Report - hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/

Report Overview

Submitted URL
hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/
IP
104.21.35.183
ASN
#13335 CLOUDFLARENET
Submitted
2022-08-30 21:57:13
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-06T05:09:03Z	978 B	2.7 kB	23.36.77.32
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-06T05:09:12Z	594 B	127 B	34.213.33.47
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-06T05:09:34Z	758 B	2.7 kB	143.204.55.115
cdn.discordapp.com	2474	2015-08-24T15:06:21Z	2023-03-06T05:13:30Z	438 B	3.8 kB	162.159.130.233
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-06T06:00:56Z	329 B	737 B	93.184.220.29
s3t3d2y8.afcdn.net	unknown	2022-08-09T00:22:56Z	2023-03-06T19:40:16Z	1.8 kB	189 kB	185.76.9.22
limurol.com	unknown	2022-07-12T15:53:17Z	2023-03-06T20:04:24Z	3.0 kB	2.9 kB	62.122.171.6
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-06T05:09:43Z	321 B	229 B	34.117.237.239
a.realsrv.com	10080	2019-07-03T18:12:14Z	2023-03-06T05:26:41Z	347 B	24 kB	205.185.216.42
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-06T06:50:28Z	367 B	74 kB	142.250.74.72
region1.google-analytics.com	unknown	2022-03-17T12:26:33Z	2023-03-06T05:09:21Z	845 B	558 B	216.239.32.36
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-06T05:09:35Z	3.2 kB	60 kB	34.120.237.76
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-06T05:10:30Z	401 B	5.8 kB	143.204.55.49
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-06T05:10:42Z	1.3 kB	2.8 kB	142.250.74.3
syndication.realsrv.com	9112	2019-07-03T23:39:52Z	2023-03-06T18:31:03Z	3.0 kB	14 kB	95.211.229.246
agle21xe2anfddirite.com	unknown			1.4 kB	2.8 kB	62.122.171.6
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-06T08:54:25Z	399 B	746 B	142.250.74.10
hentaiz.org	404555			830 B	1.7 kB	104.21.35.183

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-08-30	medium	agle21xe2anfddirite.com	Sinkholed
2022-08-30	medium	limurol.com	Sinkholed
2022-08-30	medium	limurol.com	Sinkholed
2022-08-30	medium	limurol.com	Sinkholed
2022-08-30	medium	agle21xe2anfddirite.com	Sinkholed
2022-08-30	medium	agle21xe2anfddirite.com	Sinkholed

JavaScript (19)

	URL	Size	First Seen	Last Seen
	hentaiz.org/templates/Core/js/filter-xf.js	68 kB	2023-03-07	2024-01-08
Pretty URL hentaiz.org/templates/Core/js/filter-xf.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2024-01-08 00:29:28 Times Seen4 Hash 369fdf04b0fbda9ebe1507fdfb0102ab ee002aac699c23b8787ab105f4680d97edc0ba08 e271192536fecf907e72de9244298c08dd3dc9f256fb4b06df496b839b2ad65b Loading...

	hentaiz.org/engine/classes/min/index.php?g=general&v=735f0	86 kB	2023-03-07	2024-04-24
Pretty URL hentaiz.org/engine/classes/min/index.php?g=general&v=735f0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-24 21:12:53 Times Seen383701 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	a.realsrv.com/ad-provider.js	73 kB	2023-03-07	2023-03-17
Pretty URL a.realsrv.com/ad-provider.js IP 205.185.216.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:26 Last Seen2023-03-17 10:42:14 Times Seen1 Hash ad66969662286b02e73317052e1fa9ba 4b8742770a4d1fdfd0603a54e5ad83015d800747 587ce856334d31c325c147f1da1a98748e6896c58acbb96cb007765ad8c2cc8e Loading...

	hentaiz.org/cdn-cgi/apps/body/tKia1TKWvmBNCkuK--1ZSx-3LUo.js	3.7 kB	2023-03-07	2023-04-02
Pretty URL hentaiz.org/cdn-cgi/apps/body/tKia1TKWvmBNCkuK--1ZSx-3LUo.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-04-02 21:14:34 Times Seen2 Hash a370ac561e8b2322128ffff4f2213ea7 12b631a5b47f53006b4b213c870865e84930a9c5 f163edabdccc15605254bee99d05644882f9a58bdab41e3b6e7341a521fe7573 Loading...

	a.realsrv.com/fp-interstitial.js	29 kB	2023-03-07	2023-03-17
Pretty URL a.realsrv.com/fp-interstitial.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:07 Last Seen2023-03-17 12:41:06 Times Seen1 Hash 6f73e2d5d59dfa2f768fec7def9163a7 c8235d0460f36838d9faddcb21d6e5224c4563be 734be13de1318175142b0cf78140bc166e4a78c09fe64ca9dc7c6944cac305bb Loading...

	hentaiz.org/engine/classes/min/index.php?f=engine/classes/js/jqueryui.js,engine/classes/js/dle_js.js&v=735f0	134 kB	2023-03-07	2023-11-13
Pretty URL hentaiz.org/engine/classes/min/index.php?f=engine/classes/js/jqueryui.js,engine/classes/js/dle_js.js&v=735f0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-11-13 03:01:16 Times Seen3 Hash ad532823d6bd24cbb28e9370eb571153 b3dc87802e61ee48d95a509eb3b4292cf69e6537 d83c7a7f9725c280171142d03e6e984418e51ac65b97f3ba15b688bfbd3b48c6 Loading...

	agle21xe2anfddirite.com/aas/r45d/vki/1892942/d91a02e0.js	77 kB	2023-03-07	2023-03-07
Pretty URL agle21xe2anfddirite.com/aas/r45d/vki/1892942/d91a02e0.js IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash df61b537dffa07895db4f996346a9a46 c9fcb07b0265a035b1578accaaefb8cb591e5e38 e1bb7f7f72b5dfd46cb6a1925cd43a9359cc9818eaa264307763a83fe5219a22 Loading...

	hentaiz.org/cdn-cgi/apps/head/7zFS3_yZmWeEyFGnGGB1BvkUl7M.js	4.7 kB	2023-03-07	2023-04-02
Pretty URL hentaiz.org/cdn-cgi/apps/head/7zFS3_yZmWeEyFGnGGB1BvkUl7M.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-04-02 21:14:34 Times Seen2 Hash e19ee44ba109b22b6198fde5fae401b3 01870141f3364845685bac73823348cde723f9b7 ed0c06be5ac18a640be3fef976b9f91320417098f99b34e177cc6d7d5f13f226 Loading...

	syndication.realsrv.com/splash.php?idzone=4704974	9.0 kB	2023-03-07	2023-03-07
Pretty URL syndication.realsrv.com/splash.php?idzone=4704974 IP 95.211.229.246 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash dca5c0647791e527bf17cb36cc6ae4e0 bbbf62df16a3873feae3e125b54fcb058a9f0531 ee7f2dc83191f90dbf5be4d7865d8589c8bb4d39424ad953a012bb7cffbb1388 Loading...

	hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/	2.4 kB	2023-03-07	2023-03-07
Pretty URL hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/ IP 104.21.35.183 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash 90d3b4599ef505ed9ac9b9ac31807323 2a96b67305edec491743100f316fb4ee71d6a3de 1bd709554fd23076146067bf4ae64530d3b5a7cbf67efc2f130aeb7d471eb192 Loading...

	hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/	1.2 kB	2023-03-07	2023-03-07
Pretty URL hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/ IP 104.21.35.183 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash fbfbb7fc852c37c238a6b32c94b7416f aa0784ffc23f9c6d4c8668b0d30eb75c274e52f8 987c4716b8438997bd6f9bbdea89cbb1b3e2b7ce36d996eef0aa4665cefc5331 Loading...

	www.googletagmanager.com/gtag/js?id=G-NPVPT881WG	206 kB	2023-03-07	2023-03-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-NPVPT881WG IP 142.250.74.72 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash cb53c794275990a3f909785849457406 e3fddaeacf5e6102937fee18e8d592cc9f1e3740 2bd1af056ee16751ae304e97363f48075d2a0e0b920bdffde386db71a46261ba Loading...

	hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/	59 B	2023-03-07	2024-04-24
Pretty URL hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/ IP 104.21.35.183 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:10 Last Seen2024-04-24 12:59:23 Times Seen3620 Hash de7507ad26c6c904109c87dd5dfac288 952cae1ce6ce1e74b010b31b4357424c12a5960c 09f81a5c463b570b389ce0b118a29bf489353d0ae7d47eefee9b9e7b703e0e02 Loading...

	agle21xe2anfddirite.com/get/1892942?zoneid=1892942&jp=_clwyyqej60bsua5bskfm2w&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&cid=8553163357268662&sp=0	3.1 kB	2023-03-07	2023-03-07
Pretty URL agle21xe2anfddirite.com/get/1892942?zoneid=1892942&jp=_clwyyqej60bsua5bskfm2w&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&cid=8553163357268662&sp=0 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash 87ab8dc44fdc9c52ee1dbaba809c247c e148813636805018da3d0bbd1354c105037cba29 841e9c07609dd8c219e3517de498ea7f06e0c8dc9d6b9e55d4b3b4d89fd477d6 Loading...

	limurol.com/ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24	7 B	2023-03-07	2024-04-17
Pretty URL limurol.com/ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 IP 62.122.171.6 ASN #50245 Serverel Inc. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:23 Last Seen2024-04-17 16:44:22 Times Seen16320 Hash a97eb6fbe6f13b601d5d48c0eba8baae 736efb938caf3d0edec406932ada889f1a4f2268 a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821 Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 21:13:27 Times Seen37047632 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	hentaiz.org/templates/Core/js/lib.js	113 kB	2023-03-07	2023-03-07
Pretty URL hentaiz.org/templates/Core/js/lib.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash d4100b7ccf90eafaed55dff023a13a2d 35eacf91831f73d8f7c79bf4cec0a05f218d91aa 916292e8a5057e18d9f82748b64252aa9d5cc6885cd3264fc339f3fc918e1b74 Loading...

		Size	First Seen	Last Seen
	#1 Write - 4b378fd3302897bd2bc3d6eb3f6f96b7	855 B	2023-03-07	2023-04-20
Pretty Observations First Seen2023-03-07 01:06:30 Last Seen2023-04-20 00:30:19 Times Seen19 Hash 4b378fd3302897bd2bc3d6eb3f6f96b7 f421f40c41711caf624a78c17e66eaa3378be1fc 34ae3320460c91ac9758c69afb01d127dce59184f5592632f6e5be64f94c753f Loading...

	#2 Write - dabf7bafb468236e5d39b4492a395f15	3.2 kB	2023-03-07	2023-03-07
Pretty Observations First Seen2023-03-07 01:24:37 Last Seen2023-03-07 01:24:37 Times Seen1 Hash dabf7bafb468236e5d39b4492a395f15 73d426eb171ac7ddbc79117131d5a2555ae37f78 a8be3033d5d831db92b179bf54d20104ce21f45d647aa22ac25814a0e7d575d9 Loading...

HTTP Transactions (41)

URL IP Response Size

hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/

104.21.35.183

301 Moved Permanently

0 B

URL HTTP/1.1
hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/
IP
104.21.35.183:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /xfsearch/2022%20%D0%B3%D0%BE%D0%B4/ HTTP/1.1
Host: hentaiz.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Tue, 30 Aug 2022 21:56:44 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 30 Aug 2022 22:56:44 GMT
Location: https://hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M%2BRZUlYJOU0K8ayBStEKsXcsdU0D4FHQm%2F6EuiQHA5c9%2BkKgiMw9BXBSXYrRsfN9cBG7qsFbGYLEkMA7IjRNhGw0fy9RYFNJ5GLOIL8Le5bd92Ul9%2FwEIj9n961AFg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7430c7303b38b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

firefox.settings.services.mozilla.com/v1/

143.204.55.115

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 30 Aug 2022 21:19:21 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ksV00hfbraYfmAM2MIxEG9kLAMDS-vWjg3QHT17E0nVgGSLaLyWfNg==
Age: 2243

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
517693963cc46e7a35a054296d0edfd5
11dfcd7e118e5f8d31e664e56ac29c57f973b8b3
ece269e8b9be8a5839d75c1343823d68b96930c593c2e3e8d522999176ee3149

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ECE269E8B9BE8A5839D75C1343823D68B96930C593C2E3E8D522999176EE3149"
Last-Modified: Mon, 29 Aug 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2474
Expires: Tue, 30 Aug 2022 22:37:58 GMT
Date: Tue, 30 Aug 2022 21:56:44 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Mon, 29 Aug 2022 22:35:59 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Vs19E86aygdXhrqbGHIWK0OWPqzuH7xM6Zy5rxRsrJe78ms9cWzvfA==
age: 84046
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:44 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

a.realsrv.com/ad-provider.js

205.185.216.42

200 OK

24 kB

URL HTTP/1.1
a.realsrv.com/ad-provider.js
IP
205.185.216.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (65536), with no line terminators
Size
24 kB (23721 bytes)
Hash
93847b4fcf5aa0b6bda249d90c522139
77da55ffcb95f1b793b48c656aa24a0f765c6fd4
6f1b4c8323258030e79776838a788c52b1b2f845f4436078ef31a49831d78f47

HTTP Headers

GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Tue, 30 Aug 2022 21:56:44 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23721
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"4b8742770a4d1fdfd0603a54e5a"
X-HW: 1661896604.dop231.sk1.t,1661896604.cds258.sk1.shn,1661896604.dop231.sk1.t,1661896604.cds207.sk1.c
Access-Control-Allow-Origin: *, *

cdn.discordapp.com/attachments/711905473846050847/759068066616574032/discord_soc.png

162.159.130.233

200 OK

2.5 kB

URL HTTP/2
cdn.discordapp.com/attachments/711905473846050847/759068066616574032/discord_soc.png
IP
162.159.130.233:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 311 x 74, 8-bit colormap, non-interlaced\012- data
Size
2.5 kB (2487 bytes)
Hash
8fc7d2c0d6d087c2672761f3f9b351b6
6c9e9e2eb31ba774c413721e4e81a87713a7d6d8
a184aefdfce374cabdb90b48923b8187696b577a02e132c30aa30ae2bf0b142d

HTTP Headers

GET /attachments/711905473846050847/759068066616574032/discord_soc.png HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 21:56:44 GMT
content-type: image/png
content-length: 2487
cf-ray: 7430c734bd10b4f4-OSL
accept-ranges: bytes
age: 344300
cache-control: public, max-age=31536000
etag: "8fc7d2c0d6d087c2672761f3f9b351b6"
expires: Wed, 30 Aug 2023 21:56:44 GMT
last-modified: Fri, 25 Sep 2020 15:05:29 GMT
vary: Accept-Encoding
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-goog-generation: 1601046329911276
x-goog-hash: crc32c=rKT95g==, md5=j8fSwNbQh8JnJ2Hz+bNRtg==
x-goog-metageneration: 2
x-goog-storage-class: NEARLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2487
x-guploader-uploadid: ABg5-UzH9ukC20pAv-exqDZ0_4ZFvNQNI6g93SvDiM-vb0WETKOpr_3Izimhl_UHHTV86iZ3GcapwikyUpxtkvlVNKk
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4oFLc9kes7JiWFnooG8KIP488fTj9K1nsAQlNLt4WQcTilLWliHo%2FYFz852r4nhw1vzS0Sc9TI1COqb7jd3pzuHSlwfzryu2UrIyamqFEHKycfHgCn%2BGDaMFFn7%2B75ZHJnkfPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fe244465a99d48f257a3dda7ab28c6b8
69c89374520ca54adda7fd15ccb069def5fb3663
8f9938ffef09d02563d617ac9ff1ce97b05c5bf52b64f6724b9f19a5e90965f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 30 Aug 2022 21:56:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
fe244465a99d48f257a3dda7ab28c6b8
69c89374520ca54adda7fd15ccb069def5fb3663
8f9938ffef09d02563d617ac9ff1ce97b05c5bf52b64f6724b9f19a5e90965f9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 30 Aug 2022 21:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

syndication.realsrv.com/splash.php?idzone=4704974

95.211.229.246

200 OK

3.6 kB

URL HTTP/1.1
syndication.realsrv.com/splash.php?idzone=4704974
IP
95.211.229.246:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document, ASCII text, with very long lines (3226)
Size
3.6 kB (3628 bytes)
Hash
09c508cbf71f4ec65bce1a911057b1e9
86a2dd6432ef3747cd8504604cb381beaed2a4c6
851d82fcfe3a1e09705af358c18c93599ca5bb3582fa550304b50c73fac87929

HTTP Headers

GET /splash.php?idzone=4704974 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Aug 2022 21:56:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22630e879ce89270.50646843159434462%22%3B%7D; expires=Thu, 29 Aug 2024 21:56:44 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.115

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.115:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Cache-Control, Pragma, Backoff, Last-Modified, ETag, Expires, Content-Length, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 30 Aug 2022 21:17:12 GMT
Expires: Tue, 30 Aug 2022 21:28:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: B-LLidNMLDS4RMq7DxxhC-KXR-qf8p7UUCVhNYHGh2GM7X55jPBiFw==
Age: 2373

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f67e41cdd7e5f2aa8f93d031979c9109
5f4c0093f9bf8f8e48e0d7f56ed31aba0c6f43f6
608e2b7d208977f18da12165c9eb1539656d7754dc49f3f687736151a4810e06

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4886
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 30 Aug 2022 21:56:45 GMT
Last-Modified: Tue, 30 Aug 2022 20:35:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0982b9e784a0a990d6318c92e33860a1
764377c393017e86d98a696da455509cba1806ac
27a19ec4ca0a052faface8ad45dca4d9a4a739c658d10f0e693aea065bdc607f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 30 Aug 2022 21:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtag/js?id=G-NPVPT881WG

142.250.74.72

200 OK

74 kB

URL HTTP/2
www.googletagmanager.com/gtag/js?id=G-NPVPT881WG
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (14270)
Size
74 kB (73596 bytes)
Hash
d86ae618c7296c6b12c4aba438b24369
664476291685c3df84a2fda6a4134c0a22ecd4dd
4db171032cbd60ac20d09c676ed5fbe0e288155cc85defb99e996e4fafc85e7b

HTTP Headers

GET /gtag/js?id=G-NPVPT881WG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 30 Aug 2022 21:56:45 GMT
expires: Tue, 30 Aug 2022 21:56:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 73596
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0982b9e784a0a990d6318c92e33860a1
764377c393017e86d98a696da455509cba1806ac
27a19ec4ca0a052faface8ad45dca4d9a4a739c658d10f0e693aea065bdc607f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 30 Aug 2022 21:56:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

syndication.realsrv.com/v1/api.php

95.211.229.246

200 OK

1.0 kB

URL HTTP/1.1
syndication.realsrv.com/v1/api.php
IP
95.211.229.246:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JSON data\012- , ASCII text, with very long lines (1376), with no line terminators
Size
1.0 kB (1017 bytes)
Hash
969d90f888958c1d1e6005c0f0c4b522
6342070de92d8bd626b038a3ca1dad7bd4e5e37c
c5526f617c801f03a60c3d07ffe60b89ee6cf59d9b1e1799558f7a2f43dd85ea

HTTP Headers

POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 271
Origin: https://hentaiz.org
Connection: keep-alive
Referer: https://hentaiz.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22630e879ce89270.50646843159434462%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Aug 2022 21:56:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaiz.org
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

syndication.realsrv.com/cimp.php?t=imp&data=H4sIAAAAAAAAA1VOy04DQQz7FX6gIyeTxwxnuIJU1A/YpbvABSTEoUL+eGZbtRLxIbZiOVao7tB2FXeS9x735uxSOoppETc+Pe9pwvfl82f6+C1f3280DXhn9m4Bdu+tBy1hPY29D9rSM5hulh5GcVZiQL2abaxAEOGKkGpahxc8vDzw8bCnFMD0uoIVOKmDcu5CA0cicdoCJ9V1ymVejq/IavNa67wCbUaPlpKb8V93XFAQ46RXySpWdXzbyU0Yx4DnM3lzXhDn4EZrW6/ZgaXmUaaQJaxXUV9F2nFKM5/jD6epY+llAQAA&d=inst

95.211.229.246

200 OK

20 B

URL HTTP/1.1
syndication.realsrv.com/cimp.php?t=imp&data=H4sIAAAAAAAAA1VOy04DQQz7FX6gIyeTxwxnuIJU1A/YpbvABSTEoUL+eGZbtRLxIbZiOVao7tB2FXeS9x735uxSOoppETc+Pe9pwvfl82f6+C1f3280DXhn9m4Bdu+tBy1hPY29D9rSM5hulh5GcVZiQL2abaxAEOGKkGpahxc8vDzw8bCnFMD0uoIVOKmDcu5CA0cicdoCJ9V1ymVejq/IavNa67wCbUaPlpKb8V93XFAQ46RXySpWdXzbyU0Yx4DnM3lzXhDn4EZrW6/ZgaXmUaaQJaxXUV9F2nFKM5/jD6epY+llAQAA&d=inst
IP
95.211.229.246:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=imp&data=H4sIAAAAAAAAA1VOy04DQQz7FX6gIyeTxwxnuIJU1A/YpbvABSTEoUL+eGZbtRLxIbZiOVao7tB2FXeS9x735uxSOoppETc+Pe9pwvfl82f6+C1f3280DXhn9m4Bdu+tBy1hPY29D9rSM5hulh5GcVZiQL2abaxAEOGKkGpahxc8vDzw8bCnFMD0uoIVOKmDcu5CA0cicdoCJ9V1ymVejq/IavNa67wCbUaPlpKb8V93XFAQ46RXySpWdXzbyU0Yx4DnM3lzXhDn4EZrW6/ZgaXmUaaQJaxXUV9F2nFKM5/jD6epY+llAQAA&d=inst HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaiz.org
Connection: keep-alive
Referer: https://hentaiz.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22630e879ce89270.50646843159434462%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Aug 2022 21:56:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaiz.org
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=mxmssbsanxgxaraaxosbageicxbmsboenxgxaaxboerxageialeblerenxgxarmeomobrgeimxmbasacnxgxaraaoasaageicxbmsbcenxgxaaxblcbacgeialeblecenxgxaralsbsaxgeimxmbasmbnxgxaraaolroageioslmrxbrnxgxaaxbbrelcgeicxbmsbocnxgxaaxblesccgeimsclxcabnxgxaramcssbcgeicxbmsbxcnxgxaaxblexlxgeialbserxenxgxaaxbsccmxgeioslmrxlrnxgxaaxcaoormgeimscamxrbnxgxaramxrbclgeimsclxreenxgxaramcssbcgeimxmssbrenxgxaramcsmccgeicraxcrebnxgxarmcrsxcxgeislsarosxnxgxaaxblexlxgeicmexsleonxgxarabcxolegeioslmrxbmnxgxaaxblesccgeirsxcecsenxgxarabbcraxgeialbserebnxgxaaxbxlaaogeioslmroemnxgxaaxbsaslsgeicmexsblcnxgxarmrcmolageiaaoboxbonxgxaralmcosrgeiamxmbxbonxgxaralsbsolgeimscamxccnxgxaralsbsaxgeiaaoabboonxgxarmeomobrgeislsaroornxgxaaxollooxgeimooxbxeanxgxarmescrbbgeirsxcecsbnxgxarmelblebgeicmexslxcnxgxarmcbccrbgeicraxcrocnxgxarmsoerxxgeicraxcclanxgxarmxmcmmcgeicmexslecnxgxarmsembabgeicraxcreanxgxarmaarabageirsxcecccnxgxarmoocmexgeicraxcrxanxgxarmarlrxmgeialbserxonxgxaaxxcmeaegeimcelelronxgxarbsrmlaageirsxcecxanxgxarbccmbcsgeirbabxabbnxgxaaxobsolageicmeecrxcnxgxarmbexrmogeicmeecclonxgxarmorasemgeialbsereanxgxaaxsosbblgeicmexslxonxgxarmcxcaregeicaxsscmbnxgxaaxbsccmxgeicmeexcaenxgxarmcxsxcageimcelelrcnxgxarmcxsxcageimcelelcenxgxarmcxsxcageimcoexclonxgxarmcxsxcageialbserecnxgxaaecsrerrgeicmeeccbcnxgxarmcarxemgeicmexsblenxgxarmarlrxmgeimcoexaabnxgxaaeosmmecgeimcoexasbnxgxaaeosmmecgeicmeecrecnxgxarmrxsamageicraxcroonxgxarmrasloageicmexrxxonxgxarmaarabageimcoexaxonxgxarbblarblgeicaormbbenxgxarlexsrrageimcebllronxgxarmarlrxmgeirbabxalenxgxarmabbsmmgeicraxcroenxgxarmbexrmogeirsxcecsonxgxarmbrrcsegeimcoexxlonxgxarbsasblxgeimcoexasanxgxaaexxllbrgeiroeaablbnxgxarlrlxmeegeimcoexarenxgxarlcbxlxageimcoexabbnxgxarbxeocasgeimcoexrlonxgxarbblarblgeimooxbelbnxgxarbexxealgeirsxcecebnxgxarbsasblxgeimcoexrlcnxgxarlcbxlxageimcoexaaanxgxarlcbxlxageirsxcecxenxgxarbxxxolxgeiraaoxbbcnxgxarbellsrxgeimcelelcanxgxaaxarbxxegeioslmrxlsnxgxaaxblexlxgeicaormbmanxgxaaxxlcxbmgeicaormlxcnxgxarbobbbbmgeicaormbbanxgxaaeoxexsxgeicaormlxanxgxarbobbbbmgeimcelelranxgxarbsrmlaageimcersrocnxgxarbsasblxgeimcoexaxcnxgxarbcslxbcgeisaeeasslnxgxarlmbxoosgeimcersxbenxgxaaxacacesgeimcersxacnxgxarbroammrgeicaormloenxgxaaeoxexsxgeimcersoeenxgxarbroammrgeimcelelaanxgxarbrboxregeimcelelbenxgxarbrboxregeimcoexaxbnxgxarbmrmscmgeimcoexamenxgxarbblarblgeimcoexabanxgxarbblarblgeimcoexacanxgxarbblarblgeimcoexaoonxgxarblslrsxgeimcclsxbcnxgxaaeosmmecgeimcclsoeonxgxaaxebmmobgeicaormleanxgxaaxxemrecgeimcclsebcnxgxarlexorssgeimcclsxmenxgxaaeoaolesgeimcclossbnxgxaaelalbbbgeimcclsxlenxgxarlesreebgeimcclsxsonxgxaaexxllbrgeimcclsxxcnxgxarlalasssgeimcclsxlanxgxaaemmeambgeimcclsxscnxgxaaxebmmobgeicaormbmbnxgxaaemaolsbgeimcclselcnxgxarleomllegeimccloscenxgxaaersaolbgeimcclsxaanxgxarlesreebgeimcclselanxgxaaebsleobgeimcclsebbnxgxarlcbxlxageicaormbmcnxgxarloeaexageicaormlxonxgxarlmbxoosgeiclsmrrrenxgxarloalasrgeiclsmarcanxgxarloalasrgeiclsmrbronxgxarloalasrgeimcclsxronxgxaaxarbxxegeimcclsxmanxgxaaexxsoasgeimcclossanxgxaaexxllbrgeimcclsxaonxgxaaxarbxxegeimcoexasonxgxarlcbxlxageimcclsxabnxgxarlreooaageimcclosscnxgxaaxxcmeaegeimcclsxlbnxgxaaxbsaslsgeimcclsxbbnxgxarlalasssgeicaormbbonxgxaaeoxexsxgeimcclsxcanxgxaaxxcmeaegeimcclsxmbnxgxaaeebrxsegeimcclsxxonxgxaaxobsolageimcclsxsbnxgxaaxbsaslsgeimcclsxcbnxgxaaexxllbrgeimcclsxmonxgxaaexoembogeimcclsxconxgxaaxbxlaaogeimcclselenxgxaaesmsscageimcclsxmcnxgxaaeosmmecgeimcoexacbnxgxaaeosmmecgeimcclsxbanxgxaaeoaolesgeimcclsebanxgxaaesobbblgeimcclsxxanxgxaaesalmmsgeimcclsxacnxgxaaemaexsegeimcoexcccnxgxaaecebcslgeimcclsxocnxgxaaesmsscageimcclsxbenxgxaaesalmlageimcclsxsenxgxaaeassbmlgeimcclsxrenxgxaaesmsscageimcclosccnxgxaaecexaasgeimcclsxobnxgxaaxmsebbegeimcelelsanxgxaaecebcslgeimcelelmanxgxaaecebcslgeimcclsxlonxgxaaxarbxxegeimcclsxlcnxgxaaxsxrlcsgeimcclosconxgxaaxbxlaaogeimrerbboanxgxaaemsosmogeicaormlxenxgxaaxacacesgeicaormbbcnxgxaaemrobacgeimrscomecnxgxaaxeeaxaegeimcclsxsanxgxaaxebmmobgeimcrxsbobnxgxaaxxxmxebgeimcoexsacnxgxaaxxcmeaegeimrscomeenxgxaaxsbxmrcgeimrcrbrxenxgxaaxrxelsbgeimcersxlbnxgxaaxacacesgeimcelelrenxgxaaxarbxxegeimrerbbsbnxgxaaxmbaarogeimcssmlrensgxaaxbxxloxgxcceimclobeoenxgxaaxbxxlosgxcceimclsaoxbncgxaaxbxsombgxcceimxeoxsbenrgxaaxbxlaaogxcceimxlbmxlcnogxaaxbxlaaogxcceimcoaxmxoncgxaaxbxlaaogxcceimeembeconxgxaaxbxlaaogxcceimcoaxmxcncgxaaxbxlaaogxcceimxlbalsbnogxaaxboeoxmgxcceimxeoclbanxgxaaxboeoxmgxcceimxlbmoscnogxaaxboerxagxcceimrccmraanxgxaaxboerxbgxcceiceecmorsnxgxaaxboerxbgxcceimcorllcanagxaaxboerxbgxcceimrsreamcnsgxaaxbocorxgxcceimrsreamensgxaaxboccbmgxcceimrsreabonsgxaaxboaarrgxcceimrcabexanxgxaaxbomxacgxcceimrsreamanogxaaxbomorbgxcceimrsreabensgxaaxbsesxxgxcceiclclsrmenogxaaxbsxlexgxcceimrxccosenogxaaxbsxlexgxcceimcssmlronsgxaaxbsxlexgxcceimxomsmconxgxaaxbscmasgxcceimrrsoxecnxgxaaxbscbsagxcceimrrsxbxcnxgxaaxbscbsagxcceialaroxrcnxgxaaxbscbrxgxcceimxxerrecnxgxaaxbsaslsgxcceixaoosscrnxgxaaxbcxamrgxcceialrexexbnxgxaaxbcxamrgxcceimrxccoscnxgxaaxbccssmgxcceimexexabbnxgxaaxbccssmgxcceimrsreamonxgxaaxbrrellgxcceiaaxcabaonxgxaaxbrborxgxcceimocolroanogxaaxbacaaagxcceixaoossalnxgxaaxbaasllgxcceimeembesonxgxaaxbaasllgxcceiaaxcamlenrgxaaxbamlebgxcceimxlbalcenogxaaxbamlebgxcceimxlbmxlenxgxaaxbamlebgxcceimxlbmxbbnogxaaxbamlebgxcceimxxrecsanxgxaaxbalrlrgxcceialoxxalenxgxaaxbalrlrgxcceimrcaeesbnrgxaaxbmxoeogxcceimrccmracnrgxaaxbmxoeogxcceimeembecenxgxaaxbmxoeogxcceimeembescnxgxaaxbmxoeogxcceimxlbmosenogxaaxbmxoeogxcceimxlbmoconxgxaaxbmxaslgxcceialbbebsbnxgxaaxbmxaslgxcceimxcbrxscnxgxaaxbmxaslgxcceimrcaoaoanmgxaaxbmrlolgxcceimsacexoonxgxaaxbbeblmgxcceimemlxbocnxgxaaxbbeblmgxcceimcssmlrcnsgxaaxbbeblmgxcceimslxlbocnxgxaaxbbobaagcbeimxlbalscnogxaaxblexlxgxcceixbblrmlanxgxaaxblexlxgxcceimocolrocnxgxaaxblescrgxcceimclobexbnxgxaaxblescrgxcceimxomsmcenxgxaaxblerlrgxcceicmarxbbonxgxaaxblerlagxcceimrxccosbnxgxaaxblxbxlgxcceimocbmmmanxgxaaxbloebbgxcceiallxlmscnxgxaaxblomoogxcceimxxerrxenxgxaaxblcbacgxcceimxlbmxlonxgxaaxblcbacgxcceiaaserllenxgxaaxblcbargxcceicloaecocnxgxaaxblcbargxcceiaaserlmbnxgxaaxblasoegxcce; expires=Wed, 31 Aug 2022 21:56:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Content-Encoding: gzip

s3t3d2y8.afcdn.net/images/close-icon-circle.png

185.76.9.22

200 OK

405 B

URL HTTP/2
s3t3d2y8.afcdn.net/images/close-icon-circle.png
IP
185.76.9.22:0
ASN
#60068 Datacamp Limited

File type
PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Size
405 B (405 bytes)
Hash
bc8bf5d1633e548e9a178bf29be30b7b
bd290b6eabd73d2c95db053620797503e9178484
94f575abdb5c45476f9c2b62bbe06fbfacce9d25e95796ffcd07680bd7c6c0bb

HTTP Headers

GET /images/close-icon-circle.png HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: image/png
content-length: 405
last-modified: Wed, 29 Jun 2022 13:13:10 GMT
etag: "62bc4fe6-195"
expires: Fri, 30 Jun 2023 18:46:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-77-nzt: AblMCRS4sa7/mepPAA
x-77-nzt-ray: P1qsJ4OUM0w
x-cache: HIT
x-age: 5237401
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

agle21xe2anfddirite.com/solid.gif?z=1892942&abvar=18

62.122.171.6

200 OK

43 B

URL HTTP/2
agle21xe2anfddirite.com/solid.gif?z=1892942&abvar=18
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
28e463819a210071de3b45ebe7633613
6dccd571828ec0912629119cf7eabfea9f33ddbc
44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /solid.gif?z=1892942&abvar=18 HTTP/1.1
Host: agle21xe2anfddirite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaiz.org
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: image/gif
content-length: 43
x-route-id: stats.tag.loaded
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

syndication.realsrv.com/splash.php?idzone=4708742&orientation=landscape&screen_resolution=1280x1024&p=https%3A%2F%2Fhentaiz.org%2Fxfsearch%2F2022%2520%25D0%25B3%25D0%25BE%25D0%25B4%2F&cookieconsent=true

95.211.229.246

200 OK

1.1 kB

URL HTTP/1.1
syndication.realsrv.com/splash.php?idzone=4708742&orientation=landscape&screen_resolution=1280x1024&p=https%3A%2F%2Fhentaiz.org%2Fxfsearch%2F2022%2520%25D0%25B3%25D0%25BE%25D0%25B4%2F&cookieconsent=true
IP
95.211.229.246:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JSON data\012- , ASCII text, with very long lines (1497), with no line terminators
Size
1.1 kB (1123 bytes)
Hash
f3c8d4fbfe138dbaf08195b6ffb9b486
6764fb2790ed106bb3a15646e49bc1be35e74ee6
b4133874673b39dba406af8b8cc6ac35e9a9f62e9d5a046b676db59fb16f9944

HTTP Headers

GET /splash.php?idzone=4708742&orientation=landscape&screen_resolution=1280x1024&p=https%3A%2F%2Fhentaiz.org%2Fxfsearch%2F2022%2520%25D0%25B3%25D0%25BE%25D0%25B4%2F&cookieconsent=true HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaiz.org
Connection: keep-alive
Referer: https://hentaiz.org/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22630e879ce89270.50646843159434462%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Aug 2022 21:56:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaiz.org
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22630e879ce89270.50646843159434462%22%3B%7D; expires=Thu, 29 Aug 2024 21:56:45 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-iframe-link%22%3A%22v3%7C%7CNOR%7C4708742%7C75079086%7C0%7C900x1600%7C110%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C630e879ce89270.50646843159434462%7C855b1d30d6fbd05236ceaf11f5e139b5%7C0%7Chentaiz.org%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 31 Aug 2022 21:56:45 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Content-Encoding: gzip

s3t3d2y8.afcdn.net/library/426059/d513159ebac104c37b82c3bb25e708612fa2a412.mp4

185.76.9.22

206 Partial Content

55 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/426059/d513159ebac104c37b82c3bb25e708612fa2a412.mp4
IP
185.76.9.22:0
ASN
#60068 Datacamp Limited

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
55 kB (55369 bytes)
Hash
6ae9467c9c0c6544329334ba9805428a
d513159ebac104c37b82c3bb25e708612fa2a412
099ab460aa2e6708b42651b8c2e8009e8cd150cde0300486617f4dd93fa70272

HTTP Headers

GET /library/426059/d513159ebac104c37b82c3bb25e708612fa2a412.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: video/mp4
content-length: 55369
last-modified: Thu, 25 Aug 2022 16:11:43 GMT
etag: "63079f3f-d849"
expires: Fri, 25 Aug 2023 16:31:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1692981380
server: CDN77-Turbo
x-77-nzt: AblMCRSBzCb/meIGAA
x-77-nzt-ray: 9yKdZrfPQWU
x-cache: HIT
x-age: 451225
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-55368/55369
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.213.33.47

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.213.33.47:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: SShYO6to1xAGX4XFOPmXLw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: zEEeItk4S46zoQqARszBw9/j92I=

s3t3d2y8.afcdn.net/library/426059/d513159ebac104c37b82c3bb25e708612fa2a412.mp4

185.76.9.22

206 Partial Content

55 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/426059/d513159ebac104c37b82c3bb25e708612fa2a412.mp4
IP
185.76.9.22:0
ASN
#60068 Datacamp Limited

File type
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size
55 kB (55369 bytes)
Hash
6ae9467c9c0c6544329334ba9805428a
d513159ebac104c37b82c3bb25e708612fa2a412
099ab460aa2e6708b42651b8c2e8009e8cd150cde0300486617f4dd93fa70272

HTTP Headers

GET /library/426059/d513159ebac104c37b82c3bb25e708612fa2a412.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: video/mp4
content-length: 55369
last-modified: Thu, 25 Aug 2022 16:11:43 GMT
etag: "63079f3f-d849"
expires: Fri, 25 Aug 2023 16:31:06 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1692981380
server: CDN77-Turbo
x-77-nzt: AblMCRT1Jb3/meIGAA
x-77-nzt-ray: X3yS40MPhd8
x-cache: HIT
x-age: 451225
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-55368/55369
X-Firefox-Spdy: h2

s3t3d2y8.afcdn.net/library/802598/dce7142b63f938d80d1b3e1bc9bb2ef05d9417b4.webp

185.76.9.22

200 OK

76 kB

URL HTTP/2
s3t3d2y8.afcdn.net/library/802598/dce7142b63f938d80d1b3e1bc9bb2ef05d9417b4.webp
IP
185.76.9.22:0
ASN
#60068 Datacamp Limited

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 900x1600, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
76 kB (75518 bytes)
Hash
63f833f94561c41bbf32b2d0bf5c8455
dce7142b63f938d80d1b3e1bc9bb2ef05d9417b4
17552969442f963a131fc77fb470ed938c568bcbd1e5c852141f8e1dff40f634

HTTP Headers

GET /library/802598/dce7142b63f938d80d1b3e1bc9bb2ef05d9417b4.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: image/webp
content-length: 75518
last-modified: Fri, 01 Jul 2022 10:14:43 GMT
etag: "62bec913-126fe"
expires: Fri, 04 Aug 2023 11:54:33 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1691228418
server: CDN77-Turbo
x-77-nzt: AblMCRQvE7j/G6IhAA
x-77-nzt-ray: YfktzQflR4U
x-cache: HIT
x-age: 2204187
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA1VPSU7DQBD8Ch/wqNeZ6ZzhClJQHmDHHuCSSMAhoHo8Ywci0XXorVRdLSQyUB2U7rjsPO/MEZyCkkliNzw+7WGM1+X0Ob59p/P7C0wyeaBEWCaER40MK31mgohe1uIlo7hZ8Wxgh4I6xNVsrRIxWfXwGkWUO5dweL7Hw2EPTkRd6DcJlOgiTuDNC4zQFUGXVbC6TzwrzblNM7loPi5jY26+sMbkK/Gfd7oikZe+k78eyqbSzw18aww9CNt6/Pg6HYEb/QrfBCqsru5q6Q8XbpN7WbR1a1LrtGgN1aY5fgCEyxdjawEAAA==

95.211.229.246

200 OK

20 B

URL HTTP/1.1
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA1VPSU7DQBD8Ch/wqNeZ6ZzhClJQHmDHHuCSSMAhoHo8Ywci0XXorVRdLSQyUB2U7rjsPO/MEZyCkkliNzw+7WGM1+X0Ob59p/P7C0wyeaBEWCaER40MK31mgohe1uIlo7hZ8Wxgh4I6xNVsrRIxWfXwGkWUO5dweL7Hw2EPTkRd6DcJlOgiTuDNC4zQFUGXVbC6TzwrzblNM7loPi5jY26+sMbkK/Gfd7oikZe+k78eyqbSzw18aww9CNt6/Pg6HYEb/QrfBCqsru5q6Q8XbpN7WbR1a1LrtGgN1aY5fgCEyxdjawEAAA==
IP
95.211.229.246:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /cimp.php?t=api&data=H4sIAAAAAAAAA1VPSU7DQBD8Ch/wqNeZ6ZzhClJQHmDHHuCSSMAhoHo8Ywci0XXorVRdLSQyUB2U7rjsPO/MEZyCkkliNzw+7WGM1+X0Ob59p/P7C0wyeaBEWCaER40MK31mgohe1uIlo7hZ8Wxgh4I6xNVsrRIxWfXwGkWUO5dweL7Hw2EPTkRd6DcJlOgiTuDNC4zQFUGXVbC6TzwrzblNM7loPi5jY26+sMbkK/Gfd7oikZe+k78eyqbSzw18aww9CNt6/Pg6HYEb/QrfBCqsru5q6Q8XbpN7WbR1a1LrtGgN1aY5fgCEyxdjawEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaiz.org
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Tue, 30 Aug 2022 21:56:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

limurol.com/ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=220830165603d363767c5a43498caf963fde; Path=/; Expires=Wed, 30 Aug 2023 21:56:45 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=22083016566211bcc689f1437dbde8184c16; Path=/; Expires=Wed, 30 Aug 2023 21:56:45 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

62.122.171.6

200 OK

7 B

URL HTTP/2
limurol.com/ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type
ASCII text, with no line terminators
Size
7 B (7 bytes)
Hash
a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /ssp/req/1892942/?pb=4f484f0f21e117ac2f0e5be5c9c5c6941661903805&psp=qwV9Bv2pbXIBqMBLPzQExn7K_-rlBfakmJjRcJCSC_mvY2iEIXOplHmGnFprqny_0DMDvRs2r3Xb2BQ4YeTVNWwAH34yruX5D4N2ttbXsbR50h2H9D_1sNSP7-UnJwv8E3FPCseRVNvQKxgxY8CGGYSF_scau2CzhYVhXzZt0Wr5MTggjgYzzKew32zqEcyjqUTu0qTEEZomiBxmwiNVdViEfrubOG83N58q5YOez7ZvjPuT4WH6eydwIVGGontnPns6l2TIAFQWDuMBGBiR5qzGEBlcm8nWOhfyTRmsCrzfOsPcpUjWwI9X1xvBptfimU3S6tNmAcz5r8lP7Vclky4zKdsuwXeJZgr8VE7weXBqjqK5wjDBWDeREHgUn0Va3NWCOFrptSnPvCiH-PY4k-SwUS8BZkQFV0AlFk4Q-DZDSexNguLCqtvbEwAjb4dFvH7vP1mvNznO5B-t_Wf5UAE=&cb=_clkp0pflpp8v2b0kplvovn&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24 HTTP/1.1
Host: limurol.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:46 GMT
content-type: text/javascript
content-length: 7
x-route-id: ssp.bet
set-cookie: UID=2208301656e418764ae434462aa336227616; Path=/; Expires=Wed, 30 Aug 2023 21:56:45 GMT; HttpOnly; Secure; SameSite=None
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

region1.google-analytics.com/g/collect?v=2&tid=G-NPVPT881WG&gtm=2oe8t0&_p=976709473&cid=1392580794.1661896606&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1661896605&sct=1&seg=0&dl=https%3A%2F%2Fhentaiz.org%2Fxfsearch%2F2022%2520%25D0%25B3%25D0%25BE%25D0%25B4%2F&dt=2022%20%D0%B3%D0%BE%D0%B4%20%C2%BB%20HentaiZ.org%20-%20C%D0%BC%D0%BE%D1%82%D1%80%D0%B5%D1%82%D1%8C%20%D1%85%D0%B5%D0%BD%D1%82%D0%B0%D0%B9%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD!&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.google-analytics.com/g/collect?v=2&tid=G-NPVPT881WG&gtm=2oe8t0&_p=976709473&cid=1392580794.1661896606&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1661896605&sct=1&seg=0&dl=https%3A%2F%2Fhentaiz.org%2Fxfsearch%2F2022%2520%25D0%25B3%25D0%25BE%25D0%25B4%2F&dt=2022%20%D0%B3%D0%BE%D0%B4%20%C2%BB%20HentaiZ.org%20-%20C%D0%BC%D0%BE%D1%82%D1%80%D0%B5%D1%82%D1%8C%20%D1%85%D0%B5%D0%BD%D1%82%D0%B0%D0%B9%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD!&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-NPVPT881WG&gtm=2oe8t0&_p=976709473&cid=1392580794.1661896606&ul=en-us&sr=1280x1024&_z=ccd.v9B&_s=1&sid=1661896605&sct=1&seg=0&dl=https%3A%2F%2Fhentaiz.org%2Fxfsearch%2F2022%2520%25D0%25B3%25D0%25BE%25D0%25B4%2F&dt=2022%20%D0%B3%D0%BE%D0%B4%20%C2%BB%20HentaiZ.org%20-%20C%D0%BC%D0%BE%D1%82%D1%80%D0%B5%D1%82%D1%8C%20%D1%85%D0%B5%D0%BD%D1%82%D0%B0%D0%B9%20%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD!&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaiz.org
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://hentaiz.org
date: Tue, 30 Aug 2022 21:56:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8483eb99dbd130593ed0072e2fbaccf9
fcb83f0b4a448f0b94b0bf9db431cc802413dacd
5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9498
Expires: Wed, 31 Aug 2022 00:35:04 GMT
Date: Tue, 30 Aug 2022 21:56:46 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8483eb99dbd130593ed0072e2fbaccf9
fcb83f0b4a448f0b94b0bf9db431cc802413dacd
5e07e7bbf5dd7a48f9330dbc0248b7a1aa69dff7a9a913f493a384d2ec332f74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5E07E7BBF5DD7A48F9330DBC0248B7A1AA69DFF7A9A913F493A384D2EC332F74"
Last-Modified: Sun, 28 Aug 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9498
Expires: Wed, 31 Aug 2022 00:35:04 GMT
Date: Tue, 30 Aug 2022 21:56:46 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (9980 bytes)
Hash
82bc1c69018845280d29653d6b2d6f8d
0c122f15422cab7ee3461e8fa657183ae54adcc5
e221638eff281c27ef4656f76e64963718186285c57e50a8958bd3065e662674

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa91a5094-5af6-430d-993d-243427b324ba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9980
x-amzn-requestid: b9f6b930-9c47-41b9-879d-ce239e39f033
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpTMGHlNoAMFuoA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d324d-72ea52c010dff34438bbca28;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 21:40:29 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: fHSa3fGJD-E4daWDZyyKGaErPw9YBbAwJ2uQ2dxbxl2UJCXXDRykag==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:45:04 GMT
age: 702
etag: "0c122f15422cab7ee3461e8fa657183ae54adcc5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4955929-0b9f-4215-9599-dffe8c74c90c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8909 bytes)
Hash
feb433a0823cccb81dc4c5fa13ba4ed2
143f7bb98f57f8e6189e73e75a9fc93d29548962
09a5ddc32918b441b6d3ce3eed211d674d3844db6770e06bb3fecb86cc85771a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe4955929-0b9f-4215-9599-dffe8c74c90c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8909
x-amzn-requestid: 2c4357d3-5c22-465a-a65a-e281d87c5305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTxZGYEIAMFeZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c666f-36b5010a793ab9c87182a895;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:10:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 2Y3cwsCGFKFQYWkxG96XsjTJMrCMccbdhjRvbB04PCNF2YupDcEcng==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 07:33:49 GMT
age: 51777
etag: "143f7bb98f57f8e6189e73e75a9fc93d29548962"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ed547f-030a-462d-a7c7-12a7748cf9c8.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5925 bytes)
Hash
91310bc1fb5ae0efa502a9bafe046399
ec2a4baf0a21c1738a541d89756cccd6f3bef5fd
5fe0511116c6bd2d6e668c69764905c3a5c93fa23a4dc207b0f4b1604783ceb6

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ed547f-030a-462d-a7c7-12a7748cf9c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5925
x-amzn-requestid: 15e5a8fd-8a14-486d-9e83-7da3dafd1713
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpSfZEEooAMFbeA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d312f-05652d4e06746e8b4f4be29b;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 21:35:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: bYTWcGb1-aWdEhGox1If7F0NpZ0JDobDMZK6l0J7a2tb9_ejGKDiDQ==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 21:45:09 GMT
age: 697
etag: "ec2a4baf0a21c1738a541d89756cccd6f3bef5fd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19e4053-4c42-4436-ba83-5e76fd16f5a4.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10056 bytes)
Hash
0502c5060f29d82fd10f9f79459e2ce0
110f2eecf72c6b89f250ebefeff5ef664dc2f3f6
f722656c432bbec2baa63b6edc4116c1996850462864456105d9fea9c3bc7ff4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19e4053-4c42-4436-ba83-5e76fd16f5a4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10056
x-amzn-requestid: 2eb7bbf2-47ad-4f80-98e8-ecb45e98961b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xguh2H_woAMFXnQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309c472-7dda060b4e7c81262aef3421;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 07:14:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1cunCq4Z1J-oQSmTlcAtgfXO0A4_XpHKl2UHpRCbf75--3eHEIgZGQ==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 11:39:46 GMT
age: 37020
etag: "110f2eecf72c6b89f250ebefeff5ef664dc2f3f6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd073058d-a781-4fa3-abd4-05363877c306.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8478 bytes)
Hash
87425d52d274ccbc12298aa7a47395f2
b2866f84f93b73d97e9aecfa2293ff47131b6d67
2284c74b04493c7a67907b2477bac252832f3550c6a7e57c221abefc45a12549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd073058d-a781-4fa3-abd4-05363877c306.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8478
x-amzn-requestid: 8ae5ce3f-0d58-412b-84f1-579c5cf21fd8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XpTWIH5JoAMFh9g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630d328d-7bb707102a3acb0320585b52;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 21:41:33 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: G0y5MCu_U2IUMTrWxPmyUefwSkF5tcEWpPh7sZ-Bn_1lXZv12tlpgQ==
via: 1.1 b47618c03bd47cf085f27b1e215f76cc.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 29 Aug 2022 21:58:58 GMT
age: 86268
etag: "b2866f84f93b73d97e9aecfa2293ff47131b6d67"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac04243-b8b9-46aa-ad1f-285d333e6c88.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10672 bytes)
Hash
9f9132960db725a095b0db1773dc6f69
bf1d4347e1641da5aebe6ae438c0431232ae6242
0e0b84df674d48517a04819604deb555c904518f093784691de4914b6ddb9e9d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Feac04243-b8b9-46aa-ad1f-285d333e6c88.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10672
x-amzn-requestid: 9044b578-ffc7-4890-a16f-bf6d5e242f46
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XnTWcEUnoAMF_UA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630c65c2-4397932f1417f6ab2463c4b0;Sampled=0
x-amzn-remapped-date: Mon, 29 Aug 2022 07:07:46 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uc8twk9uXve3wFxTvsZa_sg-aduiVBxXjTvOdqBc_BZmgw4BldMyHQ==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 30 Aug 2022 07:15:20 GMT
age: 52886
etag: "bf1d4347e1641da5aebe6ae438c0431232ae6242"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/

172.67.178.148

200 OK

0 B

URL HTTP/2
hentaiz.org/xfsearch/2022%20%D0%B3%D0%BE%D0%B4/
IP
172.67.178.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /xfsearch/2022%20%D0%B3%D0%BE%D0%B4/ HTTP/1.1
Host: hentaiz.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Tue, 30 Aug 2022 21:56:44 GMT
content-type: text/html; charset=utf-8
x-powered-by: PHP/7.2.24
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=hsfik14o4tafasvb0mc6mbech2; path=/; HttpOnly
strict-transport-security: max-age=31536000; preload
last-modified: Tue, 30 Aug 2022 21:56:44 GMT
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M7HQsPxi%2FZK453R%2Fhjc7k85NIf4RczAoeB4QTm6g1Nl0LQA7a33S3dznv3Rye8RxUUuVotL9A6xLhAg16x6pkrDe5M8woNYZxPzhnNpJnnNr%2Fpns7N3GUCv6T1TvOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7430c731f968b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:400,700,900&subset=cyrillic

142.250.74.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,700,900&subset=cyrillic
IP
142.250.74.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:400,700,900&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 30 Aug 2022 21:56:44 GMT
date: Tue, 30 Aug 2022 21:56:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

agle21xe2anfddirite.com/aas/r45d/vki/1892942/d91a02e0.js

62.122.171.6

200 OK

0 B

URL HTTP/2
agle21xe2anfddirite.com/aas/r45d/vki/1892942/d91a02e0.js
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /aas/r45d/vki/1892942/d91a02e0.js HTTP/1.1
Host: agle21xe2anfddirite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:44 GMT
content-type: application/javascript
last-modified: Tue, 30 Aug 2022 13:24:30 GMT
vary: Accept-Encoding
etag: W/"630e0f8e-12cf8"
x-js-ab1: var18
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
X-Firefox-Spdy: h2

agle21xe2anfddirite.com/get/1892942?zoneid=1892942&jp=_clwyyqej60bsua5bskfm2w&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&cid=8553163357268662&sp=0

62.122.171.6

200 OK

0 B

URL HTTP/2
agle21xe2anfddirite.com/get/1892942?zoneid=1892942&jp=_clwyyqej60bsua5bskfm2w&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&cid=8553163357268662&sp=0
IP
62.122.171.6:0
ASN
#50245 Serverel Inc.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /get/1892942?zoneid=1892942&jp=_clwyyqej60bsua5bskfm2w&nojs=0&ix=0&abvar=18&t=0&x=1280&y=939&wcks=1&wgl=0&cnvs=1&os=0&md=0&bb=0&lang=en-US&pf=Linux%20x86_64&cd=24&isRef=1&cid=8553163357268662&sp=0 HTTP/1.1
Host: agle21xe2anfddirite.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaiz.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 30 Aug 2022 21:56:45 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
x-route-id: config
set-cookie: UID=220830165665a4b476ccd0483093d361dc43; Path=/; Expires=Wed, 30 Aug 2023 21:56:45 GMT; HttpOnly; Secure; SameSite=None
content-encoding: gzip
timing-allow-origin: *
accept-ch: sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (19)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations