Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
21/10/2022, 04:31 UTC
General
-
Target
a2049a953d5ed411de9d9700e3e571167493050d3a5b2d47980f83e254e74270.exe
-
Size
140KB
-
MD5
4d0187825e40face7f78f84123d1f605
-
SHA1
22cc5eb22ec075c478c4b8577dd8bb649d2dafa7
-
SHA256
a2049a953d5ed411de9d9700e3e571167493050d3a5b2d47980f83e254e74270
-
SHA512
cf5ba0a4832e2f5559da61136693d78d04498f9114085fb116f67f52248a5b533008a1850a474f86c6570f0aae5436b65236813a7fbec749cd61ee10933ea5e8
-
SSDEEP
1536:nnMg2OVLjlevyaRLBnLuRgiaUxRIxecePKH5nKLV+X:M0LpeTLlamiaUxRIxecePKQW
Score
10/10
Malware Config
Signatures
-
joker
Joker is an Android malware that targets billing and SMS fraud.
-
Executes dropped EXE 1 IoCs
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 45 IoCs
-
Modifies Internet Explorer start page 1 TTPs 2 IoCs
-
Modifies registry class 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 56 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a2049a953d5ed411de9d9700e3e571167493050d3a5b2d47980f83e254e74270.exe"C:\Users\Admin\AppData\Local\Temp\a2049a953d5ed411de9d9700e3e571167493050d3a5b2d47980f83e254e74270.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\start_min_bat.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\winzip\1.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\PROGRA~1\INTERN~1\iexplore.exeC:\PROGRA~1\INTERN~1\IEXPLORE.EXE http://www.cnkankan.com/?821334⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3544 CREDAT:17410 /prefetch:25⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\Users\Admin\AppData\Roaming\winzip\1.inf4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\winzip\2.bat4⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exereg add "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d ""http://www.82133.com/?S"" /f5⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d ""http://www.82133.com/?S"" /f5⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
-
-
C:\Windows\SysWOW64\reg.exereg add "HKCU\Software\tmp" /v "key" /d ""http://www.82133.com/?S"" /f5⤵
-
-
C:\Windows\SysWOW64\reg.exereg add "HKCR\CLSID\{971C5380-92A0-5A69-B3EE-C3002B33309E}" /v "IsShortCut" /d "" /f5⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\reg.exereg add "HKCR\CLSID\{971C5380-92A0-5A69-B3EE-C3002B33309E}\Shell\open(&H)\Command" /v "" /d "wscript -e:vbs ""C:\Users\Admin\AppData\Roaming\winzip\3.bat""" /f5⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h C:\Users\Admin\AppData\Roaming\winzip\tmp\a.{971C5380-92A0-5A69-B3EE-C3002B33309E}5⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h C:\Users\Admin\AppData\Roaming\winzip\tmp5⤵
- Sets file to hidden
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\rundll32.exerundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\Users\Admin\AppData\Roaming\winzip\2.inf5⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\runonce.exe"C:\Windows\system32\runonce.exe" -r6⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grpconv.exe"C:\Windows\System32\grpconv.exe" -o7⤵
-
-
-
-
C:\Windows\SysWOW64\rundll32.exerundll32 D:\VolumeDH\inj.dat,MainLoad5⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\inlF57E.tmpC:\Users\Admin\AppData\Local\Temp\inlF57E.tmp2⤵
- Executes dropped EXE
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\A2049A~1.EXE > nul2⤵
-
Network
-
DNS176.122.125.40.in-addr.arpaRemote address:8.8.8.8:53Request176.122.125.40.in-addr.arpaIN PTRResponse -
DNSjump3.35638.comRemote address:8.8.8.8:53Requestjump3.35638.comIN AResponsejump3.35638.comIN A47.52.231.246
-
DNSwww.cnkankan.comRemote address:8.8.8.8:53Requestwww.cnkankan.comIN AResponsewww.cnkankan.comIN A103.207.160.245
-
GEThttp://www.cnkankan.com/?82133Remote address:103.207.160.245:80RequestGET /?82133 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.cnkankan.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:01 GMT
Content-Type: text/html
Content-Length: 805
Connection: keep-alive
-
GEThttp://www.cnkankan.com/common.jsRemote address:103.207.160.245:80RequestGET /common.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.cnkankan.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:02 GMT
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://www.cnkankan.com/tj.jsRemote address:103.207.160.245:80RequestGET /tj.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.cnkankan.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:02 GMT
Content-Type: application/x-javascript
Content-Length: 520
Connection: keep-alive
-
DNSpush.zhanzhang.baidu.comRemote address:8.8.8.8:53Requestpush.zhanzhang.baidu.comIN AResponsepush.zhanzhang.baidu.comIN CNAMEshare.jomodns.comshare.jomodns.comIN CNAMEshare.n.shifen.comshare.n.shifen.comIN A39.156.68.163share.n.shifen.comIN A112.34.113.148share.n.shifen.comIN A180.101.212.103share.n.shifen.comIN A182.61.201.93share.n.shifen.comIN A182.61.201.94share.n.shifen.comIN A182.61.240.101
-
DNSbaidu.hnmaccms.xyzRemote address:8.8.8.8:53Requestbaidu.hnmaccms.xyzIN A
-
DNSbaidu.hnmaccms.xyzRemote address:8.8.8.8:53Requestbaidu.hnmaccms.xyzIN A
-
DNSbaidu.hnmaccms.xyzRemote address:8.8.8.8:53Requestbaidu.hnmaccms.xyzIN A
-
DNSbaidu.hnmaccms.xyzRemote address:8.8.8.8:53Requestbaidu.hnmaccms.xyzIN A
-
DNSbaidu.hnmaccms.xyzRemote address:8.8.8.8:53Requestbaidu.hnmaccms.xyzIN A
-
DNShm.baidu.comRemote address:8.8.8.8:53Requesthm.baidu.comIN AResponsehm.baidu.comIN CNAMEhm.e.shifen.comhm.e.shifen.comIN A103.235.46.191
-
GEThttps://hm.baidu.com/hm.js?c68f6151c34979f57bf650beb65cecdfRemote address:103.235.46.191:443RequestGET /hm.js?c68f6151c34979f57bf650beb65cecdf HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11333
Content-Type: application/javascript
Date: Fri, 21 Oct 2022 12:14:18 GMT
Etag: d4ec14fdcd32e089d921ec44a05f231d
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=BA153D14C841932B; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
-
GEThttps://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=585&et=0&ja=1&ln=en-us&lo=0&rnd=122839961&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2Fnews%2Findex.php&v=1.2.97&lv=1&sn=3208&r=0&ww=1263&ct=!!&u=https%3A%2F%2Fwww.henniu4444.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86Remote address:103.235.46.191:443RequestGET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=585&et=0&ja=1&ln=en-us&lo=0&rnd=122839961&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2Fnews%2Findex.php&v=1.2.97&lv=1&sn=3208&r=0&ww=1263&ct=!!&u=https%3A%2F%2Fwww.henniu4444.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=85FB39B30B6C3793BEE8BF764A8073F3:FG=1; HMACCOUNT=905BF7F4292E7140
ResponseHTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 21 Oct 2022 12:14:20 GMT
Pragma: no-cache
Server: apache
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
-
GEThttp://push.zhanzhang.baidu.com/push.jsRemote address:39.156.68.163:80RequestGET /push.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: push.zhanzhang.baidu.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Content-Encoding: gzip
Content-Length: 227
Content-Type: text/javascript
Date: Fri, 21 Oct 2022 12:14:05 GMT
Etag: "4078521116"
Expires: Sat, 21 Oct 2023 12:14:05 GMT
Last-Modified: Wed, 25 Nov 2015 07:47:55 GMT
P3p: CP=" OTI DSP COR IVA OUR IND COM "
Server: apache
Set-Cookie: BAIDUID=85FB39B30B6C3793BEE8BF764A8073F3:FG=1; max-age=31536000; expires=Sat, 21-Oct-23 12:14:05 GMT; domain=.baidu.com; path=/; version=1
Vary: Accept-Encoding
-
DNSapi.share.baidu.comRemote address:8.8.8.8:53Requestapi.share.baidu.comIN AResponseapi.share.baidu.comIN CNAMEapi.share.n.shifen.comapi.share.n.shifen.comIN A39.156.68.163api.share.n.shifen.comIN A112.34.113.148api.share.n.shifen.comIN A180.101.212.103api.share.n.shifen.comIN A182.61.201.93api.share.n.shifen.comIN A182.61.201.94api.share.n.shifen.comIN A182.61.240.101
-
GEThttp://api.share.baidu.com/s.gif?l=http://www.cnkankan.com/?82133Remote address:112.34.113.148:80RequestGET /s.gif?l=http://www.cnkankan.com/?82133 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: api.share.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=85FB39B30B6C3793BEE8BF764A8073F3:FG=1
ResponseHTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/plain; charset=utf-8
Date: Fri, 21 Oct 2022 12:14:13 GMT
-
DNSbaidu.hnmaccms.xyzRemote address:8.8.8.8:53Requestbaidu.hnmaccms.xyzIN AResponsebaidu.hnmaccms.xyzIN A143.92.57.79
-
GEThttp://baidu.hnmaccms.xyz/news/index.phpRemote address:143.92.57.79:80RequestGET /news/index.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: baidu.hnmaccms.xyz
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
-
GEThttp://baidu.hnmaccms.xyz/news/data.phpRemote address:143.92.57.79:80RequestGET /news/data.php HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://baidu.hnmaccms.xyz/news/index.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: baidu.hnmaccms.xyz
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
-
DNSwww.henniu4444.siteRemote address:8.8.8.8:53Requestwww.henniu4444.siteIN AResponsewww.henniu4444.siteIN A108.171.214.241
-
GEThttps://www.henniu4444.site/Remote address:108.171.214.241:443RequestGET / HTTP/2.0
host: www.henniu4444.site
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: http://baidu.hnmaccms.xyz/news/index.php
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-encoding: gzip
-
GEThttps://www.henniu4444.site/template/dfcc/css/ate.cssRemote address:108.171.214.241:443RequestGET /template/dfcc/css/ate.css HTTP/2.0
host: www.henniu4444.site
accept: text/css, */*
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: text/css
last-modified: Tue, 04 Jan 2022 15:13:24 GMT
vary: Accept-Encoding
etag: W/"61d46414-126e4"
expires: Sat, 22 Oct 2022 00:14:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
GEThttps://www.henniu4444.site/template/dfcc/css/zui.cssRemote address:108.171.214.241:443RequestGET /template/dfcc/css/zui.css HTTP/2.0
host: www.henniu4444.site
accept: text/css, */*
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: text/css
last-modified: Thu, 19 May 2022 10:41:58 GMT
vary: Accept-Encoding
etag: W/"62861ef6-164b3"
expires: Sat, 22 Oct 2022 00:14:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
GEThttps://www.henniu4444.site/template/dfcc/static/js/jquery.min.jsRemote address:108.171.214.241:443RequestGET /template/dfcc/static/js/jquery.min.js HTTP/2.0
host: www.henniu4444.site
accept: application/javascript, */*;q=0.8
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:07:32 GMT
vary: Accept-Encoding
etag: W/"61d99aa4-17b8b"
expires: Sat, 22 Oct 2022 00:14:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
GEThttps://www.henniu4444.site/template/dfcc/static/js/jquery.lazyload.min.jsRemote address:108.171.214.241:443RequestGET /template/dfcc/static/js/jquery.lazyload.min.js HTTP/2.0
host: www.henniu4444.site
accept: application/javascript, */*;q=0.8
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: application/javascript
last-modified: Sat, 08 Jan 2022 14:08:22 GMT
vary: Accept-Encoding
etag: W/"61d99ad6-d35"
expires: Sat, 22 Oct 2022 00:14:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
GEThttps://www.henniu4444.site/static/images/1.gifRemote address:108.171.214.241:443RequestGET /static/images/1.gif HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: image/gif
content-length: 254
last-modified: Fri, 24 Dec 2021 10:11:17 GMT
etag: "61c59cc5-fe"
expires: Sun, 20 Nov 2022 12:14:16 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/template/dfcc/html9/ads/dulian.jsRemote address:108.171.214.241:443RequestGET /template/dfcc/html9/ads/dulian.js HTTP/2.0
host: www.henniu4444.site
accept: application/javascript, */*;q=0.8
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 09:34:20 GMT
vary: Accept-Encoding
etag: W/"634e731c-4c5"
expires: Sat, 22 Oct 2022 00:14:16 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
content-encoding: gzip
-
GEThttps://www.henniu4444.site/template/dfcc/images/loading.svgRemote address:108.171.214.241:443RequestGET /template/dfcc/images/loading.svg HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: image/svg+xml
content-length: 506
last-modified: Sun, 09 Jan 2022 08:39:24 GMT
etag: "61da9f3c-1fa"
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/dingpiao.htmlRemote address:108.171.214.241:443RequestGET /dingpiao.html HTTP/2.0
host: www.henniu4444.site
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: text/html
content-length: 169
last-modified: Fri, 07 Oct 2022 09:35:13 GMT
etag: "633ff2d1-a9"
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/logo.htmlRemote address:108.171.214.241:443RequestGET /logo.html HTTP/2.0
host: www.henniu4444.site
accept: text/html, application/xhtml+xml, image/jxr, */*
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:16 GMT
content-type: text/html
content-length: 879
last-modified: Wed, 18 May 2022 08:37:40 GMT
etag: "6284b054-36f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/template/dfcc/images/video-mask.pngRemote address:108.171.214.241:443RequestGET /template/dfcc/images/video-mask.png HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/png
content-length: 107
last-modified: Tue, 04 Jan 2022 15:14:22 GMT
etag: "61d4644e-6b"
expires: Sun, 20 Nov 2022 12:14:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/template/dfcc/images/video-play.pngRemote address:108.171.214.241:443RequestGET /template/dfcc/images/video-play.png HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/png
content-length: 1567
last-modified: Tue, 04 Jan 2022 15:14:20 GMT
etag: "61d4644c-61f"
expires: Sun, 20 Nov 2022 12:14:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/henniu.pngRemote address:108.171.214.241:443RequestGET /henniu.png HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/logo.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/png
content-length: 4973
last-modified: Wed, 18 May 2022 08:34:27 GMT
etag: "6284af93-136d"
expires: Sun, 20 Nov 2022 12:14:17 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://www.henniu4444.site/logo.htmlRemote address:108.171.214.241:443RequestGET /logo.html HTTP/2.0
host: www.henniu4444.site
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
if-modified-since: Wed, 18 May 2022 08:37:40 GMT
if-none-match: "6284b054-36f"
cookie: Hm_lvt_83778f58a428085f4ecef06936407d2b=1666361653; Hm_lpvt_83778f58a428085f4ecef06936407d2b=1666361653
ResponseHTTP/2.0 304
server: nginx
date: Fri, 21 Oct 2022 12:14:28 GMT
last-modified: Wed, 18 May 2022 08:37:40 GMT
etag: "6284b054-36f"
strict-transport-security: max-age=31536000
-
GEThttps://www.henniu4444.site/henniu.pngRemote address:108.171.214.241:443RequestGET /henniu.png HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/logo.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
if-modified-since: Wed, 18 May 2022 08:34:27 GMT
if-none-match: "6284af93-136d"
cookie: Hm_lvt_83778f58a428085f4ecef06936407d2b=1666361653; Hm_lpvt_83778f58a428085f4ecef06936407d2b=1666361653
ResponseHTTP/2.0 304
server: nginx
date: Fri, 21 Oct 2022 12:14:28 GMT
last-modified: Wed, 18 May 2022 08:34:27 GMT
etag: "6284af93-136d"
expires: Sun, 20 Nov 2022 12:14:28 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
-
GEThttps://www.henniu4444.site/logo.htmlRemote address:108.171.214.241:443RequestGET /logo.html HTTP/2.0
host: www.henniu4444.site
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
if-modified-since: Wed, 18 May 2022 08:37:40 GMT
if-none-match: "6284b054-36f"
cookie: Hm_lvt_83778f58a428085f4ecef06936407d2b=1666361653; Hm_lpvt_83778f58a428085f4ecef06936407d2b=1666361653
ResponseHTTP/2.0 304
server: nginx
date: Fri, 21 Oct 2022 12:14:40 GMT
last-modified: Wed, 18 May 2022 08:37:40 GMT
etag: "6284b054-36f"
strict-transport-security: max-age=31536000
-
GEThttps://www.henniu4444.site/henniu.pngRemote address:108.171.214.241:443RequestGET /henniu.png HTTP/2.0
host: www.henniu4444.site
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/logo.html
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
if-modified-since: Wed, 18 May 2022 08:34:27 GMT
if-none-match: "6284af93-136d"
cookie: Hm_lvt_83778f58a428085f4ecef06936407d2b=1666361653; Hm_lpvt_83778f58a428085f4ecef06936407d2b=1666361653
ResponseHTTP/2.0 304
server: nginx
date: Fri, 21 Oct 2022 12:14:40 GMT
last-modified: Wed, 18 May 2022 08:34:27 GMT
etag: "6284af93-136d"
expires: Sun, 20 Nov 2022 12:14:40 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
-
DNSn0399.comRemote address:8.8.8.8:53Requestn0399.comIN AResponsen0399.comIN CNAMEnpyb5v4t-u.funnull01.vipnpyb5v4t-u.funnull01.vipIN CNAME35rnbma7.n.funnull33.com35rnbma7.n.funnull33.comIN A20.239.82.12935rnbma7.n.funnull33.comIN A20.239.82.15835rnbma7.n.funnull33.comIN A20.239.148.11535rnbma7.n.funnull33.comIN A20.24.96.12935rnbma7.n.funnull33.comIN A20.24.96.23735rnbma7.n.funnull33.comIN A20.24.97.9935rnbma7.n.funnull33.comIN A20.24.97.15635rnbma7.n.funnull33.comIN A20.24.97.17435rnbma7.n.funnull33.comIN A20.24.98.24235rnbma7.n.funnull33.comIN A20.24.99.16535rnbma7.n.funnull33.comIN A20.24.99.22035rnbma7.n.funnull33.comIN A20.24.101.6035rnbma7.n.funnull33.comIN A20.24.101.6235rnbma7.n.funnull33.comIN A20.24.102.3035rnbma7.n.funnull33.comIN A20.24.102.7335rnbma7.n.funnull33.comIN A20.24.102.7535rnbma7.n.funnull33.comIN A20.24.200.4835rnbma7.n.funnull33.comIN A20.24.200.5335rnbma7.n.funnull33.comIN A20.24.200.6635rnbma7.n.funnull33.comIN A20.205.47.49
-
DNSu0079.comRemote address:8.8.8.8:53Requestu0079.comIN AResponseu0079.comIN CNAMEnpyb5v4t-u.funnull01.vipnpyb5v4t-u.funnull01.vipIN CNAME35rnbma7.n.funnull33.com35rnbma7.n.funnull33.comIN A20.24.101.6235rnbma7.n.funnull33.comIN A20.24.102.3035rnbma7.n.funnull33.comIN A20.24.102.7335rnbma7.n.funnull33.comIN A20.24.102.7535rnbma7.n.funnull33.comIN A20.24.200.4835rnbma7.n.funnull33.comIN A20.24.200.5335rnbma7.n.funnull33.comIN A20.24.200.6635rnbma7.n.funnull33.comIN A20.205.47.4935rnbma7.n.funnull33.comIN A20.239.80.19635rnbma7.n.funnull33.comIN A20.239.81.8535rnbma7.n.funnull33.comIN A20.239.82.12935rnbma7.n.funnull33.comIN A20.239.82.15835rnbma7.n.funnull33.comIN A20.239.148.11535rnbma7.n.funnull33.comIN A20.24.96.12935rnbma7.n.funnull33.comIN A20.24.96.23735rnbma7.n.funnull33.comIN A20.24.97.9935rnbma7.n.funnull33.comIN A20.24.97.15635rnbma7.n.funnull33.comIN A20.24.97.17435rnbma7.n.funnull33.comIN A20.24.98.24235rnbma7.n.funnull33.comIN A20.24.99.165
-
DNS537882736.comRemote address:8.8.8.8:53Request537882736.comIN AResponse537882736.comIN CNAMEzhenzhu-01.oss-cn-hongkong.aliyuncs.comzhenzhu-01.oss-cn-hongkong.aliyuncs.comIN A47.75.19.145
-
DNSimg.999997.coRemote address:8.8.8.8:53Requestimg.999997.coIN AResponseimg.999997.coIN CNAMEdns.imgapp.topdns.imgapp.topIN A23.225.222.2dns.imgapp.topIN A23.225.222.18dns.imgapp.topIN A23.225.228.34dns.imgapp.topIN A23.225.228.58
-
DNSimg.x956.xyzRemote address:8.8.8.8:53Requestimg.x956.xyzIN AResponseimg.x956.xyzIN CNAMEdns.imgapp.topdns.imgapp.topIN A23.225.222.18dns.imgapp.topIN A23.225.222.2dns.imgapp.topIN A23.225.228.34dns.imgapp.topIN A23.225.228.58
-
DNSimg.syhy.topRemote address:8.8.8.8:53Requestimg.syhy.topIN AResponseimg.syhy.topIN CNAME25smcgdv-u.cnamexingzuoy.com25smcgdv-u.cnamexingzuoy.comIN CNAMEwyneg8vz.n.cnamexingzuoy.comwyneg8vz.n.cnamexingzuoy.comIN A137.175.22.206wyneg8vz.n.cnamexingzuoy.comIN A198.2.208.134wyneg8vz.n.cnamexingzuoy.comIN A142.4.102.54wyneg8vz.n.cnamexingzuoy.comIN A137.175.22.207wyneg8vz.n.cnamexingzuoy.comIN A192.74.247.151wyneg8vz.n.cnamexingzuoy.comIN A137.175.22.208wyneg8vz.n.cnamexingzuoy.comIN A192.74.247.152wyneg8vz.n.cnamexingzuoy.comIN A198.2.208.133wyneg8vz.n.cnamexingzuoy.comIN A142.4.102.55wyneg8vz.n.cnamexingzuoy.comIN A192.74.234.123
-
DNSp.qlogo.cnRemote address:8.8.8.8:53Requestp.qlogo.cnIN AResponsep.qlogo.cnIN CNAMEp.qpic.cnp.qpic.cnIN A43.154.254.32p.qpic.cnIN A43.129.255.47
-
DNSp.qlogo.cnRemote address:8.8.8.8:53Requestp.qlogo.cnIN AResponsep.qlogo.cnIN CNAMEp.qpic.cnp.qpic.cnIN A43.129.255.47p.qpic.cnIN A43.154.254.32
-
GEThttps://img.999997.co/images/631ae647b62b4063cbda48ef.gifRemote address:23.225.222.2:443RequestGET /images/631ae647b62b4063cbda48ef.gif HTTP/2.0
host: img.999997.co
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 302
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb
cache-control: max-age=86400
-
DNSdimg04.c-ctrip.comRemote address:8.8.8.8:53Requestdimg04.c-ctrip.comIN AResponsedimg04.c-ctrip.comIN CNAMEdimg04.c-ctrip.com.ctripgslb.comdimg04.c-ctrip.com.ctripgslb.comIN CNAMEc11978.edgekey.netc11978.edgekey.netIN CNAMEe11978.a.akamaiedge.nete11978.a.akamaiedge.netIN A104.74.225.127
-
DNS38qptu4.oss-cn-hangzhou.aliyuncs.comRemote address:8.8.8.8:53Request38qptu4.oss-cn-hangzhou.aliyuncs.comIN AResponse38qptu4.oss-cn-hangzhou.aliyuncs.comIN A47.110.177.110
-
GEThttps://img.x956.xyz/images/631aeb1cb62b4063cbda48f0.gifRemote address:23.225.222.18:443RequestGET /images/631aeb1cb62b4063cbda48f0.gif HTTP/2.0
host: img.x956.xyz
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 302
referrer-policy: no-referrer
location: https://p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79
cache-control: max-age=86400
-
GEThttps://img.syhy.top/2022/05/19/b3e29dd487b2b.gifRemote address:137.175.22.206:443RequestGET /2022/05/19/b3e29dd487b2b.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: img.syhy.top
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Content-Length: 536519
Connection: keep-alive
Last-Modified: Wed, 18 May 2022 16:33:12 GMT
ETag: "62851fc8-82fc7"
Expires: Sat, 19 Nov 2022 14:21:58 GMT
Cache-Control: max-age=2592000
Server: cdn
X-Cache-Status: HIT
Accept-Ranges: bytes
-
DNSxpj08.oss-cn-beijing.aliyuncs.comRemote address:8.8.8.8:53Requestxpj08.oss-cn-beijing.aliyuncs.comIN AResponsexpj08.oss-cn-beijing.aliyuncs.comIN A59.110.185.220
-
DNSkvhcc.comRemote address:8.8.8.8:53Requestkvhcc.comIN AResponsekvhcc.comIN A78.46.107.74
-
DNSkvhmm.comRemote address:8.8.8.8:53Requestkvhmm.comIN AResponsekvhmm.comIN A78.46.107.74
-
GEThttps://121.204.246.13:26888/gg/0.1-.gifRemote address:121.204.246.13:26888RequestGET /gg/0.1-.gif HTTP/2.0
host: 121.204.246.13:26888
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:14:14 GMT
content-type: image/gif
content-length: 121600
last-modified: Sat, 08 Oct 2022 12:12:38 GMT
etag: "63416936-1db00"
expires: Sun, 20 Nov 2022 12:14:14 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
DNSqpzc888.oss-cn-hangzhou.aliyuncs.comRemote address:8.8.8.8:53Requestqpzc888.oss-cn-hangzhou.aliyuncs.comIN AResponseqpzc888.oss-cn-hangzhou.aliyuncs.comIN A47.110.23.2
-
DNS84998085.comRemote address:8.8.8.8:53Request84998085.comIN AResponse84998085.comIN CNAMEayu.gudunimasdfadxasa.comayu.gudunimasdfadxasa.comIN CNAMEgtm-sg-4hr2x2s7q04.gtm-i1d1.comgtm-sg-4hr2x2s7q04.gtm-i1d1.comIN A154.39.67.221gtm-sg-4hr2x2s7q04.gtm-i1d1.comIN A154.39.67.229gtm-sg-4hr2x2s7q04.gtm-i1d1.comIN A154.39.67.234
-
DNS72agg.comRemote address:8.8.8.8:53Request72agg.comIN AResponse72agg.comIN A137.175.12.178
-
DNS3p8801.coRemote address:8.8.8.8:53Request3p8801.coIN AResponse3p8801.coIN A137.175.35.2
-
GEThttps://dimg04.c-ctrip.com/images/0103212000a31b7fz03B7.gif?proc=autoorientRemote address:104.74.225.127:443RequestGET /images/0103212000a31b7fz03B7.gif?proc=autoorient HTTP/2.0
host: dimg04.c-ctrip.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: image/gif
content-length: 1316883
access-control-allow-origin: *
last-modified: Tue, 12 May 2015 01:00:00 GMT
cache-control: max-age=15270189
expires: Sun, 16 Apr 2023 05:57:25 GMT
date: Fri, 21 Oct 2022 12:14:16 GMT
timing-allow-origin: *
-
DNSzhibo128x.xyzRemote address:8.8.8.8:53Requestzhibo128x.xyzIN AResponsezhibo128x.xyzIN CNAMEasheng.dl556677.comasheng.dl556677.comIN A154.83.25.141
-
GEThttps://xpj08.oss-cn-beijing.aliyuncs.com/vip80.gifRemote address:59.110.185.220:443RequestGET /vip80.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: xpj08.oss-cn-beijing.aliyuncs.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Content-Length: 264494
Connection: keep-alive
x-oss-request-id: 63528D28CB334A3538B2DE5D
Accept-Ranges: bytes
ETag: "672B95E7B6AB24B5606B8287DB85DBB4"
Last-Modified: Mon, 08 Aug 2022 07:28:40 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8762574589038276875
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: ZyuV57arJLVga4KH24XbtA==
x-oss-server-time: 1
-
DNScdn.u1.huluxia.comRemote address:8.8.8.8:53Requestcdn.u1.huluxia.comIN AResponsecdn.u1.huluxia.comIN CNAMEcdn.u1.huluxia.com.download.ks-cdn.comcdn.u1.huluxia.com.download.ks-cdn.comIN CNAMEk56.gslb.ksyuncdn.comk56.gslb.ksyuncdn.comIN A115.231.33.1k56.gslb.ksyuncdn.comIN A153.0.231.6k56.gslb.ksyuncdn.comIN A125.39.113.129k56.gslb.ksyuncdn.comIN A119.84.171.1k56.gslb.ksyuncdn.comIN A221.195.206.1k56.gslb.ksyuncdn.comIN A140.249.145.6k56.gslb.ksyuncdn.comIN A121.22.237.1k56.gslb.ksyuncdn.comIN A111.161.117.129k56.gslb.ksyuncdn.comIN A58.218.65.1k56.gslb.ksyuncdn.comIN A42.81.245.1k56.gslb.ksyuncdn.comIN A122.227.201.1k56.gslb.ksyuncdn.comIN A111.227.116.1k56.gslb.ksyuncdn.comIN A124.225.82.6k56.gslb.ksyuncdn.comIN A110.167.162.1
-
DNSkvevv.comRemote address:8.8.8.8:53Requestkvevv.comIN AResponsekvevv.comIN A64.32.13.142
-
DNSggt999.oss-cn-hangzhou.aliyuncs.comRemote address:8.8.8.8:53Requestggt999.oss-cn-hangzhou.aliyuncs.comIN AResponseggt999.oss-cn-hangzhou.aliyuncs.comIN A47.110.177.104
-
DNSkvezz.comRemote address:8.8.8.8:53Requestkvezz.comIN AResponsekvezz.comIN A104.143.94.110
-
GEThttps://84998085.com/8499/960x60.gifRemote address:154.39.67.221:443RequestGET /8499/960x60.gif HTTP/2.0
host: 84998085.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 142771
last-modified: Mon, 17 Oct 2022 14:36:50 GMT
etag: "634d6882-22db3"
expires: Sun, 20 Nov 2022 09:59:37 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn-ddos-cc
x-cache-status: HIT
accept-ranges: bytes
-
DNSkzeaa.comRemote address:8.8.8.8:53Requestkzeaa.comIN AResponsekzeaa.comIN A66.150.130.123
-
GEThttps://zhibo128x.xyz/128/960x120.gifRemote address:154.83.25.141:443RequestGET /128/960x120.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: zhibo128x.xyz
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: openresty
Date: Fri, 21 Oct 2022 12:14:17 GMT
Content-Type: image/gif
Content-Length: 647290
Connection: keep-alive
Last-Modified: Sat, 08 Oct 2022 06:08:16 GMT
ETag: "634113d0-9e07a"
Expires: Wed, 16 Nov 2022 15:01:59 GMT
Cache-Control: max-age=2592000
Via: 154.83.25.138
CDN-Cache: HIT
Accept-Ranges: bytes
-
DNSkvhaa.comRemote address:8.8.8.8:53Requestkvhaa.comIN AResponsekvhaa.comIN A78.46.107.74
-
DNSkveff.comRemote address:8.8.8.8:53Requestkveff.comIN AResponsekveff.comIN A64.32.13.142
-
GEThttp://cdn.u1.huluxia.com/g4/M01/A8/BC/rBAAdmMm1vmAR9JIAAdIafyG5QY340.gifRemote address:115.231.33.1:80RequestGET /g4/M01/A8/BC/rBAAdmMm1vmAR9JIAAdIafyG5QY340.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: cdn.u1.huluxia.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: image/jpeg
Content-Length: 477289
Connection: keep-alive
Server: KS3
ETag: "760cc21f91ee02e848650627ffa47ae2"
Date: Fri, 21 Oct 2022 12:14:16 GMT
Last-Modified: Sun, 18 Sep 2022 08:29:45 GMT
Cache-Control: no-cache
Accept-Ranges: bytes
X-Application-Context: application
x-kss-request-id: fdk3ot80l5f8bs6ld9ib5no5lkhqgch4
X-Info-StorageClass: -
Content-MD5: dgzCH5HuAuhIZQYn/6R64g==
x-kss-meta-huluxia_upload: huluxia_upload
x-link-via: nbct03:80;nbmp03:443;
x-b2f-cs-cache: no-cache
X-Cache-Status: MISS from KS-CLOUD-NB-MP-03-16
X-Cache-Status: MISS from KS-CLOUD-NB-CT-03-13
X-Cdn-Request-ID: 986a8b839fcf075f69bd39ca5681b86b
-
GEThttps://kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.gifRemote address:64.32.13.142:443RequestGET /dbb6158a2ca1378f4052d59ea53d1eac.gif HTTP/2.0
host: kvevv.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: text/html
content-length: 162
location: https://kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gif
strict-transport-security: max-age=31536000
-
DNSp9.toutiaoimg.comRemote address:8.8.8.8:53Requestp9.toutiaoimg.comIN AResponsep9.toutiaoimg.comIN CNAMEp9.toutiaoimg.com.bsgslb.comp9.toutiaoimg.com.bsgslb.comIN CNAMEuz91ipv6pic1.v.bsgslb.comuz91ipv6pic1.v.bsgslb.comIN A185.232.56.147
-
GEThttps://ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.gifRemote address:47.110.177.104:443RequestGET /xpj/xpj96060a.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ggt999.oss-cn-hangzhou.aliyuncs.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Content-Length: 338737
Connection: keep-alive
x-oss-request-id: 63528D28DC44E0323916DBEF
Accept-Ranges: bytes
ETag: "5AD650168381761587E881115DDF381F"
Last-Modified: Wed, 21 Sep 2022 10:06:53 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 10948447221979006143
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: WtZQFoOBdhWH6IERXd84Hw==
x-oss-server-time: 4
-
DNSp26.toutiaoimg.comRemote address:8.8.8.8:53Requestp26.toutiaoimg.comIN AResponsep26.toutiaoimg.comIN CNAMEp26.toutiaoimg.com.c.cdnhwc1.comp26.toutiaoimg.com.c.cdnhwc1.comIN CNAMEhcdnw.zjtd01.gslb.c.cdnhwc2.comhcdnw.zjtd01.gslb.c.cdnhwc2.comIN A120.52.95.237hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A120.52.95.236hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A120.52.95.235hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A120.52.95.241hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A182.118.39.171hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A182.118.39.173hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A182.118.39.169hcdnw.zjtd01.gslb.c.cdnhwc2.comIN A182.118.39.165
-
GEThttps://38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gifRemote address:47.110.177.110:443RequestGET /kyr87633.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 38qptu4.oss-cn-hangzhou.aliyuncs.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Content-Length: 299398
Connection: keep-alive
x-oss-request-id: 63528D28DF727131312DC751
Accept-Ranges: bytes
ETag: "F4B7967855549E81F65598B93A43D9DB"
Last-Modified: Sun, 05 Jun 2022 13:03:04 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 8810428828543929982
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: 9LeWeFVUnoH2VZi5OkPZ2w==
x-oss-server-time: 1
-
DNSwww.tupku.topRemote address:8.8.8.8:53Requestwww.tupku.topIN AResponsewww.tupku.topIN A188.114.96.0www.tupku.topIN A188.114.97.0
-
DNSnkiun.xyzRemote address:8.8.8.8:53Requestnkiun.xyzIN AResponsenkiun.xyzIN A8.210.99.166
-
GEThttps://p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.imageRemote address:185.232.56.147:443RequestGET /img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.image HTTP/2.0
host: p9.toutiaoimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: image/gif
content-length: 806826
date: Thu, 17 Feb 2022 07:21:28 GMT
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 06 Nov 2021 17:01:45 GMT
nw-session-id: 20211107010145010135150034018B504Fl6p6z01tt
nw-session-trace: 2021-11-07T01:01:45.065036824+08:00 57
x-bdcdn-cache-status: TCP_MISS
x-length: 806826
x-powered-by: ImageX
x-response-date: Sun, 07 Nov 2021 01:01:45 GMT
x-tt-logid: 20211107010145010135150034018B504F
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC62_dx-lt-yd-zhejiang-jinhua-12-cache-3, BC62_dx-lt-yd-zhejiang-jinhua-12-cache-3, BC161_dx-lt-yd-jiangsu-zhenjiang-6-cache-5, BC161_dx-lt-yd-jiangsu-zhenjiang-6-cache-5, BC110_US-Colorado-Denver-1-cache-2, BC147_NL-Amsterdam-Amsterdam-3-cache-1, BC147_NL-Amsterdam-Amsterdam-3-cache-1
x-cache: HIT from BC147_NL-Amsterdam-Amsterdam-3-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=2
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 154.61.71.50
x-response-cache: edge_hit
-
GEThttps://p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cbRemote address:185.232.56.147:443RequestGET /origin/pgc-image/440e4613c87e49aaa978851137a2e2cb HTTP/2.0
host: p9.toutiaoimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: image/gif
content-length: 86697
date: Tue, 18 Oct 2022 03:48:55 GMT
server: nginx
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 01 Oct 2021 06:59:21 GMT
nw-session-id: 202110011459210101940982193F1AF1C7sjvgq03tt
nw-session-trace: 2021-10-01T14:59:21.256856375+08:00 43
x-bdcdn-cache-status: TCP_MISS
x-length: 86697
x-powered-by: ImageX
x-response-date: Fri, 01 Oct 2021 14:59:21 GMT
x-tt-logid: 202110011459210101940982193F1AF1C7
x-tt-trace-tag: id=09;cdn-cache=hit;type=static
x-response-lb: image
x-ser: BC199_dx-lt-yd-jiangsu-huaian-8-cache-10, BC199_dx-lt-yd-jiangsu-huaian-8-cache-10, BC108_US-Colorado-Denver-1-cache-2, BC108_US-Colorado-Denver-1-cache-2, BC147_NL-Amsterdam-Amsterdam-3-cache-1, BC147_NL-Amsterdam-Amsterdam-3-cache-1
x-cache: HIT from BC147_NL-Amsterdam-Amsterdam-3-cache-1(baishan)
server-timing: cdn-cache;desc=HIT,edge;dur=2
access-control-allow-origin: *
timing-allow-origin: *
x-response-cinfo: 154.61.71.50
x-response-cache: edge_hit
-
DNSddcdn.comtucdncom.comRemote address:8.8.8.8:53Requestddcdn.comtucdncom.comIN AResponseddcdn.comtucdncom.comIN A45.89.208.106ddcdn.comtucdncom.comIN A45.89.208.114ddcdn.comtucdncom.comIN A45.89.209.74ddcdn.comtucdncom.comIN A172.247.77.90
-
DNSaooacctp.vipRemote address:8.8.8.8:53Requestaooacctp.vipIN AResponseaooacctp.vipIN A172.67.161.53aooacctp.vipIN A104.21.82.179
-
GEThttps://qpzc888.oss-cn-hangzhou.aliyuncs.com/%E6%B3%A8%E5%86%8C%E9%80%81888.gifRemote address:47.110.23.2:443RequestGET /%E6%B3%A8%E5%86%8C%E9%80%81888.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: qpzc888.oss-cn-hangzhou.aliyuncs.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 21 Oct 2022 12:14:33 GMT
Content-Type: image/gif
Content-Length: 515601
Connection: keep-alive
x-oss-request-id: 63528D2938B0ED34384B3F3A
Accept-Ranges: bytes
ETag: "304BCEE66017D12D21957A542DE2D250"
Last-Modified: Sat, 08 Oct 2022 06:58:14 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 15234205058321665175
x-oss-storage-class: Standard
Content-Disposition: attachment
x-oss-force-download: true
Content-MD5: MEvO5mAX0S0hlXpULeLSUA==
x-oss-server-time: 3
-
DNSs2.loli.netRemote address:8.8.8.8:53Requests2.loli.netIN AResponses2.loli.netIN CNAMEs2.loli.net.cdn.cloudflare.nets2.loli.net.cdn.cloudflare.netIN A172.67.69.40s2.loli.net.cdn.cloudflare.netIN A104.26.0.190s2.loli.net.cdn.cloudflare.netIN A104.26.1.190
-
DNSmei.netlbtu.comRemote address:8.8.8.8:53Requestmei.netlbtu.comIN AResponsemei.netlbtu.comIN A45.89.208.106mei.netlbtu.comIN A172.247.77.90mei.netlbtu.comIN A45.89.208.114mei.netlbtu.comIN A45.89.209.74
-
GEThttp://nkiun.xyz/guanggao/22.jpgRemote address:8.210.99.166:80RequestGET /guanggao/22.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: nkiun.xyz
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:16 GMT
Content-Type: image/jpeg
Content-Length: 16832
Last-Modified: Tue, 20 Sep 2022 14:03:48 GMT
Connection: keep-alive
ETag: "6329c844-41c0"
Expires: Sun, 20 Nov 2022 12:14:16 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
GEThttps://www.tupku.top/lm/031815-80.gifRemote address:188.114.96.0:443RequestGET /lm/031815-80.gif HTTP/2.0
host: www.tupku.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 1626999
last-modified: Thu, 07 Jul 2022 15:13:11 GMT
etag: "62c6f807-18d377"
expires: Tue, 15 Nov 2022 22:51:52 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 353431
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HGtFAFW0P%2FGyT2tO21kRs2bRzrLlitnCokhMpr3zYnz3CYGCZI4ev0i6TMy3PZLK%2Bt%2FNI%2FrL%2Br430oofN8gC25FfnyijU8%2BkTEFekDM9U6veoQ6rC%2FRVodYyjBsEZqAv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e97c6d5bb962-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
DNScbu01.alicdn.comRemote address:8.8.8.8:53Requestcbu01.alicdn.comIN AResponsecbu01.alicdn.comIN CNAMEcbu01.alicdn.com.danuoyi.tbcache.comcbu01.alicdn.com.danuoyi.tbcache.comIN A47.246.48.252cbu01.alicdn.com.danuoyi.tbcache.comIN A47.246.48.251
-
GEThttps://ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpgRemote address:45.89.208.106:443RequestGET /upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ddcdn.comtucdncom.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Tengine
Date: Fri, 21 Oct 2022 12:14:17 GMT
Content-Type: image/jpeg
Content-Length: 464670
Connection: keep-alive
Last-Modified: Wed, 16 Feb 2022 16:45:06 GMT
ETag: "620d2a12-7171e"
Expires: Sun, 20 Nov 2022 12:14:17 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
-
GEThttps://aooacctp.vip/lm/ynv100.gifRemote address:172.67.161.53:443RequestGET /lm/ynv100.gif HTTP/2.0
host: aooacctp.vip
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 89034
last-modified: Sun, 29 May 2022 06:37:35 GMT
etag: "629314af-15bca"
expires: Fri, 04 Nov 2022 21:06:53 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 1310159
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vsGXQar9Ogr2EA6YY58sK5w%2FKq5YKp6iatI7giMcTtXceCo0mUK5higKmz7Cd9INbYqw1Rz4ZMVUSy1q0UqTsknU2JFtLrR05wL%2B3Ak10IPbFuUWBHsstYmX5EyNt00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e97da9a1b719-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.gifRemote address:172.67.69.40:443RequestGET /2022/01/07/deGgwzf7Tly9S3b.gif HTTP/2.0
host: s2.loli.net
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 905505
cf-bgj: imgq:100,h2pri
cf-polished: status=not_needed
access-control-allow-origin: *
etag: "61d85c75-dd121"
last-modified: Fri, 07 Jan 2022 15:29:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: *
vary: Accept, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
cache-control: max-age=31536000
cf-cache-status: HIT
age: 146514
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVa%2BD95xt4qDCJmfjWxCRuKYJM0JAvlB63CK6C3cA5XV6eebd6bLjtVkF5vUgxt%2F6RtSuJr63H%2FcaeWpry7OXcsysb6%2FbYZz8S1dRiwZyAKnhCGrdfi95h%2F9qmLe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75d9e97c38c4b94e-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gifRemote address:45.89.208.106:443RequestGET /upload/art/gif/gfdt/071616_341-4.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mei.netlbtu.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: Tengine
Date: Fri, 21 Oct 2022 12:14:20 GMT
Content-Type: image/gif
Content-Length: 13797
Connection: keep-alive
Last-Modified: Mon, 19 Sep 2022 11:14:37 GMT
ETag: "63284f1d-35e5"
Accept-Ranges: bytes
-
GEThttps://mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gifRemote address:45.89.208.106:443RequestGET /upload/art/gif/20200421/170511-1.mp4_1587324106344.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mei.netlbtu.com
Connection: Keep-Alive
-
GEThttps://mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gifRemote address:45.89.208.106:443RequestGET /upload/art/gif/gfdt/746bfd5d31fc37377d.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: mei.netlbtu.com
Connection: Keep-Alive
-
GEThttps://n0399.com/2b03b609e0374edb96288e6080ea2f3b.gifRemote address:20.239.82.129:443RequestGET /2b03b609e0374edb96288e6080ea2f3b.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: n0399.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Sat, 01 Oct 2022 11:41:19 GMT
ETag: W/"6338275f-66969"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
-
GEThttps://kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.gifRemote address:78.46.107.74:443RequestGET /31e8054b323ed9fba7f318a7aa6d013a.gif HTTP/2.0
host: kvhcc.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 404
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: text/html
content-length: 146
-
GEThttps://u0079.com/00251f15d96a4f70ac9f9609e193909e.gifRemote address:20.24.101.62:443RequestGET /00251f15d96a4f70ac9f9609e193909e.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: u0079.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Fri, 07 Oct 2022 10:11:28 GMT
ETag: W/"633ffb50-54ee0"
Server: WAF/2.4-12.1
X-Cache-Status: HIT
Content-Encoding: gzip
-
DNSx2.c.lencr.orgRemote address:8.8.8.8:53Requestx2.c.lencr.orgIN AResponsex2.c.lencr.orgIN CNAMEcrl.root-x1.letsencrypt.org.edgekey.netcrl.root-x1.letsencrypt.org.edgekey.netIN CNAMEe8652.dscx.akamaiedge.nete8652.dscx.akamaiedge.netIN A23.2.164.159
-
GEThttps://537882736.com/a0642d61fd984cbe9181fe8353ebc7e3.gifRemote address:47.75.19.145:443RequestGET /a0642d61fd984cbe9181fe8353ebc7e3.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 537882736.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: AliyunOSS
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: image/gif
Content-Length: 67749
Connection: keep-alive
x-oss-request-id: 63528D28DD75B7343874A7E0
Accept-Ranges: bytes
ETag: "7FB729164DE96495010D31173B4DFDE9"
Last-Modified: Thu, 29 Sep 2022 07:49:55 GMT
x-oss-object-type: Normal
x-oss-hash-crc64ecma: 3572186298259414675
x-oss-storage-class: Standard
Content-MD5: f7cpFk3pZJUBDTEXO0396Q==
x-oss-server-time: 2
-
GEThttps://72agg.com/gg/960x60-2.gifRemote address:137.175.12.178:443RequestGET /gg/960x60-2.gif HTTP/2.0
host: 72agg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:16:07 GMT
content-type: image/gif
content-length: 256929
last-modified: Tue, 11 Oct 2022 11:16:11 GMT
etag: "6345507b-3eba1"
expires: Sun, 20 Nov 2022 12:16:07 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpgRemote address:47.246.48.252:443RequestGET /img/ibank/2020/865/518/22902815568_1738432517.jpg HTTP/2.0
host: cbu01.alicdn.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: image/jpeg
content-length: 98277
date: Thu, 30 Dec 2021 15:58:00 GMT
last-modified: Thu, 24 Dec 2020 19:19:13 GMT
picasso-ret-code: SUCCESS
request-time: 0.083
expires: Fri, 30 Dec 2022 15:58:00 GMT
cache-control: max-age=31536000
ali-swift-global-savetime: 1640879880
via: cache9.l2de2[0,0,200-0,H], cache6.l2de2[1,0], cache3.nl2[0,0,200-0,H], cache3.nl2[1,0]
access-control-allow-origin: *
age: 25474592
x-cache: HIT TCP_MEM_HIT dirn:11:380261710
x-swift-savetime: Fri, 09 Sep 2022 15:48:57 GMT
x-swift-cachetime: 9677343
timing-allow-origin: *
eagleid: 2ff6309716663544725155443e
-
GEThttps://hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2bRemote address:103.235.46.191:443RequestGET /hm.js?83778f58a428085f4ecef06936407d2b HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://www.henniu4444.site/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=85FB39B30B6C3793BEE8BF764A8073F3:FG=1
ResponseHTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 11337
Content-Type: application/javascript
Date: Fri, 21 Oct 2022 12:14:18 GMT
Etag: 8bc2744ed49baaff42547c7bcb14556b
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=905BF7F4292E7140; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
Strict-Transport-Security: max-age=172800
-
GEThttps://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=602&et=0&ja=1&ln=en-us&lo=0&rnd=1674548166&si=c68f6151c34979f57bf650beb65cecdf&v=1.2.97&lv=1&sn=3208&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cnkankan.com%2F%3F82133&tt=%E5%85%AD%E5%AE%89%E5%98%8E%E6%8B%93%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8Remote address:103.235.46.191:443RequestGET /hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=602&et=0&ja=1&ln=en-us&lo=0&rnd=1674548166&si=c68f6151c34979f57bf650beb65cecdf&v=1.2.97&lv=1&sn=3208&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cnkankan.com%2F%3F82133&tt=%E5%85%AD%E5%AE%89%E5%98%8E%E6%8B%93%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Referer: http://www.cnkankan.com/?82133
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=85FB39B30B6C3793BEE8BF764A8073F3:FG=1; HMACCOUNT=905BF7F4292E7140
ResponseHTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Fri, 21 Oct 2022 12:14:20 GMT
Pragma: no-cache
Server: apache
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
-
DNS6655cy.comRemote address:8.8.8.8:53Request6655cy.comIN AResponse6655cy.comIN A154.197.14.66655cy.comIN A154.197.15.576655cy.comIN A154.197.14.126655cy.comIN A154.39.66.2236655cy.comIN A154.197.15.816655cy.comIN A154.197.15.86
-
GEThttps://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gifRemote address:104.143.94.110:443RequestGET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/2.0
host: kvezz.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: text/html
content-length: 162
location: https://acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gif
strict-transport-security: max-age=31536000
-
GEThttps://3p8801.co/960x60.gifRemote address:137.175.35.2:443RequestGET /960x60.gif HTTP/2.0
host: 3p8801.co
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:17:58 GMT
content-type: image/gif
content-length: 45072
last-modified: Tue, 27 Sep 2022 13:27:28 GMT
etag: "6332fa40-b010"
expires: Sun, 20 Nov 2022 12:17:58 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://3p8801.co/3p960x60.gifRemote address:137.175.35.2:443RequestGET /3p960x60.gif HTTP/2.0
host: 3p8801.co
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:17:58 GMT
content-type: image/gif
content-length: 310536
last-modified: Sat, 23 Jul 2022 12:26:45 GMT
etag: "62dbe905-4bd08"
expires: Sun, 20 Nov 2022 12:17:58 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://3p8801.co/hg960x60.gifRemote address:137.175.35.2:443RequestGET /hg960x60.gif HTTP/2.0
host: 3p8801.co
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: nginx
date: Fri, 21 Oct 2022 12:17:58 GMT
content-type: image/gif
content-length: 138679
last-modified: Sat, 23 Jul 2022 12:26:47 GMT
etag: "62dbe907-21db7"
expires: Sun, 20 Nov 2022 12:17:58 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
-
GEThttps://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gifRemote address:66.150.130.123:443RequestGET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/2.0
host: kzeaa.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: text/html
content-length: 162
location: https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gif
strict-transport-security: max-age=31536000
-
GEThttp://x2.c.lencr.org/Remote address:23.2.164.159:80RequestGET / HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: x2.c.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/pkix-crl
Last-Modified: Mon, 13 Jun 2022 17:00:00 GMT
ETag: "62a76d10-12c"
Cache-Control: max-age=3600
Expires: Fri, 21 Oct 2022 13:14:16 GMT
Date: Fri, 21 Oct 2022 12:14:16 GMT
Content-Length: 300
Connection: keep-alive
-
GEThttps://p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.imageRemote address:120.52.95.237:443RequestGET /img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.image HTTP/2.0
host: p26.toutiaoimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 677521
server: openresty
age: 10226112
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Thu, 30 Dec 2021 00:07:35 GMT
nw-session-id: 2021123008073501015013614530ADE9B0dprsv01tt
nw-session-trace: 2021-12-30T08:07:35.194015393+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-ccdn-cachettl: 31536000
x-length: 677521
x-powered-by: ImageX
x-response-date: Thu, 30 Dec 2021 08:07:35 GMT
x-response-lb: image
x-tt-logid: 2021123008073501015013614530ADE9B0
nginx-hit: 1
server-timing: cdn-cache;desc=HIT, edge;dur=4
via: CHN-HElangfang-AREACUCC1-CACHE42[4],CHN-HElangfang-AREACUCC1-CACHE35[0,TCP_HIT,0],CHN-TJ-GLOBAL1-CACHE60[39],CHN-TJ-GLOBAL1-CACHE35[0,TCP_HIT,36]
x-hcs-proxy-type: 1
x-tt-trace-host: 016a2077e03b2041825c42669e9a23cec5ee04519515486308eb42b81315658df6aa5ed29ad219c7d25626d5b022cced5274c18183adcd43889f65e87a17fde2315b0226a7e5f07d4c19094125051b3e74699be800dd629619bc2141d5fb81fc89ccc76230d7d3e4f731a9d881f3cb16c4
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 154.61.71.50
-
GEThttps://p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.imageRemote address:120.52.95.237:443RequestGET /img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.image HTTP/2.0
host: p26.toutiaoimg.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 301024
server: openresty
age: 6551731
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Sat, 06 Nov 2021 17:01:43 GMT
nw-session-id: 2021110701014301015108502152A73235rcjk803tt
nw-session-trace: 2021-11-07T01:01:43.669209445+08:00 34
x-bdcdn-cache-status: TCP_MISS
x-ccdn-cachettl: 31536000
x-length: 301024
x-powered-by: ImageX
x-response-date: Sun, 07 Nov 2021 01:01:43 GMT
x-response-lb: image
x-tt-logid: 2021110701014301015108502152A73235
nginx-hit: 1
server-timing: cdn-cache;desc=HIT, edge;dur=5
via: CHN-HElangfang-AREACUCC1-CACHE42[5],CHN-HElangfang-AREACUCC1-CACHE15[0,TCP_HIT,2],CHN-TJ-GLOBAL1-CACHE90[6],CHN-TJ-GLOBAL1-CACHE72[0,TCP_HIT,4]
x-hcs-proxy-type: 1
x-tt-trace-host: 016e0001876583f0a366970da60fe77c66f56a5eb79688f9c4e7e6c49708d552a39ce55d97749c3e8510d737d6bed077b75390b82e45430b80f2266ba222fbd73cd89bceef56b5d71b00add0867f5f44d259170ca6c80d220231d003018378230b0a9b18efbe7abad09aa9b368178b8893f8ed65931abed8e45506dc8686afd64a2dd156f524477f07b8b7fcfe9e7fdb2c
x-tt-trace-tag: id=26;cdn-cache=hit;type=static
accept-ranges: bytes
access-control-allow-origin: *
x-response-cache: edge_hit
x-response-cinfo: 154.61.71.50
-
GEThttps://kvhaa.com/f0e76a5c8312a00241ad726bac0f2d0f.gifRemote address:78.46.107.74:443RequestGET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/2.0
host: kvhaa.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gif
strict-transport-security: max-age=31536000
-
GEThttps://kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.gifRemote address:78.46.107.74:443RequestGET /75c160dc06d6f81ac36aed8c45cf917e.gif HTTP/2.0
host: kvhaa.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: text/html
content-length: 162
location: https://nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gif
strict-transport-security: max-age=31536000
-
GEThttps://6655cy.com/cdn/ashkad.gifRemote address:154.197.14.6:443RequestGET /cdn/ashkad.gif HTTP/2.0
host: 6655cy.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 311408
last-modified: Mon, 15 Aug 2022 08:53:58 GMT
etag: "62fa09a6-4c070"
expires: Sat, 19 Nov 2022 15:47:49 GMT
cache-control: max-age=2592000
server: cdn-ddos-cc
x-cache-status: HIT
accept-ranges: bytes
-
DNSe1.o.lencr.orgRemote address:8.8.8.8:53Requeste1.o.lencr.orgIN AResponsee1.o.lencr.orgIN CNAMEo.lencr.edgesuite.neto.lencr.edgesuite.netIN CNAMEa1887.dscq.akamai.neta1887.dscq.akamai.netIN A96.16.53.165a1887.dscq.akamai.netIN A96.16.53.142
-
GEThttp://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgT4AoPD0h78j77b3WhKkACG7w%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgT4AoPD0h78j77b3WhKkACG7w%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "601C45DDC25253D3B7C0027C88BDABF0D156D2344067B5FF3CD81A53CD72D851"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3457
Expires: Fri, 21 Oct 2022 13:11:54 GMT
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
-
GEThttp://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgPpsuY3xCEJWX1b8XvP2Xx%2FXA%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgPpsuY3xCEJWX1b8XvP2Xx%2FXA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "1F71F0987117E1B9C0BF199F4FBDDF42C632D575B76F3CD0767946CE05AD4ADA"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2708
Expires: Fri, 21 Oct 2022 12:59:40 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "36C1D1A6F8EFF3CF2981D274399FA3A0798209109440C934FCDB54329A293B95"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7295
Expires: Fri, 21 Oct 2022 14:16:07 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTDSdt37TOzbOkBAJy107saWQ%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTDSdt37TOzbOkBAJy107saWQ%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: e1.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "4CAF47F4ACE56C1795538A126E62CE918641A2E47FEFB57C2F257648D0E50F4D"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12071
Expires: Fri, 21 Oct 2022 15:35:43 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0F18D69EA54E51768267E74E9766CA40E38CEF43C481DA4C24A2B07DC92D9B0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7290
Expires: Fri, 21 Oct 2022 14:15:47 GMT
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3EB668179B3DE03CF71E81B098A786975BE974524E675ACC0B0048A0509F6A29"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Fri, 21 Oct 2022 13:10:47 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5795405A3FB5C6B7F83188BDE30DED302D232A460199A9AB078ED5FE654C9C36"
Last-Modified: Fri, 21 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6403
Expires: Fri, 21 Oct 2022 14:01:00 GMT
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "068F22AA57BFD4FC0AFBD2ED7C769ACD59512656F7307B7D06624684E5E08D8C"
Last-Modified: Thu, 20 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9720
Expires: Fri, 21 Oct 2022 14:56:32 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
DNSzerossl.crt.sectigo.comRemote address:8.8.8.8:53Requestzerossl.crt.sectigo.comIN AResponsezerossl.crt.sectigo.comIN CNAMEcrt.sectigo.comcrt.sectigo.comIN A91.199.212.52
-
DNSdvcasha2.ocsp-certum.comRemote address:8.8.8.8:53Requestdvcasha2.ocsp-certum.comIN AResponsedvcasha2.ocsp-certum.comIN CNAMEocsp.akamai.certum.plocsp.akamai.certum.plIN CNAMEocsp.certum.pl.edgekey.netocsp.certum.pl.edgekey.netIN CNAMEe96763.dscb.akamaiedge.nete96763.dscb.akamaiedge.netIN A104.110.191.60e96763.dscb.akamaiedge.netIN A104.110.191.7
-
GEThttp://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEHZhWy1nRC%2FkvK%2BUjboG%2FtE%3DRemote address:104.110.191.60:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEHZhWy1nRC%2FkvK%2BUjboG%2FtE%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: dvcasha2.ocsp-certum.com
ResponseHTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: STALE
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=611
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
X-N: S
-
GEThttp://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3DRemote address:104.110.191.60:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: dvcasha2.ocsp-certum.com
ResponseHTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=652
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
X-N: S
-
GEThttp://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crtRemote address:91.199.212.52:80RequestGET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: zerossl.crt.sectigo.com
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:17 GMT
Content-Type: application/pkix-cert
Content-Length: 1753
Connection: keep-alive
Last-Modified: Thu, 30 Jan 2020 00:00:00 GMT
ETag: "5e321c80-6d9"
X-CCACDN-Mirror-ID: mscrl2
Cache-Control: max-age=14400, s-maxage=3600
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
-
GEThttp://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crtRemote address:91.199.212.52:80RequestGET /ZeroSSLRSADomainSecureSiteCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: zerossl.crt.sectigo.com
ResponseHTTP/1.1 200 OK
Server: nginx
Date: Fri, 21 Oct 2022 12:14:17 GMT
Content-Type: application/pkix-cert
Content-Length: 1753
Connection: keep-alive
Last-Modified: Thu, 30 Jan 2020 00:00:00 GMT
ETag: "5e321c80-6d9"
X-CCACDN-Mirror-ID: sscrl2
Cache-Control: max-age=14400, s-maxage=3600
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
Accept-Ranges: bytes
-
DNSkvhwww.topRemote address:8.8.8.8:53Requestkvhwww.topIN AResponsekvhwww.topIN A172.67.162.45kvhwww.topIN A104.21.15.106
-
DNSnvhaaa.topRemote address:8.8.8.8:53Requestnvhaaa.topIN AResponsenvhaaa.topIN A104.21.234.41nvhaaa.topIN A104.21.234.40
-
GEThttps://nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gifRemote address:104.21.234.41:443RequestGET /f0e76a5c8312a00241ad726bac0f2d0f.gif HTTP/2.0
host: nvhaaa.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 158847
last-modified: Wed, 10 Aug 2022 09:44:15 GMT
etag: "62f37def-26c7f"
expires: Fri, 18 Nov 2022 17:30:15 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 153842
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsN711yrNMBVrBBQ4U51xrvH91aSYQxqdPu2DTQ%2FjcCh7XTW9Cj67P8z06pzyJk%2Bomfm5K3eqRqdiegRnzyeH2cAyEqUErv%2FLRd6dbDekNTB7DdUxE%2BFbW8Kl9F3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9801d03b822-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gifRemote address:104.21.234.41:443RequestGET /75c160dc06d6f81ac36aed8c45cf917e.gif HTTP/2.0
host: nvhaaa.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 228122
last-modified: Mon, 04 Jul 2022 12:16:06 GMT
etag: "62c2da06-37b1a"
expires: Sat, 19 Nov 2022 22:52:48 GMT
cache-control: max-age=2592000
cf-cache-status: HIT
age: 48089
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Np9VZfR%2BrYhrVYxtw5atqoiS5QyhhFzJFxcO09eriFRQscvTmhvzHvetkB3FuTm%2Bn98rfuVr1Js%2B3Gax1ZJ0aar4t2JaHWvuo%2BOzJ1xnUk1sVR2%2BKtbUPupM6Zlm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9801d06b822-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttp://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3DRemote address:104.110.191.60:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: dvcasha2.ocsp-certum.com
ResponseHTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=141
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
X-N: S
-
GEThttp://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3DRemote address:104.110.191.60:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: dvcasha2.ocsp-certum.com
ResponseHTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=141
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
X-N: S
-
GEThttps://p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0Remote address:43.154.254.32:443RequestGET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0 HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 142771
vary: Accept,Origin
last-modified: Sun, 02 Oct 2022 12:35:19 GMT
cache-control: max-age=2592000
x-delay: 107 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 142771
chid: 0
fid: 0
x-nws-log-uuid: d0f16012-ee92-4bfd-9d0a-5b5ba002e0d4
-
GEThttps://p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gifRemote address:43.154.254.32:443RequestGET /hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gif HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 1362871
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:47 GMT
cache-control: max-age=2592000
x-delay: 550 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1362871
chid: 0
fid: 0
x-nws-log-uuid: 7c2fb6ac-f09d-473a-905f-d2b070f5f500
-
GEThttps://p.qlogo.cn/hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gifRemote address:43.154.254.32:443RequestGET /hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gif HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/png
content-length: 62229
vary: Accept,Origin
last-modified: Tue, 19 Oct 2021 21:03:59 GMT
cache-control: max-age=2592000
x-delay: 20046 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 62229
chid: 0
fid: 0
x-nws-log-uuid: 85e9b97f-f56f-442b-b693-c72aa61c31d3
-
GEThttps://p.qlogo.cn/qqmail_head/PiajxSqBRaEJJRn8gJmldAhC0pUPnSjTFBia3lcU1Yh3mASpwYtAmD8Ru5UEX6CO3WjJsCjiboD2cM/0Remote address:43.154.254.32:443RequestGET /qqmail_head/PiajxSqBRaEJJRn8gJmldAhC0pUPnSjTFBia3lcU1Yh3mASpwYtAmD8Ru5UEX6CO3WjJsCjiboD2cM/0 HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 213547
vary: Accept,Origin
last-modified: Sun, 04 Sep 2022 14:24:30 GMT
cache-control: max-age=2592000
x-delay: 32837 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 213547
chid: 0
fid: 0
x-nws-log-uuid: eaf0eaae-9aef-4a9b-bdc3-9a160b9bd3c2
-
GEThttps://p.qlogo.cn/hy_personal/3e28f14aa051684245c4e0cfebfbd4b5718b81296fd49d7bf7e195eedfaeff9d/0.pngRemote address:43.154.254.32:443RequestGET /hy_personal/3e28f14aa051684245c4e0cfebfbd4b5718b81296fd49d7bf7e195eedfaeff9d/0.png HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 477965
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 16:41:35 GMT
cache-control: max-age=2592000
x-delay: 51201 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 477965
chid: 0
fid: 0
x-nws-log-uuid: eefcfc34-f062-4374-ae37-b303eb3ff0b6
-
GEThttps://p.qlogo.cn/hy_personal/3e28f14aa0516842f3606d494fc8b4b27c6b815da34ccd7ccd21c30c3d533f0b/0.gifRemote address:43.154.254.32:443RequestGET /hy_personal/3e28f14aa0516842f3606d494fc8b4b27c6b815da34ccd7ccd21c30c3d533f0b/0.gif HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 479312
vary: Accept,Origin
last-modified: Tue, 04 Oct 2022 14:57:04 GMT
cache-control: max-age=2592000
x-delay: 68226 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 479312
chid: 0
fid: 0
x-nws-log-uuid: 5590bea3-3781-4da1-9f33-0ba8de37a9db
-
GEThttps://p.qlogo.cn/hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gifRemote address:43.154.254.32:443RequestGET /hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gif HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 1607696
vary: Accept,Origin
last-modified: Sat, 10 Jul 2021 16:21:45 GMT
cache-control: max-age=2592000
x-delay: 110203 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1607696
chid: 0
fid: 0
x-nws-log-uuid: 81f03b70-a9df-4fd0-b543-916ebfca3660
-
GEThttps://p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0Remote address:43.154.254.32:443RequestGET /qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0 HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 1167114
vary: Accept,Origin
last-modified: Wed, 21 Sep 2022 13:02:27 GMT
cache-control: max-age=2592000
x-delay: 101253 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1167114
chid: 0
fid: 0
x-nws-log-uuid: 5a957dca-8b9c-4711-92ce-b47b240b4947
-
GEThttps://p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0Remote address:43.154.254.32:443RequestGET /qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0 HTTP/2.0
host: p.qlogo.cn
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Qnginx/1.4.4
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 1367629
vary: Accept,Origin
last-modified: Mon, 18 Jul 2022 17:11:05 GMT
cache-control: max-age=2592000
x-delay: 120074 us
x-info: real data
x-bcheck: 0_1
x-cpt: filename=0
user-returncode: 0
x-datasrc: 2
x-reqgue: 0
size: 1367629
chid: 0
fid: 0
x-nws-log-uuid: c219c89f-9fc8-47a1-9395-e9421bff1eb0
-
GEThttp://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3DRemote address:104.110.191.60:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: dvcasha2.ocsp-certum.com
ResponseHTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 1599
X-Cached: HIT
Strict-Transport-Security: max-age=63072000,includeSubDomains,preload
Cache-Control: max-age=652
Date: Fri, 21 Oct 2022 12:14:17 GMT
Connection: keep-alive
X-N: S
-
GEThttps://kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gifRemote address:172.67.162.45:443RequestGET /dbb6158a2ca1378f4052d59ea53d1eac.gif HTTP/2.0
host: kvhwww.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:17 GMT
content-type: image/gif
content-length: 748104
last-modified: Thu, 15 Sep 2022 12:34:54 GMT
etag: "63231bee-b6a48"
expires: Fri, 18 Nov 2022 05:17:24 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 197813
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JE9eRfoGrRYwe9mYBAPKxEpoEo9xjrcswPm3llWS4TcDFucXwggKrVJbquoLA5wo2t58%2B533P7l7PeK4veL6nzDS7F3eizFuIOXWLkOHp1IzcMgevD1chViNjWVz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9819ecf415a-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
DNScrl.globalsign.comRemote address:8.8.8.8:53Requestcrl.globalsign.comIN AResponsecrl.globalsign.comIN CNAMEglobal.prd.cdn.globalsign.comglobal.prd.cdn.globalsign.comIN CNAMEcdn.globalsigncdn.com.cdn.cloudflare.netcdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.20.226cdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.21.226
-
GEThttp://crl.globalsign.com/root-r3.crlRemote address:104.18.20.226:80RequestGET /root-r3.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:18 GMT
Content-Type: application/pkix-crl
Content-Length: 1814
Connection: keep-alive
Last-Modified: Fri, 07 Oct 2022 00:00:00 GMT
ETag: 34
Expires: Sun, 15 Jan 2023 00:00:00 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1994
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 75d9e985fc6bd0b5-AMS
-
GEThttp://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlRemote address:104.18.20.226:80RequestGET /gs/gsorganizationvalsha2g2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: application/pkix-crl
Content-Length: 1463
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 09:33:17 GMT
ETag: EC46
Expires: Fri, 28 Oct 2022 09:33:16 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: EXPIRED
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 75d9e9da49afd0b5-AMS
-
DNSbofangqi.6gg.cnRemote address:8.8.8.8:53Requestbofangqi.6gg.cnIN AResponsebofangqi.6gg.cnIN CNAMEagent31.juming.comagent31.juming.comIN A47.242.162.24
-
DNSbofangqi.6gg.cnRemote address:8.8.8.8:53Requestbofangqi.6gg.cnIN AResponsebofangqi.6gg.cnIN CNAMEagent31.juming.comagent31.juming.comIN A47.242.162.24
-
GEThttp://bofangqi.6gg.cn/jm_setup_qvod.exeRemote address:47.242.162.24:80RequestGET /jm_setup_qvod.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
Host: bofangqi.6gg.cn
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Server: Tengine
Date: Fri, 21 Oct 2022 12:14:21 GMT
Content-Type: text/html
Content-Length: 3
Connection: keep-alive
ETag: "62c5ba64-3"
-
DNSmohe.6gg.cnRemote address:8.8.8.8:53Requestmohe.6gg.cnIN AResponsemohe.6gg.cnIN CNAMEagent31.juming.comagent31.juming.comIN A47.242.162.24
-
DNSmohe.6gg.cnRemote address:8.8.8.8:53Requestmohe.6gg.cnIN AResponsemohe.6gg.cnIN CNAMEagent31.juming.comagent31.juming.comIN A47.242.162.24
-
GEThttp://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3DRemote address:104.18.20.226:80RequestGET /rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp2.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1433
Connection: keep-alive
Expires: Tue, 25 Oct 2022 10:12:06 GMT
ETag: "b9a25f6e0725ddc8628c804f94c14451538afca9"
Last-Modified: Fri, 21 Oct 2022 10:12:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 90
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 75d9e9abccdcb70a-AMS
-
DNScrl.comodoca.comRemote address:8.8.8.8:53Requestcrl.comodoca.comIN AResponsecrl.comodoca.comIN CNAMEcrl.comodoca.com.cdn.cloudflare.netcrl.comodoca.com.cdn.cloudflare.netIN A172.64.155.188crl.comodoca.com.cdn.cloudflare.netIN A104.18.32.68
-
GEThttp://crl.comodoca.com/AAACertificateServices.crlRemote address:172.64.155.188:80RequestGET /AAACertificateServices.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: crl.comodoca.com
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:31 GMT
Content-Type: application/pkix-crl
Content-Length: 506
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 02:15:27 GMT
ETag: "635200bf-1fa"
X-CCACDN-Mirror-ID: sscrl2
Cache-Control: max-age=14400, s-maxage=3600
Expires: Fri, 28 Oct 2022 02:15:27 GMT
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 438
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 75d9e9d9ebb4b7c7-AMS
-
GEThttps://kvhmm.com/ad87e7a061a798b443a65981a71ace19.gifRemote address:78.46.107.74:443RequestGET /ad87e7a061a798b443a65981a71ace19.gif HTTP/2.0
host: kvhmm.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: text/html
content-length: 162
location: https://kvtfff.top/ad87e7a061a798b443a65981a71ace19.gif
strict-transport-security: max-age=31536000
-
GEThttps://kveff.com/7c1e634b8fdc5fffb90ef9d9c0070667.gifRemote address:64.32.13.142:443RequestGET /7c1e634b8fdc5fffb90ef9d9c0070667.gif HTTP/2.0
host: kveff.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: text/html
content-length: 162
location: https://kvtnnn.top/7c1e634b8fdc5fffb90ef9d9c0070667.gif
strict-transport-security: max-age=31536000
-
GEThttps://kveff.com/68a7807de3933bf7079116fa9df99e6f.gifRemote address:64.32.13.142:443RequestGET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/2.0
host: kveff.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
server: nginx
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: text/html
content-length: 162
location: https://kvtnnn.top/68a7807de3933bf7079116fa9df99e6f.gif
strict-transport-security: max-age=31536000
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E916B26A9C79AF98AB71D8BB7B8FCB44DF68C1F553F4F594C5E3D144E1416A9"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21301
Expires: Fri, 21 Oct 2022 18:09:33 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3EB668179B3DE03CF71E81B098A786975BE974524E675ACC0B0048A0509F6A29"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Fri, 21 Oct 2022 13:10:47 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD249B5C1DC302B9AEF85BDEEAFDD9C310ED4474166C49652B45F6D509076AA7"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9789
Expires: Fri, 21 Oct 2022 14:57:41 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E916B26A9C79AF98AB71D8BB7B8FCB44DF68C1F553F4F594C5E3D144E1416A9"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21301
Expires: Fri, 21 Oct 2022 18:09:33 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD249B5C1DC302B9AEF85BDEEAFDD9C310ED4474166C49652B45F6D509076AA7"
Last-Modified: Thu, 20 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9789
Expires: Fri, 21 Oct 2022 14:57:41 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRXKaoCkGDOJRSXVheV8K%2Bo%2Bw%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRXKaoCkGDOJRSXVheV8K%2Bo%2Bw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D4E4E8313A8AE9F305569FDA0556FBF83A73D4D53B2E329030454A4FD7F8A83"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5861
Expires: Fri, 21 Oct 2022 13:52:13 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "068F22AA57BFD4FC0AFBD2ED7C769ACD59512656F7307B7D06624684E5E08D8C"
Last-Modified: Thu, 20 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9720
Expires: Fri, 21 Oct 2022 14:56:32 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3DRemote address:96.16.53.165:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3EB668179B3DE03CF71E81B098A786975BE974524E675ACC0B0048A0509F6A29"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3375
Expires: Fri, 21 Oct 2022 13:10:47 GMT
Date: Fri, 21 Oct 2022 12:14:32 GMT
Connection: keep-alive
-
GEThttp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCECO3bePBuysaUZYeCOq3ZOg%3DRemote address:172.64.155.188:80RequestGET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCECO3bePBuysaUZYeCOq3ZOg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp.usertrust.com
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:32 GMT
Content-Type: application/ocsp-response
Content-Length: 978
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 17:00:58 GMT
Expires: Thu, 27 Oct 2022 17:00:57 GMT
Etag: "c0797bda6f7e223aaedf6df84d735cb65620e9ca"
Cache-Control: max-age=603981,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1625
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 75d9e9daaecb1e79-AMS
-
DNSkvtfff.topRemote address:8.8.8.8:53Requestkvtfff.topIN AResponsekvtfff.topIN A104.21.233.215kvtfff.topIN A104.21.233.216
-
GEThttps://kvtfff.top/ad87e7a061a798b443a65981a71ace19.gifRemote address:104.21.233.215:443RequestGET /ad87e7a061a798b443a65981a71ace19.gif HTTP/2.0
host: kvtfff.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 819053
last-modified: Fri, 16 Sep 2022 07:25:13 GMT
etag: "632424d9-c7f6d"
expires: Sat, 19 Nov 2022 10:54:32 GMT
cache-control: max-age=5356800
cf-cache-status: HIT
age: 91200
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6VkOEiPRn%2BwiRXQtN8bAZ%2FAIhae8Mz0N9J%2BixMtYeEIBW1exMX47CnJiScd%2B3ADYSQ16RgTF4Y5VrqCPDsO6fC0bFOsFxGJe42bH17I5OIM5CR6DsP8TvPxBHAS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9dc7b86b73a-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
DNSacoossi.topRemote address:8.8.8.8:53Requestacoossi.topIN AResponseacoossi.topIN A104.21.234.200acoossi.topIN A104.21.234.201
-
GEThttps://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gifRemote address:104.21.234.200:443RequestGET /92f0c144d76dd785f7c04f84ae149b33.gif HTTP/2.0
host: acoossi.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 1024160
last-modified: Wed, 25 May 2022 13:49:10 GMT
etag: "628e33d6-fa0a0"
expires: Sun, 20 Nov 2022 10:49:44 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 5088
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFn3s3f05G%2FYgwI9MeCM%2BIoVpypc22wbcbN4VJUGHzj1Q8o4cmw4qmqe6i8%2B%2FOCY17%2B2zzFWlqG23GcXexgGlLGLZYL0P9Hx0KY4Gy%2F%2F%2FU3wl0cYfDa3flbcgfJIrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9dd8cb0b984-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
DNSacoossn.topRemote address:8.8.8.8:53Requestacoossn.topIN AResponseacoossn.topIN A188.114.96.0acoossn.topIN A188.114.97.0
-
GEThttps://acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gifRemote address:188.114.96.0:443RequestGET /95ca29ec3907b3bf2d8a24b35e3eda22.gif HTTP/2.0
host: acoossn.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:32 GMT
content-type: image/gif
content-length: 400264
last-modified: Mon, 02 May 2022 19:22:39 GMT
etag: "62702f7f-61b88"
expires: Sun, 06 Nov 2022 20:46:38 GMT
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1178874
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zyqyOpCzI%2F%2BlPEOe9wc8WsFkc0G2IGeHIVHyjDJJxZK3F3xhrAO23tY7JMdD6431tGneyKePeMpyP1iD5McmeuG0RoXeMDJaV5vkJT0pSOoStGonAALL16xQWZaQ0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9dec94e0b4f-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
DNSp3.douyinpic.comRemote address:8.8.8.8:53Requestp3.douyinpic.comIN AResponsep3.douyinpic.comIN CNAMEp3.douyinpic.com.w.cdngslb.comp3.douyinpic.com.w.cdngslb.comIN A47.246.48.224p3.douyinpic.com.w.cdngslb.comIN A47.246.48.229p3.douyinpic.com.w.cdngslb.comIN A47.246.48.231p3.douyinpic.com.w.cdngslb.comIN A47.246.48.228p3.douyinpic.com.w.cdngslb.comIN A47.246.48.227p3.douyinpic.com.w.cdngslb.comIN A47.246.48.230p3.douyinpic.com.w.cdngslb.comIN A47.246.48.225p3.douyinpic.com.w.cdngslb.comIN A47.246.48.226
-
GEThttps://p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79Remote address:47.246.48.224:443RequestGET /obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79 HTTP/2.0
host: p3.douyinpic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: image/gif
content-length: 824465
date: Mon, 17 Oct 2022 21:44:43 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Mon, 17 Oct 2022 11:31:26 GMT
nw-session-id: 2022101719312601013113605215C3C675hw2r701dy
nw-session-trace: 2022-10-17T19:31:26.212709188+08:00 68
x-bdcdn-cache-status: TCP_HIT
x-length: 824465
x-powered-by: ImageX
x-response-date: Mon, 17 Oct 2022 19:31:26 GMT
x-tt-logid: 2022101719312601013113605215C3C675
via: n204-098-210, cache20.l2de2[0,1,206-0,H], cache21.l2de2[3,0], cache21.l2de2[4,0], cache4.nl2[0,0,200-0,H], cache5.nl2[6,0]
x-request-ip: fdbd:dc01:27:721::21
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 154.61.71.50
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=6
x-tt-trace-host: 0173e110d0a984495addb1d88dc687d552cd7b1aed61e06e4445b19f132561e847df2e107023f02cec4f0ced2b930cb22c6322789b46869bb3af917024ab4645ae8a3d6cab7a17de4945c47a379741cf02033650ee413a5f87801a7b37aed1d2e3
x-response-lb: image
ali-swift-global-savetime: 1666043083
age: 311390
x-cache: HIT TCP_MEM_HIT dirn:6:416606242 mlen:0
x-swift-savetime: Thu, 20 Oct 2022 22:35:26 GMT
x-swift-cachetime: 31273757
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff6309916663544735986043e
-
GEThttps://p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5ebRemote address:47.246.48.224:443RequestGET /obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5eb HTTP/2.0
host: p3.douyinpic.com
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
server: Tengine
content-type: image/gif
content-length: 497844
date: Fri, 09 Sep 2022 08:24:07 GMT
cache-control: max-age=31536000
imagex-fmt: gif2gif
last-modified: Fri, 09 Sep 2022 07:07:58 GMT
nw-session-id: 2022090915075801015013207646542CA8nbl8201dy
nw-session-trace: 2022-09-09T15:07:58.286847555+08:00 41
x-bdcdn-cache-status: TCP_HIT
x-length: 497844
x-powered-by: ImageX
x-response-date: Fri, 09 Sep 2022 15:07:58 GMT
x-tt-logid: 2022090915075801015013207646542CA8
via: n132-067-174, cache25.l2de2[0,0,206-0,H], cache8.l2de2[0,0], cache8.l2de2[0,0], cache4.nl2[0,0,200-0,H], cache5.nl2[4,0]
x-request-ip: fdbd:dc03:15:294::68
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
x-response-cinfo: 154.61.71.50
x-response-cache: edge_hit
server-timing: cdn-cache;desc=HIT,edge;dur=4
x-tt-trace-host: 01c5b752b8829910e641fcd98210a6e05ecaa64505b343592c57aa70e4ebeccb7f8e26f4ca8c29cc7b7f27ea40ab1e8be87be14d16b53b63dca60abc5364d9e522afa6034d22063014da7c2681029ef5d43dbcdc76266e81484d8de20dc091ec69
x-response-lb: image
ali-swift-global-savetime: 1662711847
age: 3642626
x-cache: HIT TCP_MEM_HIT dirn:8:1067642317
x-swift-savetime: Fri, 09 Sep 2022 08:41:57 GMT
x-swift-cachetime: 31534930
timing-allow-origin: *, *
access-control-allow-origin: *
eagleid: 2ff6309916663544736016049e
-
DNSkvtnnn.topRemote address:8.8.8.8:53Requestkvtnnn.topIN AResponsekvtnnn.topIN A104.21.234.87kvtnnn.topIN A104.21.234.86
-
GEThttps://kvtnnn.top/68a7807de3933bf7079116fa9df99e6f.gifRemote address:104.21.234.87:443RequestGET /68a7807de3933bf7079116fa9df99e6f.gif HTTP/2.0
host: kvtnnn.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:33 GMT
content-type: image/gif
content-length: 366444
last-modified: Fri, 19 Aug 2022 17:02:28 GMT
etag: "62ffc224-5976c"
expires: Tue, 15 Nov 2022 06:29:39 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 452694
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LocVKuLNhGpnwk5%2Bx3q%2FyAw%2BivIOq%2BejGj7XifTEWjH5IIVTesevjGXjmrXwTqa4bvM3gkrpcmI8ED1%2F85Q5ommAmV%2FwaJldoN44iPQnDyjP1nQsp3v03eeTUf3%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9e43a9db890-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://kvtnnn.top/7c1e634b8fdc5fffb90ef9d9c0070667.gifRemote address:104.21.234.87:443RequestGET /7c1e634b8fdc5fffb90ef9d9c0070667.gif HTTP/2.0
host: kvtnnn.top
accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
referer: https://www.henniu4444.site/
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
date: Fri, 21 Oct 2022 12:14:33 GMT
content-type: image/gif
content-length: 293854
last-modified: Sat, 08 Oct 2022 08:18:26 GMT
etag: "63413252-47bde"
expires: Wed, 16 Nov 2022 07:27:51 GMT
cache-control: max-age=16070400
cf-cache-status: HIT
age: 362802
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uPFMHRcexIPpcTiPZaLJVkc8cLjOSwY3i9LppjyYfmykgfRlFb4vUj4bHtsOiSnY9WiYqoIDtWsIlxe7606Jg%2BS4fbABuPn5eJYd5KI4gak283m3mX1rvxE6gDJS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75d9e9e43aa0b890-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPWkzxcdih9c6hGH%2FjHew2Rig%3D%3DRemote address:96.16.53.142:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPWkzxcdih9c6hGH%2FjHew2Rig%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "942F1E0E7183D691BD76660E163445DDA60EFC71C45D086699CC2B87FE9B1DC3"
Last-Modified: Thu, 20 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2671
Expires: Fri, 21 Oct 2022 12:59:09 GMT
Date: Fri, 21 Oct 2022 12:14:38 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3DRemote address:96.16.53.142:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D0F18D69EA54E51768267E74E9766CA40E38CEF43C481DA4C24A2B07DC92D9B0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7243
Expires: Fri, 21 Oct 2022 14:15:21 GMT
Date: Fri, 21 Oct 2022 12:14:38 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3DRemote address:96.16.53.142:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5795405A3FB5C6B7F83188BDE30DED302D232A460199A9AB078ED5FE654C9C36"
Last-Modified: Fri, 21 Oct 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6338
Expires: Fri, 21 Oct 2022 14:00:16 GMT
Date: Fri, 21 Oct 2022 12:14:38 GMT
Connection: keep-alive
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPrIN8bOjhKeRdHf0F2T4QtIA%3D%3DRemote address:96.16.53.142:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPrIN8bOjhKeRdHf0F2T4QtIA%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "76E63A201EDAC8592114D99462B498724796FEC25B437884DC124097D7F9AD2B"
Last-Modified: Wed, 19 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7099
Expires: Fri, 21 Oct 2022 14:12:57 GMT
Date: Fri, 21 Oct 2022 12:14:38 GMT
Connection: keep-alive
-
GEThttp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEcTfiQheoN0LZw7cg%3D%3DRemote address:104.18.20.226:80RequestGET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEcTfiQheoN0LZw7cg%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: ocsp2.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Fri, 21 Oct 2022 12:14:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1459
Connection: keep-alive
Expires: Tue, 25 Oct 2022 09:50:53 GMT
ETag: "7f560533d8e61f097929d5384043557e64e74f9e"
Last-Modified: Fri, 21 Oct 2022 09:50:54 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3234
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 75d9ea024fc4b936-AMS
-
GEThttp://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgM1Jk7G6RMAxxWSNhCknPEqWQ%3D%3DRemote address:96.16.53.142:80RequestGET /MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgM1Jk7G6RMAxxWSNhCknPEqWQ%3D%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: r3.o.lencr.org
ResponseHTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9B358B600C622D73A801286E9605E123FA585931DACC1D33174B8CB061F6799"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3452
Expires: Fri, 21 Oct 2022 13:12:10 GMT
Date: Fri, 21 Oct 2022 12:14:38 GMT
Connection: keep-alive
-
DNSdownload1.38522.com.cdn20.comRemote address:8.8.8.8:53Requestdownload1.38522.com.cdn20.comIN AResponse
-
DNSwww.xunlei100.comRemote address:8.8.8.8:53Requestwww.xunlei100.comIN AResponsewww.xunlei100.comIN A107.148.37.108
-
93.184.221.240:80
-
121.14.142.19:1000
-
93.184.221.240:80
-
93.184.221.240:80
-
93.184.221.240:80
-
52.168.117.170:443
-
121.14.142.19:1000
-
121.14.142.19:1000
-
93.184.221.240:80
-
47.52.231.246:27889jump3.35638.com
-
103.207.160.245:80http://www.cnkankan.com/common.jshttp
HTTP Request
GET http://www.cnkankan.com/?82133HTTP Response
200HTTP Request
GET http://www.cnkankan.com/common.jsHTTP Response
200 -
103.207.160.245:80http://www.cnkankan.com/tj.jshttp
HTTP Request
GET http://www.cnkankan.com/tj.jsHTTP Response
200 -
103.235.46.191:443hm.baidu.com
-
103.235.46.191:443https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=585&et=0&ja=1&ln=en-us&lo=0&rnd=122839961&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2Fnews%2Findex.php&v=1.2.97&lv=1&sn=3208&r=0&ww=1263&ct=!!&u=https%3A%2F%2Fwww.henniu4444.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86tls, http
HTTP Request
GET https://hm.baidu.com/hm.js?c68f6151c34979f57bf650beb65cecdfHTTP Response
200HTTP Request
GET https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=585&et=0&ja=1&ln=en-us&lo=0&rnd=122839961&si=83778f58a428085f4ecef06936407d2b&su=http%3A%2F%2Fbaidu.hnmaccms.xyz%2Fnews%2Findex.php&v=1.2.97&lv=1&sn=3208&r=0&ww=1263&ct=!!&u=https%3A%2F%2Fwww.henniu4444.site%2F&tt=%E5%BE%88%E7%89%9B%E5%BD%B1%E8%A7%86HTTP Response
200 -
39.156.68.163:80http://push.zhanzhang.baidu.com/push.jshttp
HTTP Request
GET http://push.zhanzhang.baidu.com/push.jsHTTP Response
200 -
39.156.68.163:80push.zhanzhang.baidu.com
-
39.156.68.163:80api.share.baidu.com
-
39.156.68.163:80api.share.baidu.com
-
112.34.113.148:80api.share.baidu.com
-
112.34.113.148:80api.share.baidu.com
-
112.34.113.148:80http://api.share.baidu.com/s.gif?l=http://www.cnkankan.com/?82133http
HTTP Request
GET http://api.share.baidu.com/s.gif?l=http://www.cnkankan.com/?82133HTTP Response
200 -
143.92.57.79:80http://baidu.hnmaccms.xyz/news/data.phphttp
HTTP Request
GET http://baidu.hnmaccms.xyz/news/index.phpHTTP Response
200HTTP Request
GET http://baidu.hnmaccms.xyz/news/data.phpHTTP Response
200 -
108.171.214.241:443www.henniu4444.sitetls, http2
-
108.171.214.241:443https://www.henniu4444.site/henniu.pngtls, http2
HTTP Request
GET https://www.henniu4444.site/HTTP Response
200HTTP Request
GET https://www.henniu4444.site/template/dfcc/css/ate.cssHTTP Request
GET https://www.henniu4444.site/template/dfcc/css/zui.cssHTTP Request
GET https://www.henniu4444.site/template/dfcc/static/js/jquery.min.jsHTTP Request
GET https://www.henniu4444.site/template/dfcc/static/js/jquery.lazyload.min.jsHTTP Request
GET https://www.henniu4444.site/static/images/1.gifHTTP Request
GET https://www.henniu4444.site/template/dfcc/html9/ads/dulian.jsHTTP Response
200HTTP Response
200HTTP Request
GET https://www.henniu4444.site/template/dfcc/images/loading.svgHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://www.henniu4444.site/dingpiao.htmlHTTP Request
GET https://www.henniu4444.site/logo.htmlHTTP Response
200HTTP Response
200HTTP Request
GET https://www.henniu4444.site/template/dfcc/images/video-mask.pngHTTP Request
GET https://www.henniu4444.site/template/dfcc/images/video-play.pngHTTP Request
GET https://www.henniu4444.site/henniu.pngHTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://www.henniu4444.site/logo.htmlHTTP Response
304HTTP Request
GET https://www.henniu4444.site/henniu.pngHTTP Response
304HTTP Request
GET https://www.henniu4444.site/logo.htmlHTTP Response
304HTTP Request
GET https://www.henniu4444.site/henniu.pngHTTP Response
304 -
23.225.222.2:443img.999997.cotls, http2
-
23.225.222.2:443https://img.999997.co/images/631ae647b62b4063cbda48ef.giftls, http2
HTTP Request
GET https://img.999997.co/images/631ae647b62b4063cbda48ef.gifHTTP Response
302 -
23.225.222.18:443https://img.x956.xyz/images/631aeb1cb62b4063cbda48f0.giftls, http2
HTTP Request
GET https://img.x956.xyz/images/631aeb1cb62b4063cbda48f0.gifHTTP Response
302 -
23.225.222.18:443img.x956.xyztls, http2
-
137.175.22.206:443https://img.syhy.top/2022/05/19/b3e29dd487b2b.giftls, http
HTTP Request
GET https://img.syhy.top/2022/05/19/b3e29dd487b2b.gifHTTP Response
200 -
137.175.22.206:443img.syhy.toptls
-
121.204.246.13:26888tls, http2
-
121.204.246.13:26888https://121.204.246.13:26888/gg/0.1-.giftls, http2
HTTP Request
GET https://121.204.246.13:26888/gg/0.1-.gifHTTP Response
200 -
104.74.225.127:443dimg04.c-ctrip.comtls, http2
-
104.74.225.127:443https://dimg04.c-ctrip.com/images/0103212000a31b7fz03B7.gif?proc=autoorienttls, http2
HTTP Request
GET https://dimg04.c-ctrip.com/images/0103212000a31b7fz03B7.gif?proc=autoorientHTTP Response
200 -
59.110.185.220:443https://xpj08.oss-cn-beijing.aliyuncs.com/vip80.giftls, http
HTTP Request
GET https://xpj08.oss-cn-beijing.aliyuncs.com/vip80.gifHTTP Response
200 -
59.110.185.220:443xpj08.oss-cn-beijing.aliyuncs.comtls
-
154.39.67.221:44384998085.comtls, http2
-
154.39.67.221:443https://84998085.com/8499/960x60.giftls, http2
HTTP Request
GET https://84998085.com/8499/960x60.gifHTTP Response
200 -
154.83.25.141:443https://zhibo128x.xyz/128/960x120.giftls, http
HTTP Request
GET https://zhibo128x.xyz/128/960x120.gifHTTP Response
200 -
154.83.25.141:443zhibo128x.xyztls
-
115.231.33.1:80cdn.u1.huluxia.com
-
115.231.33.1:80http://cdn.u1.huluxia.com/g4/M01/A8/BC/rBAAdmMm1vmAR9JIAAdIafyG5QY340.gifhttp
HTTP Request
GET http://cdn.u1.huluxia.com/g4/M01/A8/BC/rBAAdmMm1vmAR9JIAAdIafyG5QY340.gifHTTP Response
200 -
64.32.13.142:443https://kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.giftls, http2
HTTP Request
GET https://kvevv.com/dbb6158a2ca1378f4052d59ea53d1eac.gifHTTP Response
301 -
64.32.13.142:443kvevv.comtls
-
47.110.177.104:443ggt999.oss-cn-hangzhou.aliyuncs.comtls
-
47.110.177.104:443https://ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.giftls, http
HTTP Request
GET https://ggt999.oss-cn-hangzhou.aliyuncs.com/xpj/xpj96060a.gifHTTP Response
200 -
47.110.177.110:44338qptu4.oss-cn-hangzhou.aliyuncs.comtls
-
47.110.177.110:443https://38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.giftls, http
HTTP Request
GET https://38qptu4.oss-cn-hangzhou.aliyuncs.com/kyr87633.gifHTTP Response
200 -
185.232.56.147:443https://p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cbtls, http2
HTTP Request
GET https://p9.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/dcadd199aa5e4cb291ed40729e0fa5a9~noop.imageHTTP Request
GET https://p9.toutiaoimg.com/origin/pgc-image/440e4613c87e49aaa978851137a2e2cbHTTP Response
200HTTP Response
200 -
185.232.56.147:443p9.toutiaoimg.comtls, http2
-
47.110.23.2:443https://qpzc888.oss-cn-hangzhou.aliyuncs.com/%E6%B3%A8%E5%86%8C%E9%80%81888.giftls, http
HTTP Request
GET https://qpzc888.oss-cn-hangzhou.aliyuncs.com/%E6%B3%A8%E5%86%8C%E9%80%81888.gifHTTP Response
200 -
47.110.23.2:443qpzc888.oss-cn-hangzhou.aliyuncs.comtls
-
8.210.99.166:80nkiun.xyz
-
8.210.99.166:80http://nkiun.xyz/guanggao/22.jpghttp
HTTP Request
GET http://nkiun.xyz/guanggao/22.jpgHTTP Response
200 -
188.114.96.0:443https://www.tupku.top/lm/031815-80.giftls, http2
HTTP Request
GET https://www.tupku.top/lm/031815-80.gifHTTP Response
200 -
188.114.96.0:443www.tupku.toptls, http2
-
45.89.208.106:443https://ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpgtls, http
HTTP Request
GET https://ddcdn.comtucdncom.com/upload/vod/20211208-1/3dbaac8a18dffbb986cb8ada5afe756f.jpgHTTP Response
200 -
45.89.208.106:443ddcdn.comtucdncom.comtls
-
172.67.161.53:443aooacctp.viptls, http2
-
172.67.161.53:443https://aooacctp.vip/lm/ynv100.giftls, http2
HTTP Request
GET https://aooacctp.vip/lm/ynv100.gifHTTP Response
200 -
172.67.69.40:443https://s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.giftls, http2
HTTP Request
GET https://s2.loli.net/2022/01/07/deGgwzf7Tly9S3b.gifHTTP Response
200 -
172.67.69.40:443s2.loli.nettls, http2
-
45.89.208.106:443https://mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.giftls, http
HTTP Request
GET https://mei.netlbtu.com/upload/art/gif/gfdt/071616_341-4.gifHTTP Response
200 -
45.89.208.106:443https://mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.giftls, http
HTTP Request
GET https://mei.netlbtu.com/upload/art/gif/20200421/170511-1.mp4_1587324106344.gif -
45.89.208.106:443https://mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.giftls, http
HTTP Request
GET https://mei.netlbtu.com/upload/art/gif/gfdt/746bfd5d31fc37377d.gif -
20.239.82.129:443n0399.comtls
-
20.239.82.129:443https://n0399.com/2b03b609e0374edb96288e6080ea2f3b.giftls, http
HTTP Request
GET https://n0399.com/2b03b609e0374edb96288e6080ea2f3b.gifHTTP Response
200 -
78.46.107.74:443kvhcc.comtls, http2
-
78.46.107.74:443https://kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.giftls, http2
HTTP Request
GET https://kvhcc.com/31e8054b323ed9fba7f318a7aa6d013a.gifHTTP Response
404 -
20.24.101.62:443https://u0079.com/00251f15d96a4f70ac9f9609e193909e.giftls, http
HTTP Request
GET https://u0079.com/00251f15d96a4f70ac9f9609e193909e.gifHTTP Response
200 -
20.24.101.62:443u0079.comtls
-
47.75.19.145:443https://537882736.com/a0642d61fd984cbe9181fe8353ebc7e3.giftls, http
HTTP Request
GET https://537882736.com/a0642d61fd984cbe9181fe8353ebc7e3.gifHTTP Response
200 -
47.75.19.145:443537882736.comtls
-
137.175.12.178:443https://72agg.com/gg/960x60-2.giftls, http2
HTTP Request
GET https://72agg.com/gg/960x60-2.gifHTTP Response
200 -
137.175.12.178:44372agg.comtls
-
64.32.13.142:443kveff.comtls
-
64.32.13.142:443kveff.comtls
-
47.246.48.252:443https://cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpgtls, http2
HTTP Request
GET https://cbu01.alicdn.com/img/ibank/2020/865/518/22902815568_1738432517.jpgHTTP Response
200 -
47.246.48.252:443cbu01.alicdn.comtls, http2
-
103.235.46.191:443https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=602&et=0&ja=1&ln=en-us&lo=0&rnd=1674548166&si=c68f6151c34979f57bf650beb65cecdf&v=1.2.97&lv=1&sn=3208&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cnkankan.com%2F%3F82133&tt=%E5%85%AD%E5%AE%89%E5%98%8E%E6%8B%93%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8tls, http
HTTP Request
GET https://hm.baidu.com/hm.js?83778f58a428085f4ecef06936407d2bHTTP Response
200HTTP Request
GET https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1280x720&vl=602&et=0&ja=1&ln=en-us&lo=0&rnd=1674548166&si=c68f6151c34979f57bf650beb65cecdf&v=1.2.97&lv=1&sn=3208&r=0&ww=1280&ct=!!&u=http%3A%2F%2Fwww.cnkankan.com%2F%3F82133&tt=%E5%85%AD%E5%AE%89%E5%98%8E%E6%8B%93%E9%80%9A%E8%AE%AF%E8%82%A1%E4%BB%BD%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8HTTP Response
200 -
78.46.107.74:443kvhmm.comtls
-
78.46.107.74:443kvhmm.comtls
-
104.143.94.110:443kvezz.comtls, http2
-
104.143.94.110:443https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.giftls, http2
HTTP Request
GET https://kvezz.com/95ca29ec3907b3bf2d8a24b35e3eda22.gifHTTP Response
301 -
137.175.35.2:443https://3p8801.co/hg960x60.giftls, http2
HTTP Request
GET https://3p8801.co/960x60.gifHTTP Request
GET https://3p8801.co/3p960x60.gifHTTP Request
GET https://3p8801.co/hg960x60.gifHTTP Response
200HTTP Response
200HTTP Response
200 -
137.175.35.2:4433p8801.cotls, http2
-
137.175.35.2:4433p8801.cotls, http2
-
66.150.130.123:443https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.giftls, http2
HTTP Request
GET https://kzeaa.com/92f0c144d76dd785f7c04f84ae149b33.gifHTTP Response
301 -
66.150.130.123:443kzeaa.comtls, http2
-
23.2.164.159:80http://x2.c.lencr.org/http
HTTP Request
GET http://x2.c.lencr.org/HTTP Response
200 -
120.52.95.237:443p26.toutiaoimg.comtls, http2
-
120.52.95.237:443https://p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.imagetls, http2
HTTP Request
GET https://p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/8c2e2faca3334d7cbd282d7fd4381cd7~noop.imageHTTP Request
GET https://p26.toutiaoimg.com/img/tos-cn-i-siecs4i2o7/0226fc4667f041eebafb92c08aba742c~noop.imageHTTP Response
200HTTP Response
200 -
78.46.107.74:443https://kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.giftls, http2
HTTP Request
GET https://kvhaa.com/f0e76a5c8312a00241ad726bac0f2d0f.gifHTTP Request
GET https://kvhaa.com/75c160dc06d6f81ac36aed8c45cf917e.gifHTTP Response
301HTTP Response
301 -
78.46.107.74:443kvhaa.comtls, http2
-
154.197.14.6:4436655cy.comtls, http2
-
154.197.14.6:443https://6655cy.com/cdn/ashkad.giftls, http2
HTTP Request
GET https://6655cy.com/cdn/ashkad.gifHTTP Response
200 -
96.16.53.165:80e1.o.lencr.org
-
96.16.53.165:80http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTDSdt37TOzbOkBAJy107saWQ%3D%3Dhttp
HTTP Request
GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgT4AoPD0h78j77b3WhKkACG7w%3D%3DHTTP Response
200HTTP Request
GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgPpsuY3xCEJWX1b8XvP2Xx%2FXA%3D%3DHTTP Response
200HTTP Request
GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgNG5mnJuLCHwPqOL6VmOjnlNg%3D%3DHTTP Response
200HTTP Request
GET http://e1.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBTvkAFw3ViPKmUeIVEf3NC7b1ErqwQUWvPtK%2Fw2wjd5uVIw6lRvz1XLLqwCEgTDSdt37TOzbOkBAJy107saWQ%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3DHTTP Response
200HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3DHTTP Response
200HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3DHTTP Response
200 -
96.16.53.165:80e1.o.lencr.org
-
96.16.53.165:80e1.o.lencr.org
-
96.16.53.165:80e1.o.lencr.org
-
96.16.53.165:80e1.o.lencr.org
-
104.110.191.60:80http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3Dhttp
HTTP Request
GET http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEHZhWy1nRC%2FkvK%2BUjboG%2FtE%3DHTTP Response
200HTTP Request
GET http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3DHTTP Response
200 -
91.199.212.52:80http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crthttp
HTTP Request
GET http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crtHTTP Response
200 -
91.199.212.52:80http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crthttp
HTTP Request
GET http://zerossl.crt.sectigo.com/ZeroSSLRSADomainSecureSiteCA.crtHTTP Response
200 -
104.21.234.41:443https://nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.giftls, http2
HTTP Request
GET https://nvhaaa.top/f0e76a5c8312a00241ad726bac0f2d0f.gifHTTP Request
GET https://nvhaaa.top/75c160dc06d6f81ac36aed8c45cf917e.gifHTTP Response
200HTTP Response
200 -
104.21.234.41:443nvhaaa.top
-
104.110.191.60:80http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3Dhttp
HTTP Request
GET http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3DHTTP Response
200 -
104.110.191.60:80http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3Dhttp
HTTP Request
GET http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEF1Ih%2FtHHrLxGaYWjn2WyvU%3DHTTP Response
200 -
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443p.qlogo.cntls, http2
-
43.154.254.32:443https://p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0tls, http2
HTTP Request
GET https://p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZTee7pdNQtTmNRpGbcuGVd3R5dJqQ2WeTg/0HTTP Request
GET https://p.qlogo.cn/hy_personal/3e28f14aa051684288f48c7778a1baca61ef768176a8751683ac04f422be0577/0.gifHTTP Request
GET https://p.qlogo.cn/hy_personal/3e28f14aa0516842b0d3a640a8115f694f72709b874c8fbaed06015b20b6665e/0.gifHTTP Request
GET https://p.qlogo.cn/qqmail_head/PiajxSqBRaEJJRn8gJmldAhC0pUPnSjTFBia3lcU1Yh3mASpwYtAmD8Ru5UEX6CO3WjJsCjiboD2cM/0HTTP Request
GET https://p.qlogo.cn/hy_personal/3e28f14aa051684245c4e0cfebfbd4b5718b81296fd49d7bf7e195eedfaeff9d/0.pngHTTP Request
GET https://p.qlogo.cn/hy_personal/3e28f14aa0516842f3606d494fc8b4b27c6b815da34ccd7ccd21c30c3d533f0b/0.gifHTTP Request
GET https://p.qlogo.cn/hy_personal/3e28f14aa0516842d6e265a3646aeb5244c619f4f69d81da1eb45099a7edb4da/0.gifHTTP Request
GET https://p.qlogo.cn/qqmail_head/ajNVdqHZLLBTqF8e2kN78G9Zt8uAv6By0U3zmELvuZSJJkZNBPXDBGibpXqaicajKqyibnCUUUEomk/0HTTP Request
GET https://p.qlogo.cn/qqmail_head/exDQ4ofPz1kmmHxzRWkqxuiaS1ef2WDKV9IlGqQ01KRp1TcLC88449sRZyibbnmqia1/0HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200 -
104.110.191.60:80http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3Dhttp
HTTP Request
GET http://dvcasha2.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNcCPjJ499lHmfPUvPsRjzr1YchwQU5TGtvzoRlvSDvFA81LeQm5Du3iUCEBuJ1iPvHEb3edvg2RuuYvI%3DHTTP Response
200 -
172.67.162.45:443https://kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.giftls, http2
HTTP Request
GET https://kvhwww.top/dbb6158a2ca1378f4052d59ea53d1eac.gifHTTP Response
200 -
172.67.162.45:443kvhwww.toptls, http2
-
104.18.20.226:80http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlhttp
HTTP Request
GET http://crl.globalsign.com/root-r3.crlHTTP Response
200HTTP Request
GET http://crl.globalsign.com/gs/gsorganizationvalsha2g2.crlHTTP Response
200 -
47.242.162.24:80http://bofangqi.6gg.cn/jm_setup_qvod.exehttp
HTTP Request
GET http://bofangqi.6gg.cn/jm_setup_qvod.exeHTTP Response
404 -
47.242.162.24:8012mohe.6gg.cn
-
104.21.234.40:443nvhaaa.toptls, http2
-
104.18.20.226:80http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3Dhttp
HTTP Request
GET http://ocsp2.globalsign.com/rootr3/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCDQHuXyId%2FGI71DM6hVc%3DHTTP Response
200 -
172.64.155.188:80http://crl.comodoca.com/AAACertificateServices.crlhttp
HTTP Request
GET http://crl.comodoca.com/AAACertificateServices.crlHTTP Response
200 -
78.46.107.74:443https://kvhmm.com/ad87e7a061a798b443a65981a71ace19.giftls, http2
HTTP Request
GET https://kvhmm.com/ad87e7a061a798b443a65981a71ace19.gifHTTP Response
301 -
64.32.13.142:443https://kveff.com/68a7807de3933bf7079116fa9df99e6f.giftls, http2
HTTP Request
GET https://kveff.com/7c1e634b8fdc5fffb90ef9d9c0070667.gifHTTP Request
GET https://kveff.com/68a7807de3933bf7079116fa9df99e6f.gifHTTP Response
301HTTP Response
301 -
64.32.13.142:443kveff.comtls, http2
-
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgOm6nbXFv3sql70kpP4IfMpuw%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRQhuHqANNSY2fUFL%2B4xrc8Qg%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRXKaoCkGDOJRSXVheV8K%2Bo%2Bw%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRXKaoCkGDOJRSXVheV8K%2Bo%2Bw%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgSSQHTZEaTgBVGIIgsf2klZgw%3D%3DHTTP Response
200 -
96.16.53.165:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgRb25d3I69X4rGf4s7uGYQR0g%3D%3DHTTP Response
200 -
172.64.155.188:80http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCECO3bePBuysaUZYeCOq3ZOg%3Dhttp
HTTP Request
GET http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCECO3bePBuysaUZYeCOq3ZOg%3DHTTP Response
200 -
104.21.233.215:443https://kvtfff.top/ad87e7a061a798b443a65981a71ace19.giftls, http2
HTTP Request
GET https://kvtfff.top/ad87e7a061a798b443a65981a71ace19.gifHTTP Response
200 -
104.21.233.215:443kvtfff.toptls, http2
-
104.21.234.200:443https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.giftls, http2
HTTP Request
GET https://acoossi.top/92f0c144d76dd785f7c04f84ae149b33.gifHTTP Response
200 -
104.21.234.200:443acoossi.toptls, http2
-
188.114.96.0:443https://acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.giftls, http2
HTTP Request
GET https://acoossn.top/95ca29ec3907b3bf2d8a24b35e3eda22.gifHTTP Response
200 -
188.114.96.0:443acoossn.toptls, http2
-
47.246.48.224:443https://p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5ebtls, http2
HTTP Request
GET https://p3.douyinpic.com/obj/tos-cn-i-dy/90fd1aca7a474fb6800bf6252f1afe79HTTP Request
GET https://p3.douyinpic.com/obj/tos-cn-i-dy/32c27e09d04c4038abbcdc3168eee5ebHTTP Response
200HTTP Response
200 -
47.246.48.224:443p3.douyinpic.comtls, http2
-
104.21.234.87:443https://kvtnnn.top/7c1e634b8fdc5fffb90ef9d9c0070667.giftls, http2
HTTP Request
GET https://kvtnnn.top/68a7807de3933bf7079116fa9df99e6f.gifHTTP Request
GET https://kvtnnn.top/7c1e634b8fdc5fffb90ef9d9c0070667.gifHTTP Response
200HTTP Response
200 -
104.21.234.87:443kvtnnn.toptls, http2
-
96.16.53.142:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPWkzxcdih9c6hGH%2FjHew2Rig%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPWkzxcdih9c6hGH%2FjHew2Rig%3D%3DHTTP Response
200 -
96.16.53.142:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPkKvZVg%2FrRAkyLMBRuTzP09A%3D%3DHTTP Response
200 -
96.16.53.142:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQ82BzV4wo%2F9NX0aOQ5iKrrOA%3D%3DHTTP Response
200 -
96.16.53.142:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPrIN8bOjhKeRdHf0F2T4QtIA%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgPrIN8bOjhKeRdHf0F2T4QtIA%3D%3DHTTP Response
200 -
104.18.20.226:80http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEcTfiQheoN0LZw7cg%3D%3Dhttp
HTTP Request
GET http://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEcTfiQheoN0LZw7cg%3D%3DHTTP Response
200 -
96.16.53.142:80http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgM1Jk7G6RMAxxWSNhCknPEqWQ%3D%3Dhttp
HTTP Request
GET http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgM1Jk7G6RMAxxWSNhCknPEqWQ%3D%3DHTTP Response
200 -
107.148.37.108:80www.xunlei100.com
-
8.8.8.8:53176.122.125.40.in-addr.arpadns
DNS Request
176.122.125.40.in-addr.arpa
-
8.8.8.8:53jump3.35638.comdns
DNS Request
jump3.35638.com
DNS Response
47.52.231.246
-
8.8.8.8:53www.cnkankan.comdns
DNS Request
www.cnkankan.com
DNS Response
103.207.160.245
-
8.8.8.8:53push.zhanzhang.baidu.comdns
DNS Request
push.zhanzhang.baidu.com
DNS Response
39.156.68.163112.34.113.148180.101.212.103182.61.201.93182.61.201.94182.61.240.101
-
8.8.8.8:53baidu.hnmaccms.xyzdns
DNS Request
baidu.hnmaccms.xyz
DNS Request
baidu.hnmaccms.xyz
DNS Request
baidu.hnmaccms.xyz
DNS Request
baidu.hnmaccms.xyz
DNS Request
baidu.hnmaccms.xyz
-
8.8.8.8:53hm.baidu.comdns
DNS Request
hm.baidu.com
DNS Response
103.235.46.191
-
8.8.8.8:53api.share.baidu.comdns
DNS Request
api.share.baidu.com
DNS Response
39.156.68.163112.34.113.148180.101.212.103182.61.201.93182.61.201.94182.61.240.101
-
8.8.8.8:53baidu.hnmaccms.xyzdns
DNS Request
baidu.hnmaccms.xyz
DNS Response
143.92.57.79
-
8.8.8.8:53www.henniu4444.sitedns
DNS Request
www.henniu4444.site
DNS Response
108.171.214.241
-
8.8.8.8:53n0399.comdns
DNS Request
n0399.com
DNS Response
20.239.82.12920.239.82.15820.239.148.11520.24.96.12920.24.96.23720.24.97.9920.24.97.15620.24.97.17420.24.98.24220.24.99.16520.24.99.22020.24.101.6020.24.101.6220.24.102.3020.24.102.7320.24.102.7520.24.200.4820.24.200.5320.24.200.6620.205.47.49
-
8.8.8.8:53u0079.comdns
DNS Request
u0079.com
DNS Response
20.24.101.6220.24.102.3020.24.102.7320.24.102.7520.24.200.4820.24.200.5320.24.200.6620.205.47.4920.239.80.19620.239.81.8520.239.82.12920.239.82.15820.239.148.11520.24.96.12920.24.96.23720.24.97.9920.24.97.15620.24.97.17420.24.98.24220.24.99.165
-
8.8.8.8:53537882736.comdns
DNS Request
537882736.com
DNS Response
47.75.19.145
-
8.8.8.8:53img.999997.codns
DNS Request
img.999997.co
DNS Response
23.225.222.223.225.222.1823.225.228.3423.225.228.58
-
8.8.8.8:53img.x956.xyzdns
DNS Request
img.x956.xyz
DNS Response
23.225.222.1823.225.222.223.225.228.3423.225.228.58
-
8.8.8.8:53img.syhy.topdns
DNS Request
img.syhy.top
DNS Response
137.175.22.206198.2.208.134142.4.102.54137.175.22.207192.74.247.151137.175.22.208192.74.247.152198.2.208.133142.4.102.55192.74.234.123
-
8.8.8.8:53p.qlogo.cndns
DNS Request
p.qlogo.cn
DNS Request
p.qlogo.cn
DNS Response
43.154.254.3243.129.255.47
DNS Response
43.129.255.4743.154.254.32
-
8.8.8.8:53dimg04.c-ctrip.comdns
DNS Request
dimg04.c-ctrip.com
DNS Response
104.74.225.127
-
8.8.8.8:5338qptu4.oss-cn-hangzhou.aliyuncs.comdns
DNS Request
38qptu4.oss-cn-hangzhou.aliyuncs.com
DNS Response
47.110.177.110
-
8.8.8.8:53xpj08.oss-cn-beijing.aliyuncs.comdns
DNS Request
xpj08.oss-cn-beijing.aliyuncs.com
DNS Response
59.110.185.220
-
8.8.8.8:53kvhcc.comdns
DNS Request
kvhcc.com
DNS Response
78.46.107.74
-
8.8.8.8:53kvhmm.comdns
DNS Request
kvhmm.com
DNS Response
78.46.107.74
-
8.8.8.8:53qpzc888.oss-cn-hangzhou.aliyuncs.comdns
DNS Request
qpzc888.oss-cn-hangzhou.aliyuncs.com
DNS Response
47.110.23.2
-
8.8.8.8:5384998085.comdns
DNS Request
84998085.com
DNS Response
154.39.67.221154.39.67.229154.39.67.234
-
8.8.8.8:5372agg.comdns
DNS Request
72agg.com
DNS Response
137.175.12.178
-
8.8.8.8:533p8801.codns
DNS Request
3p8801.co
DNS Response
137.175.35.2
-
8.8.8.8:53zhibo128x.xyzdns
DNS Request
zhibo128x.xyz
DNS Response
154.83.25.141
-
8.8.8.8:53cdn.u1.huluxia.comdns
DNS Request
cdn.u1.huluxia.com
DNS Response
115.231.33.1153.0.231.6125.39.113.129119.84.171.1221.195.206.1140.249.145.6121.22.237.1111.161.117.12958.218.65.142.81.245.1122.227.201.1111.227.116.1124.225.82.6110.167.162.1
-
8.8.8.8:53kvevv.comdns
DNS Request
kvevv.com
DNS Response
64.32.13.142
-
8.8.8.8:53ggt999.oss-cn-hangzhou.aliyuncs.comdns
DNS Request
ggt999.oss-cn-hangzhou.aliyuncs.com
DNS Response
47.110.177.104
-
8.8.8.8:53kvezz.comdns
DNS Request
kvezz.com
DNS Response
104.143.94.110
-
8.8.8.8:53kzeaa.comdns
DNS Request
kzeaa.com
DNS Response
66.150.130.123
-
8.8.8.8:53kvhaa.comdns
DNS Request
kvhaa.com
DNS Response
78.46.107.74
-
8.8.8.8:53kveff.comdns
DNS Request
kveff.com
DNS Response
64.32.13.142
-
8.8.8.8:53p9.toutiaoimg.comdns
DNS Request
p9.toutiaoimg.com
DNS Response
185.232.56.147
-
8.8.8.8:53p26.toutiaoimg.comdns
DNS Request
p26.toutiaoimg.com
DNS Response
120.52.95.237120.52.95.236120.52.95.235120.52.95.241182.118.39.171182.118.39.173182.118.39.169182.118.39.165
-
8.8.8.8:53www.tupku.topdns
DNS Request
www.tupku.top
DNS Response
188.114.96.0188.114.97.0
-
8.8.8.8:53nkiun.xyzdns
DNS Request
nkiun.xyz
DNS Response
8.210.99.166
-
8.8.8.8:53ddcdn.comtucdncom.comdns
DNS Request
ddcdn.comtucdncom.com
DNS Response
45.89.208.10645.89.208.11445.89.209.74172.247.77.90
-
8.8.8.8:53aooacctp.vipdns
DNS Request
aooacctp.vip
DNS Response
172.67.161.53104.21.82.179
-
8.8.8.8:53s2.loli.netdns
DNS Request
s2.loli.net
DNS Response
172.67.69.40104.26.0.190104.26.1.190
-
8.8.8.8:53mei.netlbtu.comdns
DNS Request
mei.netlbtu.com
DNS Response
45.89.208.106172.247.77.9045.89.208.11445.89.209.74
-
8.8.8.8:53cbu01.alicdn.comdns
DNS Request
cbu01.alicdn.com
DNS Response
47.246.48.25247.246.48.251
-
8.8.8.8:53x2.c.lencr.orgdns
DNS Request
x2.c.lencr.org
DNS Response
23.2.164.159
-
8.8.8.8:536655cy.comdns
DNS Request
6655cy.com
DNS Response
154.197.14.6154.197.15.57154.197.14.12154.39.66.223154.197.15.81154.197.15.86
-
8.8.8.8:53e1.o.lencr.orgdns
DNS Request
e1.o.lencr.org
DNS Response
96.16.53.16596.16.53.142
-
8.8.8.8:53zerossl.crt.sectigo.comdns
DNS Request
zerossl.crt.sectigo.com
DNS Response
91.199.212.52
-
8.8.8.8:53dvcasha2.ocsp-certum.comdns
DNS Request
dvcasha2.ocsp-certum.com
DNS Response
104.110.191.60104.110.191.7
-
8.8.8.8:53kvhwww.topdns
DNS Request
kvhwww.top
DNS Response
172.67.162.45104.21.15.106
-
8.8.8.8:53nvhaaa.topdns
DNS Request
nvhaaa.top
DNS Response
104.21.234.41104.21.234.40
-
8.8.8.8:53crl.globalsign.comdns
DNS Request
crl.globalsign.com
DNS Response
104.18.20.226104.18.21.226
-
8.8.8.8:53bofangqi.6gg.cndns
DNS Request
bofangqi.6gg.cn
DNS Request
bofangqi.6gg.cn
DNS Response
47.242.162.24
DNS Response
47.242.162.24
-
8.8.8.8:53mohe.6gg.cndns
DNS Request
mohe.6gg.cn
DNS Request
mohe.6gg.cn
DNS Response
47.242.162.24
DNS Response
47.242.162.24
-
8.8.8.8:53crl.comodoca.comdns
DNS Request
crl.comodoca.com
DNS Response
172.64.155.188104.18.32.68
-
8.8.8.8:53kvtfff.topdns
DNS Request
kvtfff.top
DNS Response
104.21.233.215104.21.233.216
-
8.8.8.8:53acoossi.topdns
DNS Request
acoossi.top
DNS Response
104.21.234.200104.21.234.201
-
8.8.8.8:53acoossn.topdns
DNS Request
acoossn.top
DNS Response
188.114.96.0188.114.97.0
-
8.8.8.8:53p3.douyinpic.comdns
DNS Request
p3.douyinpic.com
DNS Response
47.246.48.22447.246.48.22947.246.48.23147.246.48.22847.246.48.22747.246.48.23047.246.48.22547.246.48.226
-
8.8.8.8:53kvtnnn.topdns
DNS Request
kvtnnn.top
DNS Response
104.21.234.87104.21.234.86
-
8.8.8.8:53download1.38522.com.cdn20.comdns
DNS Request
download1.38522.com.cdn20.com
-
8.8.8.8:53www.xunlei100.comdns
DNS Request
www.xunlei100.com
DNS Response
107.148.37.108
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD53facc60dceffd752f284e286f4ceeb8a
SHA1667ffb98ff425eeb8e3c4c85e0b9fee75cf76da4
SHA256a0583d0e827c3e2aabdfb4e99d6ce78e06eac265bd85f339559433571853f56d
SHA51226c16fd7d173aca60695d464035f639affbb0dcc74788b9246fa051a2bdcfa886e162014ff0eca751fcb90c84a17ab77bacfda1442249f4cbe6bb334c06ce317
-
Filesize
57.2MB
MD5d89a562495db82008802333cf32c44b6
SHA17188c90868205b6456015af0d60852c26114b4c5
SHA2566788b741b614775980ba8e17f03cf664c5150a1bd43d0005793ec76efea6d9ce
SHA512d1759b7704f1bd8241a2090dc7b739ae2245bf8aaaad4a6b58a41c6fcb7dc8fd7d88f322dee5fe192037359c23cfc0e9fcddd1ad07e3784e5f941ba9c15789c8
-
Filesize
57.2MB
MD5d89a562495db82008802333cf32c44b6
SHA17188c90868205b6456015af0d60852c26114b4c5
SHA2566788b741b614775980ba8e17f03cf664c5150a1bd43d0005793ec76efea6d9ce
SHA512d1759b7704f1bd8241a2090dc7b739ae2245bf8aaaad4a6b58a41c6fcb7dc8fd7d88f322dee5fe192037359c23cfc0e9fcddd1ad07e3784e5f941ba9c15789c8
-
Filesize
53B
MD59b41ad553fc0a87c014049dfede9e7fa
SHA1840b9c356ec59e65d33bae61c439b0abf11663bd
SHA256a4bd6b14aa9694ba74db5503576072036cd232d586b5e3dd3fe3dade84a67b5e
SHA5126de134478cd5052675cf936f3dc92fb823d72fc3d44c66f5d0755691481302f63cfe602dd7b492354487c9c5b692a09a404c1081265bb3676030cb43a64369b8
-
Filesize
2KB
MD568a30985a8b4a1dae5b24721ca5b8269
SHA178481107bbddcf18ffc4d25a184ec74274241a6b
SHA256fe94352a25ade782ea77db82f1ec849479ebfe4605156142fc3fdfabc507a0cf
SHA512d452182a296a9e202bce81ad0c752b34d4d779cac94bb54a07517936b79a4007127585673c524c75055f15e33c56eef0d26d1c448723a97fe70c15457bae5a24
-
Filesize
410B
MD566a1f0147fed7ddd19e9bb7ff93705c5
SHA19d803c81ea2195617379b880b227892ba30b0bf6
SHA2564f45ce85e221352f7fe26e04968c7f7267dc24b55cf2b72b929b4c90e48cb764
SHA512cfe51756ddec75d240249980a4d27870d15983add25058e4d0da4d8a3ea11384d4d228d6cbc95091f91e516e1ab4dfb1e315941dbd95bf717d4b31936311d597
-
Filesize
3KB
MD5c106ffc420b54a4f0fd331f10657dc66
SHA18930d5b56358f518bdf5ccca2b4d24f98ce7a03f
SHA256fb8218f8c607ec3a4c4cb6e59ee81a94cf8ff513d0b09565ad456c88a9e7250b
SHA512ee82fb57af0dddf8f1acab855cda151d3eacb8e11b0adc3a81852c1e2d77a566aa630ff5dabd8c7bc92ebe78b6187cc823c8a4a645ca78ee88e2c27483080fbd
-
Filesize
247B
MD5bf915cb73f6126d712c727039ad3d5e6
SHA173ff72a83711c90e45f8bd34505b3284fd2a870b
SHA2563fd8eeaededa0a76d36df51803c01fe328ba110702a625b28c25bc83f6ef5940
SHA512752387b92716e8e5296d24c532f16e17a955c8f02055c9fd66d4ff84c8f140d7f2a43cfbb4ff97bd5ba1eebc7fa0c215a9283a180a9598b1b413730d19db1957
-
Filesize
44KB
MD50e9bbf232fb2506d0223ebc7c6f42146
SHA12a79201fc56f1b2314e7f2123137481bc9223d0d
SHA256ff81c062c7253bb97d70819334b8580f4c3fa57014ad3bce8d635309e5c242b8
SHA512b0318030a0eb3f06112b2fecaf66a116c347c29d8d7616d45df67f90fde88a3e0f592f703d8f1ff2410dd772a79add034fdc6242ea1da0758a326666b8f74da2
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
140KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB
-
Filesize
440KB