diff --git a/docs/2-3-linux.md b/docs/2-3-linux.md
index 3f40753..8a039e5 100644
--- a/docs/2-3-linux.md
+++ b/docs/2-3-linux.md
@@ -6,7 +6,7 @@
 bash <(curl -sS -L https://hfish.io/install.sh)
 ```
 
-[![image-20210616163833456](https://camo.githubusercontent.com/138f103b1cf034b7e493f298b453a43af20628a712f75c80a58d95a3a54b94ee/687474703a2f2f696d672e746872656174626f6f6b2e636e2f68666973682f32303231303631363136333833342e706e67)](https://camo.githubusercontent.com/138f103b1cf034b7e493f298b453a43af20628a712f75c80a58d95a3a54b94ee/687474703a2f2f696d672e746872656174626f6f6b2e636e2f68666973682f32303231303631363136333833342e706e67)
+![image-20210812135013716](http://img.threatbook.cn/hfish/20210812135015.png)
 
 > 安装并运行单机版
 
diff --git a/docs/3-1-node.md b/docs/3-1-node.md
index ab82ef0..0a15e6d 100644
--- a/docs/3-1-node.md
+++ b/docs/3-1-node.md
@@ -64,11 +64,11 @@ sh <(curl -sSL https://hfish.io/autorun.sh)
 
 命令在主机运行后，会在本地生成一份虚假的“账号密码备份文件”。 当该主机被攻陷时，攻击者将被诱导，使用文件中的账号信息进行登录。借此，安全人员发现主机失陷情况。
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210506162347469.png" alt="image-20210506162347469" style="zoom:50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135104.png" alt="image-20210506162347469" style="zoom:50%;" />
 
 
 
-![image-20210506162447618](https://hfish.cn-bj.ufileos.com/images/image-20210506162447618.png)
+![image-20210506162447618](http://img.threatbook.cn/hfish/20210812135114.png)
 
 
 
diff --git a/docs/3-3-tmpl.md b/docs/3-3-tmpl.md
index d1e8c37..7ae5c69 100644
--- a/docs/3-3-tmpl.md
+++ b/docs/3-3-tmpl.md
@@ -8,5 +8,5 @@
 
 针对Web应用仿真、网络设备服务、安全设备服务以及IOT服务，可以根据自身业务场景和网络情况，选择其具体的传输协议（HTTP或者HTTPS），从而让蜜罐更符合当前网络结构，更好吸引攻击者视线。
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210506155628363.png" alt="image-20210506155628363" style="zoom:50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135158.png" alt="image-20210506155628363" style="zoom:50%;" />
 
diff --git a/docs/5-1-source.md b/docs/5-1-source.md
index 06b8071..25f1c17 100644
--- a/docs/5-1-source.md
+++ b/docs/5-1-source.md
@@ -6,6 +6,4 @@
 
 
 
-![image-20210506150145273](https://hfish.cn-bj.ufileos.com/images/image-20210506150145273.png)
-
-### 
+![image-20210506150145273](http://img.threatbook.cn/hfish/20210812135238.png)
diff --git a/docs/5-2-asset.md b/docs/5-2-asset.md
index 584a8ad..57c6055 100644
--- a/docs/5-2-asset.md
+++ b/docs/5-2-asset.md
@@ -2,22 +2,20 @@
 
 > 用户名密码页面收集了所有被用来攻击的账号密码，可以对企业账号资产有效监控
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210506152344041.png" alt="image-20210506152344041" style="zoom:50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135309.png" alt="image-20210506152344041" style="zoom:50%;" />
 
 > 为辅助企业进行内部账号监控，设定高级监测策略，建议输入企业的邮箱、员工姓名、企业名称等信息进行监控，从而随时监控泄漏情况
 
 1.点击界面右上角查看高级监测策略
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210401150526485.png" alt="image-20210401150526485" style="zoom: 50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135318.png" alt="image-20210401150526485" style="zoom: 50%;" />
 
 2.按照规则要求，导入csv文件。
 
 **注意！务必按照提示规则进行写入**
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210506153037454.png" alt="image-20210506153037454" style="zoom:33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135326.png" alt="image-20210506153037454" style="zoom:33%;" />
 
 3.页面可查看到所有匹配高级监测策略的数据，从而帮助运维人员精准排查泄漏账号，实现企业账号资产安全防护。
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210506153041469.png" alt="image-20210506153041469" style="zoom:50%;" />
-
-### 
+<img src="http://img.threatbook.cn/hfish/20210812135333.png" alt="image-20210506153041469" style="zoom:50%;" />
diff --git a/docs/6-2-1dingtalk.md b/docs/6-2-1dingtalk.md
index 717234f..8eec9ed 100644
--- a/docs/6-2-1dingtalk.md
+++ b/docs/6-2-1dingtalk.md
@@ -4,14 +4,13 @@
 
 1. ###### 进入钉钉群，点击设置选，选择添加群助手
 
-
 <img src="http://img.threatbook.cn/hfish/image-20210803203953937.png" alt="image-20210803203953937" style="zoom: 50%;" />
 
 2. ###### 选择自定义机器人
 
 <img src="http://img.threatbook.cn/hfish/image-20210803204029159.png" alt="image-20210803204029159" style="zoom:50%;" />
 
-###### 3.确认添加
+3.确认添加
 
 <img src="http://img.threatbook.cn/hfish/1301627983256_.pic_hd.jpg" alt="1301627983256_.pic_hd" style="zoom:33%;" />
 
diff --git a/docs/6-3-alarm.md b/docs/6-3-alarm.md
index 2e1155f..486cd16 100644
--- a/docs/6-3-alarm.md
+++ b/docs/6-3-alarm.md
@@ -4,13 +4,13 @@
 
 > 添加一个新的策略
 
-![image-20210209202316155](https://hfish.cn-bj.ufileos.com/images/image-20210209202316155.png)
+![image-20210209202316155](http://img.threatbook.cn/hfish/20210812135455.png)
 
 
 
 > 对策略进行配置
 
-![image-20210209202737224](https://hfish.cn-bj.ufileos.com/images/image-20210209202737224.png)
+![image-20210209202737224](http://img.threatbook.cn/hfish/20210812135501.png)
 
 
 
diff --git a/docs/8-1-demo.md b/docs/8-1-demo.md
index 300cdcf..99bff0f 100644
--- a/docs/8-1-demo.md
+++ b/docs/8-1-demo.md
@@ -4,11 +4,11 @@
 
 >  在终端里，尝试连接蜜罐的ssh端口，会显示“Permission denied, please try again.”
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113406672.png" alt="image-20210319113406672" style="zoom: 50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135541.png" alt="image-20210319113406672" style="zoom: 50%;" />
 
 > 这时攻击列表会记录下所有测试过的用户名和密码
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113330040.png" alt="image-20210319113330040" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135551.png" alt="image-20210319113330040" style="zoom: 33%;" />
 
 
 
@@ -16,7 +16,7 @@
 
 > 用FTP终端尝试连接FTP蜜罐端口，会在攻击列表中出现FTP蜜罐报警
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113309227.png" alt="image-20210319113309227" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135559.png" alt="image-20210319113309227" style="zoom: 33%;" />
 
 
 
@@ -24,11 +24,11 @@
 
 > HTTP蜜罐为http代理蜜罐，利用http代理工具连接蜜罐端口
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113242516.png" alt="image-20210319113242516" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135608.png" alt="image-20210319113242516" style="zoom: 33%;" />
 
 > 攻击列表中的显示信息如下
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113211933.png" alt="image-20210319113211933" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135616.png" alt="image-20210319113211933" style="zoom: 33%;" />
 
 
 
@@ -36,11 +36,11 @@
 
 > 利用TELNET应用连接蜜罐端口
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113132880.png" alt="image-20210319113132880" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135624.png" alt="image-20210319113132880" style="zoom: 33%;" />
 
 > 攻击列表中显示信息如下
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319113101608.png" alt="image-20210319113101608" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135634.png" alt="image-20210319113101608" style="zoom: 33%;" />
 
 
 
@@ -48,7 +48,7 @@
 
 > 用MYSQL工具连接蜜罐对应端口，可输入指令。
 
-<img src="http://img.threatbook.cn/hfish/1521628589153_.pic_hd.jpg" alt="1521628589153_.pic_hd" style="zoom:50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135642.jpg" alt="1521628589153_.pic_hd" style="zoom:50%;" />
 
 
 
@@ -61,21 +61,18 @@
 ### WEB蜜罐
 
 > WEB蜜罐用浏览器访问相应的端口，并尝试输入【用户名】和【密码】后
->
 
 <img src="http://img.threatbook.cn/hfish/image-20210810203232153.png" alt="image-20210810203232153" style="zoom:50%;" />
 
 > 会提示用户名和密码错误
->
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319112522399.png" alt="image-20210319112522399" style="zoom:50%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135706.png" alt="image-20210319112522399" style="zoom:50%;" />
 
 
 
 > 服务端后台会获取攻击者用于尝试的用户名和密码
->
 
-<img src="https://hfish.cn-bj.ufileos.com/images/image-20210319112739513.png" alt="image-20210319112739513" style="zoom: 33%;" />
+<img src="http://img.threatbook.cn/hfish/20210812135717.png" alt="image-20210319112739513" style="zoom: 33%;" />
 
 
 
diff --git a/docs/8-2-debug.md b/docs/8-2-debug.md
index 25383cc..7c92cb6 100644
--- a/docs/8-2-debug.md
+++ b/docs/8-2-debug.md
@@ -2,7 +2,7 @@
 
 > 节点状态为红色离线，蜜罐服务却是绿色启用？
 
-![](https://hfish.cn-bj.ufileos.com/images/WechatIMG3065.jpg)
+![](http://img.threatbook.cn/hfish/20210812135754.jpg)