firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 23 Sep 2022 12:14:07 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vb1PvIaF4Cefzq6N8ZKFuodGxorYaDMK8g3e-XXmfqW0hq-92jv3Ow==
Age: 1789
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 09a973de929ab7452edc342c780d3668
3f14f6e0a36f76863c0aea6fb561c266404a7ea3
e82ca5f310e37267fbf792427747e65c2bb35e684d3f629c0aa302f688bc4f80
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9013
Expires: Fri, 23 Sep 2022 15:14:10 GMT
Date: Fri, 23 Sep 2022 12:43:57 GMT
Connection: keep-alive
cf6h.com/
160.202.96.233301 Moved Permanently 0 B IP 160.202.96.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
Location: http://www.cf6h.com/index.php
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
143.204.55.25200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP 143.204.55.25:0
File type PEM certificate\012- , ASCII text
Hash 6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 23 Sep 2022 04:35:15 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qs9cbvUaXki-UMcpeOCIrb-9NWoBYxG_CNMbhNoMctzAQhe81nbTLQ==
age: 29323
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:57 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Fri, 23 Sep 2022 12:03:22 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Fri, 23 Sep 2022 12:27:16 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 64S3yfihUXalBfPjgOh3ip0yuOXHX7XEnJPYsSNHDd0UbCoqTn6d4g==
Age: 2435
www.cf6h.com/index.php
160.202.96.233200 OK 801 B IP 160.202.96.233:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with CRLF line terminators
Hash b153a9f7064d6a484e0ad1a520dd3326
3eaedf76393c60fb2f9c1886a7de34fc8ac344f8
8d9dea1e284146e802e0da9c84f9054f4374e3f208d90b60b21d86f4d03926f7
GET /index.php HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: text/html
Content-Length: 801
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f714931cf870bfa33815fd259b7246fd
38e411ef8ca1b31ead8415ee5f21d98bd9653a86
897675130112daff8bdf6fa25b56faa4b9fdb367daca2b2645ed65c83a2e423f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5756
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:43:57 GMT
Last-Modified: Fri, 23 Sep 2022 11:08:01 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471
www.cf6h.com/common.js
160.202.96.233200 OK 757 B IP 160.202.96.233:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (438), with CRLF line terminators
Hash ae4f9ffe7a2eeb4f281eec7788eba03b
09d7e9e07ddb8f412b4e904bbfd609edef5353bf
8bce791cc2ad839158815f6e0a8a1073de39f96f4e6c2135e13736cd5f620aca
GET /common.js HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.cf6h.com/tj.js
160.202.96.233200 OK 520 B IP 160.202.96.233:0
File type ASCII text, with CRLF line terminators
Hash 5d76174cce8c3c8b7710635377826efb
e4bc8c6c75beb4efdf4bd4341bc60969587d1ea0
9222d5bf5c6a3526121b7e12099124ccf4c57a6b0060944d92a8e2d751e2e1f9
GET /tj.js HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:57 GMT
Content-Type: application/x-javascript
Content-Length: 520
Connection: keep-alive
push.services.mozilla.com/
54.191.251.76101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.191.251.76:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: s9OJFcB6wRiZSIiskMcFDw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: kdVfZrGZucBEYWKPHReCiIdx7UU=
baidu.hnmaccms.xyz/news/index.php
143.92.57.79200 OK 48 B URL HTTP/1.1 baidu.hnmaccms.xyz/news/index.php
IP 143.92.57.79:0
ASN #64050 BGPNET Global ASN
File type HTML document, ASCII text, with no line terminators
Hash 046691e8308c2adf72fc25247e2f9e80
a47d4ddf558d878140dd88a539159659e781345e
49f190d90d221b19e342cf6425fbb173e894ca0531935a3b08eaf83d980a6268
Analyzer Verdict Alert quad9 Sinkholed
GET /news/index.php HTTP/1.1
Host: baidu.hnmaccms.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.cf6h.com/favicon.ico
160.202.96.233200 OK 1.2 kB IP 160.202.96.233:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 7ef1f0a0093460fe46bb691578c07c95
2da3ffbbf4737ce4dae9488359de34034d1ebfbd
4c62eef22174220b8655590a77b27957f3518b4c3b7352d0b64263b80e728f2c
GET /favicon.ico HTTP/1.1
Host: www.cf6h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:58 GMT
Content-Type: image/x-icon
Content-Length: 1150
Last-Modified: Fri, 01 Jul 2011 08:14:23 GMT
Connection: keep-alive
ETag: "4e0d81df-47e"
Expires: Wed, 28 Sep 2022 12:43:58 GMT
Cache-Control: max-age=432000
Accept-Ranges: bytes
push.zhanzhang.baidu.com/push.js
180.101.212.103200 OK 227 B URL HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 180.101.212.103:0
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
File type ASCII text, with no line terminators
Hash e548b6ce15bb616c2bfba36e9cfbf307
a348285d9928a6548a57569f1fb9d62bdd747f33
7be3e4c53cc47ce5cfa40a5e79b42848a90acee0d7ff71f10ac31a49c81aead5
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 23 Sep 2022 12:43:58 GMT
Etag: "4078521116"
Expires: Sat, 23 Sep 2023 12:43:58 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=5696EB7ECA0175034E983362C9ECCE40:FG=1; max-age=31536000; expires=Sat, 23-Sep-23 12:43:58 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
baidu.hnmaccms.xyz/news/data.php
143.92.57.79200 OK 198 B URL HTTP/1.1 baidu.hnmaccms.xyz/news/data.php
IP 143.92.57.79:0
ASN #64050 BGPNET Global ASN
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e5ed02dd259111ae901d7b346e339ed9
187f311ee5659899dddc59168ce56167fead6c25
25693308814e4da0a3e7fc64263b80507cdcc9a772325ca20b24bde47da8ad4f
Analyzer Verdict Alert quad9 Sinkholed
GET /news/data.php HTTP/1.1
Host: baidu.hnmaccms.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://baidu.hnmaccms.xyz/news/index.php
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:43:58 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 70ec48fc5e2fd086a34b8c5d38361c4a
c43ceda43c2e2cf74862157c583aa90cb4e809d1
34283c15b341a2b6e68dc63504d78c6e78a8f84d08a3dd6a0569401d2631a063
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "34283C15B341A2B6E68DC63504D78C6E78A8F84D08A3DD6A0569401D2631A063"
Last-Modified: Wed, 21 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2086
Expires: Fri, 23 Sep 2022 13:18:45 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6094
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6094
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8ebb267e443b81854ef9a01b3eb6489d
b932e9e5679da5a9160da5429458041765509b52
4ac5aa5b4fb4a85282b825c5c0ed7b1aaf2b39ffe77d69dec5123a84709f3fe2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4AC5AA5B4FB4A85282B825C5C0ED7B1AAF2B39FFE77D69DEC5123A84709F3FE2"
Last-Modified: Tue, 20 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6094
Expires: Fri, 23 Sep 2022 14:25:33 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b877ead4a15221fdd278ef27f281a7ec
48c10714503e8dfdd3e3c3d39b919ef2792f0d15
f4a1d5abcfa4092828e004b6c0605a7a24e4133d275312f613dceff875971daf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6ac88c56-4515-47b4-9c1e-7745782bd306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10127
x-amzn-requestid: 456e3c6a-e173-433e-8d54-d787cb50b7e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0sHmCoAMFVSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-7a07b336571396533e48b4cb;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: KKYAef15NoI3It5UfVcqhPx50Fr6IK7O2VFasuAILVN9PP8CH1_7Ng==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:58:25 GMT
age: 53134
etag: "48c10714503e8dfdd3e3c3d39b919ef2792f0d15"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
34.120.237.76200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3b318ea5c36d2b22b925f7dfe382df5f
0264e73c4cfff0bb255757c7e1c760a5ad3ece80
0c2f58ea4f5f32bb327f292e1b8fb5a4a60230bffc3abc440a624df27ec0d6bc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F98db69a9-8416-4b0b-b1b4-1ed196b985e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5340
x-amzn-requestid: b13bc974-e15d-43a4-a918-fbc35b09a36f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y19HljIAMFY8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4f2-2cb226ba4bd7c7e74d9ab2db;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:42 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8DCVWC4Ihr4R21i3ySyiWdUK0aGymTE22B842ZKolG-ZThiKSMX-uQ==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:04:45 GMT
age: 52754
etag: "0264e73c4cfff0bb255757c7e1c760a5ad3ece80"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7606ff88f05062b66970d9805f38987a
d47db5fcd83023b4a8de40a47d4510e183de387a
20f89dd859e5715e27c289040fac6a121248e5b6c06da0a7f186984ffb029eb2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ca56e32-b483-4063-a12c-be8fa8c3d85e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8497
x-amzn-requestid: ab65ba93-aad5-4845-b471-c50c14057c47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YvqujEsIoAMF8sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632957f6-6d4635bf713fd25147948c7b;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 06:04:38 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: SZ6p5NLxuGUoEOZujwPbDGwUO0dZgiITud8RWOaSW_VciGRgBidY2A==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 e95ec8f1dc02e32f0cb9e113963ceb4e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 19:36:01 GMT
age: 61678
etag: "d47db5fcd83023b4a8de40a47d4510e183de387a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8ea5f06ad31f0cedd2cb5c6df82f35f4
60a83a1618ffae06e49ca3002bac1db9980dcfe8
5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10279
x-amzn-requestid: 2ff2c324-51c5-484d-b049-3eacbdc1024a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yyj8THHdoAMF44g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a804e-0f4da4ba2a84679b3fd297fc;Sampled=0
x-amzn-remapped-date: Wed, 21 Sep 2022 03:09:02 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 6uqNnpll2kgC_0_t5e9yp0AgFAvprQq_GF_jgwj2sX2TE9S1l023Aw==
via: 1.1 c21a0d27ceec21e266c9f962d0349438.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 03:58:47 GMT
age: 31512
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg
34.120.237.76200 OK 9.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ae63806537bc1795029ac9e522b4abb1
47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781
369fe0af9bba20526bb10c7240a7571e72726fa653bbb70d8e56fabb13cf9358
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F256647b7-64d8-4f7e-9d77-276811e8e1b1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9484
x-amzn-requestid: ac493b06-28bc-4a84-ad7a-060617233da8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4ZDRHHiIAMFnow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd547-7944659e3cb7134b58da757f;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:36:07 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OzTpgbr1HluiZtdiVUrQjTV1KMWuynatd1A8L8excXJDJsnM45A3Hg==
via: 1.1 1949caaabae48a894fcd770a3e1384f6.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 22:12:35 GMT
age: 52284
etag: "47c7e2fd6f0ea1bd6c9f494137b7ce53a91cf781"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 02a682b4703bb9d6381c762726c05531
1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54
fb672de67420a239fe5d7e2588f640150ed29883fe2a46ded160385e3265004c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffccf6ade-04f7-4d15-943c-bde343725d94.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8029
x-amzn-requestid: 2fc5c63d-5cef-42f4-a6d2-b55f51c57af6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4Y0tHjGoAMFcFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd4ea-73f2f78a2d1ca8fc666d2571;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:34:34 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 5ur411n5hU7eWb68iExZCUrhpCybRyTBHCi72ra8dS2kd3UhW8sb1A==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Thu, 22 Sep 2022 21:59:00 GMT
age: 53099
etag: "1d7f7b4cfdd7425213a21afdd1d5a5d8d11d0e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash 87ea5f00694cd292bc28477098148e7e
03a6e8306737ce30aa48ced653f4102df3143e19
0188bcac4cd87473536ce8c23873a740a57a2b4df270b8f671c5b04e33ff1d0e
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:43:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:53:37 GMT
ETag: "03a6e8306737ce30aa48ced653f4102df3143e19"
Last-Modified: Fri, 23 Sep 2022 09:53:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2304
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e7feb9f0b69-OSL
dimg04.c-ctrip.com/images/0105w120009zd9z04DF2A.gif?proc=autoorient
104.110.17.24200 OK 1.3 MB URL HTTP/2 dimg04.c-ctrip.com/images/0105w120009zd9z04DF2A.gif?proc=autoorient
IP 104.110.17.24:0
File type GIF image data, version 89a, 750 x 150\012- data
Size 1.3 MB (1317280 bytes)
Hash b276222bf91dc1de6f0ba4040c278453
63e94cf10f92df826f49b8424b6b21094a3ebc9d
f51a06df325fa2a2d1724a40d50ff038045e98bbf98fc732e98f3d220ed7d9ed
GET /images/0105w120009zd9z04DF2A.gif?proc=autoorient HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 1317280
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
x-edgeconnect-midmile-rtt: 18
x-edgeconnect-origin-mex-latency: 135
cache-control: max-age=15370836
expires: Mon, 20 Mar 2023 10:24:35 GMT
date: Fri, 23 Sep 2022 12:43:59 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
dimg04.c-ctrip.com/images/0395b120009rrlhpqBCB7.gif
104.110.17.24200 OK 1.4 MB URL HTTP/2 dimg04.c-ctrip.com/images/0395b120009rrlhpqBCB7.gif
IP 104.110.17.24:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 1.4 MB (1367629 bytes)
Hash a82047b0c42a3d4707d251820bc2ea04
a215eb250a869a723bd87cc76830f193aea5fafc
feef5a64e954e16467f743c50f02ee1d8dc09fb3666ca4cc24ff74ed09b1360d
GET /images/0395b120009rrlhpqBCB7.gif HTTP/1.1
Host: dimg04.c-ctrip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/gif
content-length: 1367629
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=11700212
expires: Sun, 05 Feb 2023 22:47:31 GMT
date: Fri, 23 Sep 2022 12:43:59 GMT
timing-allow-origin: *
X-Firefox-Spdy: h2
api.share.baidu.com/s.gif?l=http://www.cf6h.com/index.php
39.156.68.163200 OK 0 B URL HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.cf6h.com/index.php
IP 39.156.68.163:0
ASN #9808 China Mobile Communications Group Co., Ltd.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.cf6h.com/index.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.cf6h.com/
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 23 Sep 2022 12:43:59 GMT
www.henniu468.site/static/images/1.gif
173.231.12.252200 OK 254 B URL HTTP/2 www.henniu468.site/static/images/1.gif
IP 173.231.12.252:0
File type GIF image data, version 89a, 16 x 17\012- data
Hash b013f8fa3ec997fe20dc80b82af0ad0a
e02ce6c30d5c0abfaa3e008d1a3ce7d11f299ed9
119bff063d1d402fdf6e48bc7e681d48aabfb9bc65378dfcf64a8845ec3fceef
Analyzer Verdict Alert quad9 Sinkholed
GET /static/images/1.gif HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/gif
content-length: 254
last-modified: Fri, 24 Dec 2021 10:11:17 GMT
etag: "61c59cc5-fe"
expires: Sun, 23 Oct 2022 12:43:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.henniu468.site/template/dfcc/images/loading.svg
173.231.12.252200 OK 506 B URL HTTP/2 www.henniu468.site/template/dfcc/images/loading.svg
IP 173.231.12.252:0
File type SVG Scalable Vector Graphics image\012- , ASCII text
Hash bb36cf278bc5f407c3a64054c13dbbdf
ecd02eea9d41f6282fcaaffc84dbefc1fedb58a2
fa5ecaba8e7048ec0475ac862bec89853e8c87e84475e199f8657d6e89065dff
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/images/loading.svg HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Sun, 09 Jan 2022 08:39:24 GMT
etag: "61da9f3c-1fa"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d780d2d739de13b7f2df2dd6fabcc58
bb8125484bd5f71fce4791288253121d9bd21ace
ef9c0d38a1bf14f03faf59ac4576b8ef385bf658bf71bbd7544ee0093829f45b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF9C0D38A1BF14F03FAF59AC4576B8EF385BF658BF71BBD7544EE0093829F45B"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1267
Expires: Fri, 23 Sep 2022 13:05:06 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive
kvhaa.com/f0e76a5c8312a00241ad726bac0f2d0f.gif
78.46.107.74301 Moved Permanently 162 B URL HTTP/2 kvhaa.com/f0e76a5c8312a00241ad726bac0f2d0f.gif
IP 78.46.107.74:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/1.1
Host: kvhaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8d780d2d739de13b7f2df2dd6fabcc58
bb8125484bd5f71fce4791288253121d9bd21ace
ef9c0d38a1bf14f03faf59ac4576b8ef385bf658bf71bbd7544ee0093829f45b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF9C0D38A1BF14F03FAF59AC4576B8EF385BF658BF71BBD7544EE0093829F45B"
Last-Modified: Wed, 21 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1267
Expires: Fri, 23 Sep 2022 13:05:06 GMT
Date: Fri, 23 Sep 2022 12:43:59 GMT
Connection: keep-alive
kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.gif
78.46.107.74301 Moved Permanently 162 B URL HTTP/2 kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.gif
IP 78.46.107.74:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /75c160dc06d6f81ac36aed8c45cf917e.gif HTTP/1.1
Host: kvhaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.henniu468.site/dingpiao.html
173.231.12.252200 OK 157 B URL HTTP/2 www.henniu468.site/dingpiao.html
IP 173.231.12.252:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 0b8a043fcaa1e7facac8c9f9df174ea0
37d27e0009f60ed3b3fd76df7471d434f447ef22
e3fa115b9e0d91f331fdb78e847d2d836301252cb19c3d605b6f08457c018c3b
Analyzer Verdict Alert quad9 Sinkholed
GET /dingpiao.html HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 157
last-modified: Wed, 14 Sep 2022 09:03:44 GMT
etag: "632198f0-9d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.henniu468.site/logo.html
173.231.12.252200 OK 879 B URL HTTP/2 www.henniu468.site/logo.html
IP 173.231.12.252:0
File type HTML document, Unicode text, UTF-8 (with BOM) text
Hash a4229e5d02151f80ae5438c1b96aeeff
84b0a174ce8032bb83a4b015d3122d6014540b89
94f1b6a919ebd8d414f1c423ef3ad76df2349a7782ae45a313d3b2743b6b31e0
Analyzer Verdict Alert quad9 Sinkholed
GET /logo.html HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html
content-length: 879
last-modified: Wed, 18 May 2022 08:37:40 GMT
etag: "6284b054-36f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.henniu468.site/template/dfcc/images/video-mask.png
173.231.12.252200 OK 107 B URL HTTP/2 www.henniu468.site/template/dfcc/images/video-mask.png
IP 173.231.12.252:0
File type PNG image data, 1 x 46, 8-bit gray+alpha, non-interlaced\012- data
Hash 6a5ee87ff75437cb480df839f36004fd
eac66370f99601cb7febef320c9540d4593cd856
c9b6925bdd64dab63151c3106347fefb8c500d87ac3d87d9a82e9a1c561233aa
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/images/video-mask.png HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/template/dfcc/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/png
content-length: 107
last-modified: Tue, 04 Jan 2022 15:14:22 GMT
etag: "61d4644e-6b"
expires: Sun, 23 Oct 2022 12:43:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.henniu468.site/template/dfcc/images/video-play.png
173.231.12.252200 OK 1.6 kB URL HTTP/2 www.henniu468.site/template/dfcc/images/video-play.png
IP 173.231.12.252:0
File type PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced\012- data
Hash be7ca0a4a7c0317398a11162b1e09b75
5dbe6a02524cfbf5f5111478a71f91a9259056b5
cbad06b58f97516faa5f745d4e09716b5db3f134d5b4644b159681aa24909dd4
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/images/video-play.png HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/template/dfcc/css/zui.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: image/png
content-length: 1567
last-modified: Tue, 04 Jan 2022 15:14:20 GMT
etag: "61d4644c-61f"
expires: Sun, 23 Oct 2022 12:43:59 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 105a9201c54bd968df20444047b2b993
40fc18a9cb97a487066f3eccd5aa8c945f1c7581
43e60198f9047956b59c70ec6ec4a5954faefdcc441a972e427a6abaf92e67cc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43E60198F9047956B59C70EC6EC4A5954FAEFDCC441A972E427A6ABAF92E67CC"
Last-Modified: Wed, 21 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18571
Expires: Fri, 23 Sep 2022 17:53:31 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fd918622e30f03ae3bcd9a42dc3c3e08
6862addb29076620044f06278876e4c92d36b9d9
9ff40323e542b35d1cb7e448cddb3a9571478b2ec2d6341d559ef4b0226c6584
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9FF40323E542B35D1CB7E448CDDB3A9571478B2EC2D6341D559EF4B0226C6584"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Fri, 23 Sep 2022 15:35:33 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.gif
78.46.107.74301 Moved Permanently 162 B URL HTTP/2 kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.gif
IP 78.46.107.74:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /31e8054b323ed9fba7f318a7aa6d013a.gif HTTP/1.1
Host: kvhcc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://kvtkkk.top/31e8054b323ed9fba7f318a7aa6d013a.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
aooacctp.vip/lm/ynv100.gif
172.67.161.53200 OK 89 kB URL HTTP/2 aooacctp.vip/lm/ynv100.gif
IP 172.67.161.53:0
File type GIF image data, version 89a, 267 x 160\012- data
Hash 482e725b00bf18359cae59cd413aea13
aaf8f22b9470066e250989a25a09a7486c3aaf28
85b083b68289347328190d67fe187ba65d44e1d0072a254fd9f06d3510133083
GET /lm/ynv100.gif HTTP/1.1
Host: aooacctp.vip
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 89034
last-modified: Sun, 29 May 2022 06:37:35 GMT
etag: "629314af-15bca"
expires: Wed, 05 Oct 2022 09:07:30 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1568123
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86uzBLgyUu6HoesRV3nzlKGxcX8xAH5Z7av3Kt399LtklFuq7RO7aWLxNaAllu0Vi3E8WuSmL45qNYTuGAqp7KcY31U1d%2BnbpbcQNSwuGsmQY8G0RMQKgKKBuKL4DEM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e847f5bb509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.henniu468.site/henniu.png
173.231.12.252200 OK 5.0 kB URL HTTP/2 www.henniu468.site/henniu.png
IP 173.231.12.252:0
File type PNG image data, 120 x 50, 8-bit/color RGBA, non-interlaced\012- data
Hash 66a858de209ee39809102a15257bbd71
6856ccaf274c24cdbe62155da4847eafd3b7f3e9
478f7ef871afdab3f845e3f501b9ec980ff449f34651ebc7f0b5b5498ea60296
Analyzer Verdict Alert quad9 Sinkholed
GET /henniu.png HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/logo.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/png
content-length: 4973
last-modified: Wed, 18 May 2022 08:34:27 GMT
etag: "6284af93-136d"
expires: Sun, 23 Oct 2022 12:44:00 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
www.tupku.top/lm/031815-80.gif
172.67.200.40200 OK 1.6 MB URL HTTP/2 www.tupku.top/lm/031815-80.gif
IP 172.67.200.40:0
File type GIF image data, version 89a, 500 x 281\012- data
Size 1.6 MB (1626999 bytes)
Hash 17244f3a8b60a0f7b291f5621c873713
c523f5d5b60d2eabc9084e9ba5803647ac08c2cd
4aed8c090aa7bff3de4c028efced6a87dd7645bc15d265cdddf106f3f5dd9435
GET /lm/031815-80.gif HTTP/1.1
Host: www.tupku.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 1626999
last-modified: Thu, 07 Jul 2022 15:13:11 GMT
etag: "62c6f807-18d377"
expires: Wed, 19 Oct 2022 07:27:47 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 324333
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y6RifjH9j8ETo1v9ht5dWviTO2n%2FpFzjPz8Z5hNMroGVvMDB4Rx8v7GNOAFsoI5w489S2QKSyqG9St0XhdgicNLnzrB7ZEXkYN7J79E9YI9%2FpnVnYAtis67hb%2BmweHWI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84a838b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif
172.64.140.29200 OK 20 kB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif
IP 172.64.140.29:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 560x314, components 3\012- data
Hash ad1f30d4930167d4eff601f3fee06b8d
b0fa5f060045cad3ae25d6ce6e00758668a31f00
5605d7b7176cda10fc43bfe3ef7c57efda471a1d0ed5092aaca9e8426c747032
GET /upload/art/gif/gfdt/746bfd5d31fc37377d.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 19506
last-modified: Mon, 19 Sep 2022 11:44:46 GMT
etag: "53a261371dccd81:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 4101
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8liHqVLPjQcyb2V%2FzVNYnCqU0S9sipDI9gY9ylOHojNttFJsbrMOpwiv1OwRomh6mBTy%2F8wQVLubw1bSyKPr26y43WH%2BcU9UXerDcMA%2F2SrfVC8qhPQYmu%2FY2Yk1qqxe4U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84cef971ba-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a169bb58aa0a0d2c22f35e367af1a99f
26357970a6f1bd5a8d3db76ce9cdaa1d55d4d5e6
b4c2228ffb4789ddbbb49b8ac273ec3a5452bb7e100e0b19d1d241bd7e0e885a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B4C2228FFB4789DDBBB49B8AC273EC3A5452BB7E100E0B19D1D241BD7E0E885A"
Last-Modified: Tue, 20 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8342
Expires: Fri, 23 Sep 2022 15:03:02 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif
172.64.140.29200 OK 13 kB URL HTTP/2 mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif
IP 172.64.140.29:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 480x270, components 3\012- data
Hash e1a576cbd51934165b0de029925eba4d
8225a3aa258bf5e6985492a834622a090376208f
7664f5c8b9e9611fc3d76c64ca431e0b96ba7d9bbc2ed1ebcc15b4037725b380
GET /upload/art/gif/20200421/170511-1.mp4_1587324106344.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 12943
last-modified: Mon, 19 Sep 2022 10:13:18 GMT
etag: "8789b67010ccd81:0"
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2637
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gXN9eJv2yK%2FAqAbh%2BRrNbP5QeX0gY8HW5NItM8IrUY6FrxYfblJLQRS6%2FeDMymW7rjGqsm0PGr%2BFtXSGLaKfD8NStbHz%2FUKZ%2BZmZrXd1EzCdybuJHG0GPgleGZhFq9oiBTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e853fce71ba-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fd918622e30f03ae3bcd9a42dc3c3e08
6862addb29076620044f06278876e4c92d36b9d9
9ff40323e542b35d1cb7e448cddb3a9571478b2ec2d6341d559ef4b0226c6584
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "9FF40323E542B35D1CB7E448CDDB3A9571478B2EC2D6341D559EF4B0226C6584"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10293
Expires: Fri, 23 Sep 2022 15:35:33 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash f61cb5be8bbe166c985b59654b979aca
7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2
e8d020ba5e47e66db4222e044d69e10bf61b556cf94b041c8f8478e0796a80f6
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 00:29:17 GMT
Expires: Fri, 30 Sep 2022 00:29:16 GMT
Etag: "7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2"
Cache-Control: max-age=560115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e85383f0b69-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b9cc16ad17e8a4ad65618c9e52839dc
fd612911490db6dc14fb7112ae4c009afdfeb0e2
c8629f2d2a5fb233968c04de428a3808b7529d5c36a9dd39d4c442a144abefc6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8629F2D2A5FB233968C04DE428A3808B7529D5C36A9DD39D4C442A144ABEFC6"
Last-Modified: Wed, 21 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21567
Expires: Fri, 23 Sep 2022 18:43:27 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
kveff.com/68a7807de3933bf7079116fa9df99e6f.gif
78.46.107.74301 Moved Permanently 162 B URL HTTP/2 kveff.com/68a7807de3933bf7079116fa9df99e6f.gif
IP 78.46.107.74:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kveff.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://kvteee.top/68a7807de3933bf7079116fa9df99e6f.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
104.21.234.41200 OK 159 kB URL HTTP/2 nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
IP 104.21.234.41:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 159 kB (158847 bytes)
Hash a497c1ae73df54fe08463b3342b8d1d0
73ce4da38e2826e033444992cff2a827eb474c97
e9f7f7dc820dc334c1cf0e7ccb151c7483c7a64cc7c28f50de03fa2f65c34957
GET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/1.1
Host: nvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 158847
last-modified: Wed, 10 Aug 2022 09:44:15 GMT
etag: "62f37def-26c7f"
expires: Sat, 22 Oct 2022 08:46:05 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 100675
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNFXbL8QaLheRwbWPCFmk%2B%2Ftu53AA%2BKtOiCRxDedHZVI3oRwvyjPM0I%2BruVEEBFMw87WRNQxu2LdCfjjOg5rBVswAlM%2FNaM4i0jYXv3sgSaO1eyajkiWOt7T%2B8yf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84c9addcfb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif
104.21.234.41200 OK 228 kB URL HTTP/2 nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif
IP 104.21.234.41:0
File type GIF image data, version 89a, 960 x 80\012- data
Size 228 kB (228122 bytes)
Hash 4601340774cb7d8fba8b0d0958589aac
508edb26f4b3df0e3f7acbb9e911bbd8ab5fa9d1
e639e043b3af5a8a8ac432194d7504e4d5e86fc80a3a767edf426d73a3533951
GET /75c160dc06d6f81ac36aed8c45cf917e.gif HTTP/1.1
Host: nvhaaa.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 228122
last-modified: Mon, 04 Jul 2022 12:16:06 GMT
etag: "62c2da06-37b1a"
expires: Sat, 22 Oct 2022 06:57:30 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 107190
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ahf%2BcG0kftPnfAIxBHp4Bg1QwZ93pOwea6UmJvps9R%2FN0jFZyuUXOGbg7vGoDDlP6YxlJNjSYmXsyyszHN2umeMu0But3UlGWy1Jxd9E4uYFMA%2B%2FTJ6Rd7ac%2BV0T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84c9a6dcfb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2d7fe1a8e556fc40ce07a0d028c42fd9
c871310dc9e29174b53f41d3a44f0eb4ee48db28
bfdb1d55b745aea2210f683f46bc4b7a1c0e795fec245e9d7c9d3ceee1028a8d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:46:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
www.henniu468.site/template/dfcc/static/js/jquery.lazyload.min.js
173.231.12.252200 OK 393 kB URL HTTP/2 www.henniu468.site/template/dfcc/static/js/jquery.lazyload.min.js
IP 173.231.12.252:0
Size 393 kB (393020 bytes)
Hash 4368c8385b8f07b355cf45b6f6f3dbad
7e24a5df99be66fbe7c17c1fb9a247a5d85a67d9
67c97810fcac512c0abdc72cd1bbfb15d7f980039ae3f71eea74422c764c0104
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/static/js/jquery.lazyload.min.js HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:08:22 GMT
vary: Accept-Encoding
etag: W/"61d99ad6-d35"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 2d6975531d1af887ecde3e1a93a10cb6
d1d81b12ea7be4cd9d53a2cd5213d734353cdce1
94f27e66e38e096854a35deae7761cc1d64fbe9db478d3a644bf15d65ca3f4b7
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:25:44 GMT
ETag: "d1d81b12ea7be4cd9d53a2cd5213d734353cdce1"
Last-Modified: Fri, 23 Sep 2022 09:25:45 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2375
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e85dfb0b503-OSL
zerossl.ocsp.sectigo.com/
172.64.155.188200 OK 727 B URL HTTP/1.1 zerossl.ocsp.sectigo.com/
IP 172.64.155.188:0
Hash f61cb5be8bbe166c985b59654b979aca
7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2
e8d020ba5e47e66db4222e044d69e10bf61b556cf94b041c8f8478e0796a80f6
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 00:29:17 GMT
Expires: Fri, 30 Sep 2022 00:29:16 GMT
Etag: "7df9e2cee70cd5c9e9e3a37e6861e1751b59aef2"
Cache-Control: max-age=560115,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e85a8ab0b69-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bf5f48032bdaff37c16afce38b0ba33a
776233ab05c1c68e0c5ec6d7710f3b8c4470ba5b
41e55e32955c6b60406a717d9e2fe00650cf7faa0f65830abb7b35812f6e8a5d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41E55E32955C6B60406A717D9E2FE00650CF7FAA0F65830ABB7B35812F6E8A5D"
Last-Modified: Wed, 21 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15709
Expires: Fri, 23 Sep 2022 17:05:49 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 788e21b34376173bfd37091e1b715a36
62072fdd1322eb2b54456a4dfd13e85df2c373ac
ba87f3e115c9865a770b968ad2d5be0cda1febe605a91d6d0b975d71d2c254c9
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:17:05 GMT
ETag: "62072fdd1322eb2b54456a4dfd13e85df2c373ac"
Last-Modified: Fri, 23 Sep 2022 09:17:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1490
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e86284bb503-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f136643aa050c338777538d720df2fb4
7d2dfcfb2f82366b15c0f436dfe39c78a900f808
bebafa254f7f37295eb8fb0681fde9eeb7215e8fd782a92b90ba95458e753fbe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEBAFA254F7F37295EB8FB0681FDE9EEB7215E8FD782A92B90BA95458E753FBE"
Last-Modified: Thu, 22 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7507
Expires: Fri, 23 Sep 2022 14:49:07 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fdf99d822ae1bfe72dc1eb0823e189d
5bde8a11eb19e31ba12bf731294991a69d6da323
6ee51a0d2b31260a5113b839a56fb7b3b375e5c87c7187b2331c826dfee4b869
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6EE51A0D2B31260A5113B839A56FB7B3B375E5C87C7187B2331C826DFEE4B869"
Last-Modified: Wed, 21 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6134
Expires: Fri, 23 Sep 2022 14:26:14 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpg
47.246.44.251200 OK 98 kB URL HTTP/2 cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpg
IP 47.246.44.251:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 60\012- data
Hash c23b2edd3dce8616a9a723a26b2fd280
51451bb2e19c4f956b425221ede9cfdd90472a0e
4d47bba01041ef53fd4ee75b4c13e5730fe106b233a7a1b4e8e9f12fc7527f88
GET /img/ibank/2020/865/518/22902815568_1738432517.jpg HTTP/1.1
Host: cbu01.alicdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/jpeg
content-length: 98277
date: Thu, 30 Dec 2021 15:58:00 GMT
last-modified: Thu, 24 Dec 2020 19:19:13 GMT
picasso-ret-code: SUCCESS
request-time: 0.083
expires: Fri, 30 Dec 2022 15:58:00 GMT
cache-control: max-age=31536000
ali-swift-global-savetime: 1640879880
via: cache9.l2de2[0,0,200-0,H], cache23.l2de2[1,0], cache1.se1[0,0,200-0,H], cache8.se1[1,0]
access-control-allow-origin: *
age: 23057160
x-cache: HIT TCP_MEM_HIT dirn:11:415248948
x-swift-savetime: Wed, 31 Aug 2022 14:25:15 GMT
x-swift-cachetime: 10459965
timing-allow-origin: *
eagleid: 2ff62c9c16639370403388750e
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 1fce460bafd506dfef91bac8fab888eb
e8152468d9d72fde7b3f3880d859e40882102c81
e894e08fe5b8ecc901ba0c0cc282e98ce2f16b813e7f1e217c0eb41a89f64f7f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 23 Sep 2022 06:05:21 GMT
Expires: Fri, 30 Sep 2022 06:05:20 GMT
Etag: "e8152468d9d72fde7b3f3880d859e40882102c81"
Cache-Control: max-age=580279,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e86383ffab8-OSL
mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gif
172.64.140.29200 OK 14 kB URL HTTP/2 mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gif
IP 172.64.140.29:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, baseline, precision 8, 500x281, components 3\012- data
Hash e994db89370c07131c299b37e86e0906
3166f9925170c117be7c77602c26f45105cae06c
d9a139378357052913b2b57af565d38baef6f7a10ff1c0b58376e57a764f16df
GET /upload/art/gif/gfdt/071616_341-4.gif HTTP/1.1
Host: mei.netlbtu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 13797
last-modified: Mon, 19 Sep 2022 11:14:37 GMT
etag: "1a111119ccd81:0"
cache-control: max-age=31536000
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E7ZupYLu3yGqdPtX4GhNDPSfKt%2F94mbd4a4wZRMccEstkO%2BczoS7LZgELmJAo18u8xRdWNOgu%2BbhyPV13f57qXgeQHaIoWkhZrcPZOkPJUQ2Oqj1ZzOkhlvbn6PtAIrtFaM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e84bedf71ba-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.henniu468.site/template/dfcc/css/ate.css
173.231.12.252200 OK 7.6 kB URL HTTP/2 www.henniu468.site/template/dfcc/css/ate.css
IP 173.231.12.252:0
Hash 0d652b7e3261c1fd82d0ea5941000f32
b8ae3bf1868934da738cad322d4d179902ee87a9
46d97dac6920bfa05c14e3c5da0cc972244d60ef7637b4bb026d01d36257be01
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/css/ate.css HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/css
last-modified: Tue, 04 Jan 2022 15:13:24 GMT
vary: Accept-Encoding
etag: W/"61d46414-126e4"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.gif
64.32.13.142301 Moved Permanently 162 B URL HTTP/2 kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.gif
IP 64.32.13.142:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /dbb6158a2ca1378f4052d59ea53d1eac.gif HTTP/1.1
Host: kvevv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
kvteee.top/68a7807de3933bf7079116fa9df99e6f.gif
104.21.233.123200 OK 366 kB URL HTTP/2 kvteee.top/68a7807de3933bf7079116fa9df99e6f.gif
IP 104.21.233.123:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 366 kB (366444 bytes)
Hash 86371c51bf2086f3a40f0e438246b662
9da793de9c620485ee91b88413b256c69dc774c5
8155b44efd09301dca9ec4bdab8e3e6445d1564fe580edd5f7575c9289843ccf
GET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/1.1
Host: kvteee.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Tue, 27 Sep 2022 14:24:40 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 2240360
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bYBqcA6T3G3n6YKEiOAuURZ3A%2B%2BC5UHyGK4nBD0Y429uYtH1QdNn15nabqZbR%2BsiISzhtyan5z%2BHO2PDbNhFAJ4BKd1MpBJ003C6lnLRFLH1AAwYBkskk5FEWwLo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e86df444058-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
104.143.94.110301 Moved Permanently 162 B URL HTTP/2 kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP 104.143.94.110:0
ASN #201106 Spartan Host Ltd
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: kvezz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 48e6e116cad3c2815f6a199d5798301c
5afe4ed9db9f8ac1375efbd7c4253582cdd92389
612dce5625c70d9c1f4767b624c7fea0c1cedb4b8772e833c68dae9de22ac869
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2986
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:00 GMT
Last-Modified: Fri, 23 Sep 2022 11:54:14 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 727
kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
66.150.130.123301 Moved Permanently 162 B URL HTTP/2 kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gif
IP 66.150.130.123:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: kzeaa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
server: nginx
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: text/html
content-length: 162
location: https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb
47.246.44.224200 OK 498 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 70\012- data
Size 498 kB (497844 bytes)
Hash 9d43f768f1897d7d3fd5ba803e1a770a
ff8fb3f427df7b6cfef65fcae162e0abab9474a4
00fe4f1ccfc623639abadf4e745aca22b946365e932a7a794d6c108fee0d85af
GET /obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 497844
date: Fri, 09 Sep 2022 08:24:07 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 09 Sep 2022 07:07:58 GMT
nw-session-id: 2022090915075801015013207646542CA8nbl8201dy
nw-session-trace: 2022-09-09T15:07:58.286847555+08:00 41
x-bdcdn-cache-status: TCP_HIT
x-length: 497844
x-powered-by: ImageX
x-response-date: Fri, 09 Sep 2022 15:07:58 GMT
x-tt-logid: 2022090915075801015013207646542CA8
via: n132-067-174, cache25.l2de2[0,0,206-0,H], cache26.l2de2[7,0], cache26.l2de2[7,0], cache7.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc03:15:294::68
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01c5b752b8829910e641fcd98210a6e05ecaa64505b343592c57aa70e4ebeccb7f8e26f4ca8c29cc7b7f27ea40ab1e8be87be14d16b53b63dca60abc5364d9e522afa6034d22063014da7c2681029ef5d43dbcdc76266e81484d8de20dc091ec69
x-response-lb: image
ali-swift-global-savetime: 1662711847
age: 1225193
x-cache: HIT TCP_MEM_HIT dirn:3:255679100
x-swift-savetime: Fri, 09 Sep 2022 08:29:23 GMT
x-swift-cachetime: 31535684
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16639370405287943e
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 682de244a038675c85ba22fad40e2deb
7a376713c7bc99183e293bf6444dd85cd1efe82e
7ab17a3bc3bc97c74bab2e47e8471634ec4e1a8af0c4964f57918b67d4d6981f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7AB17A3BC3BC97C74BAB2E47E8471634EC4E1A8AF0C4964F57918B67D4D6981F"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17616
Expires: Fri, 23 Sep 2022 17:37:36 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e882af8b503-OSL
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e885b2ab503-OSL
ocsp.digicert.cn/
47.246.44.205200 OK 471 B IP 47.246.44.205:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash d0ac6cfcb57ff990af16851a3431d383
cfa33aa44b8d8315521600b781f4906945ba1abc
b5fab16ec197e1305050e4090758eb8b94917c4778b4ff544d3a164c9f7598bc
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Fri, 23 Sep 2022 12:44:00 GMT
Ali-Swift-Global-Savetime: 1663937040
Via: cache12.l2de2[188,188,200-0,M], cache12.l2de2[189,0], cache7.se1[211,210,200-0,M], cache7.se1[213,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Fri, 23 Sep 2022 12:44:00 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9b16639370404637885e
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e886b38fabc-OSL
p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79
47.246.44.224200 OK 824 kB URL HTTP/2 p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79
IP 47.246.44.224:0
ASN #24429 Zhejiang Taobao Network Co.,Ltd
File type GIF image data, version 89a, 960 x 70\012- data
Size 824 kB (824465 bytes)
Hash 83a0fbbc5111aed24a0cc5c8de39e8ec
b255f9c8851c05cabf151fd8f2d73c4ff2a071cf
259f28148b6b90e52934d8deafbb2b59f3f0c0df235132b2d3e1fb631e7223ba
GET /obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79 HTTP/1.1
Host: p3.douyinpic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Tengine
content-type: image/gif
content-length: 824465
date: Mon, 19 Sep 2022 16:27:25 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 19 Sep 2022 12:03:15 GMT
nw-session-id: 20220919200315010150138165204D63806x42t01dy
nw-session-trace: 2022-09-19T20:03:15.766377238+08:00 54
x-bdcdn-cache-status: TCP_HIT
x-length: 824465
x-powered-by: ImageX
x-response-date: Mon, 19 Sep 2022 20:03:15 GMT
x-tt-logid: 20220919200315010150138165204D6380
via: n132-078-086, cache20.l2de2[0,0,206-0,H], cache3.l2de2[1,0], cache3.l2de2[1,0], cache1.se1[0,0,200-0,H], cache7.se1[1,0]
x-request-ip: fdbd:dc03:4:365::36
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-tt-trace-host: 01420837c943a28a71d1fbca90d788a49b5a721214fbcf3f1236dffcefa6b84941b2f101c76414969425dfa38bf70da8a8d84d324427f03d7bf6e76d94c5d051d6e9fde8b8b3de5c9fc93ab6d959809bb9e53ad293ddf472217fea9bda4526ffaa
x-response-lb: image
ali-swift-global-savetime: 1663604845
age: 332195
x-cache: HIT TCP_MEM_HIT dirn:4:460763443 mlen:0
x-swift-savetime: Wed, 21 Sep 2022 21:19:23 GMT
x-swift-cachetime: 31345682
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff62c9b16639370406548095e
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsorganizationvalsha2g2
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp2.globalsign.com/gsorganizationvalsha2g2
IP 104.18.20.226:0
Hash 2229a72001c42c6c3e7ec1981524e223
e2787fd0bd314ecbbe011f2acd6588515a282fdc
22d34b0436207138e628351254b4ad69f1ef2c45365932999b117df18dc74e39
POST /gsorganizationvalsha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 27 Sep 2022 09:48:04 GMT
ETag: "e2787fd0bd314ecbbe011f2acd6588515a282fdc"
Last-Modified: Fri, 23 Sep 2022 09:48:05 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 0
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74f35e886b3fb503-OSL
acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
104.21.37.222200 OK 400 kB URL HTTP/2 acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
IP 104.21.37.222:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 400 kB (400264 bytes)
Hash b722c3905b96f11823e04826aafdd50e
68b63b572a042d40ab210aa313b7ebbc372be5a1
630c6a955789d5bb6311db75ce52e57ff4c12074ef5a5a080cf5459f907e9dc1
GET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/1.1
Host: acoossn.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 400264
last-modified: Mon, 02 May 2022 19:22:39 GMT
etag: "62702f7f-61b88"
expires: Tue, 18 Oct 2022 08:57:26 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 445594
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ijwOg%2BzsTjEqHzjnTG%2F9kHGSlySla30rYKAG46xLC9%2Bz78hYT81tzrRHN75%2FZrVFAyZbGYo2PVZkJcVUdsFRFnPHBVzWWmm5orDHH0%2FwJ1Vp6SdIAH7LIqiEKm2bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e88afb8b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?82f3b0bae8771d461088741e02da3503
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?82f3b0bae8771d461088741e02da3503
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (627)
Hash 05401d5af97603aa9b580c677edf0f86
bbfbe2a339acfd0d9046838f6944b1aab0ec2b81
3b4e35312ef5f92ff1c15d7322559d807b50db26810f1fd773b6c8cdfcaf22f4
GET /hm.js?82f3b0bae8771d461088741e02da3503 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cf6h.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11340
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 12:43:59 GMT
Etag: 9b334455e0a72fcc550f051c38aa7e4c
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=1D9CB2B5BC3CEB26; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif
172.67.162.45200 OK 748 kB URL HTTP/2 kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif
IP 172.67.162.45:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 748 kB (748104 bytes)
Hash e2cf99741cf5529379370d4362cc4b88
db37d8e502d68feb92f7297e0effc1f7ad140dd5
42001168f65e3424b81819e486ecc6393e4a26bd4710b96504255451491efc30
GET /dbb6158a2ca1378f4052d59ea53d1eac.gif HTTP/1.1
Host: kvhwww.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 748104
last-modified: Thu, 15 Sep 2022 12:34:54 GMT
etag: "63231bee-b6a48"
expires: Thu, 20 Oct 2022 09:37:08 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 270412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LknZABkjEpk6xnPwrI55HMK2YR0qYAr9lBXrseFY1qwWGvN6fe07uHfzSr5WvDCgjMhuWlmSRWv8dj%2BfPtSIwX0wTU0pRR91lMu5Amo089lI1MklypM9C6lNfW9I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e88a88f0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 682de244a038675c85ba22fad40e2deb
7a376713c7bc99183e293bf6444dd85cd1efe82e
7ab17a3bc3bc97c74bab2e47e8471634ec4e1a8af0c4964f57918b67d4d6981f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "7AB17A3BC3BC97C74BAB2E47E8471634EC4E1A8AF0C4964F57918B67D4D6981F"
Last-Modified: Wed, 21 Sep 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17616
Expires: Fri, 23 Sep 2022 17:37:36 GMT
Date: Fri, 23 Sep 2022 12:44:00 GMT
Connection: keep-alive
acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
104.21.234.201200 OK 1.0 MB URL HTTP/2 acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
IP 104.21.234.201:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 1.0 MB (1024160 bytes)
Hash 52748c8ca30fe48c822541046bceafc0
8640926f83b9c0d635fb28403505a7c0f0753857
2e292531362f37bf7a1cd01330efb234450b1f836e975c55f2b2179c0be32ae6
GET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/1.1
Host: acoossi.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.henniu468.site/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 1024160
last-modified: Wed, 25 May 2022 13:49:10 GMT
etag: "628e33d6-fa0a0"
expires: Sat, 22 Oct 2022 05:35:19 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 112121
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dy%2BenYflHzCGz%2BRFa8VR4LU4cjK1V%2BI%2BOAklv4iOgKpOHSyJ6KYWgN9F%2BLa9KnEFjn3rv1pT2GBm6yQLmH5a4AvG90L%2BWb7wPhPlP2pbIa2PuQ9%2FFGNIF9KfFBhqsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74f35e885eccdd2f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
si1.go2yd.com/get-image/0xvf544lu4n
163.171.140.79200 OK 707 kB URL HTTP/2 si1.go2yd.com/get-image/0xvf544lu4n
IP 163.171.140.79:0
ASN #54994 QUANTILNETWORKS
File type GIF image data, version 89a, 120 x 120\012- data
Size 707 kB (706623 bytes)
Hash a1f2f1a79edf6410dba605715ba96938
30801c0aa529955a163e66725dca67f131493ac6
08da3f4f3afe655bad26adfa77187e4169f979b224a76a3e50e797ce0185ce39
GET /get-image/0xvf544lu4n HTTP/1.1
Host: si1.go2yd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 706623
server: Tengine
x-application-context: application
x-kss-request-id: 4b87c30341c94822be8149609e5b07f8
etag: "a1f2f1a79edf6410dba605715ba96938"
content-md5: ofLxp57fZBDbpgVxW6lpOA==
last-modified: Wed, 16 Feb 2022 08:49:47 GMT
accept-ranges: bytes
age: 1
x-via: 1.1 PSbjzwdx5aa31:0 (Cdn Cache Server V2.0), 1.1 jszjsx21:10 (Cdn Cache Server V2.0), 1.1 PS-KHH-017Op120:0 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1cc96:21 (Cdn Cache Server V2.0)
x-ws-request-id: 632daa10_PShlamstdAMS1se91_18323-27627
access-control-allow-origin: *
ws-s2h-acc-level: 1
X-Firefox-Spdy: h2
nkiun.xyz/guanggao/22.jpg
8.210.99.166200 OK 17 kB URL HTTP/1.1 nkiun.xyz/guanggao/22.jpg
IP 8.210.99.166:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 75", baseline, precision 8, 377x377, components 3\012- data
Hash d4ff38bbb14b8c7efaf7631ed7b17d7b
29e7892508fa13314dff9e206178952a50d3ded8
1f83a9a771790e0dc7368598662280ecaed8b12b8da18ad237d0b9ec4f740099
GET /guanggao/22.jpg HTTP/1.1
Host: nkiun.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/jpeg
Content-Length: 16832
Last-Modified: Tue, 20 Sep 2022 14:03:48 GMT
Connection: keep-alive
ETag: "6329c844-41c0"
Expires: Sun, 23 Oct 2022 12:44:00 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
img.syhy.top/2022/09/12/df352e908a0e1.gif
23.225.48.163200 OK 136 kB URL HTTP/1.1 img.syhy.top/2022/09/12/df352e908a0e1.gif
IP 23.225.48.163:0
File type GIF image data, version 89a, 960 x 240\012- data
Size 136 kB (136355 bytes)
Hash 5ce63c325003ee7cbc8498e574697887
da026d5e65a892cc331a9a8f9b6637beace93375
fdcd064f0d12b7ba7cc15b312ec95c29ea23bd6b791f4e1097911d11bec41026
GET /2022/09/12/df352e908a0e1.gif HTTP/1.1
Host: img.syhy.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 136355
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 11:37:24 GMT
ETag: "631f19f4-214a3"
Expires: Fri, 21 Oct 2022 13:26:29 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash d24607959257ffe085072a025195f20c
233ad200348623078517791bbf43cc430582e88d
6fca38352fa56e24f65bd59699dec691560e46771d0e7ee5e59fae5cf1f2d1b6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:01 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 21 Sep 2022 23:31:05 GMT
Expires: Wed, 28 Sep 2022 23:31:04 GMT
Etag: "233ad200348623078517791bbf43cc430582e88d"
Cache-Control: max-age=470223,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74f35e892ac5fab8-OSL
zhibo128x1.xyz/128/960X120AAAA.gif
154.83.25.141200 OK 646 kB URL HTTP/1.1 zhibo128x1.xyz/128/960X120AAAA.gif
IP 154.83.25.141:0
File type GIF image data, version 89a, 960 x 120\012- data
Size 646 kB (645903 bytes)
Hash 3756b633a7df84493599eae44f4aaceb
ffd7ac3ece73a619e4b94714055189f79b9d34fb
6666dd4e929573c7d242fe26b964b60bc5391b6e887ca49546efc9c7b1b71ea6
GET /128/960X120AAAA.gif HTTP/1.1
Host: zhibo128x1.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 645903
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 21:54:52 GMT
ETag: "631faaac-9db0f"
Expires: Mon, 17 Oct 2022 09:08:24 GMT
Cache-Control: max-age=2592000
Via: 154.83.25.138
CDN-Cache: HIT
Accept-Ranges: bytes
hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1045730723&si=82f3b0bae8771d461088741e02da3503&v=1.2.97&lv=1&sn=3390&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cf6h.com%2Findex.php&tt=%E6%B7%B1%E5%9C%B3%E5%B1%85%E5%8B%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1045730723&si=82f3b0bae8771d461088741e02da3503&v=1.2.97&lv=1&sn=3390&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cf6h.com%2Findex.php&tt=%E6%B7%B1%E5%9C%B3%E5%B1%85%E5%8B%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x1024&vl=939&et=0&ja=0&ln=en-us&lo=0&rnd=1045730723&si=82f3b0bae8771d461088741e02da3503&v=1.2.97&lv=1&sn=3390&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cf6h.com%2Findex.php&tt=%E6%B7%B1%E5%9C%B3%E5%B1%85%E5%8B%9F%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cf6h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 23 Sep 2022 12:44:01 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=A8ABF871BD0BEB25; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 19ce5eb55480439e987b372a6b464123
1bbfb68af67dbc55bb2ade5bcee70beb6562a9a1
4e2618d4f0911bfb9520996a925852551a20ffd151c4f722fa907091be146701
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2443
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:01 GMT
Last-Modified: Fri, 23 Sep 2022 12:03:18 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 727
www.henniu468.site/
173.231.12.252200 OK 716 kB IP 173.231.12.252:0
Size 716 kB (715695 bytes)
Hash 2847209b66e1a9425d45b2d466db8840
03c8a92345930b0a9fb33e43bc50c5abf8554186
32149513d38015a716b6950d14483c698b4afe4fe13854058741db3f825d2e59
Analyzer Verdict Alert quad9 Sinkholed
GET / HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://baidu.hnmaccms.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash 19ce5eb55480439e987b372a6b464123
1bbfb68af67dbc55bb2ade5bcee70beb6562a9a1
4e2618d4f0911bfb9520996a925852551a20ffd151c4f722fa907091be146701
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4432
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:01 GMT
Last-Modified: Fri, 23 Sep 2022 11:30:09 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 727
ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg
172.247.77.90200 OK 465 kB URL HTTP/1.1 ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg
IP 172.247.77.90:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, xresolution=120, yresolution=120], baseline, precision 8, 1280x720, components 3\012- data
Size 465 kB (464670 bytes)
Hash ba0bc684cabb92a694d67237b2637887
cf57fb92bcca91174e038eb25b9fcd4c36af9a49
07de171b4735f70b00021bf230231faf69573e9e90e60b3974aeae196375a27d
GET /upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg HTTP/1.1
Host: ddcdn.comtucdncom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 23 Sep 2022 12:44:13 GMT
Content-Type: image/jpeg
Content-Length: 464670
Last-Modified: Wed, 10 Aug 2022 11:35:38 GMT
Connection: keep-alive
ETag: "62f3980a-7171e"
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *
Access-Control-Allow-Methods: POST, GET, OPTIONS
X-Cache: hit
Accept-Ranges: bytes
s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.gif
172.67.69.40200 OK 906 kB URL HTTP/2 s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.gif
IP 172.67.69.40:0
File type GIF image data, version 89a, 200 x 200\012- data
Size 906 kB (905505 bytes)
Hash 3abde39f91e4a75e550b7e50eb25e68a
75e357b027236d81ea4b1002d992117d53212bd8
2ee18fe5f2dec0caa8ddca814b0f318e2574bd52b389bb8a2348356567a7db7d
GET /2022/01/07/deGgwzf7Tly9S3b.gif HTTP/1.1
Host: s2.loli.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 905505
last-modified: Fri, 07 Jan 2022 15:29:57 GMT
etag: "61d85c75-dd121"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Accept, Accept-Encoding
access-control-allow-origin: *
timing-allow-origin: *
cf-cache-status: BYPASS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qfSECzacGAA0S8aO1JP0FYnMYUPwcqIiducZcEG8ifYzHsojtjxEVlsp3YkAW%2FEMmz2bdyAzql0RPGKAr3OLMDqNtowPXVqzdDSOpq3QX8USLZfeYbMrUTJkjagm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74f35e843a0e1c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif
47.110.177.110200 OK 299 kB URL HTTP/1.1 38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gif
IP 47.110.177.110:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 960 x 80\012- data
Size 299 kB (299398 bytes)
Hash f4b7967855549e81f65598b93a43d9db
6ab53e8a9af687c1dddad236af323080a04499cf
2e95dc2082af7cc833e0aef825efc261c04b69e3ec4350203854008cc4a12dc6
GET /kyr87633.gif HTTP/1.1
Host: 38qptu4.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 299398
Connection: keep-alive
x-oss-request-id: 632DAA10A7BABC3634E31F84
Accept-Ranges: bytes
ETag: "F4B7967855549E81F65598B93A43D9DB"
Last-Modified: Sun, 05 Jun 2022 13:03:04 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8810428828543929982
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 9LeWeFVUnoH2VZi5OkPZ2w==
x-oss-server-time: 3
vcawmm.com/00bfcf2e6603453c8b5f1a9bce542502.gif
45.61.212.171200 OK 252 kB URL HTTP/2 vcawmm.com/00bfcf2e6603453c8b5f1a9bce542502.gif
IP 45.61.212.171:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 252 kB (251717 bytes)
Hash 86e0be4ef089ebe6804677bc492dc244
e123e51bed1727570d265d9a0730735e74b523d4
b6c59d4c3d1634429659e14b13858046f1c8880a2b8fd1ab38e6a384ad89569a
GET /00bfcf2e6603453c8b5f1a9bce542502.gif HTTP/1.1
Host: vcawmm.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=86400
etag: "630a1913-3d745"
server: nginx
date: Thu, 15 Sep 2022 11:06:54 GMT
content-type: image/gif
last-modified: Sat, 27 Aug 2022 13:16:03 GMT
accept-ranges: bytes
x-cache: HIT from cloud-us5-cdnb-11
content-length: 251717
X-Firefox-Spdy: h2
p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cb
4.34.42.102200 OK 87 kB URL HTTP/2 p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cb
IP 4.34.42.102:0
File type GIF image data, version 89a, 960 x 120\012- data
Hash c93b3ed293066d747d880ea368f305c3
7847cf128db1b0cc6f25cbfb54125348bf6dda97
79a2ddaa98a1421d78798163acdce3928ac97d2f63e5a7a64ff011180661a2b3
GET /origin/pgc-image/440e4613c87e49aaa978851137a2e2cb HTTP/1.1
Host: p9.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 86697
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 01 Oct 2021 06:59:21 GMT
nw-session-id: 202110011459210101940982193F1AF1C7sjvgq03tt
nw-session-trace: 2021-10-01T14:59:21.256856375+08:00 43
x-bdcdn-cache-status: TCP_MISS
x-length: 86697
x-powered-by: ImageX
x-response-date: Fri, 01 Oct 2021 14:59:21 GMT
x-tt-logid: 202110011459210101940982193F1AF1C7
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC199_dx-lt-yd-jiangsu-huaian-8-cache-10, BC199_dx-lt-yd-jiangsu-huaian-8-cache-10, BC108_US-Colorado-Denver-1-cache-2, BC108_US-Colorado-Denver-1-cache-2, BC103_US-Colorado-Denver-1-cache-1, BC103_US-Colorado-Denver-1-cache-1
x-cache: HIT from BC103_US-Colorado-Denver-1-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=1
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2
ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.gif
47.110.177.104200 OK 339 kB URL HTTP/1.1 ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.gif
IP 47.110.177.104:0
ASN #37963 Hangzhou Alibaba Advertising Co.,Ltd.
File type GIF image data, version 89a, 960 x 60\012- data
Size 339 kB (338737 bytes)
Hash 5ad650168381761587e881115ddf381f
feaef7fc43a3ad892a19e1aa6acfc566e6243c9c
df415b5e9e6d9b318294b26d2128a64c7c45fa673f26540288aa14b65199a8d4
GET /xpj/xpj96060a.gif HTTP/1.1
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 338737
Connection: keep-alive
x-oss-request-id: 632DAA1094C77F37341036EB
Accept-Ranges: bytes
ETag: "5AD650168381761587E881115DDF381F"
Last-Modified: Wed, 21 Sep 2022 10:06:53 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10948447221979006143
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: WtZQFoOBdhWH6IERXd84Hw==
x-oss-server-time: 3
ocsp.digicert.com/
93.184.220.29200 OK 727 B IP 93.184.220.29:0
Hash e37a2c53f8ffa21d49665c140e063277
daf01f47af0ff23df77d5fc79c3c38ac253ad429
710e488ce9941ef09b0b01f30efadac145f1b8d9683e2c74fd80ab4d71255469
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2525
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 23 Sep 2022 12:44:01 GMT
Last-Modified: Fri, 23 Sep 2022 12:01:57 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 727
p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image
4.34.42.102200 OK 807 kB URL HTTP/2 p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image
IP 4.34.42.102:0
File type GIF image data, version 89a, 400 x 420\012- data
Size 807 kB (806826 bytes)
Hash ce6a32bc15190689f6891ff7973e913f
99a64f0bdb4351f86032d9b1c9d9079ea6667cc8
18cdc10ae1ad7de191dd2adc346add24ded8e35c69f25a63bb91c928fe837331
GET /img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image HTTP/1.1
Host: p9.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:00 GMT
content-type: image/gif
content-length: 806826
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 31 Mar 2022 10:03:03 GMT
nw-session-id: 2022033118030201019409901840A77C0Endgts03la
nw-session-trace: 2022-03-31T18:03:03.257713369+08:00 344
x-bdcdn-cache-status: TCP_HIT
x-length: 806826
x-powered-by: ImageX
x-response-date: Thu, 31 Mar 2022 18:03:03 GMT
x-tt-logid: 2022033118030201019409901840A77C0E
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC177_dx-lt-yd-zhejiang-jinhua-12-cache-13, BC177_dx-lt-yd-zhejiang-jinhua-12-cache-13, BC6_US-Michigan-chieago-1-cache-1, BC102_US-Colorado-Denver-1-cache-1
x-cache: HIT from BC102_US-Colorado-Denver-1-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=1
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 91.90.42.154
x-response-cache: edge_hit
X-Firefox-Spdy: h2
p.qlogo.cn/hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif
43.154.254.32200 OK 214 kB URL HTTP/2 p.qlogo.cn/hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 120\012- data
Size 214 kB (213547 bytes)
Hash 8eaf57ede4a9e7a3dbf38bad86d91283
25fc0635290edbd594822c5f648bd5f5b78c1c3a
a532a54160a991d34b6e009c819ed614eeea6a72550024f9a788f0d6676b5b35
GET /hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 213547
vary: Accept,Origin
last-modified: Sun, 04 Sep 2022 14:24:30 GMT
cache-control: max-age=2592000
x-delay: 38858 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 213547
chid: 0
fid: 0
x-nws-log-uuid: 7f8874fe-a73f-4338-95d0-0dd81e542be7
X-Firefox-Spdy: h2
img.syhy.top/2022/05/19/b3e29dd487b2b.gif
23.225.48.163200 OK 536 kB URL HTTP/1.1 img.syhy.top/2022/05/19/b3e29dd487b2b.gif
IP 23.225.48.163:0
File type GIF image data, version 89a, 960 x 60\012- data
Size 536 kB (536519 bytes)
Hash 6c475c6d1a80641ecea6fc80c2798d87
dd77ebd4c8c568267f6d28000650324d68a10f1d
258557a327c1ebf554beb73af7c6faa540ddec90bd27f3bf863eb8aeff67416b
GET /2022/05/19/b3e29dd487b2b.gif HTTP/1.1
Host: img.syhy.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 536519
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 16:33:12 GMT
ETag: "62851fc8-82fc7"
Expires: Sun, 23 Oct 2022 04:38:46 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
182.118.39.171200 OK 678 kB URL HTTP/2 p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image
IP 182.118.39.171:0
ASN #4837 CHINA UNICOM China169 Backbone
File type GIF image data, version 89a, 270 x 160\012- data
Size 678 kB (677521 bytes)
Hash 94051cb1d1b77200b4462281a864b96e
e5b468a1b2f4bbdda1b6a3a0df2dcce6b3de7e06
d44d0d2dd188024b60ec38cb3f3ea10c080690175e923f90c9c2a2e862670c84
GET /img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:02 GMT
content-type: image/gif
content-length: 677521
server: openresty
imagex-fmt: gif2gif
last-modified: Thu, 30 Dec 2021 00:07:35 GMT
nw-session-id: 2021123008073501015013614530ADE9B0dprsv01tt
nw-session-trace: 2021-12-30T08:07:35.194015393+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-length: 677521
x-powered-by: ImageX
x-response-date: Thu, 30 Dec 2021 08:07:35 GMT
x-response-lb: image
x-tt-logid: 2021123008073501015013614530ADE9B0
server-timing: cdn-cache;desc=HIT, edge;dur=3
x-tt-trace-host: 016a2077e03b2041825c42669e9a23cec5ee04519515486308eb42b81315658df6aa5ed29ad219c7d25626d5b022cced5274c18183adcd43889f65e87a17fde2315b0226a7e5f07d4c19094125051b3e74699be800dd629619bc2141d5fb81fc89ccc76230d7d3e4f731a9d881f3cb16c4
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
via: CHN-HAzhengzhou-AREACUCC1-CACHE57[3],CHN-HAzhengzhou-AREACUCC1-CACHE35[0,TCP_HIT,1],CHN-TJ-GLOBAL1-CACHE117[7],CHN-TJ-GLOBAL1-CACHE35[0,TCP_HIT,6]
x-hcs-proxy-type: 1
x-ccdn-cachettl: 31536000
nginx-hit: 1
cache-control: max-age=31536000
age: 4857728
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2
p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image
182.118.39.171200 OK 301 kB URL HTTP/2 p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image
IP 182.118.39.171:0
ASN #4837 CHINA UNICOM China169 Backbone
File type GIF image data, version 89a, 120 x 120\012- data
Size 301 kB (301024 bytes)
Hash 924fb352713ee10f6f4bce3167ccce13
127a437f7a5020f7e7c08b6c6465be55dcb32e0c
6e04c7ee887495ce8805d38b200ca217c28b5e83655f4e7f4e8f8f8e28b872bf
GET /img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image HTTP/1.1
Host: p26.toutiaoimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 23 Sep 2022 12:44:02 GMT
content-type: image/gif
content-length: 301024
server: openresty
age: 3299483
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 06 Nov 2021 17:01:43 GMT
nw-session-id: 2021110701014301015108502152A73235rcjk803tt
nw-session-trace: 2021-11-07T01:01:43.669209445+08:00 34
x-bdcdn-cache-status: TCP_MISS
x-ccdn-cachettl: 31536000
x-length: 301024
x-powered-by: ImageX
x-response-date: Sun, 07 Nov 2021 01:01:43 GMT
x-response-lb: image
x-tt-logid: 2021110701014301015108502152A73235
nginx-hit: 1
server-timing: cdn-cache;desc=HIT, edge;dur=5
via: CHN-HAzhengzhou-AREACUCC1-CACHE57[5],CHN-HAzhengzhou-AREACUCC1-CACHE64[0,TCP_HIT,2],CHN-TJ-GLOBAL1-CACHE119[42],CHN-TJ-GLOBAL1-CACHE72[0,TCP_HIT,40]
x-hcs-proxy-type: 1
x-tt-trace-host: 016e0001876583f0a366970da60fe77c66f56a5eb79688f9c4e7e6c49708d552a39ce55d97749c3e8510d737d6bed077b75390b82e45430b80f2266ba222fbd73cd89bceef56b5d71b00add0867f5f44d259170ca6c80d220231d003018378230b0a9b18efbe7abad09aa9b368178b8893f8ed65931abed8e45506dc8686afd64a2dd156f524477f07b8b7fcfe9e7fdb2c
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 91.90.42.154
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0
43.154.254.32200 OK 62 kB URL HTTP/2 p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash ee52eff8577d4346eca344892bd41406
5e2ad497a1866f71f088860d05f2b962e82a16e1
b1d685515a8e1186c3f5d4844256b95fcc83121fa45f29a2e58e852537332267
GET /qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/png
content-length: 62229
vary: Accept,Origin
last-modified: Tue, 19 Oct 2021 21:03:59 GMT
cache-control: max-age=2592000
x-delay: 18135 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 62229
chid: 0
fid: 0
x-nws-log-uuid: d3019366-49fa-4aac-9325-9a9e576d8d0b
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2b
103.235.46.191200 OK 11 kB URL HTTP/1.1 hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2b
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type ASCII text, with very long lines (632)
Hash 9e8b03663ef8cd3c93b4c9f822f88d7d
2a2c815396dc9c69a51779003711fe99f0ff9892
c6d59c0a1faa57414e6558d4590d8fa81a7fc38578a5d6de0f39bfdd91a5b00e
GET /hm.js?83778f58a428085f4ecef06936407d2b HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11345
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 12:44:01 GMT
Etag: 3cb991db73425ae1ac9630d6fe04e7ac
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=C0B01912E9D60C3D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=197501447&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2F&v=1.2.97&lv=1&sn=3392&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fwww.henniu468.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86
103.235.46.191200 OK 43 B URL HTTP/1.1 hm.baidu.com/hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=197501447&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2F&v=1.2.97&lv=1&sn=3392&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fwww.henniu468.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /hm.gif?cc=0&ck=0&cl=24-bit&ds=1280x1024&vl=927&et=0&ja=0&ln=en-us&lo=0&rnd=197501447&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2F&v=1.2.97&lv=1&sn=3392&r=0&ww=1268&ct=!!&u=https%3A%2F%2Fwww.henniu468.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 23 Sep 2022 12:44:03 GMT
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Pragma: no-cache
Server: apache
Set-Cookie: HMACCOUNT=F6E9BCF2C3B44783; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
p.qlogo.cn/hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif
43.154.254.32200 OK 478 kB URL HTTP/2 p.qlogo.cn/hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 478 kB (477965 bytes)
Hash 1871802c546612ae2e2dcb3694081247
0f55b31923bd680e30db2c23e0c661cfc724fdbf
374a37606178edf9fee0afcd95a3ff2c823bc6a5a4d700460a3e9da02a9fe54b
GET /hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 477965
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 16:41:35 GMT
cache-control: max-age=2592000
x-delay: 83058 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 477965
chid: 0
fid: 0
x-nws-log-uuid: 1573ee3f-96ad-4790-9b6b-73ad0c615f0a
X-Firefox-Spdy: h2
p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif
43.154.254.32200 OK 1.2 MB URL HTTP/2 p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 1.2 MB (1167114 bytes)
Hash a3b70c334cb215bdc7bc5c00d9191791
c6bbe53efe6f899bcee8ebff8f3432e3364a0e1f
130298599cbdd58752eaccd5fdadc91acac906b9ae9c25f942b5bb68ee5d572f
GET /hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1167114
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 13:02:27 GMT
cache-control: max-age=2592000
x-delay: 100166 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1167114
chid: 0
fid: 0
x-nws-log-uuid: 2bdd29ee-a33b-489e-9ad2-b5e23f3a06d4
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0
43.154.254.32200 OK 1.6 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.6 MB (1607696 bytes)
Hash 9c26f4dcfdfa72ecdcbe3ea854547b4c
fed85b90734400d6810be2b07403f5c8a194a507
ebd842d015d6684a6995a73f1e81f0dea219815318f8993501da9ca79cca74d2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1607696
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:45 GMT
cache-control: max-age=2592000
x-delay: 119544 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1607696
chid: 0
fid: 0
x-nws-log-uuid: 4efdae9f-5ca8-4cea-8eb0-c5d937ed7183
X-Firefox-Spdy: h2
p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
43.154.254.32200 OK 1.4 MB URL HTTP/2 p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 640 x 200\012- data
Size 1.4 MB (1362871 bytes)
Hash b43c54ced7fcd33ebd9405eb26d533b7
05e5eb23ef5a79364bc8f8fd778d54a9fa335174
7db80c626560b0016fd427d864bb6116a44a858eb7968728cd872814939a24b2
GET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 648 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: 892096fd-cbc4-4cfd-904f-e18dca53fcae
X-Firefox-Spdy: h2
p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca948126b32d301e53005eb3cbee7034b8/0.gif
43.154.254.32200 OK 1.2 MB URL HTTP/2 p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca948126b32d301e53005eb3cbee7034b8/0.gif
IP 43.154.254.32:0
ASN #132203 Tencent Building, Kejizhongyi Avenue
File type GIF image data, version 89a, 960 x 60\012- data
Size 1.2 MB (1172818 bytes)
Hash 953ba21e5ebc4c6e6b76055ee33bc604
a9d2103a66f2a870e0e69b3db8355131f3d23390
c70efcfde03cf3bd96ec7649b2384b79596036e2b6660343f4e5adf035e112d6
GET /hy_personal/3e28f14aa051684288f48c7778a1baca948126b32d301e53005eb3cbee7034b8/0.gif HTTP/1.1
Host: p.qlogo.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Qnginx/1.4.4
date: Fri, 23 Sep 2022 12:44:01 GMT
content-type: image/gif
content-length: 1172818
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 13:02:27 GMT
cache-control: max-age=2592000
x-delay: 98928 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1172818
chid: 0
fid: 0
x-nws-log-uuid: cbab6776-d747-40a9-b914-7442f09dc8a4
X-Firefox-Spdy: h2
884329.com/af4848fd71f14d85bca2ce6ceca8654d.gif
47.75.19.14200 OK 424 kB URL HTTP/1.1 884329.com/af4848fd71f14d85bca2ce6ceca8654d.gif
IP 47.75.19.14:0
ASN #45102 Alibaba US Technology Co., Ltd.
File type GIF image data, version 89a, 750 x 240\012- data
Size 424 kB (423997 bytes)
Hash e1a71fed14e92c07c2e10086c3f8ad63
aa5d034602b33fc99e8611326ab13612f6240c29
b26d4de107c13bfceff216d745f7fa588dfe81e1908d392934e69ac5d4b1f15b
GET /af4848fd71f14d85bca2ce6ceca8654d.gif HTTP/1.1
Host: 884329.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 23 Sep 2022 12:44:00 GMT
Content-Type: image/gif
Content-Length: 423997
Connection: keep-alive
x-oss-request-id: 632DAA109DB57839377E8C55
Accept-Ranges: bytes
ETag: "E1A71FED14E92C07C2E10086C3F8AD63"
Last-Modified: Mon, 29 Aug 2022 10:33:01 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 18376862633552853608
x-oss-storage-class: Standard
Content-MD5: 4acf7RTpLAfC4QCGw/itYw==
x-oss-server-time: 2
www.henniu468.site/template/dfcc/css/zui.css
173.231.12.252200 OK 0 B URL HTTP/2 www.henniu468.site/template/dfcc/css/zui.css
IP 173.231.12.252:0
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/css/zui.css HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: text/css
last-modified: Thu, 19 May 2022 10:41:58 GMT
vary: Accept-Encoding
etag: W/"62861ef6-164b3"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.x956.xyz/images/631aeb1cb62b4063cbda48f0.gif
3.36.126.81302 Found 0 B URL HTTP/2 img.x956.xyz/images/631aeb1cb62b4063cbda48f0.gif
IP 3.36.126.81:0
GET /images/631aeb1cb62b4063cbda48f0.gif HTTP/1.1
Host: img.x956.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79
cache-control: max-age=3600
X-Firefox-Spdy: h2
hm.baidu.com/hm.js?d8caaf5fc7e747bf497566f2be1cc916
103.235.46.191200 OK 0 B URL HTTP/1.1 hm.baidu.com/hm.js?d8caaf5fc7e747bf497566f2be1cc916
IP 103.235.46.191:0
ASN #55967 Beijing Baidu Netcom Science and Technology Co., Ltd.
GET /hm.js?d8caaf5fc7e747bf497566f2be1cc916 HTTP/1.1
Host: hm.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.cf6h.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11342
Content-Type: application/javascript
Date: Fri, 23 Sep 2022 12:44:00 GMT
Etag: d84480cd183e8638de24ef349bcc4c73
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=3C7AB0FCDC233A3D; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
www.henniu468.site/template/dfcc/static/js/jquery.min.js
173.231.12.252200 OK 0 B URL HTTP/2 www.henniu468.site/template/dfcc/static/js/jquery.min.js
IP 173.231.12.252:0
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/static/js/jquery.min.js HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:07:32 GMT
vary: Accept-Encoding
etag: W/"61d99aa4-17b8b"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
www.henniu468.site/template/dfcc/html9/ads/dulian.js
173.231.12.252200 OK 0 B URL HTTP/2 www.henniu468.site/template/dfcc/html9/ads/dulian.js
IP 173.231.12.252:0
Analyzer Verdict Alert quad9 Sinkholed
GET /template/dfcc/html9/ads/dulian.js HTTP/1.1
Host: www.henniu468.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 23 Sep 2022 12:43:59 GMT
content-type: application/javascript
last-modified: Mon, 22 Aug 2022 17:13:28 GMT
vary: Accept-Encoding
etag: W/"6303b938-4c1"
expires: Sat, 24 Sep 2022 00:43:59 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
img.999997.co/images/631ae647b62b4063cbda48ef.gif
23.225.222.2302 Found 0 B URL HTTP/2 img.999997.co/images/631ae647b62b4063cbda48ef.gif
IP 23.225.222.2:0
GET /images/631ae647b62b4063cbda48ef.gif HTTP/1.1
Host: img.999997.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.henniu468.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb
cache-control: max-age=3600
X-Firefox-Spdy: h2