5d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41E55E32955C6B60406A717D9E2FE00650CF7FAA0F65830ABB7B35812F6E8A5D"
Last-Modified: Wed, 21 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15709
Expires: Fri, 23 Sep 2022 17:05:49 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
788e21b34376173bfd37091e1b715a36
62072fdd1322eb2b54456a4dfd13e85df2c373ac
ba87f3e115c9865a770b968ad2d5be0cda1febe605a91d6d0b975d71d2c254c9

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:17:05 GMT
ETag: "62072fdd1322eb2b54456a4dfd13e85df2c373ac"
Last-Modified: Fri, 23 Sep 2022 09:17:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1490
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e86284bb503-OSL

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f136643aa050c338777538d720df2fb4
7d2dfcfb2f82366b15c0f436dfe39c78a900f808
bebafa254f7f37295eb8fb0681fde9eeb7215e8fd782a92b90ba95458e753fbe

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEBAFA254F7F37295EB8FB0681FDE9EEB7215E8FD782A92B90BA95458E753FBE"
Last-Modified: Thu, 22 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7507
Expires: Fri, 23 Sep 2022 14:49:07 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1fdf99d822ae1bfe72dc1eb0823e189d
5bde8a11eb19e31ba12bf731294991a69d6da323
6ee51a0d2b31260a5113b839a56fb7b3b375e5c87c7187b2331c826dfee4b869

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6EE51A0D2B31260A5113B839A56FB7B3B375E5C87C7187B2331C826DFEE4B869"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6134
Expires: Fri, 23 Sep 2022 14:26:14 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpg

47.246.44.251

200 OK

98 kB

URL HTTP/2
cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpg
IP
47.246.44.251:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
GIF image data, version 89a, 960 x 60\012- data
Size
98 kB (98277 bytes)
Hash
c23b2edd3dce8616a9a723a26b2fd280
51451bb2e19c4f956b425221ede9cfdd90472a0e
4d47bba01041ef53fd4ee75b4c13e5730fe106b233a7a1b4e8e9f12fc7527f88

HTTP Headers

GET /img/ibank/2020/865/518/22902815568_1738432517.jpg HTTP/1.1
Host: cbu01.alicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/jpeg
content-length: 98277
date: Thu, 30 Dec 2021 15:58:00 GMT
last-modified: Thu, 24 Dec 2020 19:19:13 GMT
picasso-ret-code: SUCCESS
request-time: 0.083
expires: Fri, 30 Dec 2022 15:58:00 GMT
cache-control: max-age=31536000
ali-swift-global-savetime: 1640879880
via: cache9.l2de2[0,0,200-0,H], cache23.l2de2[1,0], cache1.se1[0,0,200-0,H], cache8.se1[1,0]
access-control-allow-origin: *
age: 23057160
x-cache: HIT TCP_MEM_HIT dirn:11:415248948
x-swift-savetime: Wed, 31 Aug 2022 14:25:15 GMT
x-swift-cachetime: 10459965
timing-allow-origin: *
eagleid: 2ff62c9c16639370403388750e
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
1fce460bafd506dfef91bac8fab888eb
e8152468d9d72fde7b3f3880d859e40882102c81
e894e08fe5b8ecc901ba0c0cc282e98ce2f16b813e7f1e217c0eb41a89f64f7f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 06:05:21 GMT
Expires: Fri, 30 Sep 2022 06:05:20 GMT
Etag: "e8152468d9d72fde7b3f3880d859e40882102c81"
Cache-Control: max-age=580279,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e86383ffab8-OSL

mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gif

172.64.140.29

200 OK

14 kB

URL HTTP/2
mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gif
IP
172.64.140.29:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 500x281, components 3\012- data
Size
14 kB (13797 bytes)
Hash
e994db89370c07131c299b37e86e0906
3166f9925170c117be7c77602c26f45105cae06c
d9a139378357052913b2b57af565d38baef6f7a10ff1c0b58376e57a764f16df

HTTP Headers

GET /upload/art/gif/gfdt/071616_341-4.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 13797
last-modified: Mon, 19 Sep 2022 11:14:37 GMT
etag: "1a111119ccd81:0"
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7ZupYLu3yGqdPtX4GhNDPSfKt%2F94mbd4a4wZRMccEstkO%2BczoS7LZgELmJAo18u8xRdWNOgu%2BbhyPV13f57qXgeQHaIoWkhZrcPZOkPJUQ2Oqj1ZzOkhlvbn6PtAIrtFaM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84bedf71ba-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.henniu468.site/template/dfcc/css/ate.css

173.231.12.252

200 OK

7.6 kB

URL HTTP/2
www.henniu468.site/template/dfcc/css/ate.css
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
data
Size
7.6 kB (7643 bytes)
Hash
0d652b7e3261c1fd82d0ea5941000f32
b8ae3bf1868934da738cad322d4d179902ee87a9
46d97dac6920bfa05c14e3c5da0cc972244d60ef7637b4bb026d01d36257be01

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/css/ate.css HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/css
last-modified: Tue, 04 Jan 2022 15:13:24 GMT
vary: Accept-Encoding
etag: W/"61d46414-126e4"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.gif

64.32.13.142

301 Moved Permanently

162 B

URL HTTP/2
kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.gif
IP
64.32.13.142:0
ASN
#46844 ST-BGP

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /dbb6158a2ca1378f4052d59ea53d1eac.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

kvteee.top/68a7807de3933bf7079116fa9df99e6f.gif

104.21.233.123

200 OK

366 kB

URL HTTP/2
kvteee.top/68a7807de3933bf7079116fa9df99e6f.gif
IP
104.21.233.123:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
366 kB (366444 bytes)
Hash
86371c51bf2086f3a40f0e438246b662
9da793de9c620485ee91b88413b256c69dc774c5
8155b44efd09301dca9ec4bdab8e3e6445d1564fe580edd5f7575c9289843ccf

HTTP Headers

GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kvteee.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Tue, 27 Sep 2022 14:24:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2240360
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bYBqcA6T3G3n6YKEiOAuURZ3A%2B%2BC5UHyGK4nBD0Y429uYtH1QdNn15nabqZbR%2BsiISzhtyan5z%2BHO2PDbNhFAJ4BKd1MpBJ003C6lnLRFLH1AAwYBkskk5FEWwLo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e86df444058-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif

104.143.94.110

301 Moved Permanently

162 B

URL HTTP/2
kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP
104.143.94.110:0
ASN
#201106 Spartan Host Ltd

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
48e6e116cad3c2815f6a199d5798301c
5afe4ed9db9f8ac1375efbd7c4253582cdd92389
612dce5625c70d9c1f4767b624c7fea0c1cedb4b8772e833c68dae9de22ac869

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2986
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:54:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 727

kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif

66.150.130.123

301 Moved Permanently

162 B

URL HTTP/2
kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
IP
66.150.130.123:0
ASN
#35913 DEDIPATH-LLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb

47.246.44.224

200 OK

498 kB

URL HTTP/2
p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb
IP
47.246.44.224:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
GIF image data, version 89a, 960 x 70\012- data
Size
498 kB (497844 bytes)
Hash
9d43f768f1897d7d3fd5ba803e1a770a
ff8fb3f427df7b6cfef65fcae162e0abab9474a4
00fe4f1ccfc623639abadf4e745aca22b946365e932a7a794d6c108fee0d85af

HTTP Headers

GET /obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 497844
date: Fri, 09 Sep 2022 08:24:07 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 09 Sep 2022 07:07:58 GMT
nw-session-id: 2022090915075801015013207646542CA8nbl8201dy
nw-session-trace: 2022-09-09T15:07:58.286847555+08:00 41
x-bdcdn-cache-status: TCP_HIT
x-length: 497844
x-powered-by: ImageX
x-response-date: Fri, 09 Sep 2022 15:07:58 GMT
x-tt-logid: 2022090915075801015013207646542CA8
via: n132-067-174, cache25.l2de2[0,0,206-0,H], cache26.l2de2[7,0], cache26.l2de2[7,0], cache7.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc03:15:294::68
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01c5b752b8829910e641fcd98210a6e05ecaa64505b343592c57aa70e4ebeccb7f8e26f4ca8c29cc7b7f27ea40ab1e8be87be14d16b53b63dca60abc5364d9e522afa6034d22063014da7c2681029ef5d43dbcdc76266e81484d8de20dc091ec69
x-response-lb: image
ali-swift-global-savetime: 1662711847
age: 1225193
x-cache: HIT TCP_MEM_HIT dirn:3:255679100
x-swift-savetime: Fri, 09 Sep 2022 08:29:23 GMT
x-swift-cachetime: 31535684
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16639370405287943e
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
682de244a038675c85ba22fad40e2deb
7a376713c7bc99183e293bf6444dd85cd1efe82e
7ab17a3bc3bc97c74bab2e47e8471634ec4e1a8af0c4964f57918b67d4d6981f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7AB17A3BC3BC97C74BAB2E47E8471634EC4E1A8AF0C4964F57918B67D4D6981F"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17616
Expires: Fri, 23 Sep 2022 17:37:36 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e882af8b503-OSL

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e885b2ab503-OSL

ocsp.digicert.cn/

47.246.44.205

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.cn/
IP
47.246.44.205:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
data
Size
471 B (471 bytes)
Hash
d0ac6cfcb57ff990af16851a3431d383
cfa33aa44b8d8315521600b781f4906945ba1abc
b5fab16ec197e1305050e4090758eb8b94917c4778b4ff544d3a164c9f7598bc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 12:44:00 GMT
Ali-Swift-Global-Savetime: 1663937040
Via: cache12.l2de2[188,188,200-0,M], cache12.l2de2[189,0], cache7.se1[211,210,200-0,M], cache7.se1[213,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 23 Sep 2022 12:44:00 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9b16639370404637885e

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e886b38fabc-OSL

p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79

47.246.44.224

200 OK

824 kB

URL HTTP/2
p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79
IP
47.246.44.224:0
ASN
#24429 Zhejiang Taobao Network Co.,Ltd

File type
GIF image data, version 89a, 960 x 70\012- data
Size
824 kB (824465 bytes)
Hash
83a0fbbc5111aed24a0cc5c8de39e8ec
b255f9c8851c05cabf151fd8f2d73c4ff2a071cf
259f28148b6b90e52934d8deafbb2b59f3f0c0df235132b2d3e1fb631e7223ba

HTTP Headers

GET /obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 824465
date: Mon, 19 Sep 2022 16:27:25 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 19 Sep 2022 12:03:15 GMT
nw-session-id: 20220919200315010150138165204D63806x42t01dy
nw-session-trace: 2022-09-19T20:03:15.766377238+08:00 54
x-bdcdn-cache-status: TCP_HIT
x-length: 824465
x-powered-by: ImageX
x-response-date: Mon, 19 Sep 2022 20:03:15 GMT
x-tt-logid: 20220919200315010150138165204D6380
via: n132-078-086, cache20.l2de2[0,0,206-0,H], cache3.l2de2[1,0], cache3.l2de2[1,0], cache1.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc03:4:365::36
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01420837c943a28a71d1fbca90d788a49b5a721214fbcf3f1236dffcefa6b84941b2f101c76414969425dfa38bf70da8a8d84d324427f03d7bf6e76d94c5d051d6e9fde8b8b3de5c9fc93ab6d959809bb9e53ad293ddf472217fea9bda4526ffaa
x-response-lb: image
ali-swift-global-savetime: 1663604845
age: 332195
x-cache: HIT TCP_MEM_HIT dirn:4:460763443 mlen:0
x-swift-savetime: Wed, 21 Sep 2022 21:19:23 GMT
x-swift-cachetime: 31345682
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16639370406548095e
X-Firefox-Spdy: h2

ocsp2.globalsign.com/gsorganizationvalsha2g2

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsorganizationvalsha2g2
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1459 bytes)
Hash
2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39

HTTP Headers

POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e886b3fb503-OSL

acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif

104.21.37.222

200 OK

400 kB

URL HTTP/2
acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP
104.21.37.222:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
400 kB (400264 bytes)
Hash
b722c3905b96f11823e04826aafdd50e
68b63b572a042d40ab210aa313b7ebbc372be5a1
630c6a955789d5bb6311db75ce52e57ff4c12074ef5a5a080cf5459f907e9dc1

HTTP Headers

GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: acoossn.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 400264
last-modified: Mon, 02 May 2022 19:22:39 GMT
etag: "62702f7f-61b88"
expires: Tue, 18 Oct 2022 08:57:26 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 445594
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ijwOg%2BzsTjEqHzjnTG%2F9kHGSlySla30rYKAG46xLC9%2Bz78hYT81tzrRHN75%2FZrVFAyZbGYo2PVZkJcVUdsFRFnPHBVzWWmm5orDHH0%2FwJ1Vp6SdIAH7LIqiEKm2bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e88afb8b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?82f3b0bae8771d461088741e02da3503

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?82f3b0bae8771d461088741e02da3503
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (627)
Size
11 kB (11340 bytes)
Hash
05401d5af97603aa9b580c677edf0f86
bbfbe2a339acfd0d9046838f6944b1aab0ec2b81
3b4e35312ef5f92ff1c15d7322559d807b50db26810f1fd773b6c8cdfcaf22f4

HTTP Headers

GET /hm.js?82f3b0bae8771d461088741e02da3503 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cf6h.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 12:43:59 GMT
Etag: 9b334455e0a72fcc550f051c38aa7e4c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=1D9CB2B5BC3CEB26; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif

172.67.162.45

200 OK

748 kB

URL HTTP/2
kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif
IP
172.67.162.45:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
748 kB (748104 bytes)
Hash
e2cf99741cf5529379370d4362cc4b88
db37d8e502d68feb92f7297e0effc1f7ad140dd5
42001168f65e3424b81819e486ecc6393e4a26bd4710b96504255451491efc30

HTTP Headers

GET /dbb6158a2ca1378f4052d59ea53d1eac.gif HTTP/1.1
Host: kvhwww.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 748104
last-modified: Thu, 15 Sep 2022 12:34:54 GMT
etag: "63231bee-b6a48"
expires: Thu, 20 Oct 2022 09:37:08 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 270412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LknZABkjEpk6xnPwrI55HMK2YR0qYAr9lBXrseFY1qwWGvN6fe07uHfzSr5WvDCgjMhuWlmSRWv8dj%2BfPtSIwX0wTU0pRR91lMu5Amo089lI1MklypM9C6lNfW9I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e88a88f0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

e1.o.lencr.org/

23.36.76.226

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
682de244a038675c85ba22fad40e2deb
7a376713c7bc99183e293bf6444dd85cd1efe82e
7ab17a3bc3bc97c74bab2e47e8471634ec4e1a8af0c4964f57918b67d4d6981f

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7AB17A3BC3BC97C74BAB2E47E8471634EC4E1A8AF0C4964F57918B67D4D6981F"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17616
Expires: Fri, 23 Sep 2022 17:37:36 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive

acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif

104.21.234.201

200 OK

1.0 MB

URL HTTP/2
acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
IP
104.21.234.201:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 960 x 60\012- data
Size
1.0 MB (1024160 bytes)
Hash
52748c8ca30fe48c822541046bceafc0
8640926f83b9c0d635fb28403505a7c0f0753857
2e292531362f37bf7a1cd01330efb234450b1f836e975c55f2b2179c0be32ae6

HTTP Headers

GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: acoossi.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 1024160
last-modified: Wed, 25 May 2022 13:49:10 GMT
etag: "628e33d6-fa0a0"
expires: Sat, 22 Oct 2022 05:35:19 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 112121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dy%2BenYflHzCGz%2BRFa8VR4LU4cjK1V%2BI%2BOAklv4iOgKpOHSyJ6KYWgN9F%2BLa9KnEFjn3rv1pT2GBm6yQLmH5a4AvG90L%2BWb7wPhPlP2pbIa2PuQ9%2FFGNIF9KfFBhqsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e885eccdd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

si1.go2yd.com/get-image/0xvf544lu4n

163.171.140.79

200 OK

707 kB

URL HTTP/2
si1.go2yd.com/get-image/0xvf544lu4n
IP
163.171.140.79:0
ASN
#54994 QUANTILNETWORKS

File type
GIF image data, version 89a, 120 x 120\012- data
Size
707 kB (706623 bytes)
Hash
a1f2f1a79edf6410dba605715ba96938
30801c0aa529955a163e66725dca67f131493ac6
08da3f4f3afe655bad26adfa77187e4169f979b224a76a3e50e797ce0185ce39

HTTP Headers

GET /get-image/0xvf544lu4n HTTP/1.1
Host: si1.go2yd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 706623
server: Tengine
x-application-context: application
x-kss-request-id: 4b87c30341c94822be8149609e5b07f8
etag: "a1f2f1a79edf6410dba605715ba96938"
content-md5: ofLxp57fZBDbpgVxW6lpOA==
last-modified: Wed, 16 Feb 2022 08:49:47 GMT
accept-ranges: bytes
age: 1
x-via: 1.1 PSbjzwdx5aa31:0 (Cdn Cache Server V2.0), 1.1 jszjsx21:10 (Cdn Cache Server V2.0), 1.1 PS-KHH-017Op120:0 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1cc96:21 (Cdn Cache Server V2.0)
x-ws-request-id: 632daa10_PShlamstdAMS1se91_18323-27627
access-control-allow-origin: *
ws-s2h-acc-level: 1
X-Firefox-Spdy: h2

nkiun.xyz/guanggao/22.jpg

8.210.99.166

200 OK

17 kB

URL HTTP/1.1
nkiun.xyz/guanggao/22.jpg
IP
8.210.99.166:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 377x377, components 3\012- data
Size
17 kB (16832 bytes)
Hash
d4ff38bbb14b8c7efaf7631ed7b17d7b
29e7892508fa13314dff9e206178952a50d3ded8
1f83a9a771790e0dc7368598662280ecaed8b12b8da18ad237d0b9ec4f740099

HTTP Headers

GET /guanggao/22.jpg HTTP/1.1
Host: nkiun.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/jpeg
Content-Length: 16832
Last-Modified: Tue, 20 Sep 2022 14:03:48 GMT
Connection: keep-alive
ETag: "6329c844-41c0"
Expires: Sun, 23 Oct 2022 12:44:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes

img.syhy.top/2022/09/12/df352e908a0e1.gif

23.225.48.163

200 OK

136 kB

URL HTTP/1.1
img.syhy.top/2022/09/12/df352e908a0e1.gif
IP
23.225.48.163:0
ASN
#40065 CNSERVERS

File type
GIF image data, version 89a, 960 x 240\012- data
Size
136 kB (136355 bytes)
Hash
5ce63c325003ee7cbc8498e574697887
da026d5e65a892cc331a9a8f9b6637beace93375
fdcd064f0d12b7ba7cc15b312ec95c29ea23bd6b791f4e1097911d11bec41026

HTTP Headers

GET /2022/09/12/df352e908a0e1.gif HTTP/1.1
Host: img.syhy.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 136355
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 11:37:24 GMT
ETag: "631f19f4-214a3"
Expires: Fri, 21 Oct 2022 13:26:29 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes

ocsp.sectigo.com/

104.18.32.68

200 OK

472 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
d24607959257ffe085072a025195f20c
233ad200348623078517791bbf43cc430582e88d
6fca38352fa56e24f65bd59699dec691560e46771d0e7ee5e59fae5cf1f2d1b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 23:31:05 GMT
Expires: Wed, 28 Sep 2022 23:31:04 GMT
Etag: "233ad200348623078517791bbf43cc430582e88d"
Cache-Control: max-age=470223,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e892ac5fab8-OSL

zhibo128x1.xyz/128/960X120AAAA.gif

154.83.25.141

200 OK

646 kB

URL HTTP/1.1
zhibo128x1.xyz/128/960X120AAAA.gif
IP
154.83.25.141:0
ASN
#62587 ANT-CLOUD

File type
GIF image data, version 89a, 960 x 120\012- data
Size
646 kB (645903 bytes)
Hash
3756b633a7df84493599eae44f4aaceb
ffd7ac3ece73a619e4b94714055189f79b9d34fb
6666dd4e929573c7d242fe26b964b60bc5391b6e887ca49546efc9c7b1b71ea6

HTTP Headers

GET /128/960X120AAAA.gif HTTP/1.1
Host: zhibo128x1.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: openresty
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 645903
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 21:54:52 GMT
ETag: "631faaac-9db0f"
Expires: Mon, 17 Oct 2022 09:08:24 GMT
Cache-Control: max-age=2592000
Via: 154.83.25.138
CDN-Cache: HIT
Accept-Ranges: bytes

hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1045730723&si=82f3b0bae8771d461088741e02da3503&v=1.2.97&lv=1&sn=3390&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cf6h.com%2Findex.php&tt=%E6%B7%B1%E5%9C%B3%E5%B1%85%E5%8B%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1045730723&si=82f3b0bae8771d461088741e02da3503&v=1.2.97&lv=1&sn=3390&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cf6h.com%2Findex.php&tt=%E6%B7%B1%E5%9C%B3%E5%B1%85%E5%8B%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1045730723&si=82f3b0bae8771d461088741e02da3503&v=1.2.97&lv=1&sn=3390&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cf6h.com%2Findex.php&tt=%E6%B7%B1%E5%9C%B3%E5%B1%85%E5%8B%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cf6h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 23 Sep 2022 12:44:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A8ABF871BD0BEB25; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
19ce5eb55480439e987b372a6b464123
1bbfb68af67dbc55bb2ade5bcee70beb6562a9a1
4e2618d4f0911bfb9520996a925852551a20ffd151c4f722fa907091be146701

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:01 GMT
Last-Modified: Fri, 23 Sep 2022 12:03:18 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 727

www.henniu468.site/

173.231.12.252

200 OK

716 kB

URL HTTP/2
www.henniu468.site/
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type
data
Size
716 kB (715695 bytes)
Hash
2847209b66e1a9425d45b2d466db8840
03c8a92345930b0a9fb33e43bc50c5abf8554186
32149513d38015a716b6950d14483c698b4afe4fe13854058741db3f825d2e59

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://baidu.hnmaccms.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
19ce5eb55480439e987b372a6b464123
1bbfb68af67dbc55bb2ade5bcee70beb6562a9a1
4e2618d4f0911bfb9520996a925852551a20ffd151c4f722fa907091be146701

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4432
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:01 GMT
Last-Modified: Fri, 23 Sep 2022 11:30:09 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 727

ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg

172.247.77.90

200 OK

465 kB

URL HTTP/1.1
ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg
IP
172.247.77.90:0
ASN
#40065 CNSERVERS

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, xresolution=120, yresolution=120], baseline, precision 8, 1280x720, components 3\012- data
Size
465 kB (464670 bytes)
Hash
ba0bc684cabb92a694d67237b2637887
cf57fb92bcca91174e038eb25b9fcd4c36af9a49
07de171b4735f70b00021bf230231faf69573e9e90e60b3974aeae196375a27d

HTTP Headers

GET /upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg HTTP/1.1
Host: ddcdn.comtucdncom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 23 Sep 2022 12:44:13 GMT
Content-Type: image/jpeg
Content-Length: 464670
Last-Modified: Wed, 10 Aug 2022 11:35:38 GMT
Connection: keep-alive
ETag: "62f3980a-7171e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes

s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.gif

172.67.69.40

200 OK

906 kB

URL HTTP/2
s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.gif
IP
172.67.69.40:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 200 x 200\012- data
Size
906 kB (905505 bytes)
Hash
3abde39f91e4a75e550b7e50eb25e68a
75e357b027236d81ea4b1002d992117d53212bd8
2ee18fe5f2dec0caa8ddca814b0f318e2574bd52b389bb8a2348356567a7db7d

HTTP Headers

GET /2022/01/07/deGgwzf7Tly9S3b.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 905505
last-modified: Fri, 07 Jan 2022 15:29:57 GMT
etag: "61d85c75-dd121"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfSECzacGAA0S8aO1JP0FYnMYUPwcqIiducZcEG8ifYzHsojtjxEVlsp3YkAW%2FEMmz2bdyAzql0RPGKAr3OLMDqNtowPXVqzdDSOpq3QX8USLZfeYbMrUTJkjagm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f35e843a0e1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif

47.110.177.110

200 OK

299 kB

URL HTTP/1.1
38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif
IP
47.110.177.110:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
GIF image data, version 89a, 960 x 80\012- data
Size
299 kB (299398 bytes)
Hash
f4b7967855549e81f65598b93a43d9db
6ab53e8a9af687c1dddad236af323080a04499cf
2e95dc2082af7cc833e0aef825efc261c04b69e3ec4350203854008cc4a12dc6

HTTP Headers

GET /kyr87633.gif HTTP/1.1
Host: 38qptu4.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 299398
Connection: keep-alive
x-oss-request-id: 632DAA10A7BABC3634E31F84
Accept-Ranges: bytes
ETag: "F4B7967855549E81F65598B93A43D9DB"
Last-Modified: Sun, 05 Jun 2022 13:03:04 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8810428828543929982
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 9LeWeFVUnoH2VZi5OkPZ2w==
x-oss-server-time: 3

vcawmm.com/00bfcf2e6603453c8b5f1a9bce542502.gif

45.61.212.171

200 OK

252 kB

URL HTTP/2
vcawmm.com/00bfcf2e6603453c8b5f1a9bce542502.gif
IP
45.61.212.171:0
ASN
#53587 AZT

File type
GIF image data, version 89a, 960 x 60\012- data
Size
252 kB (251717 bytes)
Hash
86e0be4ef089ebe6804677bc492dc244
e123e51bed1727570d265d9a0730735e74b523d4
b6c59d4c3d1634429659e14b13858046f1c8880a2b8fd1ab38e6a384ad89569a

HTTP Headers

GET /00bfcf2e6603453c8b5f1a9bce542502.gif HTTP/1.1
Host: vcawmm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
cache-control: max-age=86400
etag: "630a1913-3d745"
server: nginx
date: Thu, 15 Sep 2022 11:06:54 GMT
content-type: image/gif
last-modified: Sat, 27 Aug 2022 13:16:03 GMT
accept-ranges: bytes
x-cache: HIT from cloud-us5-cdnb-11
content-length: 251717
X-Firefox-Spdy: h2

p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cb

4.34.42.102

200 OK

87 kB

URL HTTP/2
p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cb
IP
4.34.42.102:0
ASN
#3356 LEVEL3

File type
GIF image data, version 89a, 960 x 120\012- data
Size
87 kB (86697 bytes)
Hash
c93b3ed293066d747d880ea368f305c3
7847cf128db1b0cc6f25cbfb54125348bf6dda97
79a2ddaa98a1421d78798163acdce3928ac97d2f63e5a7a64ff011180661a2b3

HTTP Headers

GET /origin/pgc-image/440e4613c87e49aaa978851137a2e2cb HTTP/1.1
Host: p9.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 86697
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 01 Oct 2021 06:59:21 GMT
nw-session-id: 202110011459210101940982193F1AF1C7sjvgq03tt
nw-session-trace: 2021-10-01T14:59:21.256856375+08:00 43
x-bdcdn-cache-status: TCP_MISS
x-length: 86697
x-powered-by: ImageX
x-response-date: Fri, 01 Oct 2021 14:59:21 GMT
x-tt-logid: 202110011459210101940982193F1AF1C7
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC199_dx-lt-yd-jiangsu-huaian-8-cache-10, BC199_dx-lt-yd-jiangsu-huaian-8-cache-10, BC108_US-Colorado-Denver-1-cache-2, BC108_US-Colorado-Denver-1-cache-2, BC103_US-Colorado-Denver-1-cache-1, BC103_US-Colorado-Denver-1-cache-1
x-cache: HIT from BC103_US-Colorado-Denver-1-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=1
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2

ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.gif

47.110.177.104

200 OK

339 kB

URL HTTP/1.1
ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.gif
IP
47.110.177.104:0
ASN
#37963 Hangzhou Alibaba Advertising Co.,Ltd.

File type
GIF image data, version 89a, 960 x 60\012- data
Size
339 kB (338737 bytes)
Hash
5ad650168381761587e881115ddf381f
feaef7fc43a3ad892a19e1aa6acfc566e6243c9c
df415b5e9e6d9b318294b26d2128a64c7c45fa673f26540288aa14b65199a8d4

HTTP Headers

GET /xpj/xpj96060a.gif HTTP/1.1
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 338737
Connection: keep-alive
x-oss-request-id: 632DAA1094C77F37341036EB
Accept-Ranges: bytes
ETag: "5AD650168381761587E881115DDF381F"
Last-Modified: Wed, 21 Sep 2022 10:06:53 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10948447221979006143
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: WtZQFoOBdhWH6IERXd84Hw==
x-oss-server-time: 3

ocsp.digicert.com/

93.184.220.29

200 OK

727 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
727 B (727 bytes)
Hash
e37a2c53f8ffa21d49665c140e063277
daf01f47af0ff23df77d5fc79c3c38ac253ad429
710e488ce9941ef09b0b01f30efadac145f1b8d9683e2c74fd80ab4d71255469

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2525
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:01 GMT
Last-Modified: Fri, 23 Sep 2022 12:01:57 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 727

p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image

4.34.42.102

200 OK

807 kB

URL HTTP/2
p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image
IP
4.34.42.102:0
ASN
#3356 LEVEL3

File type
GIF image data, version 89a, 400 x 420\012- data
Size
807 kB (806826 bytes)
Hash
ce6a32bc15190689f6891ff7973e913f
99a64f0bdb4351f86032d9b1c9d9079ea6667cc8
18cdc10ae1ad7de191dd2adc346add24ded8e35c69f25a63bb91c928fe837331

HTTP Headers

GET /img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image HTTP/1.1
Host: p9.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 806826
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 31 Mar 2022 10:03:03 GMT
nw-session-id: 2022033118030201019409901840A77C0Endgts03la
nw-session-trace: 2022-03-31T18:03:03.257713369+08:00 344
x-bdcdn-cache-status: TCP_HIT
x-length: 806826
x-powered-by: ImageX
x-response-date: Thu, 31 Mar 2022 18:03:03 GMT
x-tt-logid: 2022033118030201019409901840A77C0E
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC177_dx-lt-yd-zhejiang-jinhua-12-cache-13, BC177_dx-lt-yd-zhejiang-jinhua-12-cache-13, BC6_US-Michigan-chieago-1-cache-1, BC102_US-Colorado-Denver-1-cache-1
x-cache: HIT from BC102_US-Colorado-Denver-1-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=1
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2

p.qlogo.cn/hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif

43.154.254.32

200 OK

214 kB

URL HTTP/2
p.qlogo.cn/hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
GIF image data, version 89a, 960 x 120\012- data
Size
214 kB (213547 bytes)
Hash
8eaf57ede4a9e7a3dbf38bad86d91283
25fc0635290edbd594822c5f648bd5f5b78c1c3a
a532a54160a991d34b6e009c819ed614eeea6a72550024f9a788f0d6676b5b35

HTTP Headers

GET /hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 213547
vary: Accept,Origin
last-modified: Sun, 04 Sep 2022 14:24:30 GMT
cache-control: max-age=2592000
x-delay: 38858 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 213547
chid: 0
fid: 0
x-nws-log-uuid: 7f8874fe-a73f-4338-95d0-0dd81e542be7
X-Firefox-Spdy: h2

img.syhy.top/2022/05/19/b3e29dd487b2b.gif

23.225.48.163

200 OK

536 kB

URL HTTP/1.1
img.syhy.top/2022/05/19/b3e29dd487b2b.gif
IP
23.225.48.163:0
ASN
#40065 CNSERVERS

File type
GIF image data, version 89a, 960 x 60\012- data
Size
536 kB (536519 bytes)
Hash
6c475c6d1a80641ecea6fc80c2798d87
dd77ebd4c8c568267f6d28000650324d68a10f1d
258557a327c1ebf554beb73af7c6faa540ddec90bd27f3bf863eb8aeff67416b

HTTP Headers

GET /2022/05/19/b3e29dd487b2b.gif HTTP/1.1
Host: img.syhy.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 536519
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 16:33:12 GMT
ETag: "62851fc8-82fc7"
Expires: Sun, 23 Oct 2022 04:38:46 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes

p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image

182.118.39.171

200 OK

678 kB

URL HTTP/2
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
IP
182.118.39.171:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
GIF image data, version 89a, 270 x 160\012- data
Size
678 kB (677521 bytes)
Hash
94051cb1d1b77200b4462281a864b96e
e5b468a1b2f4bbdda1b6a3a0df2dcce6b3de7e06
d44d0d2dd188024b60ec38cb3f3ea10c080690175e923f90c9c2a2e862670c84

HTTP Headers

GET /img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:02 GMT
content-type: image/gif
content-length: 677521
server: openresty
imagex-fmt: gif2gif
last-modified: Thu, 30 Dec 2021 00:07:35 GMT
nw-session-id: 2021123008073501015013614530ADE9B0dprsv01tt
nw-session-trace: 2021-12-30T08:07:35.194015393+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-length: 677521
x-powered-by: ImageX
x-response-date: Thu, 30 Dec 2021 08:07:35 GMT
x-response-lb: image
x-tt-logid: 2021123008073501015013614530ADE9B0
server-timing: cdn-cache;desc=HIT, edge;dur=3
x-tt-trace-host: 016a2077e03b2041825c42669e9a23cec5ee04519515486308eb42b81315658df6aa5ed29ad219c7d25626d5b022cced5274c18183adcd43889f65e87a17fde2315b0226a7e5f07d4c19094125051b3e74699be800dd629619bc2141d5fb81fc89ccc76230d7d3e4f731a9d881f3cb16c4
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
via: CHN-HAzhengzhou-AREACUCC1-CACHE57[3],CHN-HAzhengzhou-AREACUCC1-CACHE35[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE117[7],CHN-TJ-GLOBAL1-CACHE35[0,TCP_HIT,6]
x-hcs-proxy-type: 1
x-ccdn-cachettl: 31536000
nginx-hit: 1
cache-control: max-age=31536000
age: 4857728
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2

p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image

182.118.39.171

200 OK

301 kB

URL HTTP/2
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image
IP
182.118.39.171:0
ASN
#4837 CHINA UNICOM China169 Backbone

File type
GIF image data, version 89a, 120 x 120\012- data
Size
301 kB (301024 bytes)
Hash
924fb352713ee10f6f4bce3167ccce13
127a437f7a5020f7e7c08b6c6465be55dcb32e0c
6e04c7ee887495ce8805d38b200ca217c28b5e83655f4e7f4e8f8f8e28b872bf

HTTP Headers

GET /img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:02 GMT
content-type: image/gif
content-length: 301024
server: openresty
age: 3299483
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 06 Nov 2021 17:01:43 GMT
nw-session-id: 2021110701014301015108502152A73235rcjk803tt
nw-session-trace: 2021-11-07T01:01:43.669209445+08:00 34
x-bdcdn-cache-status: TCP_MISS
x-ccdn-cachettl: 31536000
x-length: 301024
x-powered-by: ImageX
x-response-date: Sun, 07 Nov 2021 01:01:43 GMT
x-response-lb: image
x-tt-logid: 2021110701014301015108502152A73235
nginx-hit: 1
server-timing: cdn-cache;desc=HIT, edge;dur=5
via: CHN-HAzhengzhou-AREACUCC1-CACHE57[5],CHN-HAzhengzhou-AREACUCC1-CACHE64[0,TCP_HIT,2],CHN-TJ-GLOBAL1-CACHE119[42],CHN-TJ-GLOBAL1-CACHE72[0,TCP_HIT,40]
x-hcs-proxy-type: 1
x-tt-trace-host: 016e0001876583f0a366970da60fe77c66f56a5eb79688f9c4e7e6c49708d552a39ce55d97749c3e8510d737d6bed077b75390b82e45430b80f2266ba222fbd73cd89bceef56b5d71b00add0867f5f44d259170ca6c80d220231d003018378230b0a9b18efbe7abad09aa9b368178b8893f8ed65931abed8e45506dc8686afd64a2dd156f524477f07b8b7fcfe9e7fdb2c
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2

p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0

43.154.254.32

200 OK

62 kB

URL HTTP/2
p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
62 kB (62229 bytes)
Hash
ee52eff8577d4346eca344892bd41406
5e2ad497a1866f71f088860d05f2b962e82a16e1
b1d685515a8e1186c3f5d4844256b95fcc83121fa45f29a2e58e852537332267

HTTP Headers

GET /qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/png
content-length: 62229
vary: Accept,Origin
last-modified: Tue, 19 Oct 2021 21:03:59 GMT
cache-control: max-age=2592000
x-delay: 18135 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 62229
chid: 0
fid: 0
x-nws-log-uuid: d3019366-49fa-4aac-9325-9a9e576d8d0b
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2b

103.235.46.191

200 OK

11 kB

URL HTTP/1.1
hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2b
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
ASCII text, with very long lines (632)
Size
11 kB (11345 bytes)
Hash
9e8b03663ef8cd3c93b4c9f822f88d7d
2a2c815396dc9c69a51779003711fe99f0ff9892
c6d59c0a1faa57414e6558d4590d8fa81a7fc38578a5d6de0f39bfdd91a5b00e

HTTP Headers

GET /hm.js?83778f58a428085f4ecef06936407d2b HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11345
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 12:44:01 GMT
Etag: 3cb991db73425ae1ac9630d6fe04e7ac
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C0B01912E9D60C3D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=197501447&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2F&v=1.2.97&lv=1&sn=3392&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fwww.henniu468.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86

103.235.46.191

200 OK

43 B

URL HTTP/1.1
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=197501447&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2F&v=1.2.97&lv=1&sn=3392&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fwww.henniu468.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

HTTP Headers

GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=197501447&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2F&v=1.2.97&lv=1&sn=3392&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fwww.henniu468.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 23 Sep 2022 12:44:03 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F6E9BCF2C3B44783; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff

p.qlogo.cn/hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif

43.154.254.32

200 OK

478 kB

URL HTTP/2
p.qlogo.cn/hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
GIF image data, version 89a, 960 x 60\012- data
Size
478 kB (477965 bytes)
Hash
1871802c546612ae2e2dcb3694081247
0f55b31923bd680e30db2c23e0c661cfc724fdbf
374a37606178edf9fee0afcd95a3ff2c823bc6a5a4d700460a3e9da02a9fe54b

HTTP Headers

GET /hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 477965
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 16:41:35 GMT
cache-control: max-age=2592000
x-delay: 83058 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 477965
chid: 0
fid: 0
x-nws-log-uuid: 1573ee3f-96ad-4790-9b6b-73ad0c615f0a
X-Firefox-Spdy: h2

p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif

43.154.254.32

200 OK

1.2 MB

URL HTTP/2
p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
GIF image data, version 89a, 960 x 60\012- data
Size
1.2 MB (1167114 bytes)
Hash
a3b70c334cb215bdc7bc5c00d9191791
c6bbe53efe6f899bcee8ebff8f3432e3364a0e1f
130298599cbdd58752eaccd5fdadc91acac906b9ae9c25f942b5bb68ee5d572f

HTTP Headers

GET /hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1167114
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 13:02:27 GMT
cache-control: max-age=2592000
x-delay: 100166 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1167114
chid: 0
fid: 0
x-nws-log-uuid: 2bdd29ee-a33b-489e-9ad2-b5e23f3a06d4
X-Firefox-Spdy: h2

p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0

43.154.254.32

200 OK

1.6 MB

URL HTTP/2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
GIF image data, version 89a, 640 x 200\012- data
Size
1.6 MB (1607696 bytes)
Hash
9c26f4dcfdfa72ecdcbe3ea854547b4c
fed85b90734400d6810be2b07403f5c8a194a507
ebd842d015d6684a6995a73f1e81f0dea219815318f8993501da9ca79cca74d2

HTTP Headers

GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1607696
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:45 GMT
cache-control: max-age=2592000
x-delay: 119544 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1607696
chid: 0
fid: 0
x-nws-log-uuid: 4efdae9f-5ca8-4cea-8eb0-c5d937ed7183
X-Firefox-Spdy: h2

p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0

43.154.254.32

200 OK

1.4 MB

URL HTTP/2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
GIF image data, version 89a, 640 x 200\012- data
Size
1.4 MB (1362871 bytes)
Hash
b43c54ced7fcd33ebd9405eb26d533b7
05e5eb23ef5a79364bc8f8fd778d54a9fa335174
7db80c626560b0016fd427d864bb6116a44a858eb7968728cd872814939a24b2

HTTP Headers

GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 648 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: 892096fd-cbc4-4cfd-904f-e18dca53fcae
X-Firefox-Spdy: h2

p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca948126b32d301e53005eb3cbee7034b8/0.gif

43.154.254.32

200 OK

1.2 MB

URL HTTP/2
p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca948126b32d301e53005eb3cbee7034b8/0.gif
IP
43.154.254.32:0
ASN
#132203 Tencent Building, Kejizhongyi Avenue

File type
GIF image data, version 89a, 960 x 60\012- data
Size
1.2 MB (1172818 bytes)
Hash
953ba21e5ebc4c6e6b76055ee33bc604
a9d2103a66f2a870e0e69b3db8355131f3d23390
c70efcfde03cf3bd96ec7649b2384b79596036e2b6660343f4e5adf035e112d6

HTTP Headers

GET /hy_personal/3e28f14aa051684288f48c7778a1baca948126b32d301e53005eb3cbee7034b8/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1172818
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 13:02:27 GMT
cache-control: max-age=2592000
x-delay: 98928 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1172818
chid: 0
fid: 0
x-nws-log-uuid: cbab6776-d747-40a9-b914-7442f09dc8a4
X-Firefox-Spdy: h2

884329.com/af4848fd71f14d85bca2ce6ceca8654d.gif

47.75.19.14

200 OK

424 kB

URL HTTP/1.1
884329.com/af4848fd71f14d85bca2ce6ceca8654d.gif
IP
47.75.19.14:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
GIF image data, version 89a, 750 x 240\012- data
Size
424 kB (423997 bytes)
Hash
e1a71fed14e92c07c2e10086c3f8ad63
aa5d034602b33fc99e8611326ab13612f6240c29
b26d4de107c13bfceff216d745f7fa588dfe81e1908d392934e69ac5d4b1f15b

HTTP Headers

GET /af4848fd71f14d85bca2ce6ceca8654d.gif HTTP/1.1
Host: 884329.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 423997
Connection: keep-alive
x-oss-request-id: 632DAA109DB57839377E8C55
Accept-Ranges: bytes
ETag: "E1A71FED14E92C07C2E10086C3F8AD63"
Last-Modified: Mon, 29 Aug 2022 10:33:01 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18376862633552853608
x-oss-storage-class: Standard
Content-MD5: 4acf7RTpLAfC4QCGw/itYw==
x-oss-server-time: 2

www.henniu468.site/template/dfcc/css/zui.css

173.231.12.252

200 OK

0 B

URL HTTP/2
www.henniu468.site/template/dfcc/css/zui.css
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/css/zui.css HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/css
last-modified: Thu, 19 May 2022 10:41:58 GMT
vary: Accept-Encoding
etag: W/"62861ef6-164b3"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

img.x956.xyz/images/631aeb1cb62b4063cbda48f0.gif

3.36.126.81

302 Found

0 B

URL HTTP/2
img.x956.xyz/images/631aeb1cb62b4063cbda48f0.gif
IP
3.36.126.81:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/631aeb1cb62b4063cbda48f0.gif HTTP/1.1
Host: img.x956.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79
cache-control: max-age=3600
X-Firefox-Spdy: h2

hm.baidu.com/hm.js?d8caaf5fc7e747bf497566f2be1cc916

103.235.46.191

200 OK

0 B

URL HTTP/1.1
hm.baidu.com/hm.js?d8caaf5fc7e747bf497566f2be1cc916
IP
103.235.46.191:0
ASN
#55967 Beijing Baidu Netcom Science and Technology Co., Ltd.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /hm.js?d8caaf5fc7e747bf497566f2be1cc916 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cf6h.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11342
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 12:44:00 GMT
Etag: d84480cd183e8638de24ef349bcc4c73
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3C7AB0FCDC233A3D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800

www.henniu468.site/template/dfcc/static/js/jquery.min.js

173.231.12.252

200 OK

0 B

URL HTTP/2
www.henniu468.site/template/dfcc/static/js/jquery.min.js
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/static/js/jquery.min.js HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:07:32 GMT
vary: Accept-Encoding
etag: W/"61d99aa4-17b8b"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

www.henniu468.site/template/dfcc/html9/ads/dulian.js

173.231.12.252

200 OK

0 B

URL HTTP/2
www.henniu468.site/template/dfcc/html9/ads/dulian.js
IP
173.231.12.252:0
ASN
#18450 WEBNX

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /template/dfcc/html9/ads/dulian.js HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: application/javascript
last-modified: Mon, 22 Aug 2022 17:13:28 GMT
vary: Accept-Encoding
etag: W/"6303b938-4c1"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

img.999997.co/images/631ae647b62b4063cbda48ef.gif

23.225.222.2

302 Found

0 B

URL HTTP/2
img.999997.co/images/631ae647b62b4063cbda48ef.gif
IP
23.225.222.2:0
ASN
#40065 CNSERVERS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /images/631ae647b62b4063cbda48ef.gif HTTP/1.1
Host: img.999997.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb
cache-control: max-age=3600
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations