URL: https://google.qht.ink/
Submission: On October 27 via automatic, source certstream-suspicious

Summary

This website contacted 11 IPs in 4 countries across 9 domains to perform 37 HTTP transactions. The main IP is 47.103.140.53, located in Hangzhou, China and belongs to CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN. The main domain is google.qht.ink.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G1 on July 22nd 2019. Valid for: a year.
This is the only time google.qht.ink was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 47.103.140.53 37963 (CNNIC-ALI...)
16 2a04:4e42:3::621 54113 (FASTLY)
4 61.160.199.216 23650 (CHINANET-...)
1 220.242.182.12 54994 (QUANTILNE...)
2 2a00:1450:400... 15169 (GOOGLE)
3 119.96.207.121 58563 (CHINATELE...)
1 2401:b180:200... 37963 (CNNIC-ALI...)
1 205.204.101.182 45102 (CNNIC-ALI...)
1 2 47.107.145.182 37963 (CNNIC-ALI...)
1 183.131.207.66 136190 (CHINATELE...)
1 163.171.128.167 54994 (QUANTILNE...)
37 11
Domain Requested by
16 cdn.jsdelivr.net google.qht.ink
cdn.jsdelivr.net
5 abandoner.xyz google.qht.ink
4 oss.qht.ink google.qht.ink
2 api.i-meto.com 1 redirects cdn.jsdelivr.net
2 www.google-analytics.com google.qht.ink
1 p3.music.126.net google.qht.ink
1 ia.51.la google.qht.ink
1 cnzz.mmstat.com google.qht.ink
1 online.cnzz.com s96.cnzz.com
1 z2.cnzz.com google.qht.ink
1 c.cnzz.com s96.cnzz.com
1 s96.cnzz.com google.qht.ink
1 js.users.51.la google.qht.ink
1 google.qht.ink
37 14

This site contains links to these domains. Also see Links.

Domain
abandoner.xyz
blog.yes1.cn
mail.qq.com
moedog.org
www.vtrois.com
beian.miit.gov.cn
www.cnzz.com
Subject Issuer Validity Valid
abandoner.xyz
Encryption Everywhere DV TLS CA - G1
2019-07-22 -
2020-07-21
a year crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year crt.sh
oss.qht.ink
Encryption Everywhere DV TLS CA - G1
2019-09-14 -
2020-09-13
a year crt.sh
*.users.51.la
GlobalSign Domain Validation CA - SHA256 - G2
2018-01-15 -
2021-03-19
3 years crt.sh
*.google-analytics.com
GTS CA 1O1
2019-10-10 -
2020-01-02
3 months crt.sh
*.cnzz.com
GlobalSign Organization Validation CA - SHA256 - G2
2019-03-05 -
2020-03-05
a year crt.sh
*.mmstat.com
GlobalSign Organization Validation CA - SHA256 - G2
2019-07-29 -
2020-07-29
a year crt.sh
api.i-meto.com
TrustAsia TLS RSA CA
2019-09-29 -
2020-09-28
a year crt.sh
*.51.la
GlobalSign Domain Validation CA - SHA256 - G2
2018-01-15 -
2021-04-15
3 years crt.sh
*.music.126.net
GeoTrust CN RSA CA G1
2019-09-05 -
2021-12-04
2 years crt.sh

This page contains 1 frames:

Primary Page: https://google.qht.ink/
Frame ID: 8B54EAB8813F396CE40FFC62C605BD0C
Requests: 37 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

37
Requests

97 %
HTTPS

27 %
IPv6

9
Domains

14
Subdomains

11
IPs

4
Countries

1307 kB
Transfer

1877 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35
  • https://api.i-meto.com/meting/api?server=netease&type=pic&id=3099523278777600&auth=cc9dea5e31a5f6c13da43ac3f16cddb3ae275498455255bf7168ea61ef3a45d3 HTTP 302
  • https://p3.music.126.net/zJae2lg6igf-mBb5vbecew==/3099523278777600.jpg?param=300y300

37 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
google.qht.ink/
21 KB
6 KB
Document
General
Full URL
https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.103.140.53 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
Apache / PHP/7.2.22
Resource Hash
0229352e43cfa07178dc17c688949ac9de0577edf0851417d467415cd7db3502

Request headers

:method
GET
:authority
google.qht.ink
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Sun, 27 Oct 2019 10:31:41 GMT
server
Apache
x-powered-by
PHP/7.2.22
vary
Accept-Encoding
content-encoding
gzip
content-length
5616
content-type
text/html; charset=UTF-8
APlayer.min.css
cdn.jsdelivr.net/npm/aplayer/dist/
12 KB
3 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/aplayer/dist/APlayer.min.css?ver=1.0.1
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
baa4101a70dc9912af84ac1ce559b85d3d46436a15eadd54d0d47637db55f814
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
2537
etag
W/"30f0-BzcqK6UHOI0P7RZtdhscLCplnc4"
x-served-by
cache-ams21023-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
font-awesome.min.css
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/font-awesome.min.css?ver=4.7.0
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
aea9129dd01e6f61278a5e2fe2ab625b8559dcca8ba090e1a5bb4f303976eaac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
6943
etag
W/"7830-w7bFAUopnEKIyzJCXP+1FRw6UQk"
x-served-by
cache-ams21045-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
kratos.min.css
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/
82 KB
15 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/kratos.min.css?ver=0.4.0
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
26d0e4eccd85a459fb31b72d2f93a59fd298c743f52ea56b762710119bcc51b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
MISS, HIT
status
200
content-length
15520
etag
W/"1471d-XVvQOBJyUUCWaRaR1Jo7yIM669s"
x-served-by
cache-ams21043-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
jquery.min.js
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/
82 KB
29 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/jquery.min.js?ver=2.1.4
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
3eeeb135a5d976929543e9b31efabbf5ca037c5e0b6e869f85c87865f9b8138e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
29513
etag
W/"14925-jXmUKXzL58IwZ6xWpDak8F5xUds"
x-served-by
cache-ams21048-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
QQ%E5%9B%BE%E7%89%8720190622092116.jpg
oss.qht.ink/wp-content/uploads/2019/08/
54 KB
55 KB
Image
General
Full URL
https://oss.qht.ink/wp-content/uploads/2019/08/QQ%E5%9B%BE%E7%89%8720190622092116.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.160.199.216 , China, ASN23650 (CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone, CN),
Reverse DNS
Software
Tengine/2.2.2 /
Resource Hash
99a7144bdcb9e512065f5e0abcd9e6a85bc0bfb1457b594cd441042e261e489b

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:43 GMT
last-modified
Sat, 14 Sep 2019 15:31:04 GMT
server
Tengine/2.2.2
age
0
status
200
etag
"AQAAABiqTNmw6aLOKYqffxLjOhR3Muq2"
vary
Origin
content-type
image/jpeg
x-via-ucdn
HIT by 61.160.199.217, HIT by 219.83.188.28
content-length
55644
QQ%E5%9B%BE%E7%89%8720190622092111.jpg
oss.qht.ink/wp-content/uploads/2019/08/
147 KB
147 KB
Image
General
Full URL
https://oss.qht.ink/wp-content/uploads/2019/08/QQ%E5%9B%BE%E7%89%8720190622092111.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.160.199.216 , China, ASN23650 (CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone, CN),
Reverse DNS
Software
Tengine/2.2.2 /
Resource Hash
4b530a137098c0de60e466aa097a852ce5d31e672b95c45224981ef87a550a6e

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:43 GMT
last-modified
Sat, 14 Sep 2019 09:49:32 GMT
server
Tengine/2.2.2
age
0
status
200
etag
"AQAAAFZhWWIwjNX2nwpDVUZlM9h08U8j"
vary
Origin
content-type
image/jpeg
x-via-ucdn
HIT by 61.160.199.216, HIT by 140.249.8.157
content-length
150459
IMG_2703.jpg
oss.qht.ink/wp-content/uploads/2019/07/
340 KB
340 KB
Image
General
Full URL
https://oss.qht.ink/wp-content/uploads/2019/07/IMG_2703.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.160.199.216 , China, ASN23650 (CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone, CN),
Reverse DNS
Software
Tengine/2.2.2 /
Resource Hash
9034fb3aa0cd14fadced3fb2d95619528408453e382120d0d3107b0a20fd47d1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:43 GMT
last-modified
Sat, 14 Sep 2019 09:49:32 GMT
server
Tengine/2.2.2
age
0
status
200
etag
"AQAAAFSFwT4jsbM6l4rSwlOU3BVFZd07"
vary
Origin
content-type
image/jpeg
x-via-ucdn
HIT by 61.160.199.216, HIT by 140.249.8.162
content-length
347678
photo.jpg
oss.qht.ink/wp-content/themes/kratos-pjax-master/static/images/
5 KB
6 KB
Image
General
Full URL
https://oss.qht.ink/wp-content/themes/kratos-pjax-master/static/images/photo.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
61.160.199.216 , China, ASN23650 (CHINANET-JS-AS-AP AS Number for CHINANET jiangsu province backbone, CN),
Reverse DNS
Software
Tengine/2.2.2 /
Resource Hash
7b215a8b2ac063e79046309349bbf6e7f87c96719d8473bd2415a4ed4a14aaf9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:43 GMT
last-modified
Sun, 15 Sep 2019 00:54:29 GMT
server
Tengine/2.2.2
age
0
status
200
etag
"AQAAAJ7UHwLX7EAzp_0hhnjferbB2I5E"
vary
Origin
content-type
image/jpeg
x-via-ucdn
HIT by 61.160.199.217, HIT by 219.83.188.2
content-length
5453
jquery.min.js
cdn.jsdelivr.net/npm/jquery@2.1.4/dist/
82 KB
29 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/jquery@2.1.4/dist/jquery.min.js
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
fastly-restarts
1
x-cache
HIT, HIT
status
200
content-length
29593
etag
W/"1499c-gljQRvF908FaXTmE4YaLe10dsyk"
x-served-by
cache-ams21021-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
live2d.js
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/
148 KB
40 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
543776cf3b0fc618b9b288f2dc02f9081836073a45eb26a1fa7456dab235d002
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
41113
etag
W/"24f2a-htzsiROb9yqL4KF/6uymMXIf/uc"
x-served-by
cache-ams21051-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
waifu.min.css
abandoner.xyz/wp-content/plugins/poster-girl-l2d-2233-master/css/
0
0
Stylesheet
General
Full URL
https://abandoner.xyz/wp-content/plugins/poster-girl-l2d-2233-master/css/waifu.min.css?ver=1.7
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.103.140.53 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

APlayer.min.js
cdn.jsdelivr.net/npm/aplayer/dist/
58 KB
14 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/aplayer/dist/APlayer.min.js?ver=1.0.1
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e98ec22436a5b6878d824f997ed8020fd8cb8261afe31294a3c9d0d07800c15a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
13759
etag
W/"e7bd-Isqij/a0Ghb/QPFdOPFzniI1lHg"
x-served-by
cache-ams21028-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
Meting.min.js
cdn.jsdelivr.net/npm/meting@2/dist/
3 KB
1 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/meting@2/dist/Meting.min.js?ver=1.0.1
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
94e50ffa5f6a2db31368260a2cd74beac05917ef0966b1715e65eb55bcd2823d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
1424
etag
W/"d90-8rPSC4vWTM0DHGRijysTIweK4yQ"
x-served-by
cache-ams21025-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
theme.min.js
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/
139 KB
43 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/theme.min.js?ver=0.4.0
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
3f682f2089d0ab2abb66af81306c8cf850bc90e0bf45c9e0bc56a1d94627336f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
44198
etag
W/"22a44-8s8HdpDEHs9JWA/rpcdLjX0lEqA"
x-served-by
cache-ams21026-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
kratos.js
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/
17 KB
5 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/kratos.js?ver=0.4.0
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
233fdf81e32d75a680d8be71e9137463c8531ec1abd1be55e0f9f79eff7eac96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
4675
etag
W/"4260-klRTVsLI4ZJ+bHEjzjqs0MCkA6I"
x-served-by
cache-ams21040-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
pjax.js
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/
13 KB
4 KB
Script
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/pjax.js?ver=0.4.0
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
21640c3f2384d31eeb3ebd88c0290b72f21fea7d1fe2e10d23a3e7f1a68fa5ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
content-length
3510
etag
W/"335d-AyhmfIAvjRdC370/whapkokaIug"
x-served-by
cache-ams21027-AMS, cache-fra19149-FRA
date
Sun, 27 Oct 2019 10:31:41 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
waifu-tips.js
abandoner.xyz/wp-content/plugins/poster-girl-l2d-2233-master/js/
0
0
Script
General
Full URL
https://abandoner.xyz/wp-content/plugins/poster-girl-l2d-2233-master/js/waifu-tips.js?ver=1.7
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.103.140.53 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

20355683.js
js.users.51.la/
5 KB
3 KB
Script
General
Full URL
https://js.users.51.la/20355683.js
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
220.242.182.12 , China, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
04234493dbc66254661dbf62ca9d91740088ad7a5b3944a036df16aa9e8585e9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-id
20355683
Date
Sun, 27 Oct 2019 10:31:42 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
X-Via
1.1 PSxgHKG8rm110:6 (Cdn Cache Server V2.0)[86 200 2], 1.1 ld89:0 (Cdn Cache Server V2.0)[563 200 2], 1.1 PSxbymdlMAD1cl67:8 (Cdn Cache Server V2.0)[626 200 2]
Content-Disposition
inline;filename=f.txt
Connection
keep-alive
Request-Id
0000016E0CC588389018FBBA8078CC0F
x-reserved
amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc
id-2
32AAAQAAEAABAAAQAAEAABAAAQAAEAABCSSiPeRwJEV29E1dfdAlolbNCQr03ijG
Last-Modified
Sun Sep 22 18:40:07 CST 2019
Server
nginx/1.14.0
ETag
"abcfe0f3f4132d7706134fa27a59bc4d"
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
version-id
G001116D588EA83AFFFF901119FB7075
analytics.js
www.google-analytics.com/
43 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
3427
date
Sun, 27 Oct 2019 09:34:34 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Sun, 27 Oct 2019 11:34:34 GMT
cursor.cur
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/
4 KB
4 KB
Image
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/cursor.cur
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
10df459a454bed42e122c5fe5c7e8775980512cd8d60bf20169703fdbac84cd1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/kratos.min.css?ver=0.4.0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
etag
W/"10be-Ob4QpCIGi9EzypLQQ7dzZFM4NOw"
vary
Accept-Encoding
x-cache
HIT, HIT
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
date
Sun, 27 Oct 2019 10:31:41 GMT
accept-ranges
bytes
timing-allow-origin
*
content-length
4286
x-served-by
cache-ams21049-AMS, cache-fra19149-FRA
1568011312-0072Vf1pgy1foxk3jkoywj31hc0u0tr3.jpg
abandoner.xyz/wp-content/uploads/2019/09/
0
0
Image
General
Full URL
https://abandoner.xyz/wp-content/uploads/2019/09/1568011312-0072Vf1pgy1foxk3jkoywj31hc0u0tr3.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.103.140.53 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

background.jpg
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/
385 KB
386 KB
Image
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/background.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
52df2157435a2c86787300ff5e5cad50a16440de391a26505d19118f40c15a8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
etag
W/"604dd-7mVQxoWiUh2U9Is8iVEHKGX6B3E"
vary
Accept-Encoding
x-cache
HIT, HIT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
date
Sun, 27 Oct 2019 10:31:41 GMT
accept-ranges
bytes
timing-allow-origin
*
content-length
394461
x-served-by
cache-ams21020-AMS, cache-fra19149-FRA
about.jpg
abandoner.xyz/wp-content/themes/kratos-pjax-master/static/images/
0
0
Image
General
Full URL
https://abandoner.xyz/wp-content/themes/kratos-pjax-master/static/images/about.jpg
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.103.140.53 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

fontawesome-webfont.woff
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/fonts/
96 KB
96 KB
Font
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/fonts/fontawesome-webfont.woff?v=4.7.0
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/font-awesome.min.css?ver=4.7.0
Origin
https://google.qht.ink
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
etag
W/"17ee8-KLeCJAs+dtuCThLAJ1SpcxoWdSc"
vary
Accept-Encoding
x-cache
HIT, HIT
content-type
font/woff
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
date
Sun, 27 Oct 2019 10:31:41 GMT
accept-ranges
bytes
timing-allow-origin
*
content-length
98024
x-served-by
cache-ams21049-AMS, cache-fra19130-FRA
z_stat.php
s96.cnzz.com/
11 KB
4 KB
Script
General
Full URL
https://s96.cnzz.com/z_stat.php?id=1277810713&online=1&show=line
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.96.207.121 Wuhan, China, ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN),
Reverse DNS
Software
Tengine / PHP/5.5.25
Resource Hash
2b04051ca8026f61a2974c74a83870df84fa5b9019bf7e458ae433bd7523d256

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sun, 27 Oct 2019 10:31:42 GMT
content-encoding
gzip
age
0
x-powered-by
PHP/5.5.25
x-cache
MISS TCP_MISS dirn:-2:-2
status
200
x-swift-cachetime
5400
x-swift-savetime
Sun, 27 Oct 2019 10:31:42 GMT
last-modified
Sun, 27 Oct 2019 10:31:42 GMT
server
Tengine
vary
Accept-Encoding
ali-swift-global-savetime
1572172302
content-type
application/javascript
via
cache27.l2cn1807[51,200-0,M], cache38.l2cn1807[53,0], cache6.cn1337-1[67,200-0,M], cache7.cn1337-1[68,0]
cache-control
max-age=5400,s-maxage=5400
timing-allow-origin
*
eagleid
7760cf4615721723026026793e
collect
www.google-analytics.com/
35 B
197 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j79&a=1128838628&t=pageview&_s=1&dl=https%3A%2F%2Fgoogle.qht.ink%2F&ul=en-us&de=UTF-8&dt=Abandoner%20-%20%E6%A9%98%E5%98%B0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAB~&cid=1417588714.1572172302&tid=UA-142479605-2&_gid=1699819863.1572172302&z=2063418359
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 08 Oct 2019 01:18:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
1674770
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
core.php
c.cnzz.com/
973 B
802 B
Script
General
Full URL
https://c.cnzz.com/core.php?web_id=1277810713&show=line&online=1&t=z
Requested by
Host: s96.cnzz.com
URL: https://s96.cnzz.com/z_stat.php?id=1277810713&online=1&show=line
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.96.207.121 Wuhan, China, ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN),
Reverse DNS
Software
Tengine / PHP/5.5.25
Resource Hash
7092130e3f1b3ee868bb4973dbd5f69d187b88fdeaa33a0284846fb27dfca1fb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Sun, 27 Oct 2019 10:31:42 GMT
content-encoding
gzip
age
0
x-powered-by
PHP/5.5.25
x-cache
MISS TCP_MISS dirn:-2:-2
status
200
x-swift-cachetime
900
x-swift-savetime
Sun, 27 Oct 2019 10:31:42 GMT
content-length
620
last-modified
Sun, 27 Oct 2019 10:31:42 GMT
server
Tengine
vary
Accept-Encoding
ali-swift-global-savetime
1572172302
content-type
application/javascript
via
cache1.l2cn1807[57,200-0,M], cache40.l2cn1807[58,0], cache5.cn1337-1[71,200-0,M], cache7.cn1337-1[73,0]
timing-allow-origin
*
eagleid
7760cf4615721723029147208e
expires
Sun, 27 Oct 2019 10:46:42 GMT
stat.htm
z2.cnzz.com/
2 B
112 B
Image
General
Full URL
https://z2.cnzz.com/stat.htm?id=1277810713&r=&lg=en-us&ntime=none&cnzz_eid=1167872623-1572172302-&showp=1600x1200&p=https%3A%2F%2Fgoogle.qht.ink%2F&t=Abandoner%20-%20%E6%A9%98%E5%98%B0&umuuid=16e0cc589c56d-062d194649fb22-37647e03-1d4c00-16e0cc589c650&h=1&rnd=325033875
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2401:b180:2000:20::27 , China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Sun, 27 Oct 2019 10:31:43 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8
online_v3.php
online.cnzz.com/online/
822 B
565 B
Script
General
Full URL
https://online.cnzz.com/online/online_v3.php?id=1277810713&h=z2.cnzz.com&on=1&s=line
Requested by
Host: s96.cnzz.com
URL: https://s96.cnzz.com/z_stat.php?id=1277810713&online=1&show=line
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
119.96.207.121 Wuhan, China, ASN58563 (CHINATELECOM-HUBEI-IDC CHINANET Hubei province network, CN),
Reverse DNS
Software
Tengine / PHP/5.5.25
Resource Hash
b3e49c91b6b6fbac4603b1a78d7656e7fcfd5a9fcb4cdd73a94502ac3763de88

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:43 GMT
content-encoding
gzip
age
0
x-powered-by
PHP/5.5.25
x-cache
MISS TCP_MISS dirn:-2:-2
status
200
x-swift-cachetime
900
x-swift-savetime
Sun, 27 Oct 2019 10:31:43 GMT
content-length
296
last-modified
Sun, 27 Oct 2019 10:31:43 GMT
server
Tengine
vary
Accept-Encoding
ali-swift-global-savetime
1572172303
content-type
text/html
via
cache3.l2cn1807[173,200-0,M], cache31.l2cn1807[174,0], cache2.cn1337-1[187,200-0,M], cache7.cn1337-1[189,0]
timing-allow-origin
*
eagleid
7760cf4615721723034097949e
expires
Sun, 27 Oct 2019 10:46:43 GMT
9.gif
cnzz.mmstat.com/
43 B
380 B
Image
General
Full URL
https://cnzz.mmstat.com/9.gif?abc=1&rnd=1535362185
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.204.101.182 San Mateo, United States, ASN45102 (CNNIC-ALIBABA-US-NET-AP Alibaba (US) Technology Co., Ltd., CN),
Reverse DNS
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 27 Oct 2019 10:31:43 GMT
server
nginx
p3p
CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
status
200
cache-control
no-cache
content-type
image/gif
content-length
43
expires
Thu, 01 Jan 1970 00:00:01 GMT
move.cur
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/
4 KB
4 KB
Image
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/move.cur
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
41b9c3806ecd06b720cf65ab37166ed30c9575f678144f023b0cc0b14f3bd2aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/kratos.min.css?ver=0.4.0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
etag
W/"10be-q19yMl8XoN7TvMMoIfEg1PdMVhg"
vary
Accept-Encoding
x-cache
HIT, HIT
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
date
Sun, 27 Oct 2019 10:31:43 GMT
accept-ranges
bytes
timing-allow-origin
*
content-length
4286
x-served-by
cache-ams21028-AMS, cache-fra19149-FRA
api
api.i-meto.com/meting/
68 KB
19 KB
Fetch
General
Full URL
https://api.i-meto.com/meting/api?server=netease&type=playlist&id=2939022833&r=0.6319243406425603
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/meting@2/dist/Meting.min.js?ver=1.0.1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.107.145.182 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
nginx/1.17.1 / PHP/7.3.7
Resource Hash
8736b916d3a4ed54b1d4bde838d45d81ba4db6572c740385288b0b78c8eab81b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Sec-Fetch-Mode
cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:44 GMT
content-encoding
br
server
nginx/1.17.1
status
200
x-powered-by
PHP/7.3.7
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://google.qht.ink
cache-control
no-cache, private
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
waifu-tips.js
abandoner.xyz/wp-content/plugins/poster-girl-l2d-2233-master/js/
0
0
Script
General
Full URL
https://abandoner.xyz/wp-content/plugins/poster-girl-l2d-2233-master/js/waifu-tips.js?ver=1.7
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
47.103.140.53 Hangzhou, China, ASN37963 (CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba Advertising Co.,Ltd., CN),
Reverse DNS
Software
/
Resource Hash

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

go1
ia.51.la/
0
256 B
Image
General
Full URL
https://ia.51.la/go1?id=20355683&rt=1572172304015&rl=1600*1200&lang=en-US&ct=unknow&pf=1&ins=1&vd=1&ce=1&cd=24&ds=%25E6%25A9%2598%25E5%2598%25B0&ing=1&ekc=&sid=1572172304015&tt=Abandoner%2520-%2520%25E6%25A9%2598%25E5%2598%25B0&kw=%25E6%2590%259E%25E4%25BA%258B%252C%25E6%25BB%2591%25E7%25A8%25BD%252C%25E4%25BA%25A4%25E5%258F%258B%252C%25E5%2588%2586%25E4%25BA%25AB&cu=https%253A%252F%252Fgoogle.qht.ink%252F&pu=
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
183.131.207.66 , China, ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN),
Reverse DNS
Software
CloudWAF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 27 Oct 2019 10:31:45 GMT
Server
CloudWAF
Connection
keep-alive
Content-Length
0
Content-Type
application/octet-stream
pointer.cur
cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/
4 KB
4 KB
Image
General
Full URL
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/images/pointer.cur
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/theme.min.js?ver=0.4.0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
e3d6b84c5c839cd5d268d96bc28793c956fc0e6a3e20e8937b70ed54326bb59b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/css/kratos.min.css?ver=0.4.0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
status
200
etag
W/"10be-tazXHJeFAACktZqQGZYiEPf+z8c"
vary
Accept-Encoding
x-cache
HIT, HIT
content-type
application/octet-stream
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
date
Sun, 27 Oct 2019 10:31:45 GMT
accept-ranges
bytes
timing-allow-origin
*
content-length
4286
x-served-by
cache-ams21048-AMS, cache-fra19149-FRA
3099523278777600.jpg
p3.music.126.net/zJae2lg6igf-mBb5vbecew==/
Redirect Chain
  • https://api.i-meto.com/meting/api?server=netease&type=pic&id=3099523278777600&auth=cc9dea5e31a5f6c13da43ac3f16cddb3ae275498455255bf7168ea61ef3a45d3
  • https://p3.music.126.net/zJae2lg6igf-mBb5vbecew==/3099523278777600.jpg?param=300y300
21 KB
21 KB
Image
General
Full URL
https://p3.music.126.net/zJae2lg6igf-mBb5vbecew==/3099523278777600.jpg?param=300y300
Requested by
Host: google.qht.ink
URL: https://google.qht.ink/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.128.167 , Germany, ASN54994 (QUANTILNETWORKS - QUANTIL NETWORKS INC, US),
Reverse DNS
Software
nginx /
Resource Hash
13a69d64f968633ef9e84e9404b626e686042aca70d55358631c65c4e508d5b2

Request headers

Referer
https://google.qht.ink/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 27 Oct 2019 10:31:47 GMT
cdn-ip
163.171.128.33
x-nos-request-id
f7ca3a822d7f000000005db572138013
content-md5
a06301d7ad440f691536913df4d3e02b
cdn-user-ip
144.76.109.30
status
200
x-nos-storage-class
STANDARD
content-length
21342
last-modified
Thu, 05 Nov 2015 16:50:21 Asia/Shanghai
server
nginx
cdn-source
chinanetcenter
x-nos-requesttype
imageView
access-control-allow-methods
GET,POST,OPTIONS
content-type
image/jpg
access-control-allow-origin
*
cache-control
max-age=31536000
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-via
1.1 PSzjlssxme78:7 (Cdn Cache Server V2.0), 1.1 huzhou85:5 (Cdn Cache Server V2.0), 1.1 VMdgflkfFRA1yc33:3 (Cdn Cache Server V2.0)

Redirect headers

date
Sun, 27 Oct 2019 10:31:45 GMT
server
nginx/1.17.1
status
302
x-powered-by
PHP/7.3.7
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/html; charset=UTF-8
location
https://p3.music.126.net/zJae2lg6igf-mBb5vbecew==/3099523278777600.jpg?param=300y300
cache-control
no-cache, private
alt-svc
quic=":443"; ma=2592000; v="44,43,39"

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| GoogleAnalyticsObject function| ga function| $ function| jQuery string| cnzz_protocol object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| _cz_loaded string| _cz_account object| _czc object| _CNZZDbridge_1277810713 object| cnzz_image_525213143 object| cnzz_image_204809984 function| UtSystem function| UtDebug function| LDTransform function| LDGL function| Live2D function| Live2DModelWebGL function| Live2DModelJS function| Live2DMotion function| MotionQueueManager function| PhysicsHair function| AMotion function| PartsDataID function| DrawDataID function| BaseDataID function| ParamID function| loadlive2d function| setImmediate function| clearImmediate function| APlayer function| _objectSpread function| _defineProperty function| MetingJSElement object| node function| _classCallCheck function| _createClass function| grin function| OwO object| layer object| hljs object| xb object| now function| createtime object| ajaxignore_string object| ajaxignore function| ajaxcheck_do function| ajax object| NProgress object| l2d number| days number| dnum number| hours string| hnum number| minutes string| mnum number| seconds number| snum object| addComment

0 Cookies

13 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js(Line 1)
Message:
Live2D %s 2.1.00_1
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js(Line 1)
Message:
profile : Desktop
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js(Line 1)
Message:
[PROFILE_NAME] = Desktop
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js(Line 1)
Message:
[USE_ADJUST_TRANSLATION] = false
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js(Line 1)
Message:
[USE_CACHED_POLYGON_IMAGE] = false
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.3.6/static/js/live2d.js(Line 1)
Message:
[EXPAND_W] = 2
console-api log URL: https://cdn.jsdelivr.net/npm/aplayer/dist/APlayer.min.js?ver=1.0.1(Line 1)
Message:
%c APlayer v1.10.1 af84efb %c http://aplayer.js.org color: #fadfa3; background: #030307; padding:5px 0; background: #fadfa3; padding:5px 0;
console-api log URL: https://cdn.jsdelivr.net/npm/meting@2/dist/Meting.min.js?ver=1.0.1(Line 1)
Message:
%c MetingJS v2.0.1 %c https://github.com/metowolf/MetingJS color: #fadfa3; background: #030307; padding:5px 0; background: #fadfa3; padding:5px 0;
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/theme.min.js?ver=0.4.0(Line 10)
Message:
%c APlayer v1.10.1 af84efb %c http://aplayer.js.org color: #fadfa3; background: #030307; padding:5px 0; background: #fadfa3; padding:5px 0;
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/kratos.js?ver=0.4.0(Line 388)
Message:
console.clear
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/kratos.js?ver=0.4.0(Line 389)
Message:
项目托管:https://github.com/xb2016/kratos-pjax
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/kratos.js?ver=0.4.0(Line 390)
Message:
%cwww.fczbl.vip font-size:2em
console-api log URL: https://cdn.jsdelivr.net/gh/xb2016/kratos-pjax@0.4.0/static/js/kratos.js?ver=0.4.0(Line 391)
Message:
%c页面加载完毕消耗了8226.01ms background:#fff;color:#333;text-shadow:0 0 2px #eee,0 0 3px #eee,0 0 3px #eee,0 0 2px #eee,0 0 3px #eee;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abandoner.xyz
api.i-meto.com
c.cnzz.com
cdn.jsdelivr.net
cnzz.mmstat.com
google.qht.ink
ia.51.la
js.users.51.la
online.cnzz.com
oss.qht.ink
p3.music.126.net
s96.cnzz.com
www.google-analytics.com
z2.cnzz.com
119.96.207.121
163.171.128.167
183.131.207.66
205.204.101.182
220.242.182.12
2401:b180:2000:20::27
2a00:1450:4001:824::200e
2a04:4e42:3::621
47.103.140.53
47.107.145.182
61.160.199.216
0229352e43cfa07178dc17c688949ac9de0577edf0851417d467415cd7db3502
04234493dbc66254661dbf62ca9d91740088ad7a5b3944a036df16aa9e8585e9
10df459a454bed42e122c5fe5c7e8775980512cd8d60bf20169703fdbac84cd1
13a69d64f968633ef9e84e9404b626e686042aca70d55358631c65c4e508d5b2
21640c3f2384d31eeb3ebd88c0290b72f21fea7d1fe2e10d23a3e7f1a68fa5ed
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5
233fdf81e32d75a680d8be71e9137463c8531ec1abd1be55e0f9f79eff7eac96
26d0e4eccd85a459fb31b72d2f93a59fd298c743f52ea56b762710119bcc51b0
2b04051ca8026f61a2974c74a83870df84fa5b9019bf7e458ae433bd7523d256
3eeeb135a5d976929543e9b31efabbf5ca037c5e0b6e869f85c87865f9b8138e
3f682f2089d0ab2abb66af81306c8cf850bc90e0bf45c9e0bc56a1d94627336f
41b9c3806ecd06b720cf65ab37166ed30c9575f678144f023b0cc0b14f3bd2aa
4b530a137098c0de60e466aa097a852ce5d31e672b95c45224981ef87a550a6e
52df2157435a2c86787300ff5e5cad50a16440de391a26505d19118f40c15a8e
543776cf3b0fc618b9b288f2dc02f9081836073a45eb26a1fa7456dab235d002
7092130e3f1b3ee868bb4973dbd5f69d187b88fdeaa33a0284846fb27dfca1fb
7b215a8b2ac063e79046309349bbf6e7f87c96719d8473bd2415a4ed4a14aaf9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8736b916d3a4ed54b1d4bde838d45d81ba4db6572c740385288b0b78c8eab81b
9034fb3aa0cd14fadced3fb2d95619528408453e382120d0d3107b0a20fd47d1
94e50ffa5f6a2db31368260a2cd74beac05917ef0966b1715e65eb55bcd2823d
99a7144bdcb9e512065f5e0abcd9e6a85bc0bfb1457b594cd441042e261e489b
aea9129dd01e6f61278a5e2fe2ab625b8559dcca8ba090e1a5bb4f303976eaac
b3e49c91b6b6fbac4603b1a78d7656e7fcfd5a9fcb4cdd73a94502ac3763de88
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
baa4101a70dc9912af84ac1ce559b85d3d46436a15eadd54d0d47637db55f814
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3d6b84c5c839cd5d268d96bc28793c956fc0e6a3e20e8937b70ed54326bb59b
e98ec22436a5b6878d824f997ed8020fd8cb8261afe31294a3c9d0d07800c15a