www.ku2h.com/
23.247.68.3 1.3 kB IP 23.247.68.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (388), with CRLF line terminators
Hash e77091b0db6a565a6643b750013d6f6e
57063412943e881b4adfbd1ae96806344714b7d8
b8b935b992bdbdc78fb284ca48861a1329262c6e6f55003b489215b106575aff
GET / HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:25:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.ku2h.com/~vip/signin.php
23.247.68.3 1.3 kB URL User Request GET www.ku2h.com/~vip/signin.php
IP 23.247.68.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ISO-8859 text, with very long lines (388), with CRLF line terminators
Hash e77091b0db6a565a6643b750013d6f6e
57063412943e881b4adfbd1ae96806344714b7d8
b8b935b992bdbdc78fb284ca48861a1329262c6e6f55003b489215b106575aff
GET /~vip/signin.php HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:25:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.ku2h.com/common.js
23.247.68.3200 OK 2.1 kB IP 23.247.68.3:80
Requested by http://www.ku2h.com/~vip/signin.php
File type ASCII text, with very long lines (4822), with no line terminators
Hash 368573bfe65c70b4b19090435e1aae69
db1f8bb1dc7e9f4a6d41c37ffa82635b562a5f0e
2bf2c6c55a928b5cb710d72be52cca3cf28619624be0e70cbeeb67e426462052
NIDS Severity Alert suricata high ET HUNTING Possible Obfuscator io JavaScript Obfuscation
GET /common.js HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/~vip/signin.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:25:18 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
www.ku2h.com/tj.js
23.247.68.3200 OK 100 B IP 23.247.68.3:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document, ASCII text, with no line terminators
Hash 29dbba98f8aa49d814a55299f44f3552
f9c69726560cf430b4c51a9a40029c10671d3dd4
991f23bde5aff608311d6af5f5ebad83d30366f3ea01db4e1577d84169383778
GET /tj.js HTTP/1.1
Host: www.ku2h.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/~vip/signin.php
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:25:18 GMT
Content-Type: application/x-javascript
Content-Length: 100
Connection: keep-alive
js.users.51.la/21653847.js
42.236.73.41200 OK 2.3 kB URL GET HTTP/1.1 js.users.51.la/21653847.js
IP 42.236.73.41:80
ASN #4837 CHINA UNICOM China169 Backbone
Requested by http://www.ku2h.com/~vip/signin.php
File type ASCII text, with very long lines (4898), with no line terminators
Hash 8050e3fb5003aaa5cdd6fb8f92c18d0e
1783b951bf8f7390ffa2f8184166a5e41c4e76cc
1c83ce165a9a982c6b8b61b3ce41ffd9991c4101ccde0f3ffc45fa0cf3a3677c
GET /21653847.js HTTP/1.1
Host: js.users.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 02 Jun 2023 09:22:48 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Cache-Control: no-store
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
push.zhanzhang.baidu.com/push.js
182.61.240.101200 OK 227 B URL GET HTTP/1.1 push.zhanzhang.baidu.com/push.js
IP 182.61.240.101:80
ASN #38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Requested by http://www.ku2h.com/~vip/signin.php
File type ASCII text, with no line terminators
Hash 1bb5a3267c9865ad4abe8d937734b62b
b5478dd2edb3e64242eced1db2dbd945ef81f592
674bc0c70f98d627b8a7e1d278a1f21ffe33815565f7d5371bf0275da57571b2
GET /push.js HTTP/1.1
Host: push.zhanzhang.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 02 Jun 2023 09:22:48 GMT
Etag: "4078521116"
Expires: Sat, 01 Jun 2024 09:22:48 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=37326C168D7975C61A4307F5B882D61B:FG=1; max-age=31536000; expires=Sat, 01-Jun-24 09:22:48 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
api.share.baidu.com/s.gif?l=http://www.ku2h.com/~vip/signin.php
180.101.212.103200 OK 0 B URL GET HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.ku2h.com/~vip/signin.php
IP 180.101.212.103:80
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
Requested by http://www.ku2h.com/~vip/signin.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.ku2h.com/~vip/signin.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jun 2023 09:22:48 GMT
www.ufvjgwufvjgwufotsgfjoshbed.com/js/hyt.js
199.43.203.90200 OK 2.3 kB URL GET HTTP/1.1 www.ufvjgwufvjgwufotsgfjoshbed.com/js/hyt.js
IP 199.43.203.90:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document, ASCII text, with very long lines (447)
Hash e906d5c15aadc83286a3bb93b3830bce
a7f8b59e9880ccd6a1c237fea1662b2e791a2b40
ed264ef1c674b3c80a64e331585de1ebfe699724ea6d030000e41e04fb92b1e5
Analyzer Verdict Alert quad9 Sinkholed
GET /js/hyt.js HTTP/1.1
Host: www.ufvjgwufvjgwufotsgfjoshbed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:22:48 GMT
Content-Type: application/javascript
Last-Modified: Wed, 17 May 2023 22:35:00 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"64655694-1326"
Expires: Fri, 02 Jun 2023 21:22:48 GMT
Cache-Control: max-age=43200
Content-Encoding: gzip
ocsp.crlocsp.cn/
101.198.193.5 472 B IP 101.198.193.5:0
ASN #55992 Beijing Qihu Technology Company Limited
Hash 4ec5e4b6a2194bd934992171a84caf2f
f7f9e2063eb65fa68a94e1a3efadcd5d4efd530e
c3b69c980240dbd9b2da1339159ea6a850ef11299f5093c1c330533ad58ad84e
POST / HTTP/1.1
Host: ocsp.crlocsp.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.9.14
Date: Fri, 02 Jun 2023 09:20:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Content-Transfer-Encoding: Binary
Last-modified: Mon, 29 May 2023 18:14:51 GMT
Expires: Mon, 05 Jun 2023 18:14:50 GMT
ETag: "F7F9E2063EB65FA68A94E1A3EFADCD5D4EFD530E"
cache-control: max-age=172800,public,no-transform,must-revalidate
ia.51.la/go1?id=21653847&rt=1685697767946&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&ing=1&ekc=&sid=1685697767946&tt=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&cu=http%253A%252F%252Fwww.ku2h.com%252F~vip%252Fsignin.php&pu=
42.236.73.39200 0 B URL GET HTTP/1.1 ia.51.la/go1?id=21653847&rt=1685697767946&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&ing=1&ekc=&sid=1685697767946&tt=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&cu=http%253A%252F%252Fwww.ku2h.com%252F~vip%252Fsignin.php&pu=
IP 42.236.73.39:80
ASN #4837 CHINA UNICOM China169 Backbone
Requested by http://www.ku2h.com/~vip/signin.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go1?id=21653847&rt=1685697767946&rl=1280*1024&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&ing=1&ekc=&sid=1685697767946&tt=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&kw=%25E4%25B8%258A%25E9%25A5%25B6%25E5%258C%25A3%25E7%25B0%25BF%25E5%25BB%25BA%25E6%259D%2590%25E6%259C%2589%25E9%2599%2590%25E5%2585%25AC%25E5%258F%25B8&cu=http%253A%252F%252Fwww.ku2h.com%252F~vip%252Fsignin.php&pu= HTTP/1.1
Host: ia.51.la
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200
Content-Length: 0
Date: Fri, 02 Jun 2023 09:21:28 GMT
api.share.baidu.com/s.gif?l=http://www.ku2h.com/~vip/signin.php
180.101.212.103200 OK 0 B URL GET HTTP/1.1 api.share.baidu.com/s.gif?l=http://www.ku2h.com/~vip/signin.php
IP 180.101.212.103:80
ASN #134770 CHINANET Jiangsu province Suzhou taihu IDC network
Requested by http://www.ku2h.com/~vip/signin.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /s.gif?l=http://www.ku2h.com/~vip/signin.php HTTP/1.1
Host: api.share.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 02 Jun 2023 09:22:49 GMT
s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.ku2h.com%2F~vip%2Fsignin.php&sid=d182b3f28525f2db83acfaaf6e696dba&token=dp1h8p2.bn3ifn2g8i5s2/5pfi2vd~b/
171.8.167.89200 OK 0 B URL GET HTTP/1.1 s.360.cn/so/zz.gif?url=http%3A%2F%2Fwww.ku2h.com%2F~vip%2Fsignin.php&sid=d182b3f28525f2db83acfaaf6e696dba&token=dp1h8p2.bn3ifn2g8i5s2/5pfi2vd~b/
IP 171.8.167.89:443
ASN #137687 Luoyang, Henan Province, P.R.China.
Requested by http://www.ku2h.com/~vip/signin.php
Certificate IssuerWoTrus CA Limited
Subject*.s.360.cn
FingerprintB1:6A:FB:C0:EE:71:49:97:E7:72:0C:E3:DF:52:E8:6B:1D:5E:41:0E
ValidityFri, 16 Dec 2022 00:00:00 GMT - Sat, 16 Dec 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /so/zz.gif?url=http%3A%2F%2Fwww.ku2h.com%2F~vip%2Fsignin.php&sid=d182b3f28525f2db83acfaaf6e696dba&token=dp1h8p2.bn3ifn2g8i5s2/5pfi2vd~b/ HTTP/1.1
Host: s.360.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Fri, 02 Jun 2023 09:22:49 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Tue, 23 Jul 2019 07:36:18 GMT
Connection: keep-alive
ETag: "5d36b8f2-0"
Accept-Ranges: bytes
www.ufvjgwufvjgwufotsgfjoshbed.com/hyt_data.php?zq=hyt&val=smplink&t=0.394785026034558?v=01504734635263658
199.43.203.90200 OK 59 B URL GET HTTP/1.1 www.ufvjgwufvjgwufotsgfjoshbed.com/hyt_data.php?zq=hyt&val=smplink&t=0.394785026034558?v=01504734635263658
IP 199.43.203.90:80
Requested by http://www.ku2h.com/~vip/signin.php
File type JSON data\012- , ASCII text, with no line terminators
Hash 82aa27686a88a6b5274235d878d93bbc
a93a55e6130cb0eba3898c94aaa5a4871eae0fc7
36bf19eab13a02f0c29b6c3c34ece8a7603b5b7204d283a8061bf8442e2d1b8d
Analyzer Verdict Alert quad9 Sinkholed
GET /hyt_data.php?zq=hyt&val=smplink&t=0.394785026034558?v=01504734635263658 HTTP/1.1
Host: www.ufvjgwufvjgwufotsgfjoshbed.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://www.ku2h.com
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Jun 2023 09:22:49 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
www.hyt197.top/
199.43.203.93403 Forbidden 147 B IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 68611fb17d5d87a36e7ac2cf8cf6110d
2a77488523017e82d9585dc3327a7e6f7b5679ba
5851aa3aafe5dee92b5f941901626c227cb2928d7ac9e1f9a6361b030e656479
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.top domain
GET / HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:49 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=de392fd6d135fcc633e48891c3ae5b9f;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=52385467
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=52385467
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash ac231a9034bb5f68985535da6a886166
b93464d8bc34dbe8486cd19f9ddc77fa4bbfde0a
53566f7781c759b01aab229931f4ca7ff8fd9c709cddb64ee81ac9a19727cd36
GET /?btwaf=52385467 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:50 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=2686896648ecd5a8fe4bb878bd83ba1f;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=38053044
199.43.203.93403 Forbidden 146 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=38053044
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash a1ae4b88a04b623a1a28888db78ad855
efdcf7329b444c60373b70f55ec196dfd507d524
7a4f447d2ac22d8ec07bd3d746954fda59d43fd7250f595d71b638467572aedf
GET /?btwaf=38053044 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=52385467
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:50 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=2686896648ecd5a8fe4bb878bd83ba1f;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=4976077
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=4976077
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash abd92102c3ea99e5e9507ec484a51196
e558ec31bf44eaa6ff7adbc6daf29897ec941d93
6358723a6a8f863c5d73fdb9d74028f5a2a146164a8fe4a2035e41fa8c26e603
GET /?btwaf=4976077 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=38053044
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:50 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=2686896648ecd5a8fe4bb878bd83ba1f;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=33033558
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=33033558
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 78b8d3b18f11825405814bdf769dd77d
a8986f3bc309d401625e4d6c9b91768fa24b0811
97b2f30877b513899d9a078b86f8dcdeb5821f7938c6603dac8e2a03bb51a139
GET /?btwaf=33033558 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=4976077
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:50 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=2686896648ecd5a8fe4bb878bd83ba1f;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=16822558
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=16822558
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash b79f8163f2fc0e84543d1ae9b31dd791
38d70a41911c0c9e0275fdb703803323d1d9675e
aa9a19a29d461661b0b266aa7301e6b34f5b68eeb432ee0f0a4117d5b46a4f0e
GET /?btwaf=16822558 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=33033558
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:50 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=2686896648ecd5a8fe4bb878bd83ba1f;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=49189294
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=49189294
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 1348e4ac67486866b408ab4ee8937b4f
e778bd765e9ada9ad291f8ce1a3ff824c7b7f57c
1b4db937aa9250778c8e188ab89bc082da2fcc51b67117dc939b7dbee0157805
GET /?btwaf=49189294 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=16822558
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:51 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=05e483089b8ef8e686c833f12cb6a796;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=66006636
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=66006636
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash dbc27f8181ef231ec2627493762e995e
05959bafa653b41ba01a2f01d4659d7e8f1eef86
f409332b3b40fbf75cb221aefd4d2c1cab1b7eb9f401e319c5722317c18e7c17
GET /?btwaf=66006636 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=49189294
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:51 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=05e483089b8ef8e686c833f12cb6a796;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=65567959
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=65567959
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash b218ab1f9c04be54cc90fd660161a551
76afe25c6b8d218f9af6b670f1d0a5c3281d78c3
d872a87582fffc9b68be11153da90db2c5d44e7f7ea410b3cd646d7886d7f6b2
GET /?btwaf=65567959 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=66006636
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:51 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=05e483089b8ef8e686c833f12cb6a796;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=21593702
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=21593702
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 67176206f11fb28b26521d116ff73f00
afa91f13adb4bca8f1bdc29644d955e8fb1bc8ff
06aad78aef98dd8e9d59ba9770f2bc40688f4a692705081894b561f1f27139a7
GET /?btwaf=21593702 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=65567959
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:51 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=05e483089b8ef8e686c833f12cb6a796;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=18407371
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=18407371
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash 2aed34adcf2c3fee550ac4b7ba382792
263b3ddc74f32327728ffa9ef605195902657316
04eb3bcc1d040e1be355443bb4353f039a3b8352bbf7a003ae88fa85ade10fa5
GET /?btwaf=18407371 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=21593702
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:51 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=05e483089b8ef8e686c833f12cb6a796;
Cache-Control: no-cache
Content-Encoding: gzip
www.hyt197.top/?btwaf=25951778
199.43.203.93403 Forbidden 147 B URL GET HTTP/1.1 www.hyt197.top/?btwaf=25951778
IP 199.43.203.93:80
Requested by http://www.ku2h.com/~vip/signin.php
File type HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text
Hash a3d8f35a92b8b768471dcf7c08d478b8
17d5e3b0d9b57ed823e3ec5a19d70f7860b24f5e
0179e5f03f701d5694ff5541563ebe6591fed84e0c3b045022d221b78fd0623c
GET /?btwaf=25951778 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=18407371
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Server: nginx
Date: Fri, 02 Jun 2023 09:22:52 GMT
Content-Type: text/html;charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: f8210ec1697740af6ed1dbb9ca8f385f=4ab9b0760741ff1dacedff5af9bbc9c6;
Cache-Control: no-cache
Content-Encoding: gzip
sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php
0.0.0.0 0 B URL GET sp0.baidu.com/9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php
IP 0.0.0.0:0
Requested by http://www.ku2h.com/~vip/signin.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /9_Q4simg2RQJ8t7jm9iCKT-xh_/s.gif?l=http://www.ku2h.com/~vip/signin.php HTTP/1.1
Host: sp0.baidu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://www.ku2h.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
www.hyt197.top/?btwaf=39216664
0.0.0.0 0 B URL GET www.hyt197.top/?btwaf=39216664
IP 0.0.0.0:0
Requested by http://www.ku2h.com/~vip/signin.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?btwaf=39216664 HTTP/1.1
Host: www.hyt197.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://www.hyt197.top/?btwaf=25951778
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache