Report - hianime.win/

Report Overview

Visited public
2025-04-26 02:45:42
Tags
URL
hianime.win/
Finishing URL
hianime.win/
IP / ASN
104.21.80.193
#13335 CLOUDFLARENET
Title
HiAnime | Free Anime Streaming Platform

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
experttrafficcounter.com	unknown	2025-01-23	2025-01-24	2025-04-24	439 B	420 B	18.198.132.236
straightforwardaudition.com	unknown	2024-08-19	2025-04-11	2025-04-25	503 B	504 B	172.240.253.132
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-04-23	1.0 kB	211 kB	104.17.24.14
unwillingworking.com	unknown	2025-01-24	2025-02-02	2025-02-02	469 B	668 B	88.85.68.219
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25	2025-04-24	666 B	12 kB	142.250.74.33
unseenreport.com	unknown	2022-03-30	2022-03-30	2025-04-19	762 B	496 B	192.243.59.13
bracemascara.com	unknown	2024-04-04	2025-03-01	2025-03-01	445 B	99 kB	192.243.61.225
hianime.win	unknown	2025-02-25	2025-04-26	2025-04-26	2.5 kB	1.2 MB	188.114.97.1
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2025-04-19	424 B	377 B	185.196.197.72
recordedthereby.com	unknown	2024-05-08	2024-05-08	2025-04-19	410 B	86 kB	185.196.197.72

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-04-26 02:45:22	low	Client IP	216.24.57.252	ET INFO Observed Online Application Hosting Domain (onrender .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-26	medium	bracemascara.com	Sinkholed
2025-04-26	medium	straightforwardaudition.com	Sinkholed
2025-04-25	medium	capaciousdrewreligion.com	Sinkholed
2025-04-25	medium	unseenreport.com	Sinkholed
2025-04-25	medium	recordedthereby.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	hianime.win/assets/index-CDlwJ1IB.js	ScriptElement	1.1 MB	2025-04-26	2025-04-26
Pretty URL hianime.win/assets/index-CDlwJ1IB.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-26 02:45 Last Seen2025-04-26 02:45 Times Seen1 Hash 9f77b27848fb4cc659c4c2a9c6f4ddcb 821406b3ad7c259a867e934d85d38105d3552f65 c7c23957f898ca9b78e27e586b3cd43ff3c506a8faec857ef39a0bb79217d22f Loading...

	bracemascara.com/b4/a0/20/b4a02063dab0793d1300cfb41bd4b615.js	ScriptElement	98 kB	2025-04-26	2025-04-26
Pretty URL bracemascara.com/b4/a0/20/b4a02063dab0793d1300cfb41bd4b615.js IP 192.243.61.225 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-26 02:45 Last Seen2025-04-26 02:45 Times Seen1 Hash 87691240dc80b7076702e0cb6ae895ef 5530f6bc2f2a4a666c4832f68024306cc09d0792 e860839df2c0cab2f1564478a750bf708923ce3faa43c5d0de4d295dfb393b9c Loading...

	hianime.win/	ScriptElement	454 B	2025-04-26	2025-04-26
Pretty URL hianime.win/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-26 02:45 Last Seen2025-04-26 02:45 Times Seen1 Hash 00c412a92acc3cafdaf43d094fec19f2 3c5a57daf8a7ffc5be5782b8ae9ad76e94230d56 887869508718bf44705c3268c3d1e732622929f08e64ace17f70349aa969ac4b Loading...

	hianime.win/	ScriptElement	353 B	2025-04-26	2025-04-26
Pretty URL hianime.win/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-26 02:45 Last Seen2025-04-26 02:45 Times Seen1 Hash 4e6b39c65d5b39af0212f7fe60493929 7c4855f989f1a9beed7f54016383c4a8b86ad0a2 1d4d9cc369c5d73bf9841bdae35553bf7896ed9390d53d9c282cb13a90592cae Loading...

	hianime.win/	ScriptElement	424 B	2025-04-26	2025-04-26
Pretty URL hianime.win/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-26 02:45 Last Seen2025-04-26 02:45 Times Seen1 Hash 8ba60e73a87675813d601f7516457bd8 c31b1670732d2a7998a4f15992dfbb38920d76e7 71f103651efa2d74da0d4d29eb087e0c4560ab19d007ee51709781e7fdee42a2 Loading...

	recordedthereby.com/sfp.js	ScriptElement	85 kB	2025-01-25	2025-06-21
Pretty URL recordedthereby.com/sfp.js IP 185.196.197.72 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2025-01-25 09:25 Last Seen2025-06-21 02:51 Times Seen1956 Hash 108625937affa4b38bb17cea65510d72 2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0 Loading...

HTTP Transactions (15)

URL IP Response Size

GET bracemascara.com/b4/a0/20/b4a02063dab0793d1300cfb41bd4b615.js

192.243.61.225

200 OK

98 kB

URL GET
bracemascara.com/b4/a0/20/b4a02063dab0793d1300cfb41bd4b615.js
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://hianime.win/
Certificate
IssuerLet's Encrypt
Subjectbracemascara.com
FingerprintAD:45:57:F9:D5:40:AB:6E:39:41:08:FF:EA:CA:FC:DB:38:14:E6:CA
ValidityTue, 01 Apr 2025 20:55:55 GMT - Mon, 30 Jun 2025 20:55:54 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
98 kB (97786 bytes)
Hash
87691240dc80b7076702e0cb6ae895ef
5530f6bc2f2a4a666c4832f68024306cc09d0792
e860839df2c0cab2f1564478a750bf708923ce3faa43c5d0de4d295dfb393b9c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /b4/a0/20/b4a02063dab0793d1300cfb41bd4b615.js HTTP/1.1
Host: bracemascara.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 26 Apr 2025 02:45:21 GMT
Content-Type: application/javascript
Content-Length: 31028
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_FEATURES-1773_59=0; expires=Sat, 26 Apr 2025 02:45:21 GMT; secure; SameSite=None
Host: bracemascara.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 0c69e56646cb4d3688122c7001cab456
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET hianime.win/assets/index-CDlwJ1IB.js

188.114.97.1

200 OK

1.1 MB

URL GET
hianime.win/assets/index-CDlwJ1IB.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subjecthianime.win
FingerprintBA:5C:DD:BD:16:9D:F0:56:41:DA:97:8F:2E:BA:FE:B6:8B:86:AA:05
ValidityFri, 25 Apr 2025 04:18:31 GMT - Thu, 24 Jul 2025 05:18:28 GMT

File type
JavaScript source, ASCII text, with very long lines (37534)
Size
1.1 MB (1097675 bytes)
Hash
9f77b27848fb4cc659c4c2a9c6f4ddcb
821406b3ad7c259a867e934d85d38105d3552f65
c7c23957f898ca9b78e27e586b3cd43ff3c506a8faec857ef39a0bb79217d22f

HTTP Headers

GET /assets/index-CDlwJ1IB.js HTTP/1.1
Host: hianime.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Apr 2025 02:45:21 GMT
content-type: application/javascript
cache-control: public, max-age=0, s-maxage=300
content-encoding: br
etag: "9f77b27848fb4cc659c4c2a9c6f4ddcb"
last-modified: Thu, 13 Mar 2025 20:34:49 UTC
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
priority: u=3,i=?0
server: cloudflare
cf-ray: 9362be555c9b56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET straightforwardaudition.com/pixel/purst?dl=0&th=0&sc=0&rs=1175&rd=1175&fd=679&bv=25.4.8000&tmpl=70

172.240.253.132

200 OK

0 B

URL GET
straightforwardaudition.com/pixel/purst?dl=0&th=0&sc=0&rs=1175&rd=1175&fd=679&bv=25.4.8000&tmpl=70
IP
172.240.253.132:443
ASN
#7979 SERVERS-COM

Requested by
https://hianime.win/
Certificate
IssuerLet's Encrypt
Subjectstraightforwardaudition.com
Fingerprint37:79:6E:2B:6D:60:27:B4:CE:CF:C8:79:9F:47:21:CD:A1:1F:02:45
ValiditySun, 20 Apr 2025 23:29:29 GMT - Sat, 19 Jul 2025 23:29:28 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1175&rd=1175&fd=679&bv=25.4.8000&tmpl=70 HTTP/1.1
Host: straightforwardaudition.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 26 Apr 2025 02:45:21 GMT
Content-Length: 0
Connection: keep-alive
Host: straightforwardaudition.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2

104.17.24.14

200 OK

125 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
Web Open Font Format (Version 2), TrueType, length 125064, version 768.67
Size
125 kB (125064 bytes)
Hash
57b380d27f14f16e737bcca7e849cf79
2e4280929d4d76fc0e31601c98f167f14630c209
94e1bbc1c2a41ebc73fa5253fd563256c0035b4d69181e48f9aef9e474a11251

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta3/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hianime.win
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Apr 2025 02:45:21 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 125064
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 9362be59f9f50b4d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "619c057b-1e888"
last-modified: Mon, 22 Nov 2021 21:02:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 620106
expires: Thu, 16 Apr 2026 02:45:21 GMT
accept-ranges: bytes
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0XWM0vPbHG%2B3vIL%2B607KvUz5fidqM%2FxJow9e%2FwAbxzE814VSvR%2FSj9glIlOY6xWH30KEyV0DW8eMnEVa15KiLu26p1vhKZEzlUfI9YKUfYrheeWg%2F7kWx4DrBlKbNRvNAK4G5jTw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET hianime.win/

188.114.97.1

200 OK

7.4 kB

URL User Request GET
hianime.win/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjecthianime.win
FingerprintBA:5C:DD:BD:16:9D:F0:56:41:DA:97:8F:2E:BA:FE:B6:8B:86:AA:05
ValidityFri, 25 Apr 2025 04:18:31 GMT - Thu, 24 Jul 2025 05:18:28 GMT

File type
HTML document, ASCII text, with very long lines (313)
Size
7.4 kB (7384 bytes)
Hash
5fba304ea9f64b770a84b02d29f5bf4b
fe7d38d6dab35a295d3f4e08d1180f8881f362df
f9f10c010e33a4150ccb9014e6491f4b60b1fd2f4426950c1d539b31736cb46c

HTTP Headers

GET / HTTP/1.1
Host: hianime.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Apr 2025 02:45:20 GMT
content-type: text/html; charset=utf-8
content-length: 2591
cache-control: public, max-age=0, s-maxage=300
content-encoding: br
etag: "5fba304ea9f64b770a84b02d29f5bf4b"
last-modified: Thu, 13 Mar 2025 20:34:49 UTC
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 9362be52a89ab4eb-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET unwillingworking.com/cdDE9h6_b.2b5nlqShWtQb9_NTjPEy1_NNzwQ/5DNpiG0m2mMQTLUD3/NJDrk/3J

88.85.68.219

200 OK

0 B

URL GET
unwillingworking.com/cdDE9h6_b.2b5nlqShWtQb9_NTjPEy1_NNzwQ/5DNpiG0m2mMQTLUD3/NJDrk/3J
IP
88.85.68.219:443
ASN
#35415 Webzilla B.V.

Requested by
https://hianime.win/
Certificate
IssuerLet's Encrypt
Subjectunwillingworking.com
FingerprintD0:DA:39:6C:69:18:B7:D6:4F:A3:E5:FC:01:45:8B:16:F4:4A:B3:E6
ValiditySun, 30 Mar 2025 10:10:41 GMT - Sat, 28 Jun 2025 10:10:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdDE9h6_b.2b5nlqShWtQb9_NTjPEy1_NNzwQ/5DNpiG0m2mMQTLUD3/NJDrk/3J HTTP/1.1
Host: unwillingworking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sat, 26 Apr 2025 02:45:21 GMT
content-type: application/javascript
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Content-Type
access-control-allow-origin: *
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimLTi07CuWVmsy1czO93g-Kv8HyfkTPyA5upvA-TiEN-NXJl_7zcrKVzmeP9HlYQ9Dh4aAmIf71hblG9IaaoUuXIzmBPhbxzsSDb77ce1wcLAI2_OKGWhWJoaAQpTyQuxSmqB3ZF3HRX9q5wFd_He5goqweXeNMv_pUwRKGxFzw5inlA2rHveHZutLrKw/s1600/1000121939.png

142.250.74.33

200 OK

12 kB

URL GET
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimLTi07CuWVmsy1czO93g-Kv8HyfkTPyA5upvA-TiEN-NXJl_7zcrKVzmeP9HlYQ9Dh4aAmIf71hblG9IaaoUuXIzmBPhbxzsSDb77ce1wcLAI2_OKGWhWJoaAQpTyQuxSmqB3ZF3HRX9q5wFd_He5goqweXeNMv_pUwRKGxFzw5inlA2rHveHZutLrKw/s1600/1000121939.png
IP
142.250.74.33:443
ASN
#15169 GOOGLE

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
Fingerprint66:19:DE:95:18:3E:90:8D:7D:31:50:9A:E3:F7:2D:9D:D6:7D:A7:F8
ValidityMon, 31 Mar 2025 08:55:39 GMT - Mon, 23 Jun 2025 08:55:38 GMT

File type
PNG image data, 823 x 200, 8-bit/color RGBA, non-interlaced
Size
12 kB (11451 bytes)
Hash
e95e26453cd5a9da44be36e0d45391d9
3b3e628c5cd8c2847153559171bf8d6d8da07380
a570b9948e721cab63846c64cf6e2c626bbc99cd2bfff87d4da9331754e14dc5

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEimLTi07CuWVmsy1czO93g-Kv8HyfkTPyA5upvA-TiEN-NXJl_7zcrKVzmeP9HlYQ9Dh4aAmIf71hblG9IaaoUuXIzmBPhbxzsSDb77ce1wcLAI2_OKGWhWJoaAQpTyQuxSmqB3ZF3HRX9q5wFd_He5goqweXeNMv_pUwRKGxFzw5inlA2rHveHZutLrKw/s1600/1000121939.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/png
vary: Origin
access-control-expose-headers: Content-Length
etag: "v482"
expires: Sun, 27 Apr 2025 02:45:23 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1000121939.png"
x-content-type-options: nosniff
date: Sat, 26 Apr 2025 02:45:23 GMT
server: fife
content-length: 11451
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET capaciousdrewreligion.com/advertisers.js

185.196.197.72

200 OK

0 B

URL GET
capaciousdrewreligion.com/advertisers.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://hianime.win/
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
FingerprintF2:06:B4:93:08:6A:C2:08:91:7D:7A:22:BE:44:FF:74:BE:CC:0C:2E
ValidityMon, 03 Mar 2025 21:07:24 GMT - Sun, 01 Jun 2025 21:07:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 26 Apr 2025 02:45:22 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 2fe4057383bf3526e0d2893b653d2c75
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET unseenreport.com/pxf.gif?uuid=3547fbb2-6461-42e9-ab48-11ead20f3bf8&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=b4a02063dab0793d1300cfb41bd4b615&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2

192.243.59.13

200 OK

0 B

URL GET
unseenreport.com/pxf.gif?uuid=3547fbb2-6461-42e9-ab48-11ead20f3bf8&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=b4a02063dab0793d1300cfb41bd4b615&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2
IP
192.243.59.13:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://hianime.win/
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
FingerprintE0:4C:2E:29:FF:E3:0A:E7:2C:96:4B:AD:13:1B:9D:AB:A0:91:35:A7
ValidityTue, 18 Mar 2025 22:26:47 GMT - Mon, 16 Jun 2025 22:26:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=3547fbb2-6461-42e9-ab48-11ead20f3bf8&eb=56a3745424804a23b12899170f9076de&te=9c9b2bc1fcb866fe34b4078d4dc2b749&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0&dev=e&res=14.3095&b_frame=0&pk=b4a02063dab0793d1300cfb41bd4b615&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=2 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sat, 26 Apr 2025 02:45:24 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Host: unseenreport.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: a0a01571221c736b3a24df2949c8ccac
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET hianime.win/assets/index-BBF0w4n7.css

188.114.97.1

200 OK

66 kB

URL GET
hianime.win/assets/index-BBF0w4n7.css
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subjecthianime.win
FingerprintBA:5C:DD:BD:16:9D:F0:56:41:DA:97:8F:2E:BA:FE:B6:8B:86:AA:05
ValidityFri, 25 Apr 2025 04:18:31 GMT - Thu, 24 Jul 2025 05:18:28 GMT

File type
Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Size
66 kB (65788 bytes)
Hash
32908f0c6b7f76cac3f96e0b32fb82aa
24cde18ea6b506006315eafbf08612e851d20ced
27e1ecc89487bc6638412c474020a7c0fb0ddb0cb8dad67f5a501904735e0074

HTTP Headers

GET /assets/index-BBF0w4n7.css HTTP/1.1
Host: hianime.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 26 Apr 2025 02:45:21 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=0, s-maxage=300
content-encoding: br
etag: "32908f0c6b7f76cac3f96e0b32fb82aa"
last-modified: Thu, 13 Mar 2025 20:34:49 UTC
vary: Accept-Encoding, Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: MISS
priority: u=2,i=?0
server: cloudflare
cf-ray: 9362be555c9c56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET recordedthereby.com/sfp.js

185.196.197.72

200 OK

85 kB

URL GET
recordedthereby.com/sfp.js
IP
185.196.197.72:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://hianime.win/
Certificate
IssuerLet's Encrypt
Subjectrecordedthereby.com
Fingerprint19:45:8B:8A:1B:43:8F:CB:7D:D5:AA:7C:FF:FA:04:93:35:CA:9D:47
ValidityThu, 06 Mar 2025 21:25:47 GMT - Wed, 04 Jun 2025 21:25:46 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
85 kB (85380 bytes)
Hash
108625937affa4b38bb17cea65510d72
2c0f48e9efa3fb5554d1fa393b28d74d5339f9ee
c84263fcf6b091998dd37f5f600b3bfea92ac1d31cbf9631bb87fa411124a9e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: recordedthereby.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Sat, 26 Apr 2025 02:45:21 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 28255
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Vary: Accept-Encoding
Host: recordedthereby.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
X-Request-ID: 6b84668ab822e9e21b6e2b9c7a42f393
Cache-Control: no-cache, max-age=0, private, no-cache
Pragma: no-cache
Strict-Transport-Security: max-age=0; includeSubdomains

GET hianime.win/favicon-16x16.png

188.114.97.1

404 Not Found

10 B

URL GET
hianime.win/favicon-16x16.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subjecthianime.win
FingerprintBA:5C:DD:BD:16:9D:F0:56:41:DA:97:8F:2E:BA:FE:B6:8B:86:AA:05
ValidityFri, 25 Apr 2025 04:18:31 GMT - Thu, 24 Jul 2025 05:18:28 GMT

File type
ASCII text
Size
10 B (10 bytes)
Hash
ef81e41d11c9e7193ddd3d470dbb3eda
0c15d12755a0be84e6403445c427231c274919c6
7515bf959b73b956ceb967351c7e299cbb3668a53d35f9c770eb72e00d93ced6

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: hianime.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=3547fbb2-6461-42e9-ab48-11ead20f3bf8%3A3%3A1; pp_main_b4a02063dab0793d1300cfb41bd4b615=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 26 Apr 2025 02:45:23 GMT
content-type: text/plain; charset=utf-8
content-length: 14
content-encoding: br
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
server: cloudflare
cf-ray: 9362be60286756a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css

104.17.24.14

200 OK

84 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css
IP
104.17.24.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint5D:9B:5B:BE:24:B7:4B:CA:F3:05:47:2F:AB:3F:3C:F7:4E:C3:4D:BC
ValidityMon, 24 Mar 2025 12:00:12 GMT - Sun, 22 Jun 2025 13:00:01 GMT

File type
ASCII text, with very long lines (65311)
Size
84 kB (83981 bytes)
Hash
3d5ef2bf867c4054a2f336cdbad9e1dc
07228d1fa3245ee156a27a353f45758a3207849f
a361e7885c36bacb3fd9cb068da207c3b9329962cac022d06e28923939f575e8

HTTP Headers

GET /ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Apr 2025 02:45:20 GMT
content-type: text/css; charset=utf-8
content-length: 14850
server: cloudflare
strict-transport-security: max-age=15780000
cf-ray: 9362be557d33b515-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "619c057b-3a02"
last-modified: Mon, 22 Nov 2021 21:02:51 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 130088
expires: Thu, 16 Apr 2026 02:45:20 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jj0AM%2B2PZb6FjNZrcXPqJNeIgdExpOdMFOBjSwYZENFbwkgRxAwwYuE4TM7rV13TO1jjOa738333E2KLzwd%2FeFhMgKJEKojE%2BGQvvHF8RplrWQ%2BZ%2BZD3TlR0Qjnv9H2q6jddWFZf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET experttrafficcounter.com/stats

18.198.132.236

200 OK

40 B

URL GET
experttrafficcounter.com/stats
IP
18.198.132.236:443
ASN
#16509 AMAZON-02

Requested by
https://hianime.win/
Certificate
IssuerAmazon
Subjectexperttrafficcounter.com
FingerprintEE:A0:89:D0:CF:A2:E2:EC:50:6D:6C:20:D2:5A:BB:B9:8C:6E:3F:CC
ValidityThu, 23 Jan 2025 00:00:00 GMT - Sat, 21 Feb 2026 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
16429cb6c0e23b1290b38f646cc596bf
75a2e5c2167502d77b86514298145410efc3efec
7543d8c968766a326059d33598f92c00e8d1dbea742add00e0e942a68dfca0bc

HTTP Headers

GET /stats HTTP/1.1
Host: experttrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hianime.win
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 26 Apr 2025 02:45:21 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hianime.win
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3547fbb2-6461-42e9-ab48-11ead20f3bf8:3:1; expires=Tue, 24 Apr 2035 02:45:21 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

GET hianime.win/images/icons-512.png

188.114.97.1

404 Not Found

10 B

URL GET
hianime.win/images/icons-512.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://hianime.win/
Certificate
IssuerGoogle Trust Services
Subjecthianime.win
FingerprintBA:5C:DD:BD:16:9D:F0:56:41:DA:97:8F:2E:BA:FE:B6:8B:86:AA:05
ValidityFri, 25 Apr 2025 04:18:31 GMT - Thu, 24 Jul 2025 05:18:28 GMT

File type
ASCII text
Size
10 B (10 bytes)
Hash
ef81e41d11c9e7193ddd3d470dbb3eda
0c15d12755a0be84e6403445c427231c274919c6
7515bf959b73b956ceb967351c7e299cbb3668a53d35f9c770eb72e00d93ced6

HTTP Headers

GET /images/icons-512.png HTTP/1.1
Host: hianime.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hianime.win/
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=3547fbb2-6461-42e9-ab48-11ead20f3bf8%3A3%3A1; pp_main_b4a02063dab0793d1300cfb41bd4b615=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Sat, 26 Apr 2025 02:45:23 GMT
content-type: text/plain; charset=utf-8
content-length: 14
content-encoding: br
vary: Accept-Encoding
x-content-type-options: nosniff
cf-cache-status: BYPASS
priority: u=6,i=?0
server: cloudflare
cf-ray: 9362be60286656a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (15)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type