{"report_id":"64914956-0278-486c-a115-ead4bd080cdb","version":6,"status":"done","tags":[],"date":"2025-09-22T20:04:00Z","url":{"schema":"http","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"title":"Witanime and the Anime Revolution: Culture, Ethics \u0026 Access"},"submit":{"url":{"schema":"http","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":0,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-27T20:04:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":16}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"baithoph.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"x7i0.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"zoojoujoaseeh.com","ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-02-10","domain_rank":382672,"first_seen":"2025-03-21T06:40:37.606647Z","last_seen":"2025-09-22T00:37:38.574173Z","alert_count":20,"request_count":5,"received_data":10254,"sent_data":4497,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"vaimucuvikuwu.net","ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-12-04","domain_rank":114793,"first_seen":"2024-12-18T19:54:09.084425Z","last_seen":"2025-09-15T21:16:17.306501Z","alert_count":6,"request_count":3,"received_data":6597,"sent_data":2254,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"tzegilo.com","ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-01-14","domain_rank":18163,"first_seen":"2022-01-14T15:27:15Z","last_seen":"2025-09-22T00:37:39.284979Z","alert_count":0,"request_count":1,"received_data":18655,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"glempirteechacm.com","ip":{"addr":"104.21.86.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":160043,"first_seen":"2025-01-14T20:14:16Z","last_seen":"2025-09-15T21:16:17.382609Z","alert_count":0,"request_count":1,"received_data":168910,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"sahorizon.com","ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-08-15","domain_rank":0,"first_seen":"2025-09-22T20:04:02.189525Z","last_seen":"2025-09-22T20:04:02.189525Z","alert_count":0,"request_count":42,"received_data":907812,"sent_data":22817,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"WordPress:6.8.2","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"stats.wp.com","ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1997-03-28","domain_rank":22660,"first_seen":"2017-01-30T05:06:59Z","last_seen":"2025-09-21T22:16:21.525307Z","alert_count":0,"request_count":2,"received_data":8484,"sent_data":820,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"oamsursumsauz.net","ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-02-10","domain_rank":453492,"first_seen":"2025-03-07T23:38:10.962685Z","last_seen":"2025-09-22T03:20:55.399532Z","alert_count":8,"request_count":2,"received_data":7704,"sent_data":1650,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"baithoph.net","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-11-24","domain_rank":162487,"first_seen":"2022-11-24T16:00:33Z","last_seen":"2025-09-13T02:58:53.434653Z","alert_count":1,"request_count":1,"received_data":165427,"sent_data":410,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-21T22:11:31.798564Z","alert_count":0,"request_count":2,"received_data":55222,"sent_data":862,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-21T22:11:31.014241Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1096,"comment":"","tags":null,"fingerprints":null},{"fqdn":"roagrofoogrobo.com","ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":160562,"first_seen":"2025-01-06T06:51:52.849842Z","last_seen":"2025-09-22T03:20:55.798666Z","alert_count":0,"request_count":1,"received_data":165437,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fleraprt.com","ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-01-14","domain_rank":17838,"first_seen":"2022-01-14T22:55:14Z","last_seen":"2025-09-22T00:37:38.562658Z","alert_count":0,"request_count":2,"received_data":904,"sent_data":1163,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pixel.wp.com","ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1997-03-28","domain_rank":22824,"first_seen":"2017-01-30T05:31:40Z","last_seen":"2025-09-21T22:16:21.567909Z","alert_count":0,"request_count":1,"received_data":251,"sent_data":544,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"grookilteepsou.net","ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-01-08","domain_rank":157025,"first_seen":"2025-01-08T12:04:22.02802Z","last_seen":"2025-09-22T03:20:56.109969Z","alert_count":39,"request_count":13,"received_data":105944,"sent_data":6515,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"phoangaisool.com","ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2025-02-10","domain_rank":355906,"first_seen":"2025-06-14T15:03:57.685669Z","last_seen":"2025-09-15T21:16:17.298009Z","alert_count":14,"request_count":14,"received_data":23222,"sent_data":14365,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bobapsoabauns.com","ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-23","domain_rank":16239,"first_seen":"2025-03-26T18:52:40.148632Z","last_seen":"2025-09-22T00:37:39.428583Z","alert_count":0,"request_count":4,"received_data":89656,"sent_data":1855,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"eehassoosostoa.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-12-04","domain_rank":161412,"first_seen":"2025-01-06T21:58:07.13779Z","last_seen":"2025-09-17T03:07:29.651452Z","alert_count":0,"request_count":1,"received_data":168906,"sent_data":416,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"x7i0.com","ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-06-30","domain_rank":0,"first_seen":"2025-09-22T01:01:11.695894Z","last_seen":"2025-09-22T01:01:11.695894Z","alert_count":1,"request_count":1,"received_data":110797,"sent_data":405,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"oyo4d.com","ip":{"addr":"139.45.197.118","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2019-03-26","domain_rank":201644,"first_seen":"2025-06-02T17:08:26.404235Z","last_seen":"2025-09-22T01:01:12.09949Z","alert_count":0,"request_count":1,"received_data":828,"sent_data":590,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fpyf8.com","ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2022-04-06","domain_rank":164621,"first_seen":"2025-05-24T02:52:35.174797Z","last_seen":"2025-09-15T21:16:17.525832Z","alert_count":0,"request_count":1,"received_data":116364,"sent_data":409,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"data","addr":"data:text/javascript;base64,KGZ1bmN0aW9uKGQseixzLGMpe3Muc3JjPScvLycrZCsnLzQwMC8nK3o7cy5vbmVycm9yPXMub25sb2FkPUU7ZnVuY3Rpb24gRSgpe2MmJmMoKTtjPW51bGx9dHJ5eyhkb2N1bWVudC5ib2R5fHxkb2N1bWVudC5kb2N1bWVudEVsZW1lbnQpLmFwcGVuZENoaWxkKHMpfWNhdGNoKGUpe0UoKX19KSgnYmFpdGhvcGgubmV0Jyw5NjIwOTEzLGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpLF94d3R6b2poKQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"eac82123f21066741f995ae860ea8a43","sha1":"c8e1b58a662e7cf50b9389c62ab2df070236c27f","sha256":"d6c32e5df241a8451cc5becde248aea6dd8c42955cede49b2678ef2b2fb79959","sha512":"9561ec6ed2bc52c11d957d9e57075a579073ea8535745a476b25b31d08ad826fb06c7ced22df1990c5f0d8f9b029e6103755ad448f43f58bbb2a1e961e4b05ef","ssdeep":"","tlshash":"40d0a734a5309134049c5d5e30b3c6996eb261912c252883505ebe589436e990916cb8","size":232,"data":"","first_seen":"2025-09-22T20:05:15.90631Z","last_seen":"2025-09-22T20:05:15.90631Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"dc0923c33f2f758c84c52fbb61c834a3","sha1":"b058be2d1733bff3d424d94ace699f13151e3df7","sha256":"d37ef4938c8ae1d3621058c0b807b594bdff045977dab405590883e514289ac3","sha512":"428f2cdc01d9aa9d3dc8ed5a91cbbc7bc7f1e0e05118f0d8a5e817f78b4348022cc0f7219d8362cd7295faca28e22392b2766cbeabb3b65d2387366e142294eb","ssdeep":"","tlshash":"f4d0c77df0585e5020c2607fb471a016521791b9bd941130d75ebc49ff08be546afeeb","size":215,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-03T21:34:25.279518Z","times_seen":19981,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fpyf8.com/88/tag.min.js","fqdn":"fpyf8.com","domain":"fpyf8.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7c94c4e9c63f7e44c93477b5844cd73","sha1":"cffe36c3cf761f1bffbde36eb844202d25ce5f1f","sha256":"dcc5f9d5eb107457c3e93e6118a0b3ddfca7a05e17c59ebd3129793e9cece823","sha512":"2cbd07984d7127c3e12416b41ca35bde95d77dc6c88394021db622f521154e1c09f6ff4c34aeebbbefc2d7efd04fddf20239bb9f0eeaa2303e873c52f567f839","ssdeep":"1536:+ORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEwtr0raOjLouEks:+ORVd4nQqvXoRGEQr0rjoue","tlshash":"f4b3199c625634711d7a9129785fc44daeeaef80048e89f4d0daac732653071d3bbfe8","size":115359,"data":"","first_seen":"2025-09-22T16:48:47.184849Z","last_seen":"2025-09-22T20:05:15.888697Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"e6d1d23b52837bed6886304539159c34","sha1":"1d5a5526d305672e086cfef5aa3532aea6a03b79","sha256":"c6333430b489030a2d90d384288b22c465f2002be375873a57e3e5a7207b01f7","sha512":"a73466bae3b319778675433c32dfcd9f0f1b5df8f9ce7d59f1be77519eaf36ecc91411073beb8a550f679aab68f6bf420d734d5db1966f0f4c6dae764c28ed8b","ssdeep":"384:+v0a/K7iYFRdYtkVg0Qen9tO69aI8tAUeNDaUGRQ2t4PpBahqoo+KXnS7YhfGMOY:+K72kV/Q80GaIoQPzahq/AMOY","tlshash":"d9c2e5a7321eb91a8719626110ef2ec5a2cc48c4718f1b7ce724e53634d763485ebef8","size":27961,"data":"","first_seen":"2025-09-22T20:05:15.9101Z","last_seen":"2025-09-22T20:05:15.9101Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eventHandler","is_inline":false,"md5":"218ef671cf49b6b2e9f180acd81df753","sha1":"deba104ef773f90e4c124c3c0c851104e2e8a241","sha256":"5ae1aacfc2fd4ab53c5924f156f99db84a2e48a1598ade7df9fb7fc78a46b695","sha512":"2084b959f423218ab5fd69cb3567046ffce17d1226d347d2fdd5e5eb7ddc36201c56ede3e67aef7dd7390a29cbb44d4a51ee5d1c51f5351d460d357ce864bb58","ssdeep":"","tlshash":"ec50000003c0003000c0303000000300c000000000000000000030030300cfc0003000","size":11,"data":"","first_seen":"2025-09-22T20:05:15.912502Z","last_seen":"2025-09-22T20:05:15.912502Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eventHandler","is_inline":false,"md5":"6f5b44384da6b4473259e6e73473b5f3","sha1":"b3ccae349a3e316e5b90285a460a1c6b80ab7a6d","sha256":"1d041e56b61c4ec3c0b6b53e206094cb455b6dc4f8b253f2c60b0cac0a3445fe","sha512":"c93e93f9136d7cd1ab64b6ef4fd19ad0e76e9d0fb99a918118cfef55cdc3ab728f41fab07152303283057bd5669f67d30ca1fee8111332af3cfba4796e5d9cd7","ssdeep":"","tlshash":"c850000c00000003003000030030c000000003c0000f03c000000000c303c00000c000","size":11,"data":"","first_seen":"2025-09-22T20:05:15.914764Z","last_seen":"2025-09-22T20:05:15.914764Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fpyf8.com/88/tag.min.js","fqdn":"fpyf8.com","domain":"fpyf8.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"a7c94c4e9c63f7e44c93477b5844cd73","sha1":"cffe36c3cf761f1bffbde36eb844202d25ce5f1f","sha256":"dcc5f9d5eb107457c3e93e6118a0b3ddfca7a05e17c59ebd3129793e9cece823","sha512":"2cbd07984d7127c3e12416b41ca35bde95d77dc6c88394021db622f521154e1c09f6ff4c34aeebbbefc2d7efd04fddf20239bb9f0eeaa2303e873c52f567f839","ssdeep":"1536:+ORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEwtr0raOjLouEks:+ORVd4nQqvXoRGEQr0rjoue","tlshash":"f4b3199c625634711d7a9129785fc44daeeaef80048e89f4d0daac732653071d3bbfe8","size":115359,"data":"","first_seen":"2025-09-22T16:48:47.184849Z","last_seen":"2025-09-22T20:05:15.888697Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,IWZ1bmN0aW9uKCl7InVzZSBzdHJpY3QiO2lmKCJxdWVyeVNlbGVjdG9yImluIGRvY3VtZW50JiYiYWRkRXZlbnRMaXN0ZW5lciJpbiB3aW5kb3cpe3ZhciBlPWRvY3VtZW50LmJvZHk7ZS5hZGRFdmVudExpc3RlbmVyKCJtb3VzZWRvd24iLGZ1bmN0aW9uKCl7ZS5jbGFzc0xpc3QuYWRkKCJ1c2luZy1tb3VzZSIpfSksZS5hZGRFdmVudExpc3RlbmVyKCJrZXlkb3duIixmdW5jdGlvbigpe2UuY2xhc3NMaXN0LnJlbW92ZSgidXNpbmctbW91c2UiKX0pfX0oKQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"eccb37da7be12b61bb531eb81e4cdd90","sha1":"76d9d2fb585e40c74d7363ef7e2efe4830ee034d","sha256":"2909117400dcc95f99cbcc62930bce751a820266f346a6e676aa573f71e922c0","sha512":"852507b842846420d539950d075c9186c2a93a32f89f4cfc4a4fca1f327354ed89f0a5c3b5dfadb42ab1e527219c8033b65ba90de619a3b708bbb3ebd2b4907c","ssdeep":"","tlshash":"6bd0123a6b562b320997a7a266efb7413b6306b564c105135c75c8892f34dc981754ca","size":259,"data":"","first_seen":"2023-03-07T13:12:01Z","last_seen":"2026-04-02T16:55:26.635079Z","times_seen":322,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIGdlbmVyYXRlcHJlc3NNZW51PXsidG9nZ2xlT3BlbmVkU3ViTWVudXMiOiIxIiwib3BlblN1Yk1lbnVMYWJlbCI6Ik9wZW4gU3ViLU1lbnUiLCJjbG9zZVN1Yk1lbnVMYWJlbCI6IkNsb3NlIFN1Yi1NZW51In0=","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f806560f25ce278719a690887b877c38","sha1":"bad9ca108556d34e75a252c0e65466b9c15d81f8","sha256":"17b767f85a14d9d6e5ec49c39498113f8453bbcf4abf90153034a0704f20faa0","sha512":"7e4f8ee51bf462866680ceeca3a444a2685aad1acf30144fa741941a14b0c1a109b0cae6858a60b719c4c5033be61e6d8c99e6420dd1e55d0b3b798f7f93b9d0","ssdeep":"","tlshash":"8ab09b6d52439663d19276441384d423c07508d84209441ff15580dd6a54d931ccd447","size":122,"data":"","first_seen":"2023-03-07T13:12:01Z","last_seen":"2026-04-02T16:55:26.627603Z","times_seen":254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9620870","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8e094c1eb003e888932269aa65eb07c9","sha1":"a3e19239a9dd0cb78491d7d97872fea047bceea5","sha256":"65ad2d722ae876644571fe3398529fdbee26ab79c08323e4cfa9ffccecfe9632","sha512":"51e6aa6fe7fb9426347cbe52d89c73d86894ad2bdf462f488729809713a7152199b40cf7bed02229a76e8f4ec0f3c1202bed4f2f1c90a58ef34ae7ee7db89eb5","ssdeep":"3072:sIaz5kvovPphA8+QMbcRs5UDXzeaOARiCiB9vtmC7fcWeDcy1TfrGFV2NfS:sIatVAhQ4gsCjaB91z7fcWeDzRfr+V28","tlshash":"9af3ead97281745a2a736030526fee1f793b8e61648ec514f1a6f1b53e3880e9353eec","size":164550,"data":"","first_seen":"2025-09-19T12:11:56.519525Z","last_seen":"2025-09-26T07:36:47.307071Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","size":17879,"data":"","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-03T20:52:09.458634Z","times_seen":6339,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202539.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","size":3812,"data":"","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-03T21:38:01.162652Z","times_seen":45001,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/1b05a76a89b235ac27c5b916f622b87b.js?ver=2b87b","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"ab2b109461499404e6308fc102ceba5a","sha1":"3400d0407e06e7746cb7b5b154b76aeebe6f5bb8","sha256":"0d5ef0324954e39c6b7804a30be454deaaed55369bdb76a965eb475e21e98d43","sha512":"f61bff510c3ac17ada29ab53682b03746cb73f6c1edd2ca51243a20f168fe865036f0dfb5312cce5ce1d3bf231e798dff0ad31bd76d47785029e0f738ce3e51c","ssdeep":"192:iQqHlWQZgROnqWgpkgJMhqDi92FY+alT/fnGtxTbvz:bqHngROnvgJUqDi9cNYTnGvTbvz","tlshash":"cfe112fa964412bb04ef29ca74e6e5c07b7568fdea0184302579c84d1fe8dc202e6bf5","size":7335,"data":"","first_seen":"2024-09-02T16:35:56Z","last_seen":"2026-04-03T19:34:45.023566Z","times_seen":659,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"a3897ee69fdf0a8ecdb747d86e54e517","sha1":"cb644f2f15f5e6e70e849b50cd9fcc4050623c18","sha256":"2ef07bc159f8530b99d2a96368e916c45776dee376a5dfeb461a0f257111dd73","sha512":"de7de2783e71cac6791e1d966eedf4a4e181409c04d79ec658a43e9a45e6c92e37588598262cdc60c71ed2e186568b703f0fc4285c18a641d411d97d2d817099","ssdeep":"","tlshash":"c3d02232025cc83fe9f02f5c723c8c60a0c8183302381d650baaf898a83c6bb1fa3580","size":232,"data":"","first_seen":"2025-09-22T20:05:15.91871Z","last_seen":"2025-09-22T20:05:15.91871Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eventHandler","is_inline":false,"md5":"6f5b44384da6b4473259e6e73473b5f3","sha1":"b3ccae349a3e316e5b90285a460a1c6b80ab7a6d","sha256":"1d041e56b61c4ec3c0b6b53e206094cb455b6dc4f8b253f2c60b0cac0a3445fe","sha512":"c93e93f9136d7cd1ab64b6ef4fd19ad0e76e9d0fb99a918118cfef55cdc3ab728f41fab07152303283057bd5669f67d30ca1fee8111332af3cfba4796e5d9cd7","ssdeep":"","tlshash":"c850000c00000003003000030030c000000003c0000f03c000000000c303c00000c000","size":11,"data":"","first_seen":"2025-09-22T20:05:15.914764Z","last_seen":"2025-09-22T20:05:15.914764Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/0b5326c3f9460aa931995ddb739ce4e6.js?ver=ce4e6","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"84da02f41d9c61dec95f05d41236d497","sha1":"2bb978916e29e01050ea71d2c68a299fc61f90d3","sha256":"9d8c33c2fb6efb6c3e9778edd19c6c60bf61e327c1132787e14f66cb7cba9726","sha512":"8fb2072d48ed3c279ea005d758d64467384ff0efa72e5ffbe547dda86a6cdd3aa28741a2d342ca28d9e98cb8ee8a0c8d05fad75455d47eb858d7f4101b81e40c","ssdeep":"384:IsIRHeFJ1yQ7QdfnJgeYh7MXlsNqrBp1pgQpwOjNtqohIQ/5D:IsIR+L1yQ7QdpYh7M1iqrBp1pgQpwOjZ","tlshash":"ab52d7a1472955321eb506e391e513c1769075aef44b8aa1a898dc2e18bdcc328f3ff7","size":13453,"data":"","first_seen":"2024-11-03T23:01:56.192803Z","last_seen":"2026-04-03T20:14:05.516648Z","times_seen":7402,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9620873","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"e8aa54e0f45caba29d1929319247d6f7","sha1":"6e5fc61dddf1cf4e9c933e768eeb8707009d224a","sha256":"4863ced089760be4f6407d16c4d661da7f5b899dc4cbcf16dd2cddc629a4cad1","sha512":"df7faecbcf89310902a7f19c1d23943632f68d60378cb82ed61c06cda951f01c251fb45a35e0ec39df9ec27a97e0d9aff84a5fbdd24817488e8925d475769961","ssdeep":"768:N0/yQI4xFlPlGbz9Z+CugqWc0QimcED40TZxlsl05JFGS3J03WYveZ7mSbiaB6sq:BWCT60rmcE2CLY/sKBVsm","tlshash":"80d2c6813ebb685127d257c3d03f941a93a1d60434abf5a3b50e659229320dacff3e67","size":30815,"data":"","first_seen":"2025-09-22T16:48:47.194022Z","last_seen":"2025-10-31T08:17:13.404319Z","times_seen":162,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/6e5056ae496e3d681b81d1941c318d8d.js?ver=18d8d","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"b22fbb896057aca38ff589ae652d5e51","sha1":"d7c80ad48aaa92283cee16b0ae35f5753f05c74a","sha256":"0b4a5bdce233322bbe51815709234569a6a1b925d4d130aa7319e9d02e411935","sha512":"08f46cffee943afdfda956bfcb88d29823563f6c054eb2ee6d67b4586acba5ad09f2b73811b9ee051b6063978ed18df829d0b70f67e6a2d553ba70f6077da327","ssdeep":"192:s6zoFrnW4iaX3LzDk1jpJLB2hlq717+3uClD2tFtJ7bykd+SHS+0:s6Udn3LzoJphH8uClD2tFtJ7byTwt0","tlshash":"4d12d9ac30deb021239a11e1586fb101f13aaf6532d99ce0da81d9e57db19c960b3ff5","size":9143,"data":"","first_seen":"2024-04-07T17:24:00Z","last_seen":"2026-04-03T05:17:46.209458Z","times_seen":4406,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/1aab721abfed4451b3f8e4d87fcf60db.js?ver=f60db","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5d0b7c237dd89001e581a2bb11eab58","sha1":"1f70db2d25a8d12904074c93edae9aebd0fa4ba9","sha256":"c88e4ababbd6ffaab46911bebb47d6ddcf4107062d058af2794300b7b9b6df95","sha512":"81ed1ee46bcaf92639da361c907dd63ce602ab95f0322df3215ac249e8739bfe48dd96f3deb0cc0b7a33545b105fa8b33b5a851a65b317763bc861e5530a8d13","ssdeep":"","tlshash":"ac61b9dc7764b67219fbe2b1906faa07f7711849a84f18204436ec583c7edda0152e7d","size":3412,"data":"","first_seen":"2024-09-02T16:35:56Z","last_seen":"2026-03-08T22:44:50.748001Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"ad81beb0a28e87fe3ce3742823d264a8","sha1":"f0aa1a71cc5d0b2b40e1b009486fc627f7703878","sha256":"10531cb9ccd59383133c85843a19c55ba0a27d1a2eb912628e9bd7f68b479aa5","sha512":"ed7834311ae7828b03aa5a7411e9f4bbf5066879ee89fe01f83fa28d1a299733d0a81eea1cc4ab97477bf80c13c5ecf94e398d95c3bd3a2911d480b651c6fb78","ssdeep":"","tlshash":"9131ee7df5291636095661fde399e341a030f0dadc428424efb5cc5ea8cce9548abdf2","size":1717,"data":"","first_seen":"2025-07-25T05:28:04.194173Z","last_seen":"2026-04-03T21:34:25.28404Z","times_seen":10901,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eventHandler","is_inline":false,"md5":"43e28c5553d54ed2964bd5147521769b","sha1":"0a2b8c3db330a47aa7b9195e6dfdf944adb9240d","sha256":"d63026c985dc46aeb316574b7bf1828080c906238e35d5e34cb80414c0e70d23","sha512":"6dda085e4196167cf64287cb675c05b09bdaa291decebd1bea2b52ccdbd380de5875dc233fa3d439559413693f1e7974f485d60a2c1541bf62a8887bf5ff9811","ssdeep":"","tlshash":"1b80000c0a20c0882a00af00e000c202a0c2200f0220238ce823bce2a83c888808fea0","size":38,"data":"","first_seen":"2023-04-10T16:02:06Z","last_seen":"2026-04-03T21:30:19.632747Z","times_seen":125644,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x7i0.com/tag.min.js","fqdn":"x7i0.com","domain":"x7i0.com","tld":"com"},"ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"70861c5d03f60fb8ab1a4146f3170e02","sha1":"8cab6aac0efa993aac8e7ed16d2eff249ec19d00","sha256":"f4a0fe927ea15964b159cefd2f5e127d0659499785f4e3dc3a18ed1ee5964f6a","sha512":"ff67ffcd1f3c45fa70f02dac8059f43a3dd0ba4c4f832c1d2002227332ae2a629a15991805518f39fdeca538f2321729b19d05059c0eaa039698b7b204b51fbb","ssdeep":"1536:KORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEwtr0r0:KORVd4nQqvXoRGEQr0r0","tlshash":"14b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","size":109904,"data":"","first_seen":"2025-09-22T16:31:24.507837Z","last_seen":"2025-09-23T13:48:16.920429Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/72c538806ede95c85cb2120229639bf5.js?ver=39bf5","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"d3903fc6792b30db20d567ac27cb32d7","sha1":"3878ed47da14f29379d385c89b07c7c43e46235a","sha256":"e7802a0072e0400e012d016dfa8fcb77e5bc9d7d86dc5500d502c22b76467eb6","sha512":"c13ef44338efd56a34a0f02c89d246158187ffd6f3fcd78ec88222aac313170422f16b8465ad86c76d6cdcb2a42a9f6e4e040bbb48751f2425981cd0d1f10563","ssdeep":"96:BiLzZp1jH2BKyAWjjp9+1YYE7Aq5l0ok7yyAMGrrAU9gEuqOxVTHjiQzBSw6MCnp:B6jH2cK5IKD0Y3vm17iQz8VBAn06kd","tlshash":"9702d88cf71034b548bfc69e81dba500d1bbc92596439086f69d8c4e1949f6813e7fdd","size":8526,"data":"","first_seen":"2023-05-29T23:05:28Z","last_seen":"2026-04-02T16:55:26.615003Z","times_seen":156,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/bb8522992d8f9f8398f8911b640e0526.js?ver=e0526","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"3c5fa2d41fdc9a50e55ed927b3aa1028","sha1":"32dd6f3a6959ed35b9cb8db31e733e29eed293c4","sha256":"adb9c4be6a3fe023e91f7952e0e851016582ee2b04794bb4c0d96d05e1b65501","sha512":"d3a85506eddf8ccc83e9583e0f4655aa9bdaa612685dfa5e69b534a3d0e883a3af75c6c38f71b27a5775f272486490c3374065cb66e407256a12caac20ae902d","ssdeep":"96:vmK40IdSs6c7DE/3sc/YrEBnUBPwKxbqe/Ds91sBYt1Em4kCofWQRem8:OK40IdS/cHg3NZBnUJbqe/DeGYtu7kC3","tlshash":"18a161c47482b870a2237457e0bb1485757eabb5743990c5a24dd8a02db3dcfe0a7a3e","size":4778,"data":"","first_seen":"2024-11-19T14:47:18.813848Z","last_seen":"2026-04-02T22:10:39.262753Z","times_seen":4130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,d3AuaTE4bi5zZXRMb2NhbGVEYXRhKHsndGV4dCBkaXJlY3Rpb25cdTAwMDRsdHInOlsnbHRyJ119KQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"04a9b59b7e49f913a3926f6431334155","sha1":"35f2521d3ab3f75895b02da9c6b5419e1a35be59","sha256":"94c4eed60653e14337c021261a52581e9b6f93ae9ba512912ca30ce656b3ac64","sha512":"40068c8ae55d5f7b8bdd0fcf5eabdf443cd6b033788c1686b0a96adf4f645bfd34d50ea7f0017c9514e3029752b213826373450e791760bf8310e0c303aaa750","ssdeep":"","tlshash":"57a0028530a76805c505d1605967fc00446415cb818eaa181ae5ee30e515598748232e","size":58,"data":"","first_seen":"2023-03-07T12:09:28Z","last_seen":"2026-04-03T20:50:04.306071Z","times_seen":12130,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"eventHandler","is_inline":false,"md5":"218ef671cf49b6b2e9f180acd81df753","sha1":"deba104ef773f90e4c124c3c0c851104e2e8a241","sha256":"5ae1aacfc2fd4ab53c5924f156f99db84a2e48a1598ade7df9fb7fc78a46b695","sha512":"2084b959f423218ab5fd69cb3567046ffce17d1226d347d2fdd5e5eb7ddc36201c56ede3e67aef7dd7390a29cbb44d4a51ee5d1c51f5351d460d357ce864bb58","ssdeep":"","tlshash":"ec50000003c0003000c0303000000300c000000000000000000030030300cfc0003000","size":11,"data":"","first_seen":"2025-09-22T20:05:15.912502Z","last_seen":"2025-09-22T20:05:15.912502Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"78332cd4c399464c5d44b5d9b2cf5310","sha1":"a315082ecf92ad497de57463cb4f622aa455cfd2","sha256":"63f0f68a88f1e1da41c6605d8ba59004f5b88a299d93a2f0a3ad25dec14465c2","sha512":"6b0cb5c0d197a362d7c606beccacfe5d4415c3fefe0ba1dc868e64adcca8e30b27ac54251012298484a70bb4ed72a6db986b1afbabad46cbb71ff0939ef863b5","ssdeep":"1536:Rxuo6klnWDMN4B7enuVw5+0LWyLe8bODjprn:R/6unwu+eWyFyhz","tlshash":"6763c7523e72ec5413e6a7c3d41fa256e3618550b86bf894a50ed5e204210e9cbeffe3","size":67907,"data":"","first_seen":"2025-09-22T20:05:15.923572Z","last_seen":"2025-09-22T20:05:15.923572Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,dmFyIHdwY2Y3PXsiYXBpIjp7InJvb3QiOiJodHRwczpcL1wvc2Fob3Jpem9uLmNvbVwvd3AtanNvblwvIiwibmFtZXNwYWNlIjoiY29udGFjdC1mb3JtLTdcL3YxIn0sImNhY2hlZCI6MX0=","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a06b0cea07f38cd888ddf059112c4b9f","sha1":"78fd770c9c8746d54be8c895053fd4b645dd4f55","sha256":"10f748e9602c9f8a65afa2a0479996a7209b7de064b3b86d6076ad6422596536","sha512":"ba743787e0cb6fe2a330934e891b677cf5ab9c76d117d1e6bc8ba0f20657deacaa50c8d2217ac0c56df5ded223119516f449f7796a70f14427f5ce42cf09d59a","ssdeep":"","tlshash":"58b012697780de0a35f1d3c9431d3231b110551b4d3773e7e194058007ae068e5044a2","size":107,"data":"","first_seen":"2025-09-22T20:05:15.926805Z","last_seen":"2025-09-22T20:05:15.926805Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/a4ae22b9de8ef443d721c51017f95b42.js?ver=95b42","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"985d16c15a5d808e6e0f7be946467d6d","sha1":"20d4f72fb4f548801801d095fd1ab98e9d149d09","sha256":"33d653a7cac75f7275c3cb34afd1494a153c30b700fccf6dcba5e906eabcb22b","sha512":"7374bfe38507cba515eebe493dbf3a10ddfbd57e17e2ca79d53f94b4fd6247e3d5b180496df49a43ae18bc656fa0888b39ac8ccd5b3e6a420aa3d975accbc046","ssdeep":"","tlshash":"a351a7d437c95d762a83b3395efe930271712709a50805608826c86931bcfea63b67fe","size":3028,"data":"","first_seen":"2024-12-03T06:41:00.941906Z","last_seen":"2026-04-03T18:32:51.655155Z","times_seen":1416,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baithoph.net/400/9620913","fqdn":"baithoph.net","domain":"baithoph.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"8e094c1eb003e888932269aa65eb07c9","sha1":"a3e19239a9dd0cb78491d7d97872fea047bceea5","sha256":"65ad2d722ae876644571fe3398529fdbee26ab79c08323e4cfa9ffccecfe9632","sha512":"51e6aa6fe7fb9426347cbe52d89c73d86894ad2bdf462f488729809713a7152199b40cf7bed02229a76e8f4ec0f3c1202bed4f2f1c90a58ef34ae7ee7db89eb5","ssdeep":"3072:sIaz5kvovPphA8+QMbcRs5UDXzeaOARiCiB9vtmC7fcWeDcy1TfrGFV2NfS:sIatVAhQ4gsCjaB91z7fcWeDzRfr+V28","tlshash":"9af3ead97281745a2a736030526fee1f793b8e61648ec514f1a6f1b53e3880e9353eec","size":164550,"data":"","first_seen":"2025-09-19T12:11:56.519525Z","last_seen":"2025-09-26T07:36:47.307071Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"d3fb31fc4a0b37980210c57f2698989d","sha1":"82a161b3a63cf0d5a5b37e9eacdfaf298bcbb55b","sha256":"45200934a32157fcedfec503f25c156ed7a19df9a9538269e7848ad8f1adc936","sha512":"69f23736f39a72a620c7ee834ab1745e31b0289d9724365899af60148af4a28c26c7f2bfd64649776390a2301775e2c5be863604d3c932f264eaf572f0c2b3e7","ssdeep":"","tlshash":"0fe0a330f14849201040c569f274c41110b2ca85dc2aed30f38db818f830989c1b7df7","size":408,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-03T21:12:57.714388Z","times_seen":14209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202539.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","size":3812,"data":"","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-03T21:38:01.162652Z","times_seen":45001,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9620872","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"104.21.86.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"efe17cec8fadfad13728665d6072ca7a","sha1":"a5393219020fb38b93d28fff4e962290ed0b5ff9","sha256":"8dacc585c4e5070911c48a95cea5c1203e3d76525d4fc6af2609698ff4455fb0","sha512":"1d4d2d512baf0e05a84a80acd858fe2dbd9bcfc6b4e7e12ed220b19c95bea79bb97fb3657ff158e176d09c398d7cc451a66fd5df6eb88c0f7b25870feafa0bf9","ssdeep":"3072:vw+08/+ugr0a9bQee57WSSybf0AEq7WYV9u5OVvy6/PKSWxyScqe//kAoUBEMY:vwfjWCybdh7b9u5OVK6/PKSWx6m7tMY","tlshash":"68f3fcc9768174562a63b030522fad5fb92b8e20585f8d04e166f0e93e3945ee353efc","size":168023,"data":"","first_seen":"2025-09-19T12:11:56.547337Z","last_seen":"2025-09-26T07:36:47.386576Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,ZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImFrX2pzXzEiKS5zZXRBdHRyaWJ1dGUoInZhbHVlIiwobmV3IERhdGUoKSkuZ2V0VGltZSgpKQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9d0b2c04ac2e5f8fc55dcc4d5f817328","sha1":"18e4c03f3471443511c2ba33458d719ec248fa6d","sha256":"f4af2ae5dc4a12319e26ee1744e96e6b12e335fb14d86d9ba2ea7c43c07e757a","sha512":"1e5018624e7592b9d87b806bc931c4605b28be3453d6d293e882f78ce502a8f48938422ff4c6f731bcf1da884f6782fd79e7a2a3bfabfb14300a0daa9fd5a91d","ssdeep":"","tlshash":"90a0223b32e03bb23c8a00fa083003803800c0300c830fb0080c820a0800c8a8c3f2c0","size":79,"data":"","first_seen":"2023-03-07T13:01:21Z","last_seen":"2026-04-03T20:50:04.295098Z","times_seen":700,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-includes/js/jquery/jquery.min.js","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T21:31:02.031134Z","times_seen":683899,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/b01144544f050057608f93fdfd28c606.js?ver=8c606","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"3e71574fc61389daf15e9585bcc93fe5","sha1":"92394cddb2ae40c7060c709621db86634b25fe1a","sha256":"2f441c962e351ef150f80bda82823c79cbb9ca057e0be5761a3584a3ba89b9e6","sha512":"028551afde3dd00b87ebd86e58888da9a3c317753760af83697602d9796956e687f83e5b1d60e3844d6f9b6acfcbb9cf93088116a6872e72ea6c2fafec85c50f","ssdeep":"384:wwuf8OQL0sARrAZcNWLq/+Ffm/hibLexa2VautyX2fsL3ZHO1O95:wwuf8OQL0sAZAGNWmGcibLexa2Vau0XN","tlshash":"9c4235e16197e0f0c7c338a48816c051f2bf866cb8898054fb5dcdd22d5de07626b77a","size":12513,"data":"","first_seen":"2025-03-17T01:59:03.5715Z","last_seen":"2026-04-03T20:14:05.507077Z","times_seen":7155,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"data","addr":"data:text/javascript;base64,KCgpPT57dmFyIEs9J0NobWFvcnJDZm96ZGdlbnppTXJhdHRTaHp6eXJ0YXJuZWRwb29tcnpQdGVvblNpdGZyZWlkbnpndHpjc2VsamliY09lenplcmxlYnBhbHJhdWNnZWl6ZnpuZm9vY3J6RXdhb2NkaG56aWFXcHRwbmxleXR6bmdvZWN0enpkY2xyaWVoYUN0ZGVuVGVlcHhwdGFOem9sZG1ldHpoUnplZWd2RW94bXBlenJhenRkb2xiaXpoWENHdElzPXJ6aWNmb3puPmNlYW10YXpyKGZkaW8vYzx1Pm0iZWVubnRvKW56Omd5emFjbGFwbHNsaXpkbCJvPWNlYWxseVN0dHNvIHIiYWtnbmVhemxfYmQ6YXR0dWFvemJzYWUidD1JY3RyZXNtIHplZ21lYXRySWZ0aWU8bXp6THJNZVRtSG9ydmVlbkludGllem1lemRjb2xOZWVhbnJvemxkY2V6Y2RvYWRlZWhVelJlSWRDb29ObXRwbm9lbnJlYW5wdHp6ZWJuaW9ubmR6enliYXRsb3Bhc3ppZWR2emFlbGx6eUp0U3NPek5lem1EYWFydGZlaXp6QXRybnJlYW15dXpjUG9yZG96bXlpZHNvZWJ6enBlYXRyYXN0ZVNJeW5kdGF6ZW5yYXp2dGlwZ2lhcnRjb1NydHpuZWVucmNyb3VkY2V6VWVSbUlhek5VZ2lhblR0eThCQXNydHJuYWV5bXplc2xlRXR0VGVpZ216ZWRvSXV5dEJ6dHNuZWV0bUllbmx0RWV0cmV2Z2F6bFN6TkF0cm5yZWFteWVCbHVFZmVmdGVhcmV6cmNjbHpldGFucmVUbWlnbWFlcm9GdXR0bnplY21sdWVjYW9yREllbnR0YWVlcnJ2Y2F6bHR6bk1lZXZzRXNoYWNndGVhQ3Boc2FpbmRuemVsbGx6QUJycm9vdGFjZGVjbGFlc1N0eUNyaGVhdW5xbnplcmxvenRlY25lY2xvZWRTZXlVclJlSXVDcW96bXJwZW9ubmVldG5zdGl6TFR0eW5wZWV2RUVyZXJ2b29ybXplRXJ2emVybmV0bnplRXRyc3Jpb0xydHpuSWVtdmFFZ2RlZHphc3pldHNuc2VpbW9lbmxTRXRlb3RyYWFlZ3JlYycuc3BsaXQoIiIpLnJlZHVjZSgodixnLEwpPT5MJTI/ditnOmcrdikuc3BsaXQoInoiKTsodj0+e2xldCBnPVtLWzBdLEtbMV0sS1syXSxLWzNdLEtbNF0sS1s1XSxLWzZdLEtbN10sS1s4XSxLWzldXSxMPVtLWzEwXSxLWzExXSxLWzEyXV0sUj1kb2N1bWVudCxVLHMsYz13aW5kb3csQz17fTt0cnl7dHJ5e1U9d2luZG93W0tbMTNdXVtLWzBdXShLWzE0XSksVVtLWzE1XV1bS1sxNl1dPUtbMTddfWNhdGNoKGEpe3M9KFJbS1sxMF1dP1JbS1sxMF1dW0tbMThdXTpSW0tbMTJdXXx8UltLWzE5XV0pW0tbMjBdXSgpLHNbS1syMV1dPUtbMjJdLFU9c1tLWzIzXV19VVtLWzI0XV09KCk9Pnt9LFJbS1s5XV0oS1syNV0pWzBdW0tbMjZdXShVKSxjPVVbS1syN11dO2xldCBfPXt9O19bS1syOF1dPSExLGNbS1syOV1dW0tbMzBdXShjW0tbMzFdXSxLWzMyXSxfKTtsZXQgUz1jW0tbMzNdXVtLWzM0XV0oKVtLWzM1XV0oMzYpW0tbMzZdXSgyKVtLWzM3XV0oL15cZCsvLEtbMzhdKTt3aW5kb3dbU109ZG9jdW1lbnQsZ1tLWzM5XV0oYT0+e2RvY3VtZW50W2FdPWZ1bmN0aW9uKCl7cmV0dXJuIGNbS1sxM11dW2FdW0tbNDBdXSh3aW5kb3dbS1sxM11dLGFyZ3VtZW50cyl9fSksTFtLWzM5XV0oYT0+e2xldCBoPXt9O2hbS1syOF1dPSExLGhbS1s0MV1dPSgpPT5SW2FdLGNbS1syOV1dW0tbMzBdXShDLGEsaCl9KSxkb2N1bWVudFtLWzQyXV09ZnVuY3Rpb24oKXtsZXQgYT1uZXcgY1tLWzQzXV0oY1tLWzQ0XV0oS1s0NV0pW0tbNDZdXShLWzQ3XSxjW0tbNDRdXShLWzQ1XSkpLEtbNDhdKTtyZXR1cm4gYXJndW1lbnRzWzBdPWFyZ3VtZW50c1swXVtLWzM3XV0oYSxTKSxjW0tbMTNdXVtLWzQyXV1bS1s0OV1dKHdpbmRvd1tLWzEzXV0sYXJndW1lbnRzWzBdKX07dHJ5e3dpbmRvd1tLWzUwXV09d2luZG93W0tbNTBdXX1jYXRjaChhKXtsZXQgaD17fTtoW0tbNTFdXT17fSxoW0tbNTJdXT0oQix2ZSk9PihoW0tbNTFdXVtCXT1jW0tbMzFdXSh2ZSksaFtLWzUxXV1bQl0pLGhbS1s1M11dPUI9PntpZihCIGluIGhbS1s1MV1dKXJldHVybiBoW0tbNTFdXVtCXX0saFtLWzU0XV09Qj0+KGRlbGV0ZSBoW0tbNTFdXVtCXSwhMCksaFtLWzU1XV09KCk9PihoW0tbNTFdXT17fSwhMCksZGVsZXRlIHdpbmRvd1tLWzUwXV0sd2luZG93W0tbNTBdXT1ofXRyeXt3aW5kb3dbS1s0NF1dfWNhdGNoKGEpe2RlbGV0ZSB3aW5kb3dbS1s0NF1dLHdpbmRvd1tLWzQ0XV09Y1tLWzQ0XV19dHJ5e3dpbmRvd1tLWzU2XV19Y2F0Y2goYSl7ZGVsZXRlIHdpbmRvd1tLWzU2XV0sd2luZG93W0tbNTZdXT1jW0tbNTZdXX10cnl7d2luZG93W0tbNDNdXX1jYXRjaChhKXtkZWxldGUgd2luZG93W0tbNDNdXSx3aW5kb3dbS1s0M11dPWNbS1s0M11dfWZvcihrZXkgaW4gZG9jdW1lbnQpdHJ5e0Nba2V5XT1kb2N1bWVudFtrZXldW0tbNTddXShkb2N1bWVudCl9Y2F0Y2goYSl7Q1trZXldPWRvY3VtZW50W2tleV19fWNhdGNoKF8pe31sZXQgej1fPT57dHJ5e3JldHVybiBjW19dfWNhdGNoKFMpe3RyeXtyZXR1cm4gd2luZG93W19dfWNhdGNoKGEpe3JldHVybiBudWxsfX19O1tLWzMxXSxLWzQ0XSxLWzU4XSxLWzU5XSxLWzYwXSxLWzYxXSxLWzMzXSxLWzYyXSxLWzQzXSxLWzYzXSxLWzYzXSxLWzY0XSxLWzY1XSxLWzY2XSxLWzY3XSxLWzY4XSxLWzY5XSxLWzcwXSxLWzcxXSxLWzcyXSxLWzczXSxLWzc0XSxLWzU2XSxLWzc1XSxLWzI5XSxLWzc2XSxLWzc3XSxLWzc4XSxLWzc5XSxLWzUwXSxLWzgwXV1bS1szOV1dKF89Pnt0cnl7aWYoIXdpbmRvd1tfXSl0aHJvdyBuZXcgY1tLWzc4XV0oS1szOF0pfWNhdGNoKFMpe3RyeXtsZXQgYT17fTthW0tbMjhdXT0hMSxhW0tbNDFdXT0oKT0+Y1tfXSxjW0tbMjldXVtLWzMwXV0od2luZG93LF8sYSl9Y2F0Y2goYSl7fX19KSx2KHooS1szMV0pLHooS1s0NF0pLHooS1s1OF0pLHooS1s1OV0pLHooS1s2MF0pLHooS1s2MV0pLHooS1szM10pLHooS1s2Ml0pLHooS1s0M10pLHooS1s2M10pLHooS1s2M10pLHooS1s2NF0pLHooS1s2NV0pLHooS1s2Nl0pLHooS1s2N10pLHooS1s2OF0pLHooS1s2OV0pLHooS1s3MF0pLHooS1s3MV0pLHooS1s3Ml0pLHooS1s3M10pLHooS1s3NF0pLHooS1s1Nl0pLHooS1s3NV0pLHooS1syOV0pLHooS1s3Nl0pLHooS1s3N10pLHooS1s3OF0pLHooS1s3OV0pLHooS1s1MF0pLHooS1s4MF0pLEMpfSkoKHYsZyxMLFIsVSxzLGMsQyx6LF8sUyxhLGgsQix2ZSxOLGZlLHJ0LGNuLEgsbEssem4sS3QsZnQsdWUseUssdXQsSSxvdCxqLGFuLHF0KT0+eyhmdW5jdGlvbihlLHEsaSx3KXsoKCk9PntmdW5jdGlvbiBpZShuKXtsZXQgdD1uW2UuSUtdKClbZS5Bal0oZS5KKTtyZXR1cm4gdD49ZS5ISyYmdDw9ZS5yaj90LWUuSEs6dD49ZS5laiYmdDw9ZS50aj90LWUuZWorZS5MSzplLkp9ZnVuY3Rpb24gYm4obil7cmV0dXJuIG48PWUubks/dltlLktqXShuK2UuSEspOm48PWUuamo/dltlLktqXShuK2UuZWotZS5MSyk6ZS51S31mdW5jdGlvbiBNdChuLHQpe3JldHVybiBuW2UuUGtdKGUuaClbZS5OS10oKHIsZik9PntsZXQgdT0odCtlLlUpKihmK2UuVSksbz0oaWUocikrdSklZS5sSztyZXR1cm4gYm4obyl9KVtlLkVLXShlLmgpfWZ1bmN0aW9uIF9lKG4sdCl7cmV0dXJuIG5bZS5Qa10oZS5oKVtlLk5LXSgocixmKT0+e2xldCB1PXRbZiUodFtlLlNLXS1lLlUpXSxvPWllKHUpLE09aWUociktbyxkPU08ZS5KP00rZS5sSzpNO3JldHVybiBibihkKX0pW2UuRUtdKGUuaCl9dmFyIGR0PVMsTz1kdCxpdD1lLnlqKGUuckssZS5LSyksY3Q9ZS55aihlLmpLLGUuS0spLHp0PWUuVixhdD1bW2Uua2pdLFtlLk1qLGUuYmosZS5Fal0sW2UuWWosZS5Tal0sW2UuZ2osZS5DaixlLkdqXSxbZS5oaixlLnZqXV0sYnQ9W1tlLk9qXSxbLWUuTGpdLFstZS5Oal0sWy1lLkZqLC1lLnFqXSxbZS5XaixlLkVqLC1lLk9qLC1lLlJqXV0sanQ9W1tlLmNqXSxbZS5wal0sW2UuQmpdLFtlLlFqXSxbZS5Wal1dO2Z1bmN0aW9uIENlKG4sdCl7dHJ5e2xldCByPW5bZS5GS10oZj0+ZltlLkxNXSh0KT4tZS5VKVtlLnZNXSgpO3JldHVybiBuW2UuTE1dKHIpK3p0fWNhdGNoKHIpe3JldHVybiBlLkp9fWZ1bmN0aW9uIG10KG4pe3JldHVybiBpdFtlLmhLXShuKT9lLmk6Y3RbZS5oS10obik/ZS5WOmUuVX1mdW5jdGlvbiBFdChuKXtyZXR1cm4gQ2UoYXQsbil9ZnVuY3Rpb24gbHQobil7cmV0dXJuIENlKGJ0LG5bZS5tal0oKSl9ZnVuY3Rpb24geXQobil7cmV0dXJuIENlKGp0LG4pfWZ1bmN0aW9uIHB0KG4pe3JldHVybiBuW2UuUGtdKGUuaUspW2Uua0tdKGUuVSlbZS5GS10odD0+dClbZS52TV0oKVtlLlBrXShlLkRLKVtlLmtLXSgtZS5WKVtlLkVLXShlLkRLKVtlLmVNXSgpW2UuUGtdKGUuaClbZS5zS10oKHQscik9PnQraWUociksZS5KKSVlLncrZS5VfXZhciBCZT1bXTtmdW5jdGlvbiB4dCgpe3JldHVybiBCZX1mdW5jdGlvbiBYKG4pe0JlW2Uua0tdKC1lLlUpW2Uub2pdKCkhPT1uJiZCZVtlLkhqXShuKX12YXIgb2U9dHlwZW9mIGk8ZS5sP2lbZS5xcl06ZS52LE5lPWUuSCxUZT1lLm4sY2U9Y1tlLkFdKClbZS5JS10oZS5sSylbZS5rS10oZS5WKSxzdD1jW2UuQV0oKVtlLklLXShlLmxLKVtlLmtLXShlLlYpLEZlPWNbZS5BXSgpW2UuSUtdKGUubEspW2Uua0tdKGUuVikscEs9Y1tlLkFdKClbZS5JS10oZS5sSylbZS5rS10oZS5WKTtmdW5jdGlvbiBqbihuKXtvZVtlLnpLXShOZSxqbiksW210KHdbZS5mcl0pLEV0KHFbZS51al1bZS5KS10pLGx0KG5ldyBzKSxwdChxW2UubmpdW2UueGJdKSx5dCh3W2UueWJdfHx3W2UuTGJdKV1bZS5YXSh0PT57bGV0IHI9YShjW2UuQV0oKSplLkxLLGUuTEspO04oKCk9PntsZXQgZj1lLk1LKCk7ZltlLmFLXT1uW2UuWEtdLGZbZS5vYl09dCxxW2UuUEtdKGYsZS5mSyksWChlLkxFW2UuQ0tdKHQpKX0scil9KX1mdW5jdGlvbiBtbihuKXtvZVtlLnpLXShUZSxtbik7bGV0IHQ9ZS5NSygpO3RbZS5hS109bltlLlhLXTtsZXR7aHJlZjpyfT1xW2UubmpdLGY9bmV3IHFbZS5Ual07ZltlLlBqXShlLmdyLHIpLGZbZS5mal09KCk9Pnt0W2UuTnJdPWZbZS5iRV0oKSxxW2UuUEtdKHQsZS5mSyl9LGZbZS5Scl09KCk9Pnt0W2UuTnJdPWUuRmIscVtlLlBLXSh0LGUuZkspfSxmW2UueGtdKCl9b2UmJihvZVtlLlRdKE5lLGpuKSxvZVtlLlRdKFRlLG1uKSk7dmFyIGh0PWUudSx3dD1lLnosVj1lLmEsemU9aVtlLnFyXSxUPVtxXSxKdD1bXSxndD0oKT0+e307emUmJnplW2UuUnJdJiYoZ3Q9emVbZS5Scl0pO3RyeXtsZXQgbj1UW2Uua0tdKC1lLlUpW2Uub2pdKCk7Zm9yKDtuJiZuIT09bltlLnJrXSYmbltlLnJrXVtlLnVqXVtlLkpLXTspVFtlLkhqXShuW2UucmtdKSxuPW5bZS5ya119Y2F0Y2gobil7fVRbZS5YXShuPT57bltlLlViXVtlLlBNXVtlLk5NXVtlLmFNXXx8KG5bZS5VYl1bZS5QTV1bZS5OTV1bZS5hTV09Y1tlLkFdKClbZS5JS10oZS5sSylbZS5rS10oZS5WKSk7bGV0IHQ9bltlLlViXVtlLlBNXVtlLk5NXVtlLmFNXTtuW3RdPW5bdF18fFtdO3RyeXtuW1ZdPW5bVl18fFtdfWNhdGNoKHIpe319KTtmdW5jdGlvbiBVdChuLHQscixmPWUuSix1PWUuSixvKXtsZXQgTTt0cnl7TT16ZVtlLkVrXVtlLlBrXShlLmlLKVtlLlZdfWNhdGNoKGQpe310cnl7bGV0IGQ9cVtlLlViXVtlLlBNXVtlLk5NXVtlLmFNXXx8VixiPXFbZF1bZS5GS10obD0+bFtlLktrXT09PXImJmxbZS5iYl0pW2Uudk1dKCkscD1lLk1LKCk7cFtlLmprXT1uLHBbZS5NYl09dCxwW2UuS2tdPXIscFtlLmJiXT1iP2JbZS5iYl06dSxwW2UuRWJdPU0scFtlLlliXT1mLHBbZS5TYl09byxvJiZvW2UuZGJdJiYocFtlLmRiXT1vW2UuZGJdKSxKdFtlLkhqXShwKSxUW2UuWF0obD0+e2xldCBKPWxbZS5VYl1bZS5QTV1bZS5OTV1bZS5hTV18fFY7bFtKXVtlLkhqXShwKTt0cnl7bFtWXVtlLkhqXShwKX1jYXRjaChFKXt9fSl9Y2F0Y2goZCl7fX1mdW5jdGlvbiBBZShuLHQpe2xldCByPVB0KCk7Zm9yKGxldCBmPWUuSjtmPHJbZS5TS107ZisrKWlmKHJbZl1bZS5La109PT10JiZyW2ZdW2UuamtdPT09bilyZXR1cm4hZS5KO3JldHVybiFlLlV9ZnVuY3Rpb24gUHQoKXtsZXQgbj1bXTtmb3IobGV0IHQ9ZS5KO3Q8VFtlLlNLXTt0Kyspe2xldCByPVRbdF1bZS5VYl1bZS5QTV1bZS5OTV1bZS5hTV0sZj1UW3RdW3JdfHxbXTtmb3IobGV0IHU9ZS5KO3U8ZltlLlNLXTt1KyspbltlLkZLXSgoe2Zvcm1hdDpvLHpvbmVJZDpNfSk9PntsZXQgZD1vPT09Zlt1XVtlLmprXSxiPU09PT1mW3VdW2UuS2tdO3JldHVybiBkJiZifSlbZS5TS10+ZS5KfHxuW2UuSGpdKGZbdV0pfXRyeXtmb3IobGV0IHQ9ZS5KO3Q8VFtlLlNLXTt0Kyspe2xldCByPVRbdF1bVl18fFtdO2ZvcihsZXQgZj1lLko7ZjxyW2UuU0tdO2YrKyluW2UuRktdKCh7Zm9ybWF0OnUsem9uZUlkOm99KT0+e2xldCBNPXU9PT1yW2ZdW2UuamtdLGQ9bz09PXJbZl1bZS5La107cmV0dXJuIE0mJmR9KVtlLlNLXT5lLkp8fG5bZS5Ial0ocltmXSl9fWNhdGNoKHQpe31yZXR1cm4gbn1mdW5jdGlvbiBFbihuLHQpe1RbZS5OS10ocj0+e2xldCBmPXJbZS5VYl1bZS5QTV1bZS5OTV1bZS5hTV18fFY7cmV0dXJuKHJbZl18fFtdKVtlLkZLXSh1PT5uW2UuTE1dKHVbZS5La10pPi1lLlUpfSlbZS5zS10oKHIsZik9PnJbZS5DS10oZiksW10pW2UuWF0ocj0+e3RyeXtyW2UuU2JdW2UuZWtdKHQpfWNhdGNoKGYpe319KX12YXIgWT1lLk1LKCk7WVtlLlVdPWUueCxZW2UuZF09ZS5yLFlbZS5aXT1lLkssWVtlLmldPWUuaixZW2Uud109ZS5rLFlbZS5JXT1lLk0sWVtlLlZdPWUuYjt2YXIgVz1lLk1LKCk7V1tlLlVdPWUuRSxXW2UuSV09ZS5ZLFdbZS5pXT1lLlMsV1tlLlZdPWUuYjt2YXIgaz1lLk1LKCk7a1tlLlVdPWUuZyxrW2UuVl09ZS5DLGtbZS5kXT1lLkcsa1tlLlpdPWUuRyxrW2UuaV09ZS5HO3ZhciBtPTk2MjEwMDMsRj05NjIxMDAyLHhLPTM2MCx2dD0xLF90PTEwLEN0PTMsc0s9ITAsaEs9VVtlLmJLXShnKCdleUpoWkdKc2IyTnJJanA3ZlN3aVpYaGpiSFZrWlhNaU9pSWlmUT09JykpLEE9MSxsbj0nTHk5NE4ya3dMbU52YlM4MUx6azJNakV3TURNPScseW49J2VEZHBNQzVqYjIwPScsQnQ9MixOdD0xNzU4NTYwMzM0KmUubXIsVHQ9J1pleiQjdF4qRUZuZycsRnQ9JzYzNCcsQXQ9J2pwYml5amlvNWN5Jyxwbj0nNDFqeDd0YzJ0bzc1Z3d6Jyx4bj0neThkJyxzbj0nbGlvaWc0c2h0bWknLEx0PSdfcHh1cXJxaW8nLFh0PSdfZXltY2hyYXYnLFp0PSExLHg9ZS5NSygpLER0PWUuWE1bZS5Qa10oZS5oKVtlLnpqXSgpW2UuRUtdKGUuaCk7dHlwZW9mIHE8ZS5sJiYoeFtlLlVLXT1xLHR5cGVvZiBxW2UudWpdPGUubCYmKHhbZS5hal09cVtlLnVqXSkpLHR5cGVvZiBpPGUubCYmKHhbZS5kS109aSx4W2UuWktdPWlbRHRdKSx0eXBlb2YgdzxlLmwmJih4W2Uub3JdPXcpO2Z1bmN0aW9uIGhuKCl7bGV0e2RvYzpufT14O3RyeXt4W2UucEtdPW5bZS5wS119Y2F0Y2godCl7bGV0IHI9W11bZS5lYl1bZS5Ta10obltlLnFiXShlLmtrKSxmPT5mW2UuRWtdPT09ZS5Kaik7eFtlLnBLXT1yJiZyW2UuWmJdW2UucEtdfX1obigpLHhbZS5zXT0oKT0+e2lmKCFxW2UucmtdKXJldHVybiBlLnY7dHJ5e2xldCBuPXFbZS5ya11bZS5VYl0sdD1uW2UucEtdKGUuek0pO3JldHVybiBuW2UuaWJdW2UuWWtdKHQpLHRbZS5KTV0hPT1uW2UuaWJdPyFlLlU6KHRbZS5KTV1bZS5na10odCkseFtlLlVLXT1xW2UucmtdLHhbZS5kS109eFtlLlVLXVtlLlViXSxobigpLCFlLkopfWNhdGNoKG4pe3JldHVybiFlLlV9fSx4W2UuRF09KCk9Pnt0cnl7cmV0dXJuIHhbZS5kS11bZS5xcl1bZS5KTV0hPT14W2UuZEtdW2UuaWJdPyh4W2UuUmJdPXhbZS5kS11bZS5xcl1bZS5KTV0sKCF4W2UuUmJdW2UueEtdW2UuaU1dfHx4W2UuUmJdW2UueEtdW2UuaU1dPT09ZS5aaykmJih4W2UuUmJdW2UueEtdW2UuaU1dPWUubWIpLCFlLkopOiFlLlV9Y2F0Y2gobil7cmV0dXJuIWUuVX19O3ZhciBhZT14O2Z1bmN0aW9uIFJ0KG4sdCxyKXtsZXQgZj1hZVtlLmRLXVtlLnBLXShlLmtrKTtmW2UueEtdW2UuTWtdPWUuWGosZltlLnhLXVtlLkpLXT1lLlhqLGZbZS54S11bZS5ia109ZS5KLGZbZS5Fa109ZS5KaiwoYWVbZS5kS11bZS5CTV18fGFlW2UuWktdKVtlLllrXShmKTtsZXQgdT1mW2UuRk1dW2UuUGpdW2UuU2tdKGFlW2UuVUtdLG4sdCxyKTtyZXR1cm4gZltlLkpNXVtlLmdrXShmKSx1fXZhciBiZSxZdD1bXTtmdW5jdGlvbiBRdCgpe2xldCBuPVtlLkNrLGUuR2ssZS5oayxlLnZrLGUuT2ssZS5XayxlLmNrLGUucGtdLHQ9W2UudUssZS5CayxlLlFrLGUuVmssZS5Ia10scj1bZS5uayxlLnVrLGUuemssZS5hayxlLlhrLGUuSmssZS5VayxlLmRrLGUuWmssZS5payxlLndrLGUuSWtdLGY9Y1tlLmxrXShjW2UuQV0oKSpuW2UuU0tdKSx1PW5bZl1bZS5za10oZS55aihlLkNrLGUucU0pLCgpPT57bGV0IG89Y1tlLmxrXShjW2UuQV0oKSpyW2UuU0tdKTtyZXR1cm4gcltvXX0pW2Uuc2tdKGUueWooZS5HayxlLnFNKSwoKT0+e2xldCBvPWNbZS5sa10oY1tlLkFdKCkqdFtlLlNLXSksTT10W29dLGQ9Y1tlLkVFXShlLkxLLE1bZS5TS10pLGI9Y1tlLmxrXShjW2UuQV0oKSpkKTtyZXR1cm4gZS5oW2UuQ0tdKE0pW2UuQ0tdKGIpW2Uua0tdKE1bZS5TS10qLWUuVSl9KTtyZXR1cm4gZS5Ea1tlLkNLXShiZSxlLmlLKVtlLkNLXSh1LGUuaUspfWZ1bmN0aW9uIEh0KCl7cmV0dXJuIGUuaFtlLkNLXShRdCgpW2Uua0tdKGUuSiwtZS5VKSxlLndLKX1mdW5jdGlvbiBPdChuKXtyZXR1cm4gbltlLlBrXShlLmlLKVtlLmtLXShlLmkpW2UuRUtdKGUuaUspW2UuUGtdKGUuaClbZS5zS10oKHQscixmKT0+e2xldCB1PWNbZS5FRV0oZitlLlUsZS5JKTtyZXR1cm4gdCtyW2UuQWpdKGUuSikqdX0sZS5BaylbZS5JS10oZS5sSyl9ZnVuY3Rpb24gVnQoKXtsZXQgbj1pW2UucEtdKGUua2spO3JldHVybiBuW2UueEtdW2UuTWtdPWUuWGosbltlLnhLXVtlLkpLXT1lLlhqLG5bZS54S11bZS5ia109ZS5KLG59ZnVuY3Rpb24gd24obil7biYmKGJlPW4sR3QoKSl9ZnVuY3Rpb24gR3QoKXtiZSYmWXRbZS5YXShuPT5uKGJlKSl9ZnVuY3Rpb24gU3Qobil7dHJ5e2xldCB0PWlbZS5wS10oZS5jcik7dFtlLmFLXT1lLlJNLChpW2UuQk1dfHxpW2UuUE1dKVtlLllrXSh0KSxOKCgpPT57dHJ5e24oZ2V0Q29tcHV0ZWRTdHlsZSh0LGUudilbZS53RV0hPT1lLlhFKX1jYXRjaChyKXtuKCFlLkopfX0sZS5vayl9Y2F0Y2godCl7bighZS5KKX19ZnVuY3Rpb24gSXQoKXtsZXQgbj1CdD09PWUuVT9lLlVqOmUuZGosdD1lLm1NW2UuQ0tdKG4sZS5vTSlbZS5DS10oWVtBXSkscj1lLk1LKCk7cltlLmVrXT13bixyW2UudGtdPXh0LHJbZS55a109c24scltlLkxrXT1wbixyW2UuTmtdPXhuLFV0KHQsaHQsbSxOdCxGLHIpfWZ1bmN0aW9uIEpuKCl7bGV0IG49V1tBXTtyZXR1cm4gQWUobixGKXx8QWUobixtKX1mdW5jdGlvbiBnbigpe2xldCBuPVdbQV07cmV0dXJuIEFlKG4sRil9ZnVuY3Rpb24gV3QoKXtsZXQgbj1bZS5GayxlLnFrLGUuUmssZS5ta10sdD1pW2UucEtdKGUua2spO3RbZS54S11bZS5ia109ZS5KLHRbZS54S11bZS5KS109ZS5Yaix0W2UueEtdW2UuTWtdPWUuWGosdFtlLkVrXT1lLkpqO3RyeXtpW2UuUE1dW2UuWWtdKHQpLG5bZS5YXShyPT57dHJ5e3Fbcl19Y2F0Y2goZil7ZGVsZXRlIHFbcl0scVtyXT10W2UuRk1dW3JdfX0pLGlbZS5QTV1bZS5na10odCl9Y2F0Y2gocil7fX12YXIgTGU9ZS5NSygpLGplPWUuTUsoKSxYZT1lLk1LKCksJHQ9ZS5VLGVlPWUuaCxtZT1lLmg7WmUoKTtmdW5jdGlvbiBaZSgpe2lmKGVlKXJldHVybjtsZXQgbj1mZSgoKT0+e2lmKGduKCkpe0gobik7cmV0dXJufWlmKG1lKXt0cnl7bGV0IHQ9bWVbZS5Qa10obGUpW2UuRktdKE09PiFsZVtlLmhLXShNKSksW3IsZix1XT10O21lPWUuaCxYZVtlLm9dPWYsTGVbZS5vXT1yLGplW2Uub109Tm4odSxlLlRyKSxbTGUsamUsWGVdW2UuWF0oTT0+e3llKE0sc3QsJHQpfSk7bGV0IG89W19lKExlW2UudF0samVbZS50XSksX2UoWGVbZS50XSxqZVtlLnRdKV1bZS5FS10oZS5ESyk7ZWUhPT1vJiYoZWU9byxFbihbbSxGXSxlZSkpfWNhdGNoKHQpe31IKG4pfX0sZS5vayl9ZnVuY3Rpb24gVW4oKXtyZXR1cm4gZWV9ZnVuY3Rpb24ga3QoKXtlZT1lLmh9ZnVuY3Rpb24gRWUobil7biYmKG1lPW4pfXZhciB5PWUuTUsoKTt5W2UuQV09ZS5oLHlbZS5lXT1lLmgseVtlLnRdPWUuaCx5W2UueV09dm9pZCBlLkoseVtlLkxdPWUudix5W2UuTl09X2UoRnQsQXQpO3ZhciBQbj1uZXcgcyx2bj0hZS5VO19uKCk7ZnVuY3Rpb24gX24oKXt5W2UueV09IWUuVSxQbj1uZXcgcztsZXQgbj1Ncih5LEZlKSx0PWZlKCgpPT57aWYoeVtlLnRdIT09ZS5oKXtpZihIKHQpLHFbZS56S10oZS5QLG4pLHlbZS50XT09PWUuRmIpe3lbZS55XT0hZS5KO3JldHVybn10cnl7aWYoQyh5W2UuZV0pW2UuTkVdKGUuSilbZS5YXShmPT57eVtlLkFdPWUuaDtsZXQgdT1DbihlLktZLGUudUUpO0ModSlbZS5ORV0oZS5KKVtlLlhdKG89Pnt5W2UuQV0rPXZbZS5Lal0oQ24oZS5laixlLnRqKSl9KX0pLGduKCkpcmV0dXJuO2xldCByPWUuSUUqZS5MaiplLm1yO04oKCk9PntpZih2bilyZXR1cm47bGV0IGY9bmV3IHMoKVtlLnhNXSgpLVBuW2UueE1dKCk7eVtlLkxdKz1mLF9uKCksWmUoKSxocigpfSxyKX1jYXRjaChyKXt9eVtlLnldPSFlLkoseVtlLnRdPWUuaH19LGUub2spO3FbZS5UXShlLlAsbil9ZnVuY3Rpb24gZXIoKXtyZXR1cm4geVtlLnRdPXlbZS50XSplLlVNJWUuVGsseVtlLnRdfWZ1bmN0aW9uIENuKG4sdCl7cmV0dXJuIG4rZXIoKSUodC1uKX1mdW5jdGlvbiBucihuKXtyZXR1cm4gbltlLlBrXShlLmgpW2Uuc0tdKCh0LHIpPT4odDw8ZS5aKS10K3JbZS5Bal0oZS5KKSZlLlRrLGUuSil9ZnVuY3Rpb24gdHIoKXtyZXR1cm5beVtlLkFdLHlbZS5OXV1bZS5FS10oZS5ESyl9ZnVuY3Rpb24gRGUoKXtsZXQgbj1bLi4uZS5kTV0sdD0oY1tlLkFdKCkqZS5aTXxlLkopK2UuZDtyZXR1cm5bLi4uQyh0KV1bZS5OS10ocj0+bltjW2UuQV0oKSpuW2UuU0tdfGUuSl0pW2UuRUtdKGUuaCl9ZnVuY3Rpb24gUmUoKXtyZXR1cm4geVtlLnldfWZ1bmN0aW9uIHJyKCl7dm49IWUuSn12YXIgbGU9ZS55aihlLllLLGUuaCksS3I9dHlwZW9mIGk8ZS5sP2lbZS5xcl06ZS52LGZyPWUuRix1cj1lLnEsb3I9ZS5SLHFyPWUubTtmdW5jdGlvbiB5ZShuLHQscil7bGV0IGY9bltlLm9dW2UuUGtdKGxlKVtlLkZLXShvPT4hbGVbZS5oS10obykpLHU9ZS5KO3JldHVybiBuW2UudF09Zlt1XSxuW2UuU0tdPWZbZS5TS10sbz0+e2xldCBNPW8mJm9bZS50TV0mJm9bZS50TV1bZS5hS10sZD1vJiZvW2UudE1dJiZvW2UudE1dW2Uub2JdO2lmKE09PT10KWZvcig7ZC0tOyl1Kz1yLHU9dT49ZltlLlNLXT9lLko6dSxuW2UudF09Zlt1XX19ZnVuY3Rpb24gTXIobix0KXtyZXR1cm4gcj0+e2xldCBmPXImJnJbZS50TV0mJnJbZS50TV1bZS5hS10sdT1yJiZyW2UudE1dJiZyW2UudE1dW2UuTnJdO2lmKGY9PT10KXRyeXtsZXQgbz0obltlLkxdP25ldyBzKG5bZS5MXSlbZS5JS10oKTp1W2UuUGtdKGZyKVtlLmViXShwPT5wW2UuRE1dKGUuRkUpKSlbZS5Qa10odXIpW2Uub2pdKCksTT1uZXcgcyhvKVtlLmNFXSgpW2UuUGtdKG9yKSxkPU1bZS52TV0oKSxiPU1bZS52TV0oKVtlLlBrXShxcilbZS52TV0oKTtuW2UuZV09YShiL0N0LGUuTEspK2UuVSxuW2UuTF09bltlLkxdP25bZS5MXTpuZXcgcyhvKVtlLnhNXSgpLG5bZS50XT1ucihkK1R0KX1jYXRjaChvKXtuW2UudF09ZS5GYn19fWZ1bmN0aW9uIEJuKG4sdCl7bGV0IHI9bmV3IHV0KHQpO3JbZS5YS109bixLcltlLmZrXShyKX1mdW5jdGlvbiBObihuLHQpe3JldHVybiBDW2UuVE1dKGUudixlLk1LKGUuU0ssdCkpW2UuTktdKChyLGYpPT5NdChuLGYpKVtlLkVLXShlLkFLKX12YXIgVG49ZS5VLFllPWUuTUsoKSxGbj1lLk1LKCksQW49ZS5NSygpO1llW2Uub109cG4scVtlLlRdKGUuUCx5ZShZZSxjZSxUbikpO3ZhciBkcj1ZZVtlLlNLXSplLlRyO0ZuW2Uub109Tm4oc24sZHIpLEFuW2Uub109eG4scVtlLlRdKGUuUCx5ZShGbixjZSxlLlRyKSkscVtlLlRdKGUuUCx5ZShBbixjZSxUbikpO3ZhciBMbj1lLmYscGU9ZS54cixpcj1lLlcsY3I9ZS5sO2Z1bmN0aW9uIFhuKG4pe2xldCB0PWEobixlLkxLKVtlLklLXShlLmxLKSxyPVtMbix0XVtlLkVLXShjciksZj1bTG4sdF1bZS5FS10oaXIpO3JldHVybltyLGZdfWZ1bmN0aW9uIHpyKG4sdCl7bGV0W3IsZl09WG4obik7altyXT1lLkosaltmXT10fWZ1bmN0aW9uIGFyKG4pe2xldFt0LHJdPVhuKG4pLGY9YShqW3RdLGUuTEspfHxlLkosdT1qW3JdO3JldHVybiBmPj1lLmk/KGRlbGV0ZSBqW3RdLGRlbGV0ZSBqW3JdLGUudik6dT8oalt0XT1mK2UuVSx1KTplLnZ9ZnVuY3Rpb24gYnIobil7bGV0IHQ9bmV3IHMoKVtlLnhNXSgpO3RyeXtqW3BlXT1lLmhbZS5DS10odCxlLmdiKVtlLkNLXShuKX1jYXRjaChyKXt9fWZ1bmN0aW9uIGpyKCl7dHJ5e2lmKCFqW3BlXSlyZXR1cm4gZS5oO2xldFtuLHRdPWpbcGVdW2UuUGtdKGUuZ2IpO3JldHVybiBhKG4sZS5MSykrZS5aajxuZXcgcygpW2UueE1dKCk/KGRlbGV0ZSBqW3BlXSxlLmgpOnR9Y2F0Y2gobil7cmV0dXJuIGUuaH19dmFyIG1yPWUucnIsRXI9ZS5LcixRZT1lLmpyLGxyPWUua3IsWm49ZS5NcixIZT1lLmJyLHhlPWUuRXIsc2U9ZS5ZcixEbj1lLlNyLHlyPWUuZ3IscHI9ZS5Dcix4cj1lLkdyLE9lPWUuaHIsUm49ZS52cixoZT0hZS5VO2Z1bmN0aW9uIHNyKCl7cmV0dXJuIGUuZUtbZS5DS10obSxlLnRLKX1mdW5jdGlvbiBuZSgpe3JldHVybiBVbigpfWZ1bmN0aW9uIGhyKCl7bGV0IG49ZS5NSygpLHQ9ZmUoKCk9PntSZSgpJiYoSCh0KSxWZSgpKX0sZS5vayk7bltlLmFLXT1GZSxxW2UuUEtdKG4sZS5mSyl9ZnVuY3Rpb24gVmUobil7bGV0IHQ9bmV3IHFbZS5Ual07dFtlLlBqXSh5cixlLkRrW2UuQ0tdKHRyKCkpKSxuJiZ0W2Uuck1dKFFlLGxyKSx0W2Uuck1dKHhyLGtbQV0pLHRbZS5mal09KCk9PntpZih0W2UubGJdPT09ZS53Yil7bGV0IHI9dFtlLmJFXSgpW2UuVkVdKClbZS5Qa10oZS55aihlLkhFLGUuaCkpLGY9ZS5NSygpO3JbZS5YXSh1PT57bGV0IG89dVtlLlBrXShlLm9FKSxNPW9bZS52TV0oKVtlLmVNXSgpLGQ9b1tlLkVLXShlLm9FKTtmW01dPWR9KSxmW09lXT8oaGU9IWUuSixFZShmW09lXSksbiYmYnIoZltPZV0pKTpmW1JuXSYmRWUoZltSbl0pLG58fFplKCl9fSx0W2UuUnJdPSgpPT57biYmKGhlPSFlLkosRWUoZS5ZRSkpfSxrdCgpLHRbZS54a10oKX1mdW5jdGlvbiBZbihuKXtyZXR1cm4gbmV3IE8oKHQscik9PntsZXQgZj1uZXcgcygpW2UueE1dKCksdT1mZSgoKT0+e2xldCBvPVVuKCk7bz8oSCh1KSxvPT09ZS50RSYmcihuZXcgSShlLnRyKSksaGUmJihufHxycigpLHQobykpLHQoKSk6ZitlLmxFPG5ldyBzKClbZS54TV0oKSYmKEgodSkscihuZXcgSShlLlRFKSkpfSxlLm9rKX0pfWZ1bmN0aW9uIHdyKCl7bGV0IG49anIoKTtpZihuKWhlPSFlLkosRWUobik7ZWxzZXtsZXQgdD1mZSgoKT0+e1JlKCkmJihIKHQpLFZlKCFlLkopKX0sZS5vayl9fXZhciBRbj1lLk9yLHdLPWUuZ0tbZS5DS10obSxlLkdLKSxHZT1lLldyLEpLPXZ0KmUuUHIsZ0s9X3QqZS5tcjtxW0dlXXx8KHFbR2VdPWUuTUsoKSk7ZnVuY3Rpb24gSnIobil7dHJ5e2xldCB0PWUuaFtlLkNLXShRbilbZS5DS10obikscj1hblt0XXx8alt0XTtpZihyKXJldHVybiBuZXcgcygpW2UueE1dKCk+YShyLGUuTEspfWNhdGNoKHQpe31yZXR1cm4hZS5KfWZ1bmN0aW9uIEhuKG4pe2xldCB0PW5ldyBzKClbZS54TV0oKStlLlpqLHI9ZS5oW2UuQ0tdKFFuKVtlLkNLXShuKTtxW0dlXVtuXT0hZS5KO3RyeXtqW3JdPXR9Y2F0Y2goZil7fXRyeXthbltyXT10fWNhdGNoKGYpe319dmFyIFE9d1tlLmZyXSxncj1RW2UueUtdKGUueWooZS5LTSxlLmgpKXx8W10sVXI9UVtlLnlLXShlLnlqKGUuak0sZS5oKSl8fFtdLE9uPWEoZ3JbZS5VXSxlLkxLKXx8YShVcltlLlVdLGUuTEspLHdlPWUueWooZS5paixlLmgpW2UuaEtdKFEpLFByPWUueWooZS5ySyxlLktLKVtlLmhLXShRKSxWbj13ZXx8UHIsdnI9ZS55aihlLndqLGUuaClbZS5oS10oUSksX3I9ZS55aihlLklqLGUubGopW2UuaEtdKFEpLENyPWUueWooZS5rTSxlLktLKVtlLmhLXShRKSYmZS55aihlLk1NLGUuS0spW2UuaEtdKFEpLFAsdGUsU2U9IWUuVSxHbj0hZS5VLFNuPWcoeW4pLEJyPVtlLnZLLGUuSCxlLk9LLGUuV0ssZS5jS107ZnVuY3Rpb24gTnIobix0KXtsZXQgcj0hQ3ImJk9uPGUuYk07bltlLlRdPyh3ZXx8KE9uJiYhVm4/bltlLlRdKGUudkssdCwhZS5KKTooX3J8fHZyKSYmIVZuP25bZS5UXShlLkgsdCwhZS5KKToobltlLlRdKGUuSCx0LCFlLkopLG5bZS5UXShlLk9LLHQsIWUuSikpKSxyP3dlP25bZS5UXShlLldLLHQsIWUuSik6bltlLlRdKGUuY0ssdCwhZS5KKTp3ZSYmbltlLlRdKGUuSCx0LCFlLkopKTppW2Uuc2pdJiZuW2Uuc2pdKGUuRSx0KX1mdW5jdGlvbiBJZShuKXshSnIobil8fEdufHwoR249bj09PW0sUD1pW2UucEtdKGUuY3IpLFBbZS54S11bZS5pTV09ZS5FTSxQW2UueEtdW2UucmtdPWUuSixQW2UueEtdW2Uud01dPWUuSixQW2UueEtdW2UuSU1dPWUuSixQW2UueEtdW2UubE1dPWUuSixQW2UueEtdW2UudXJdPWUuVGssUFtlLnhLXVtlLnNNXT1lLllNLHRlPXQ9PntpZihTZSlyZXR1cm47dFtlLlNFXSgpLHRbZS5nRV0oKSxxZSgpO2xldCByPVJ0KGUuRGtbZS5DS10oU24sZS5uRSlbZS5DS10obixlLnBFKSk7ciYmbj09PUY/SG4obik6ciYmbj09PW0mJk4oKCk9PntyW2Uuc0VdfHxIbihuKX0sZS5tcil9LE5yKFAsdGUpLGlbZS5QTV1bZS5Za10oUCksU2U9IWUuVSl9ZnVuY3Rpb24gcWUoKXt0cnl7QnJbZS5YXShuPT57cVtlLnpLXShuLHRlLCFlLkopLHFbZS56S10obix0ZSwhZS5VKX0pLFAmJmlbZS5QTV1bZS5na10oUCksdGU9dm9pZCBlLkp9Y2F0Y2gobil7fVNlPSFlLkp9ZnVuY3Rpb24gV2UoKXtyZXR1cm4gdGU9PT12b2lkIGUuSn1mdW5jdGlvbiBJbihuKXtTbj1ufXZhciBUcj1lLmNyLFduPWlbZS5wS10oVHIpLEZyPWUucHIsQXI9ZS5CcixMcj1lLlFyLFhyPWUuVnIsWnI9ZS5IcixEcj1lLm5yO1duW2UueEtdW2UudXJdPUZyLFduW2UueEtdW2UuenJdPUFyO2Z1bmN0aW9uIFJyKG4pe2xldCB0PUNbZS5LRV1bZS5rS11bZS5Ta10oaVtlLlRiXSlbZS5GS10ocj0+cltlLnhiXT09PW4pW2Uub2pdKClbZS5Eal07cmV0dXJuKHRbZS5KXVtlLmZNXVtlLkRNXShlLkFNKT90W2UuSl1bZS54S11bZS5TTV06dFtlLlZdW2UueEtdW2UuU01dKVtlLmtLXShlLlUsLWUuVSl9ZnVuY3Rpb24gJGUobil7cmV0dXJuIEt0KGcobilbZS5Qa10oZS5oKVtlLk5LXShmdW5jdGlvbih0KXtyZXR1cm4gZS5qRSsoZS5Cayt0W2UuQWpdKGUuSilbZS5JS10oZS51RSkpW2Uua0tdKC1lLlYpfSlbZS5FS10oZS5oKSl9ZnVuY3Rpb24ga2Uobil7bGV0IHQ9ZyhuKSxyPW5ldyBydCh0W2UuU0tdKTtyZXR1cm4gbmV3IHZlKHIpW2UuTktdKChmLHUpPT50W2UuQWpdKHUpKX1mdW5jdGlvbiBZcihuLHQpe3JldHVybiBuZXcgTygocixmKT0+e2xldCB1PWlbZS5wS10oTHIpO3VbZS54Yl09bix1W2UuUGJdPVhyLHVbZS5wTV09RHIsdVtlLmZiXT1acixpW2UuaWJdW2UueEVdKHUsaVtlLmliXVtlLmtFXSksdVtlLmZqXT0oKT0+e3RyeXtsZXQgbz1Scih1W2UueGJdKTt1W2UuSk1dW2UuZ2tdKHUpLHIodD09PXhlP2tlKG8pOiRlKG8pKX1jYXRjaChvKXtmKCl9fSx1W2UuUnJdPSgpPT57dVtlLkpNXVtlLmdrXSh1KSxmKCl9fSl9ZnVuY3Rpb24gUXIobix0KXtyZXR1cm4gbmV3IE8oKHIsZik9PntsZXQgdT1uZXcgb3Q7dVtlLmZiXT1lLnRiLHVbZS5Fa109bix1W2UuZmpdPSgpPT57bGV0IG89aVtlLnBLXShlLkpFKTtvW2UuTWtdPXVbZS5Na10sb1tlLkpLXT11W2UuSktdO2xldCBNPW9bZS5VRV0oZS5kRSk7TVtlLlFFXSh1LGUuSixlLkopO2xldHtkYXRhOmR9PU1bZS5aRV0oZS5KLGUuSix1W2UuTWtdLHVbZS5KS10pLGI9ZFtlLmtLXShlLkosZS56RSlbZS5GS10oKEUsWik9PihaK2UuVSklZS5kKVtlLnpqXSgpW2Uuc0tdKChFLFosS2UpPT5FK1oqY1tlLkVFXShlLlBFLEtlKSxlLkopLHA9W107Zm9yKGxldCBFPWUuekU7RTxkW2UuU0tdO0UrKylpZigoRStlLlUpJWUuZCl7bGV0IFo9ZFtFXTsodD09PXhlfHxaPj1lLnFFKSYmcFtlLkhqXSh2W2UuS2pdKFopKX1sZXQgbD1MKHBbZS5FS10oZS5oKVtlLnlFXShlLkosYikpLEo9dD09PXhlP2tlKGwpOiRlKGwpO3JldHVybiByKEopfSx1W2UuUnJdPSgpPT5mKCl9KX1mdW5jdGlvbiBIcihuLHQscj1IZSxmPXNlLHU9ZS5NSygpKXtyZXR1cm4gbmV3IE8oKG8sTSk9PntsZXQgZD1uZXcgcVtlLlRqXTtpZihkW2UuUGpdKGYsbiksZFtlLm5NXT1yLGRbZS5yRV09IWUuSixkW2Uuck1dKG1yLEwoQih0KSkpLGRbZS5mal09KCk9PntsZXQgYj1lLk1LKCk7YltlLmxiXT1kW2UubGJdLGJbZS5Ocl09cj09PUhlP1VbZS5CRV0oZFtlLk5yXSk6ZFtlLk5yXSxbZS53YixlLlJFXVtlLkxNXShkW2UubGJdKT49ZS5KP28oYik6TShuZXcgSShlLnJZW2UuQ0tdKGRbZS5sYl0sZS5vTSlbZS5DS10oZFtlLmZFXSxlLm1FKVtlLkNLXSh0KSkpfSxkW2UuUnJdPSgpPT57TShuZXcgSShlLnJZW2UuQ0tdKGRbZS5sYl0sZS5vTSlbZS5DS10oZFtlLmZFXSxlLm1FKVtlLkNLXSh0KSkpfSxmPT09RG4pe2xldCBiPXR5cGVvZiB1PT1lLkdFP1VbZS5CRV0odSk6dTtkW2Uuck1dKFFlLFpuKSxkW2UueGtdKGIpfWVsc2UgZFtlLnhrXSgpfSl9ZnVuY3Rpb24gT3Iobix0LHI9SGUsZj1zZSx1PWUuTUsoKSl7cmV0dXJuIG5ldyBPKChvLE0pPT57bGV0IGQ9T3QobiksYj1WdCgpLHA9IWUuVSxsLEosRT0oKT0+e3RyeXtiW2UuSk1dW2UuZ2tdKGIpLHFbZS56S10oZS5QLFopLHB8fE0obmV3IEkoZS54WSkpfWNhdGNoKEtlKXt9fTtmdW5jdGlvbiBaKEtlKXtsZXQgZGU9dWVbZS5yYl0oS2VbZS50TV0pW2Uub2pdKCk7aWYoZGU9PT1kKWlmKGNuKEopLEtlW2UudE1dW2RlXT09PWUudil7bGV0IEQ9ZS5NSygpO0RbZGVdPWUuTUsoZS5ERSxlLkFFLGUuY00sTChCKHQpKSxlLlFNLGYsZS5CTSx0eXBlb2YgdT09ZS5HRT9VW2UuQkVdKHUpOnUpLGY9PT1EbiYmKERbZGVdW2UuZUVdPVVbZS5CRV0oZS5NSyhlLmpyLFpuKSkpLGJbZS5GTV1bZS5QS10oRCxlLmZLKX1lbHNle3A9IWUuSixFKCksY24obCk7bGV0IEQ9ZS5NSygpLGRuPVVbZS5iS10oZyhLZVtlLnRNXVtkZV0pKTtEW2UubGJdPWRuW2UuaUVdLERbZS5Ocl09cj09PXhlP2tlKGRuW2UuQk1dKTokZShkbltlLkJNXSksW2Uud2IsZS5SRV1bZS5MTV0oRFtlLmxiXSk+PWUuSj9vKEQpOk0obmV3IEkoZS5yWVtlLkNLXShEW2UubGJdLGUubUUpW2UuQ0tdKHQpKSl9fXFbZS5UXShlLlAsWiksYltlLkVrXT1uLChpW2UuQk1dfHxpW2UuUE1dKVtlLllrXShiKSxKPU4oRSxlLk1FKSxsPU4oRSxlLkZyKX0pfWZ1bmN0aW9uIEplKG4pe3RyeXtyZXR1cm4gbltlLlBrXShlLmlLKVtlLlZdW2UuUGtdKGUuREspW2Uua0tdKC1lLlYpW2UuRUtdKGUuREspW2UuZU1dKCl9Y2F0Y2godCl7cmV0dXJuIGUuaH19dmFyIE1lPWUuYXIsVnI9ZS5YcixHcj1lLk8sU3I9ZS5sLElyPWUuSnIsRz1lLk1LKCk7R1tlLlVyXT1lLk8sR1tlLmRyXT1lLlcsR1tlLlpyXT1lLmMsR1tlLmlyXT1lLnAsR1tlLndyXT1lLkIsR1tlLklyXT1lLlE7ZnVuY3Rpb24gJG4obix0KXtsZXQgcj1HW3RdfHxTcixmPWEobixlLkxLKVtlLklLXShlLmxLKSx1PVtNZSxmXVtlLkVLXShyKSxvPVtNZSxmLFZyXVtlLkVLXShyKSxNPVtNZSxmLEdyXVtlLkVLXShyKTtyZXR1cm5bdSxvLE1dfWZ1bmN0aW9uIFdyKCl7bGV0IG49altNZV07aWYobilyZXR1cm4gbjtsZXQgdD1jW2UuQV0oKVtlLklLXShlLmxLKVtlLmtLXShlLlYpO3JldHVybiBqW01lXT10LHR9ZnVuY3Rpb24gJHIobil7bGV0IHQ9ZS5nTVtlLkNLXShuZSgpLGUuQ00pLHI9dWVbZS5yYl0obilbZS5OS10odT0+e2xldCBvPWZ0KG5bdV0pO3JldHVyblt1LG9dW2UuRUtdKGUuQ0UpfSlbZS5FS10oZS5HTSksZj1uZXcgcVtlLlRqXTtmW2UuUGpdKGUuU3IsdCwhZS5KKSxmW2Uuck1dKFFlLHByKSxmW2UueGtdKHIpfWZ1bmN0aW9uIGdlKG4sdCl7bGV0W3IsZix1XT0kbihuLHQpLG89YShqW3VdLGUuTEspfHxlLko7alt1XT1vK2UuVSxqW3JdPW5ldyBzKClbZS54TV0oKSxqW2ZdPWUuaH1mdW5jdGlvbiBVZShuLHQscil7bGV0W2YsdSxvXT0kbihuLHQpO2lmKGpbZl0mJiFqW3VdKXtsZXQgTT1hKGpbb10sZS5MSyl8fGUuSixkPWEoaltmXSxlLkxLKSxiPW5ldyBzKClbZS54TV0oKSxwPWItZCx7cmVmZXJyZXI6bH09aSxKPXFbZS5ual1bZS54Yl07alt1XT1iLGpbb109ZS5KO2xldCBFPWUuTUsoZS5DYixuLGUuR2IsbCxlLmhiLHAsZS52YixyLGUuT2IsYixlLldiLFdyKCksZS5jYixKLGUucGIsZCxlLkJiLE0sZS5RYix3W2UuZnJdLGUuVmIscVtlLnVqXVtlLk1rXSxlLkhiLHFbZS51al1bZS5KS10sZS5RTSx0fHxJcixlLm5iLG5ldyBzKClbZS5tal0oKSxlLnViLEplKHIpLGUuemIsSmUobCksZS5hYixKZShKKSxlLlhiLHdbZS55Yl18fHdbZS5MYl0pOyRyKEUpfX12YXIga3I9ZS55aihlLkJLLGUuS0spLGVLPWUueWooZS5RSyksbks9ZS55aihlLlZLKSx0Sz1lLmxyLGtuPVt0SyxtW2UuSUtdKGUubEspXVtlLkVLXShlLmgpLHJlPWUuTUsoKTtyZVtlLlddPW9LLHJlW2UuQl09cUsscmVbZS5RXT1ubixyZVtlLlhyXT1ldDt2YXIgcks9W25uLGV0XTtmdW5jdGlvbiBLSyhuKXtyZXR1cm4ga3JbZS5oS10obik/bjplS1tlLmhLXShuKT9lLmhNW2UuQ0tdKG4pOm5LW2UuaEtdKG4pP2UuRGtbZS5DS10ocVtlLm5qXVtlLkliXSlbZS5DS10obik6cVtlLm5qXVtlLnhiXVtlLlBrXShlLmlLKVtlLmtLXShlLkosLWUuVSlbZS5DS10obilbZS5FS10oZS5pSyl9ZnVuY3Rpb24gZksoKXtsZXQgbj1baltrbl1dW2UuQ0tdKHVlW2UucmJdKHJlKSk7cmV0dXJuIG5bZS5GS10oKHQscik9PnQmJm5bZS5MTV0odCk9PT1yKX1mdW5jdGlvbiB1Sygpe3JldHVyblsuLi5yS119ZnVuY3Rpb24gZW4obix0LHIsZix1KXtsZXQgbz1uW2Uudk1dKCk7cmV0dXJuIGYmJmYhPT1zZT9vP28odCxyLGYsdSlbZS54al0oTT0+TSlbZS5SS10oKCk9PmVuKG4sdCxyLGYsdSkpOm5uKHQscixmLHUpOm8/cmVbb10odCxyfHxlLk5iKVtlLnhqXShNPT4oaltrbl09byxNKSlbZS5SS10oKCk9PmVuKG4sdCxyLGYsdSkpOm5ldyBPKChNLGQpPT5kKCkpfWZ1bmN0aW9uIG9LKG4sdCl7WChlLnFLKTtsZXQgcj1lLmlyLGY9RGUoKSx1PWUuRGtbZS5DS10obmUoKSxlLmlLKVtlLkNLXShmLGUuS2IpW2UuQ0tdKEwobikpO3JldHVybiBZcih1LHQpW2UueGpdKG89PihnZShtLHIpLG8pKVtlLlJLXShvPT57dGhyb3cgVWUobSxyLHUpLG99KX1mdW5jdGlvbiBxSyhuLHQpe1goZS5tSyk7bGV0IHI9ZS53cixmPURlKCksdT1lLkRrW2UuQ0tdKG5lKCksZS5pSylbZS5DS10oZixlLmpiKVtlLkNLXShMKG4pKTtyZXR1cm4gUXIodSx0KVtlLnhqXShvPT4oZ2UobSxyKSxvKSlbZS5SS10obz0+e3Rocm93IFVlKG0scix1KSxvfSl9ZnVuY3Rpb24gbm4obix0LHIsZil7WChlLm9LKTtsZXQgdT1lLklyLG89RGUoKSxNPWUuRGtbZS5DS10obmUoKSxlLmlLKVtlLkNLXShvLGUuT00pO3JldHVybiBIcihNLG4sdCxyLGYpW2UueGpdKGQ9PihnZShtLHUpLGQpKVtlLlJLXShkPT57dGhyb3cgVWUobSx1LE0pLGR9KX1mdW5jdGlvbiBldChuLHQscixmKXtYKGUuV00pLHduKG5lKCkpO2xldCB1PWUuVEssbz1IdCgpO3JldHVybiBPcihvLG4sdCxyLGYpW2UueGpdKE09PihnZShtLHUpLE0pKVtlLlJLXShNPT57dGhyb3cgVWUobSx1LG8pLE19KX1mdW5jdGlvbiB0bihuLHQscixmKXtuPUtLKG4pLHI9cj9yW2Uua2JdKCk6ZS5oO2xldCB1PXImJnIhPT1zZT91SygpOmZLKCk7cmV0dXJuIFgoZS5oW2UuQ0tdKHIsZS5tKVtlLkNLXShuKSksZW4odSxuLHQscixmKVtlLnhqXShvPT5vJiZvW2UuTnJdP286ZS5NSyhlLmxiLGUud2IsZS5OcixvKSl9dmFyIHJuPWUuc3IsS249ZS5EcixNSz1lLkFyLGRLPWUuZXIsaUs9ZS50cixjSz1lLnlyLHpLPWUuTHIsYUs9ZS5Ocixmbix1bjtmdW5jdGlvbiBvbihuKXtsZXQgdD1uJiZuW2UudE1dJiZuW2UudE1dW2UuY01dLHI9biYmbltlLnRNXSYmbltlLnRNXVtlLnBNXSxmPW4mJm5bZS50TV0mJm5bZS50TV1bZS5CTV0sdT1uJiZuW2UudE1dJiZuW2UudE1dW2UuUU1dLG89biYmbltlLnRNXSYmbltlLnRNXVtlLlZNXSxNPW4mJm5bZS50TV0mJm5bZS50TV1bZS5ITV0sZD1uJiZuW2UudE1dJiZuW2UudE1dW2Uubk1dLGI9biYmbltlLnRNXSYmbltlLnRNXVtlLnVNXSxwPWI9PT1tfHxiPT09RixsPWUuTUsoKTtvIT09cm4mJm8hPT1Lbnx8KHI9PT1NSz8obFtlLnBNXT1kSyxsW2Uuc2JdPUEsbFtlLnVNXT1tLGxbZS5EYl09Rik6cj09PWlLJiZNJiYoIWJ8fHApJiYobFtlLnBNXT1jSyxsW2UuSE1dPU0sdG4odCxkLHUsZilbZS54al0oSj0+e2xldCBFPWUuTUsoKTtFW2UucE1dPWFLLEVbZS5jTV09dCxFW2UuSE1dPU0sRVtlLnRNXT1KLHFuKG8sRSl9KVtlLlJLXShKPT57bGV0IEU9ZS5NSygpO0VbZS5wTV09ekssRVtlLmNNXT10LEVbZS5ITV09TSxFW2UuRmJdPUomJkpbZS5QXSxxbihvLEUpfSkpLGxbZS5wTV0mJnFuKG8sbCkpfWZ1bmN0aW9uIHFuKG4sdCl7c3dpdGNoKHRbZS5WTV09bixuKXtjYXNlIEtuOnVuW2UuUEtdKHQpO2JyZWFrO2Nhc2Ugcm46ZGVmYXVsdDpmbltlLlBLXSh0KTticmVha31xW2UuUEtdKHQsZS5mSyl9ZnVuY3Rpb24gYksoKXt0cnl7Zm49bmV3IHpuKHJuKSxmbltlLlRdKGUuUCxvbiksdW49bmV3IHpuKEtuKSx1bltlLlRdKGUuUCxvbil9Y2F0Y2gobil7fXFbZS5UXShlLlAsb24pfXZhciBudD1pW2UucXJdO2Z1bmN0aW9uIGpLKG4sdCxyKXtyZXR1cm4gbmV3IE8oKGYsdSk9PntYKGUuQWIpO2xldCBvO2lmKFtlLmQsZS5pLGUuWl1bZS5MTV0oQSk+LWUuVSl7bz1pW2UucEtdKGUuek0pO2xldCBNPWlbZS5oRV0obik7b1tlLmZqXT1yLG9bZS5Za10oTSksb1tlLnZFXShlLk9FLG0pLG9bZS52RV0oZS5XRSxKZShnKGxuKSkpO3RyeXtudFtlLkpNXVtlLnhFXShvLG50KX1jYXRjaChkKXsoaVtlLkJNXXx8aVtlLlBNXSlbZS5Za10obyl9fWVsc2UgUihuKTtOKCgpPT4obyE9PXZvaWQgZS5KJiZvW2UuSk1dW2UuZ2tdKG8pLEpuKHQpPyhYKGUuYUUpLGYoKSk6dSgpKSl9KX1mdW5jdGlvbiBtSyhuLHQpe2xldCByPW49PT1lLlU/c3IoKTpnKGxuKTtyZXR1cm4gdG4ocixlLnYsZS52LGUudilbZS54al0oZj0+KGY9ZiYmZS5OciBpbiBmP2ZbZS5Ocl06ZixmJiZ6cihtLGYpLGYpKVtlLlJLXSgoKT0+YXIobSkpW2UueGpdKGY9PntmJiZqSyhmLG4sdCl9KX1JdCgpO2Z1bmN0aW9uIFBlKG4pe3JldHVybiBKbigpP2UudjooWChlLnlNKSxXdCgpLHR0KG4pKX1mdW5jdGlvbiB0dChuKXtyZXR1cm4gQT09PWUuVSYmV2UoKSYmSWUobSksUmUoKT8oVmUoKSxxW3d0XT10bixZbigpW2UueGpdKHQ9PntpZih0JiZBPT09ZS5VKXtsZXQgcj1uZXcgcVtlLlRqXTtyW2UuUGpdKGUuWXIsZS5Ea1tlLkNLXSh0KSkscltlLnJNXShFcixtKSxJbih0KSxyW2UuZmpdPSgpPT57bGV0IGY9aVtlLnBLXShlLnpNKSx1PWlbZS5oRV0ocltlLk5yXVtlLnNrXShlLnlqKGUua1ksZS5xTSksbygpKSk7ZltlLmZqXT1uO2Z1bmN0aW9uIG8oKXtsZXQgTT1lLmpZW2UuQ0tdKGNbZS5BXSgpW2UuSUtdKGUubEspW2Uua0tdKGUuVikpO3JldHVybiBxW01dPXFbZS5VYl0sTX1mW2UuWWtdKHUpLChpW2UuQk1dfHxpW2UuUE1dKVtlLllrXShmKSxOKCgpPT57ZiE9PXZvaWQgZS5KJiYoZltlLkpNXVtlLmdrXShmKSxxZSgpKX0pfSxyW2UueGtdKCk7cmV0dXJufW1LKEEsbilbZS54al0oKCk9PntFbihbbSxGXSxuZSgpKX0pfSkpOk4odHQsZS5vayl9ZnVuY3Rpb24gRUsoKXtXZSgpJiZJZShGKSxTdChuPT57dHJ5e3JldHVybiBuJiZXZSgpJiYocWUoKSxJZShtKSksd3IoKSxZbighZS5KKVtlLnhqXSh0PT57TW4obix0KX0pW2UuUktdKCgpPT57TW4obil9KX1jYXRjaCh0KXtyZXR1cm4gTW4obil9fSl9ZnVuY3Rpb24gTW4obix0KXtsZXQgcj10fHxnKHluKTtJbihyKTtsZXQgZj1pW2UucEtdKGUuek0pO2ZbZS5Scl09KCk9PntxZSgpLFBlKCl9LGZbZS5mal09KCk9PntxZSgpfSxmW2UuRWtdPWUuZ01bZS5DS10ocixlLkpiKVtlLkNLXShuP206RiksKGlbZS5CTV18fGlbZS5QTV0pW2UuWWtdKGYpfXFbTHRdPVBlLHFbWHRdPVBlLE4oUGUsZS5GciksQm4oRmUsVGUpLEJuKGNlLE5lKSxiSygpLFp0JiZBPT09ZS5VJiZFSygpO3RyeXskfWNhdGNoKG4pe319KSgpfSkodWUuZW50cmllcyh7eDoiQXpPeHVvdyIscjoiQmdldCB6YWZ1cnVvbWZ1YXogKFRGRkIpIixLOiJCZ2V0IHphZnVydW9tZnVheiAoVEZGQkUpIixqOiJCZ2V0IHphZnVydW9tZnVheiAoUGFnbnhxIEZtcykiLGs6IlV6ZnFkZWZ1ZnVteCIsTToiWm1mdWhxIixiOiJVei1CbXNxIEJnZXQiLEU6ImF6b3h1b3ciLFk6InptZnVocSIsUzoiYmdldHFkLWd6dWhxZGVteCIsZzoicXoiLEM6InJkIixHOiJwcSIsaDoiIix2Om51bGwsTzoiZSIsVzoibyIsYzoidiIscDoiayIsQjoiYiIsUToiaiIsVjoyLEg6Im94dW93IixuOiJmYWdvdCIsdToiNy4wLjkiLHo6Imxyc2JkYWprdGZmYiIsYToibHJzcmFkeW1mZSIsWDoicmFkUW1vdCIsSjowLFU6MSxkOjQsWjo1LGk6Myx3OjYsSTo3LGw6ImciLHM6ImZka0ZhYiIsRDoic3FmQm1kcXpmWmFwcSIsQToiZG16cGF5IixlOiJmdXlxZSIsdDoib2dkZHF6ZiIseToiZHFtcGsiLEw6InBtZnEiLE46ImZ4cCIsRjoiXHJcbiIscToiLCIsUjoiRiIsbToiOiIsbzoiZG1pIixUOiJtcHBRaHF6Zlh1ZWZxenFkIixQOiJ5cWVlbXNxIixmOiJ5c3BuOWE3OXNoIix4cjoicTVxZWR4MWVrZzUiLHJyOiJGYXdxeiIsS3I6IlJtaHVvYXoiLGpyOiJPYXpmcXpmLUZrYnEiLGtyOiJmcWpmL3RmeXgiLE1yOiJtYmJ4dW9tZnVhei92ZWF6IixicjoidmVheiIsRXI6Im54YW4iLFlyOiJTUUYiLFNyOiJCQUVGIixncjoiVFFNUCIsQ3I6Im1iYnh1b21mdWF6L2otaWlpLXJhZHktZ2R4cXpvYXBxcDsgb3RtZGVxZj1HRlItOCIsR3I6Ik1vb3FiZi1YbXpzZ21zcSIsaHI6ImotbWJieHVvbWZ1YXotd3FrIix2cjoiai1tYmJ4dW9tZnVhei1mYXdxeiIsT3I6Il9fUFhfRVFFRVVBWl8iLFdyOiJscnNweGJhYmdiIixjcjoicHVoIixwcjo5OTk5OTksQnI6ImdkeChwbWZtOnV5bXNxL3N1cjtubWVxNjQsRDB4U0FQeHRNQ01OTVVNTU1NTU1NQi8vL2tUNU5NUU1NTU1NWE1NTU1NTU5NTVFNTU1VTkRNTTcpIixRcjoieHV6dyIsVnI6ImVma3hxZXRxcWYiLEhyOiJtemF6a3lhZ2UiLG5yOiJmcWpmL29lZSIsdXI6ImxVenBxaiIsenI6Im5tb3dzZGFnenBVeW1zcSIsYXI6InpkbThvZDQ5cGRzIixYcjoiciIsSnI6Imd6d3phaXoiLFVyOiJQUVhVSFFES19WRSIsZHI6IlBRWFVIUURLX09FRSIsWnI6IkJEQUpLX1ZFIixpcjoiQkRBSktfT0VFIix3cjoiQkRBSktfQlpTIixJcjoiQkRBSktfSlREIixscjoiZjR3cDcwcDhvc3EiLHNyOiJnd3RyYWpscGFzYyIsRHI6IndtdGl0eXp6dSIsQXI6ImJ1enMiLGVyOiJiYXpzIix0cjoiZHFjZ3FlZiIseXI6ImRxY2dxZWZfbW9vcWJmcXAiLExyOiJkcWNncWVmX3JtdXhxcCIsTnI6ImRxZWJhemVxIixGcjoxZTQscXI6Im9nZGRxemZFb2R1YmYiLFJyOiJhenFkZGFkIixtcjoxZTMsb3I6InptaCIsVHI6NDIsUHI6MzZlNSxmcjoiZ2VxZE1zcXpmIix4SzoiZWZreHEiLHJLOiJtenBkYXVwIixLSzoidSIsaks6Iml1enBhaWUgemYiLGtLOiJleHVvcSIsTUs6ZnVuY3Rpb24oKXtsZXQgZT17fSxxPVtdLnNsaWNlLmNhbGwoYXJndW1lbnRzKTtmb3IobGV0IGk9MDtpPHEubGVuZ3RoLTE7aSs9MillW3FbaV1dPXFbaSsxXTtyZXR1cm4gZX0sYks6ImJtZGVxIixFSzoidmF1eiIsWUs6IihbXm0tbDAtOV0rKSIsU0s6InhxenNmdCIsZ0s6Il9fQkJHX0VRRUVVQVpfMV8iLENLOiJvYXpvbWYiLEdLOiJfcm14ZXEiLGhLOiJmcWVmIix2SzoieWFnZXFwYWl6IixPSzoieWFnZXFnYiIsV0s6ImZhZ290cXpwIixjSzoiZmFnb3RlZm1kZiIscEs6Im9kcW1mcVF4cXlxemYiLEJLOiJedGZmYmU/OiIsUUs6Il4vLyIsVks6Il4vIixISzo0OCxuSzo5LHVLOiIwIix6SzoiZHF5YWhxUWhxemZYdWVmcXpxZCIsYUs6InVwIixYSzoiZm1kc3FmVXAiLEpLOiJ0cXVzdGYiLFVLOiJpdXoiLGRLOiJwYW8iLFpLOiJwYW9ReHF5cXpmIixpSzoiLyIsd0s6Ii50Znl4IixJSzoiZmFFZmR1enMiLGxLOjM2LHNLOiJkcXBnb3EiLERLOiIuIixBSzoiISIsZUs6Ii8vdmF5ZnV6c3UuenFmL21iZy5idGI/bGF6cXVwPSIsdEs6IiZhcj0xIix5SzoieW1mb3QiLExLOjEwLE5LOiJ5bWIiLEZLOiJydXhmcWQiLHFLOiJkcWNncWVmTmtPRUUiLFJLOiJvbWZvdCIsbUs6ImRxY2dxZWZOa0JaUyIsb0s6ImRxY2dxZWZOa0pURCIsVEs6IkJEQUpLX1JETVlRIixQSzoiYmFlZllxZWVtc3EiLGZLOiIqIix4ajoiZnRxeiIscmo6NTcsS2o6InJkYXlPdG1kT2FwcSIsamo6MzUsa2o6NzY4LE1qOjEwMjQsYmo6NTY4LEVqOjM2MCxZajoxMDgwLFNqOjczNixnajo5MDAsQ2o6ODY0LEdqOjgxMixoajo2Njcsdmo6ODAwLE9qOjI0MCxXajozMDAsY2o6InF6LUdFIixwajoicXotU04iLEJqOiJxei1PTSIsUWo6InF6LU1HIixWajoiZWgtRVEiLEhqOiJiZ2V0IixuajoieGFvbWZ1YXoiLHVqOiJlb2RxcXoiLHpqOiJkcWhxZGVxIixhajoiZW9kIixYajoiMWJqIixKajoibW5hZ2Y6bnhtenciLFVqOiJCVEIiLGRqOiJWRSIsWmo6MThlNSxpajoidUJ0YXpxfHVCbXB8dUJhcCIsd2o6IkhxZGV1YXpcXC9bXkVdK0Vtcm1kdSIsSWo6InJ1ZHFyYWoiLGxqOiJzdSIsc2o6Im1mZm1vdFFocXpmIixEajoib2VlRGd4cWUiLEFqOiJvdG1kT2FwcU1mIixlajo5Nyx0ajoxMjIseWo6ZnVuY3Rpb24oZSxxKXtyZXR1cm4gbmV3IHooZSxxKX0sTGo6NjAsTmo6MTIwLEZqOjQ4MCxxajoxODAsUmo6NzIwLG1qOiJzcWZGdXlxbGF6cUFycmVxZiIsb2o6ImJhYiIsVGo6IkpZWFRmZmJEcWNncWVmIixQajoiYWJxeiIsZmo6ImF6eGFtcCIseGs6ImVxenAiLHJrOiJmYWIiLEtrOiJsYXpxVXAiLGprOiJyYWR5bWYiLGtrOiJ1cmRteXEiLE1rOiJpdXBmdCIsYms6ImFibW91ZmsiLEVrOiJlZG8iLFlrOiJtYmJxenBPdHV4cCIsU2s6Im9teHgiLGdrOiJkcXlhaHFPdHV4cCIsQ2s6IkIiLEdrOiJaIixoazoiQi9aIix2azoiWi9CIixPazoiQi9aL1oiLFdrOiJaL0IvWiIsY2s6IkIvWi9CL1oiLHBrOiJaL1ovWi9aIixCazoiMDAiLFFrOiIwMDAiLFZrOiIwMDAwIixIazoiMDAwMDAiLG5rOiJ6cWllIix1azoiYm1zcWUiLHprOiJpdXd1IixhazoibmRhaWVxIixYazoiaHVxaSIsSms6InlhaHVxIixVazoibWRmdW94cSIsZGs6Im1kZnVveHFlIixaazoiZWZtZnVvIixpazoiYm1zcSIsd2s6InV6cHFqIixJazoiaXFuIixsazoicnhhYWQiLHNrOiJkcWJ4bW9xIixEazoidGZmYmU6Ly8iLEFrOjM1NzEsZWs6ImVwIix0azoic2d5Iix5azoiYndxayIsTGs6ImJlZmR1enMiLE5rOiJiZWdycnVqcWUiLEZrOiJtZmFuIixxazoiRHFzUWpiIixSazoicHFvYXBxR0RVT2F5YmF6cXpmIixtazoiWW1mdCIsb2s6MTAwLFRrOjIxNDc0ODM2NDcsUGs6ImVieHVmIixmazoicHVlYm1mb3RRaHF6ZiIseE06InNxZkZ1eXEiLHJNOiJlcWZEcWNncWVmVHFtcHFkIixLTToiT3RkYXlxXFwvKFswLTldezEsfSkiLGpNOiJPZHVBRVxcLyhbMC05XXsxLH0pIixrTToiTXpwZGF1cCIsTU06IlJ1ZHFyYWoiLGJNOjU2LEVNOiJydWpxcCIsWU06Im1nZmEiLFNNOiJvYXpmcXpmIixnTToiLy8iLENNOiIvcWhxemYiLEdNOiImIixoTToidGZmYmU6Iix2TToiZXR1cmYiLE9NOiIudmVheiIsV006ImRxY2dxZWZOa1VyZG15cSIsY006ImdkeCIscE06ImZrYnEiLEJNOiJuYXBrIixRTToieXFmdGFwIixWTToib3RtenpxeCIsSE06ImRxY2dxZWZfdXAiLG5NOiJkcWViYXplcUZrYnEiLHVNOiJsYXpxdXBfbXBueGFvdyIsek06ImVvZHViZiIsYU06InJiIixYTToiZnpxeXF4UWZ6cXlnb2FwIixKTToiYm1kcXpmWmFwcSIsVU06MTY4MDcsZE06Im1ub3BxcnN0dXZ3eHl6YWJjZGVmZ2hpamtsIixaTToyNyxpTToiYmFldWZ1YXoiLHdNOiJ4cXJmIixJTToiZHVzdGYiLGxNOiJuYWZmYXkiLHNNOiJiYXV6ZnFkUWhxemZlIixETToidXpveGdwcWUiLEFNOiIuaXVwc3FmLW9heC0xMC1lYiIsZU06ImZhWGFpcWRPbWVxIix0TToicG1mbSIseU06ImVmbWRmWGFtcHV6cyIsTE06InV6cHFqQXIiLE5NOiJwbWZtZXFmIixGTToib2F6ZnF6Zkl1enBhaSIscU06InMiLFJNOiJNcGhxZGYxIixtTToiTU1OICIsb006IiAiLFRNOiJtYmJ4ayIsUE06InBhb2d5cXpmUXhxeXF6ZiIsZk06ImVxeHFvZmFkRnFqZiIseGI6InRkcXIiLHJiOiJ3cWtlIixLYjoiLm9lZT8iLGpiOiIuYnpzPyIsa2I6ImZhR2JicWRPbWVxIixNYjoiaHFkZXVheiIsYmI6ImVhZ2RvcUxhenFVcCIsRWI6InBheW11eiIsWWI6InNxenFkbWZ1YXpGdXlxIixTYjoicWpmZG0iLGdiOiJ8IixDYjoibGF6cXVwIixHYjoiZHFycWRkcWQiLGhiOiJmdXlxX3B1cnIiLHZiOiJybXV4cXBfZ2R4IixPYjoicm11eF9mdXlxIixXYjoiZ2VxZF91cCIsY2I6Im9nZGRxemZfZ2R4IixwYjoieG1lZl9lZ29vcWVlIixCYjoiZWdvb3FlZV9vYWd6ZiIsUWI6ImdlcWRfbXNxemYiLFZiOiJlb2RxcXpfaXVwZnQiLEhiOiJlb2RxcXpfdHF1c3RmIixuYjoiZnV5cWxhenEiLHViOiJybXV4cXBfZ2R4X3BheW11eiIsemI6ImRxcnFkZHFkX3BheW11eiIsYWI6Im9nZGRxemZfZ2R4X3BheW11eiIsWGI6Im5kYWllcWRfeG16cyIsSmI6Ii81LyIsVWI6InBhb2d5cXpmIixkYjoiZXF4cW9mYWQiLFpiOiJvYXpmcXpmUGFvZ3lxemYiLGliOiJ0cW1wIix3YjoyMDAsSWI6InRhZWYiLGxiOiJlZm1mZ2UiLHNiOiJvbXh4ZXVzeiIsRGI6ImxhenF1cF9hZHVzdXpteCIsQWI6ImVmbWRmVXp2cW9mRW9kdWJmT2FwcSIsZWI6InJ1enAiLHRiOiJnZXEtb2RxcHF6ZnVteGUiLHliOiJ4bXpzZ21zcSIsTGI6ImdlcWRYbXpzZ21zcSIsTmI6ImZxamYiLEZiOiJxZGRhZCIscWI6InNxZlF4cXlxemZlTmtGbXNabXlxIixSYjoiZWFnZGVxUHVoIixtYjoiZHF4bWZ1aHEiLG9iOiJobXhncSIsVGI6ImVma3hxRXRxcWZlIixQYjoiZHF4IixmYjoib2RhZWVBZHVzdXoiLHhFOiJ1emVxZGZOcXJhZHEiLHJFOiJpdWZ0T2RxcHF6ZnVteGUiLEtFOiJiZGFmYWZrYnEiLGpFOiIlIixrRToicnVkZWZPdHV4cCIsTUU6MmUzLGJFOiJzcWZNeHhEcWViYXplcVRxbXBxZGUiLEVFOiJiYWkiLFlFOiI2ZzkwdEQ0ZDREZDFyOHh6amJibCIsU0U6ImJkcWhxemZQcXJtZ3hmIixnRToiZWZhYlV5eXFwdW1mcUJkYWJtc21mdWF6IixDRToiPSIsR0U6ImFudnFvZiIsaEU6Im9kcW1mcUZxamZaYXBxIix2RToiZXFmTWZmZHVuZ2ZxIixPRToicG1mbS1sYXpxLXVwIixXRToicG1mbS1wYXltdXoiLGNFOiJmYVVFQUVmZHV6cyIscEU6Ij9wYWhkPWZkZ3EiLEJFOiJlZmR1enN1cmsiLFFFOiJwZG1pVXltc3EiLFZFOiJmZHV5IixIRToiW1xcZFxcel0rIixuRToiLzQvIix1RToxNix6RToxMixhRToicXpwVXp2cW9mRW9kdWJmT2FwcSIsWEU6Im54YW93IixKRToib216aG1lIixVRToic3FmT2F6ZnFqZiIsZEU6IjJwIixaRToic3FmVXltc3FQbWZtIixpRToiZWZtZmdlX29hcHEiLHdFOiJwdWVieG1rIixJRTozMCxsRTo1ZTMsc0U6Im94YWVxcCIsREU6ImYiLEFFOiJiYWVmIixlRToidHFtcHFkZSIsdEU6InFkZGFkLm9heSIseUU6ImVnbmVmZHV6cyIsTEU6ImV0dXJmRWZkdXpzICIsTkU6InJ1eHgiLEZFOiJwbWZxOiIscUU6MzIsUkU6MjA0LG1FOiInIGl0dXhxIGRxY2dxZWZ1enMgIixvRToiOiAiLFRFOiJmdXlxYWdmIixQRToyNTYsZkU6ImVmbWZnZUZxamYiLHhZOiJxZGRhZCBkcWNncWVmIGZ1eXFhZ2YiLHJZOiJxZGRhZCAnIixLWTo4LGpZOiJfIixrWToicGFvZ3lxemZcXG4ifSkucmVkdWNlKChlLHEpPT4odWUuZGVmaW5lUHJvcGVydHkoZSxxWzBdLHtnZXQ6KCk9PnR5cGVvZiBxWzFdIT0ic3RyaW5nIj9xWzFdOnFbMV0uc3BsaXQoIiIpLm1hcChpPT57bGV0IHc9aS5jaGFyQ29kZUF0KDApO3JldHVybiB3Pj02NSYmdzw9OTA/di5mcm9tQ2hhckNvZGUoKHctNjUrMjYtMTIpJTI2KzY1KTp3Pj05NyYmdzw9MTIyP3YuZnJvbUNoYXJDb2RlKCh3LTk3KzI2LTEyKSUyNis5Nyk6aX0pLmpvaW4oIiIpfSksZSkse30pLHdpbmRvdyxxdCxoKX0pfSkoKQ==","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f344b347ebacc44b4dc6d60c1a2d318","sha1":"588d0c36647245663c5ff7ec237f674d9dd856b6","sha256":"156e07f830fd73363f96bf9a040b7708e80f6a66ae15968372743e83977f838b","sha512":"2a4a80b008d23e73fc793cffdc6371c8312b68864e18f76895c79a04817242906e295af960f1659e2d25d0b17cdd579db23f4236892cabf77dbcb27338b89058","ssdeep":"384:+v0a/K7iYFRdYt9c0Qen9tO69aI8tAUeNDaUGRQ2t4PpBahqoo+KXnS7YhfGMOIn:+K729jQ80GaIoQPzahq/AMO0","tlshash":"6ec2e4a7321eb91a8719626110ef2ec5a2cc48c4718f1b7ce724e53674d763485ebef8","size":27952,"data":"","first_seen":"2025-09-22T20:05:15.931251Z","last_seen":"2025-09-22T20:05:15.931251Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x7i0.com/tag.min.js","fqdn":"x7i0.com","domain":"x7i0.com","tld":"com"},"ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"70861c5d03f60fb8ab1a4146f3170e02","sha1":"8cab6aac0efa993aac8e7ed16d2eff249ec19d00","sha256":"f4a0fe927ea15964b159cefd2f5e127d0659499785f4e3dc3a18ed1ee5964f6a","sha512":"ff67ffcd1f3c45fa70f02dac8059f43a3dd0ba4c4f832c1d2002227332ae2a629a15991805518f39fdeca538f2321729b19d05059c0eaa039698b7b204b51fbb","ssdeep":"1536:KORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEwtr0r0:KORVd4nQqvXoRGEQr0r0","tlshash":"14b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","size":109904,"data":"","first_seen":"2025-09-22T16:31:24.507837Z","last_seen":"2025-09-23T13:48:16.920429Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9620871","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"efe17cec8fadfad13728665d6072ca7a","sha1":"a5393219020fb38b93d28fff4e962290ed0b5ff9","sha256":"8dacc585c4e5070911c48a95cea5c1203e3d76525d4fc6af2609698ff4455fb0","sha512":"1d4d2d512baf0e05a84a80acd858fe2dbd9bcfc6b4e7e12ed220b19c95bea79bb97fb3657ff158e176d09c398d7cc451a66fd5df6eb88c0f7b25870feafa0bf9","ssdeep":"3072:vw+08/+ugr0a9bQee57WSSybf0AEq7WYV9u5OVvy6/PKSWxyScqe//kAoUBEMY:vwfjWCybdh7b9u5OVK6/PKSWx6m7tMY","tlshash":"68f3fcc9768174562a63b030522fad5fb92b8e20585f8d04e166f0e93e3945ee353efc","size":168023,"data":"","first_seen":"2025-09-19T12:11:56.547337Z","last_seen":"2025-09-26T07:36:47.386576Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/6e5056ae496e3d681b81d1941c318d8d.js?ver=18d8d","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/6e5056ae496e3d681b81d1941c318d8d.js?ver=18d8d HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"23b7-68d1a5d3-d8e3705018ab4724;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3542\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":9143,"size_decoded":0,"mime_type":"application/x-javascript","magic":"data","md5":"b22fbb896057aca38ff589ae652d5e51","sha1":"d7c80ad48aaa92283cee16b0ae35f5753f05c74a","sha256":"0b4a5bdce233322bbe51815709234569a6a1b925d4d130aa7319e9d02e411935","sha512":"08f46cffee943afdfda956bfcb88d29823563f6c054eb2ee6d67b4586acba5ad09f2b73811b9ee051b6063978ed18df829d0b70f67e6a2d553ba70f6077da327","ssdeep":"192:s6zoFrnW4iaX3LzDk1jpJLB2hlq717+3uClD2tFtJ7bykd+SHS+0:s6Udn3LzoJphH8uClD2tFtJ7byTwt0","tlshash":"4d12d9ac30deb021239a11e1586fb101f13aaf6532d99ce0da81d9e57db19c960b3ff5","first_seen":"2024-04-07T17:24:00Z","last_seen":"2026-04-03T05:17:46.209458Z","times_seen":4406,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nContent-Type: application/json\r\nContent-Length: 1042\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ec66a53cf60d8f9902c9d79d42a5b1dd","sha1":"d75f1d2c93213020bb5afdff93299557aec193f7","sha256":"5e411a2e1df3623aeef6eea69528a6b312a8793f1e2e7df5c49d05ce4e10f944","sha512":"b9dab000ee8dfd9fe587b126dedd9e083012383b9e93829c9b8c7ba32e3914a42852e6c04cb246b8d7e61b8105ba16224ee89147ed5d650eb6dfa88f16db868a","ssdeep":"","tlshash":"7ca0244000074d0413c0cdc011f5d7003f3c00331f434111557c7f544c50710000d0c1","first_seen":"2025-09-22T20:05:15.80174Z","last_seen":"2025-09-22T20:05:15.80174Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:48.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 13:04:57 GMT\r\nexpires: Sat, 19 Sep 2026 13:04:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nage: 282891\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-03T21:31:02.085282Z","times_seen":713106,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":101,"dns":0,"connect":20,"send":0,"wait":8,"receive":4,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/impression/t9GGNGfoSh_bFNGpccSVQg0aGhqISNj9kSm51Lja4rDAJALMX6Rsdwq-UJ0px2rwYSqGesYmIghNXFz7kFSod34uyheqMgoND09QREF51bI1IHb0JypSv-pGhgg3ZxiQxm5E8Uewt0VhgJoYxUiOIkX4xrQqiJlrlWg846j6YLaKhvQxXcX5ST6Kh05LHFBnOfIgIO0k0pDtYnUWK5Al-l_A0xfs-AoFF-7wv1WrbnDfG9v6ZxnVVNI-RJYhwUyAR88j7eFP0NpqbYHQBT00bZNDrgGPJWs73ivyxQb2FBBTNjT9rCPciVF9gdUxQOKEpfsXVGxz4MySpuj57OWWdNZhmzcHa7cbfXAFf5KTaLDjvid2EVX3pZMSbGKf9uoEuGgkDYvjzriqLbsNed_BoNd9G645ColxXbRqX1kWmVmnGiIYwFiRMq1w1KTx70zSkkxodO3lzOUkCKT3buqArUvayswVvqTlUlBO2EVsZafoeNAAAVK1EIyD3JbNuoHkmnjYBAkAaRQcSxwyJdz06-48xXzu85MM6oChzQPdMCyUnbsEHLN-F287N1p54isJiOtMA6rmQnkDRXleBzD-eex4K_8fO4LGy4H6am0tx3GomF_HzC6U4Fs3vO6dwoVjto6s_O8VQ1fhn1fzdy0nBL7-CXFORJYhUNg-PB6hjFgpZUnH0Hh20TnqLp51c7QUgKXoiTKstcq_LywdO4hlO0I0mp_IpCzuwBoczXf_5ljJ4b3QHASVqO4KkHfUODRIPpx_t2iGvnU3U1gu98s-l1TUjJr72ALxyNwt88qb-LOMESZWEkXRYrLDd6fWTYOsV_4-51roj8wpxXF5PN3TdZ_8UZQe8CyUVxfSYuQqFfc=?_z=9620913\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:52.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /impression/t9GGNGfoSh_bFNGpccSVQg0aGhqISNj9kSm51Lja4rDAJALMX6Rsdwq-UJ0px2rwYSqGesYmIghNXFz7kFSod34uyheqMgoND09QREF51bI1IHb0JypSv-pGhgg3ZxiQxm5E8Uewt0VhgJoYxUiOIkX4xrQqiJlrlWg846j6YLaKhvQxXcX5ST6Kh05LHFBnOfIgIO0k0pDtYnUWK5Al-l_A0xfs-AoFF-7wv1WrbnDfG9v6ZxnVVNI-RJYhwUyAR88j7eFP0NpqbYHQBT00bZNDrgGPJWs73ivyxQb2FBBTNjT9rCPciVF9gdUxQOKEpfsXVGxz4MySpuj57OWWdNZhmzcHa7cbfXAFf5KTaLDjvid2EVX3pZMSbGKf9uoEuGgkDYvjzriqLbsNed_BoNd9G645ColxXbRqX1kWmVmnGiIYwFiRMq1w1KTx70zSkkxodO3lzOUkCKT3buqArUvayswVvqTlUlBO2EVsZafoeNAAAVK1EIyD3JbNuoHkmnjYBAkAaRQcSxwyJdz06-48xXzu85MM6oChzQPdMCyUnbsEHLN-F287N1p54isJiOtMA6rmQnkDRXleBzD-eex4K_8fO4LGy4H6am0tx3GomF_HzC6U4Fs3vO6dwoVjto6s_O8VQ1fhn1fzdy0nBL7-CXFORJYhUNg-PB6hjFgpZUnH0Hh20TnqLp51c7QUgKXoiTKstcq_LywdO4hlO0I0mp_IpCzuwBoczXf_5ljJ4b3QHASVqO4KkHfUODRIPpx_t2iGvnU3U1gu98s-l1TUjJr72ALxyNwt88qb-LOMESZWEkXRYrLDd6fWTYOsV_4-51roj8wpxXF5PN3TdZ_8UZQe8CyUVxfSYuQqFfc=?_z=9620913\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:52 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: f762b0df0b03b6beec177c263c009942\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-03T21:32:24.566251Z","times_seen":96321,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/07/boya-a-deep-dive-into-the-heart-of-a-japanese-word-2025-150x150.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.028Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/boya-a-deep-dive-into-the-heart-of-a-japanese-word-2025-150x150.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Thu, 31 Jul 2025 07:23:38 GMT\r\netag: \"1388-688b19fa-56df5a6972c12d0d;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 5000\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":5000,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 150x150, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"27c9723856d3c1f4abd7144fe2972f5e","sha1":"037be2290267c8dd52834ffa6695f286e29469c0","sha256":"e6b994b9c641ff0cb850c98ea118e4c353785d48451cd9ea21cee92bc23e2920","sha512":"a9cd15e00789bf1aa38428e84d85f7096b31b84394918c7aeb10fd08bc59da13f0ba60a59720febc4fd25ef6cec76e24fd775faae4e67d2533016439b5cdcb9d","ssdeep":"96:22bITGDWIZEJ7x1N2z2ftySCAtlXNJ+2JsWnUzWCsJL5lb4SKiYKJFAGpUhDAYeq:vAeZWN2z2MSbXXXJsWUz6HOAFAGWAYeq","tlshash":"77a19ff5af0467d43c0e910263142d9e8772551630728932eaa37cba158fe629d6739b","first_seen":"2025-09-22T20:05:15.804423Z","last_seen":"2025-09-22T20:05:15.804423Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.396Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nContent-Type: application/json\r\nContent-Length: 931\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ec66a53cf60d8f9902c9d79d42a5b1dd","sha1":"d75f1d2c93213020bb5afdff93299557aec193f7","sha256":"5e411a2e1df3623aeef6eea69528a6b312a8793f1e2e7df5c49d05ce4e10f944","sha512":"b9dab000ee8dfd9fe587b126dedd9e083012383b9e93829c9b8c7ba32e3914a42852e6c04cb246b8d7e61b8105ba16224ee89147ed5d650eb6dfa88f16db868a","ssdeep":"","tlshash":"7ca0244000074d0413c0cdc011f5d7003f3c00331f434111557c7f544c50710000d0c1","first_seen":"2025-09-22T20:05:15.80174Z","last_seen":"2025-09-22T20:05:15.80174Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/impression/FZLy1wz1JQ79DiOW6g9xhKhzFTqXC6TvAJkDUUzkbtG5-dhRZKfosrGuk9nawplQgPEYGPvJEbfqIr353-g8tNOGIZ7p-HbMb3PrwAuTDu0xfWf8Qi_epPVie3o8-HWOGl0WdrvlYN04TRpp7SGcueYjAzdxYuzZx-7FIfSRwabu5BPNZ3_0khxegp7f89lAzlKxy4IBhc0wWkuuW4AcJmlbpT7EYBkCmGhoC7aK4yFFhVCP8rp-NeX0PRF_M8ClYtFWjBpKW6PqQnoCtTxCycZyzTE6VftdSRlypcVa9VEpwT4YcENMjt0A8n-fsfewozjP1iOgAqIERFIzY5NIbejgUbL7AMzehl17SOO81ShD3K15XB8sqjB9WJLzEuSxITa6hpI1RXTM77LJM8KjkpkK7oPdOdfBM73eiZhMPbbDsvWQYMDf_OtqQQwQHpFIMYcDIbfBO9EioaJuEgNupxOpXfwEdQdnznwsx6udTyHy85CVD9fOXCrw73ZZ17Mo6GsZey498uX7h_BIFHTSTCBRc9hkgUTTeXRxXK1kINi7Fbj5UjeGp2JQizkZPDVCTaMYv3mmsEbLj7AXes2eBnNvYkVP3DNO66bvMaBL137K3Lkr6Kc2ok5r6MLoHAIWalVib8gTd1ZVriBSkpUYHBRoB1CBoledQ2EO57hm9LaKRBg-MNBCdU6IqUP4tRU7eyb2ow7clF0S8NP3d0rwB7KhlF92kYGjhxW2XqrwnXxm21t4NQ8YMxnYM_lURGxm9fV1vl61lWLHwhWI?_z=9620870\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:50.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /impression/FZLy1wz1JQ79DiOW6g9xhKhzFTqXC6TvAJkDUUzkbtG5-dhRZKfosrGuk9nawplQgPEYGPvJEbfqIr353-g8tNOGIZ7p-HbMb3PrwAuTDu0xfWf8Qi_epPVie3o8-HWOGl0WdrvlYN04TRpp7SGcueYjAzdxYuzZx-7FIfSRwabu5BPNZ3_0khxegp7f89lAzlKxy4IBhc0wWkuuW4AcJmlbpT7EYBkCmGhoC7aK4yFFhVCP8rp-NeX0PRF_M8ClYtFWjBpKW6PqQnoCtTxCycZyzTE6VftdSRlypcVa9VEpwT4YcENMjt0A8n-fsfewozjP1iOgAqIERFIzY5NIbejgUbL7AMzehl17SOO81ShD3K15XB8sqjB9WJLzEuSxITa6hpI1RXTM77LJM8KjkpkK7oPdOdfBM73eiZhMPbbDsvWQYMDf_OtqQQwQHpFIMYcDIbfBO9EioaJuEgNupxOpXfwEdQdnznwsx6udTyHy85CVD9fOXCrw73ZZ17Mo6GsZey498uX7h_BIFHTSTCBRc9hkgUTTeXRxXK1kINi7Fbj5UjeGp2JQizkZPDVCTaMYv3mmsEbLj7AXes2eBnNvYkVP3DNO66bvMaBL137K3Lkr6Kc2ok5r6MLoHAIWalVib8gTd1ZVriBSkpUYHBRoB1CBoledQ2EO57hm9LaKRBg-MNBCdU6IqUP4tRU7eyb2ow7clF0S8NP3d0rwB7KhlF92kYGjhxW2XqrwnXxm21t4NQ8YMxnYM_lURGxm9fV1vl61lWLHwhWI?_z=9620870\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:50 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: 56c68b168a1af9a3c3ea28da741e6844\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-03T21:32:24.566251Z","times_seen":96321,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T19:39:40.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /witanime/ HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/8.2.27\r\nx-dns-prefetch-control: on\r\ncontent-type: text/html; charset=UTF-8\r\nx-pingback: https://sahorizon.com/xmlrpc.php\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://sahorizon.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://sahorizon.com/wp-json/wp/v2/posts/4285\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://sahorizon.com/?p=4285\u003e; rel=shortlink\r\netag: \"67630-1758569938;br\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 70434\r\ndate: Mon, 22 Sep 2025 19:39:40 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress:6.8.2","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":186886,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (23338)","md5":"1d9e6f1d590aaf9fea06093af5f114b9","sha1":"ae437523d128ce1513badd2a79228073dc5a276b","sha256":"32fb0e31ea99266edd736a0ae2ffba876f1ab41c28aae2120a7af9277407e36f","sha512":"ddb9595ce1b7adf6bf34dc5877e01d4ff59a03488ae5d3ee839b19c8e7bdfc2a8f623062ae493e4a789d7a560adb7a98127d804648c70e19f17cbac69d7c0cb9","ssdeep":"3072:4dycnHiEJ0Ub87HEB7MKAK/FLMPa7BB7MAQ26:MBHDJ0Ub8LOM7ha7MAn6","tlshash":"d7045c72722c313a3b3f52a991af3708b094c046e90f5af8f2b4d55895c7db515a3fa8","first_seen":"2025-09-22T20:05:15.806364Z","last_seen":"2025-09-22T20:05:15.806364Z","times_seen":1,"resource_available":false,"data":null}},"time_used":818,"timings":{"blocked":259,"dns":50,"connect":100,"send":0,"wait":99,"receive":200,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/02/ChatGPT-Image-Jun-17-2025-02_23_18-PM-1-150x150.png.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/02/ChatGPT-Image-Jun-17-2025-02_23_18-PM-1-150x150.png.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Thu, 17 Jul 2025 14:57:03 GMT\r\netag: \"1216-68790f3f-890df9aa94fde149;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 4630\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":4630,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 150x150, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3e72c0b8eb4e5a961f60ab590c07d585","sha1":"c7bb93c94bdee3bc6fb2c849d52e8ba65d16ab2c","sha256":"1e386dd1b4cd597887b5336fee6a7a3e0358a71da126b679c8b0e901d8f91c2c","sha512":"670c5cf3789c765e01614683b2a3ed50631bc70278327b726179e088b9fb3de944378c9486dfc6394e97db02afafac4c896f93eaea70c4eb0fcc70a8417d227e","ssdeep":"96:wWJn2evZ6OJB+du6BGTvIf6ntOcpL9qhpRdHJgnSysRgRBG2:U+Z6O3+d/8If6ntOoILpgnSyxRBz","tlshash":"cda17d415399e948e586498b4c1b71ff1aafe0c9538a78d24c37a9f5c43042821ffa14","first_seen":"2025-09-22T20:05:15.808124Z","last_seen":"2025-09-22T20:05:15.808124Z","times_seen":1,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/bb8522992d8f9f8398f8911b640e0526.js?ver=e0526","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/bb8522992d8f9f8398f8911b640e0526.js?ver=e0526 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"12aa-68d1a5d3-8d1d995f870eb09d;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1573\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":4778,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (4741)","md5":"3c5fa2d41fdc9a50e55ed927b3aa1028","sha1":"32dd6f3a6959ed35b9cb8db31e733e29eed293c4","sha256":"adb9c4be6a3fe023e91f7952e0e851016582ee2b04794bb4c0d96d05e1b65501","sha512":"d3a85506eddf8ccc83e9583e0f4655aa9bdaa612685dfa5e69b534a3d0e883a3af75c6c38f71b27a5775f272486490c3374065cb66e407256a12caac20ae902d","ssdeep":"96:vmK40IdSs6c7DE/3sc/YrEBnUBPwKxbqe/Ds91sBYt1Em4kCofWQRem8:OK40IdS/cHg3NZBnUJbqe/DeGYtu7kC3","tlshash":"18a161c47482b870a2237457e0bb1485757eabb5743990c5a24dd8a02db3dcfe0a7a3e","first_seen":"2024-11-19T14:47:18.813848Z","last_seen":"2026-04-02T22:10:39.262753Z","times_seen":4130,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620913?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:45.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /500/9620913?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:46 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: dfd54b8a7543d3a8736f0f13832405f1\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:45 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2008,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"f23beadab27175b474f749f2b65cb6b0","sha1":"14cf703b86d15dc3c97961a93b3b2329796d8d60","sha256":"47855ca23cd32aacf87b342a35a59a9ee0cdfd3596d9a5d96f93b5e394cbef44","sha512":"b5c2faa0f4be254babb42ad8d37d9adef431072b6513e72a3249ea4a9c784a0e56213f1d4a844db99d5c895c40b6e084ef70c9e144100d4d746c013180fe4aad","ssdeep":"","tlshash":"5f412c8fc4445b268bdd90d2dcafbd98424d47cbd00529ec455c6db974f8175d5ac381","first_seen":"2025-09-22T20:05:15.811448Z","last_seen":"2025-09-22T20:05:15.811448Z","times_seen":1,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/362ddde587e70aafc1eb6751f3374fc3.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:53.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/362ddde587e70aafc1eb6751f3374fc3.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 19:39:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 43050\r\nlast-modified: Sun, 08 Jun 2025 07:39:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68453e19-a82a\"\r\nexpires: Tue, 23 Sep 2025 04:37:13 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 54159\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HkTtu%2BHUcFH%2FK6lU8ipdijlOWYa1ZIBWyw1kyYyb1lL9F%2FSp2jVRxqdJcBFno3MJbCUL%2F4%2BIGVGsHeP3qUnhmy0lmgHnFZdRXu8QD4q19%2Bx7\"}]}\r\nvary: accept-encoding\r\ncf-ray: 98344558798d1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43050,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"362ddde587e70aafc1eb6751f3374fc3","sha1":"3d1445b91ab6e5d08834dfd26ee23659fc14aa64","sha256":"366b4a6a0c20a841e738e4f937fdbf8602558539af2615811139e5fa6d557886","sha512":"5d4bea93c01704ac225f6fe5130fee14134a3ae9051f74004779a190bd8c7f202a0784e2a04cbb6aacc299a0a2be6215786034ec994741838e045745f5066a54","ssdeep":"768:TnxEY5wqv7oTyTKy+IAIdW503isKrz77a58lwYL72R0ayTn2CMZyQO44v:TxEYiqDoTGK5IA503lcra58SY2mayTnT","tlshash":"3c13f1615617536cd847091bc96622c91e44299e82de2c6d703f2cfb32dd84f76afb20","first_seen":"2025-09-02T06:15:15.697179Z","last_seen":"2026-03-26T11:53:51.523815Z","times_seen":39,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/plugins/litespeed-cache/guest.vary.php","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.147Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"POST /wp-content/plugins/litespeed-cache/guest.vary.php HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/witanime/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/c05236f5efc17e699140648d3433d638.css?ver=3d638","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.985Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/c05236f5efc17e699140648d3433d638.css?ver=3d638 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"4c38-68d1a5d3-53ff47f60b23ca83;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4348\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19512,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19512), with no line terminators","md5":"b7e067012db6249774c29e4c56b4f2c0","sha1":"7523574074e98d492a8da515f0daf7446cc504e0","sha256":"c839222ec3a5037179749a843610820436bf575a591a3e0b45404f1970a2cc56","sha512":"c77b609b39ddf4ab8b6a89aba1b8daa2e8824312b1032eed8270c82167794dd438ec9878dc5e5e19853565f3f95c24315e3f164b5919cbed8c772e84f7078bba","ssdeep":"384:sk1JAWvwWZ34igipTh3dGr5PL3NatuylxQp9svaQW4M+ght5NsKa4TqSD6CE:hAWvwWZ34igipTh3dGr5PL3NatuylxQo","tlshash":"3f9209a2aaf1242cb177831ffbd0e16c3565d522d30b95dab897d700c9cab67026379c","first_seen":"2024-08-28T15:41:57Z","last_seen":"2026-04-03T21:53:17.513624Z","times_seen":8780,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/04/technology_connection_2025_1_1200x720-300x180.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/technology_connection_2025_1_1200x720-300x180.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sun, 15 Jun 2025 07:47:37 GMT\r\netag: \"3624-684e7a99-cdca4bbcede2753b;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 13860\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":13860,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x180, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"73014f1606b914412c425f5ac2c43056","sha1":"639d53e72162da38bb2c282d2588a11d1b1f2b1a","sha256":"9452ccd753cef9967380eaa887645801aa02adc99a9c2c94c9568d0946a1797a","sha512":"d4d4fecf7c54a189a614740db1ecef1c0cfd319efd006da1e3b9fe239a9561fad9b43ecae8bb702c02af4d7c18afdc40180357369d0d7a3229a8b0122fe1a3a7","ssdeep":"384:shKTetUTXgHooMo74gEuyB6SugTD8c6nx7aIForcuv:shKStUTwHooMokDnGCMxGbwE","tlshash":"ec52cf7e4693948dc90b4caf853651d93c039caef1b59b48cec54007d03db96a3f65a3","first_seen":"2025-09-22T20:05:15.815271Z","last_seen":"2025-09-22T20:05:15.815271Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/04/cropped-sahorizon-1-192x192.png","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/cropped-sahorizon-1-192x192.png HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 13 Jul 2025 10:21:13 GMT\r\netag: \"150b-68738899-72e0bdce1670fecf;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 5387\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":5387,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"ae368792389ee3e89275f431da4b1828","sha1":"4c750fa6944bc500927b53134605df09f8e4766c","sha256":"58b1eef4947cea98944b1e88a920efc6043f7b13ada844f4d43061ee99ecd161","sha512":"541bf9928561aabe887169596b25d0af9499d02fd7820d6f270c9f89e0586195ebd0bd5665db23a061efefea4b80af35fbf34c0a86be04c71e18b8960ce59e28","ssdeep":"96:tSjBc4DguxJmlqeBXfcb08HKRmF9szISqcfUAc5HzjGz/JD1wIzvkzcVZVq:tSjBc40uxJsXBXEnommImgGjJD1j4","tlshash":"0db16ea8929b5cc3ca3c08473da16a950d13c372b7ec61231658d15fc39a65eb5e2c69","first_seen":"2025-09-22T20:05:15.817744Z","last_seen":"2025-09-22T20:05:15.817744Z","times_seen":1,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/09/software-dowsstrike2045-python-a-new-era-in-coding-2025-300x158.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/software-dowsstrike2045-python-a-new-era-in-coding-2025-300x158.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sun, 21 Sep 2025 07:35:57 GMT\r\netag: \"1df0-68cfaadd-8d1a55ba6e95b68d;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 7664\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":7664,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x158, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b9e0c315f176444488eb15dbcccbb95c","sha1":"b7d9d55985883797c57f6dd222b178b001319f50","sha256":"8bcbdc393b950d69838492652706d1169cf9a20ab934de280db821e7c4877b6d","sha512":"b2843046ff3d57bf6bfb153c85fb40f709b3ba3aa59ce2945353717be67e008e575d5181562c7df3e4d984f98d28d203fe6b86c049d58067baca65a7efd7ed03","ssdeep":"192:1tnwhdKgRdm0laEkzZJ4PhncXEyBPEVHrL7W+qw5ttnIoU:/nydrRtazgPhnwPBPEVLL7W4zZIoU","tlshash":"0af19ebd743e4d50abaf511b8187b215f71f9038951479e37209183aae9735b4d1b308","first_seen":"2025-09-22T20:05:15.819234Z","last_seen":"2025-09-22T20:05:15.819234Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.378Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nContent-Type: application/json\r\nContent-Length: 358\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"c0265bfd6086c5e5b1995417306d20f9","sha1":"d4f36c77423fe0a981a882b09437a89dddbdb973","sha256":"3efd47460574d88c493319af555d72cda5a2940b1521c4b739a161c77e0de0e4","sha512":"e2f761d516aaed7d234727f36d72e1e84ea9368e2615db434755cb4af10fe086cff30d34872de6529bb2c3a16b405acb1381bd812216b7fe7ee12f64985ca278","ssdeep":"","tlshash":"d6a0129085084449c8805a45d0e684208e3ec117550041755d193d74101804e0081001","first_seen":"2025-09-22T20:05:15.820696Z","last_seen":"2025-09-22T20:05:15.820696Z","times_seen":1,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620913?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:45.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"OPTIONS /500/9620913?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:45 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":29,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620913?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:52.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"OPTIONS /500/9620913?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:52 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/0b5326c3f9460aa931995ddb739ce4e6.js?ver=ce4e6","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/0b5326c3f9460aa931995ddb739ce4e6.js?ver=ce4e6 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"348d-68d1a5d3-da38deb649886fb;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4001\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":13453,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (13451)","md5":"84da02f41d9c61dec95f05d41236d497","sha1":"2bb978916e29e01050ea71d2c68a299fc61f90d3","sha256":"9d8c33c2fb6efb6c3e9778edd19c6c60bf61e327c1132787e14f66cb7cba9726","sha512":"8fb2072d48ed3c279ea005d758d64467384ff0efa72e5ffbe547dda86a6cdd3aa28741a2d342ca28d9e98cb8ee8a0c8d05fad75455d47eb858d7f4101b81e40c","ssdeep":"384:IsIRHeFJ1yQ7QdfnJgeYh7MXlsNqrBp1pgQpwOjNtqohIQ/5D:IsIR+L1yQ7QdpYh7M1iqrBp1pgQpwOjZ","tlshash":"ab52d7a1472955321eb506e391e513c1769075aef44b8aa1a898dc2e18bdcc328f3ff7","first_seen":"2024-11-03T23:01:56.192803Z","last_seen":"2026-04-03T20:14:05.516648Z","times_seen":7402,"resource_available":true,"data":null}},"time_used":151,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202539.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 Aug 2025 19:44:50 GMT","end":"Tue, 04 Nov 2025 19:44:49 GMT"},"fingerprint":{"sha1":"E3:33:F6:CB:1D:54:80:51:6E:94:B6:72:D6:8D:22:88:EC:CF:5C:C2","sha256":"A2:6F:1C:4D:B8:5F:EC:D5:D1:31:F6:0A:A1:D3:C4:05:9B:6A:16:37:15:5E:C6:BE:AE:95:93:6E:79:6F:7D:8E"}}},"request":{"raw":"GET /e-202539.js HTTP/1.1\r\nHost: stats.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nx-minify: t\r\nx-minify-cache: hit\r\netag: W/7134-1748959715313.3396\r\ncontent-encoding: br\r\nexpires: Mon, 21 Sep 2026 07:15:58 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nx-nc: HIT arn\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3812), with no line terminators","md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-03T21:38:01.162652Z","times_seen":45001,"resource_available":true,"data":null}},"time_used":71,"timings":{"blocked":28,"dns":1,"connect":9,"send":0,"wait":8,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/zone?pub=0\u0026zone_id=9620873\u0026is_mobile=false\u0026domain=sahorizon.com\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.635\u0026drf=","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:43.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"GET /zone?pub=0\u0026zone_id=9620873\u0026is_mobile=false\u0026domain=sahorizon.com\u0026var=\u0026ymid=\u0026var_3=\u0026tg=0\u0026sw=3.1.635\u0026drf= HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 517\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":517,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"65fa3185b937bb957221f23266b8970e","sha1":"d3ed2698fc9b474fd42f2daf4bf2f6908c7eeba4","sha256":"10a1a68d9fa0bedcf82b9405e42146bdc70b6e6167daf6e20fa78d8c96523c7d","sha512":"566187df78c8a796e2333277ce64712eeea0ccefb48dc7aa783fa84a862fc4986478ee5101db077323d5df737e1c6c50b779e2b4245022b71b500f538d91b0a7","ssdeep":"","tlshash":"1ef0c0283d60beb18c2107cca5a9ed028afda030e7149a49d9f86f605863fec300315e","first_seen":"2025-09-22T20:05:15.823173Z","last_seen":"2025-09-22T20:05:15.823173Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/401/9620871?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:45.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"POST /401/9620871?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 24\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:45 GMT\r\ncontent-type: application/json\r\nx-trace-id: fbfbdbc18b1671bff77988c004a4a57d\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:45 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2072,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3aa1f5375f811f2c34777fd36b443371","sha1":"0654a6428288e7749bce6e9239e1542bb63f528f","sha256":"6cfe3cf110b0fe65b84c5cf72064bf37b99522bf3fe00cedfd51026f0eb0252d","sha512":"746307d6a99bccd86e926d1d7d77ab018b26682aee4ad90ceb1d254916bc2e23e5819bdf248e3e76b0ff764249a55c61d70d6aef2bf9971d171d731f7d69c082","ssdeep":"","tlshash":"7741e2088e18457e85de9ab6dc0b6d475bbd051e3a0c762ee7854d5770ebce403eb10b","first_seen":"2025-09-22T20:05:15.825063Z","last_seen":"2025-09-22T20:05:15.825063Z","times_seen":1,"resource_available":false,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620870?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:47.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /500/9620870?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:47 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: ffa0c3c65ccdc61ced0875cc76052ce1\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:47 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1914,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"aeb481451fe38865174247a0a32a61d7","sha1":"54b9280f8e889776066352ee09e6e15a407c60bb","sha256":"b82beb61caea6a16a4a8f8fc7ef63bcab6296733bc6610c419551a809a121563","sha512":"089fa9dcf93a74f4405a4aa248871734bd50ef648fd5f9400fd037476041461df24585882c99a0c2fdc4f8e952006bcb708fdc80a88ecc7c13d5fa9ff61d1555","ssdeep":"","tlshash":"96410a73352a59660b9207280cb52c5bf64edd0228126be4dd41c83032fc23c7dc41da","first_seen":"2025-09-22T20:05:15.826387Z","last_seen":"2025-09-22T20:05:15.826387Z","times_seen":1,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/39c88240c7e71bc91585301e80c3775f.css?ver=3775f","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/39c88240c7e71bc91585301e80c3775f.css?ver=3775f HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"5d7-68d1a5d3-5f54d796869c3a20;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 492\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":1495,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1495), with no line terminators","md5":"c77d62e5470632c2c036f1802117399a","sha1":"a37985eeec4c561cfacb08e6f50fddb50c389440","sha256":"c7308904efc8da3847aab82f9ab35918e8faccef6a04a6c657251759f30a8fb5","sha512":"94e039ac32777eaccdc832ddd9bf8a19e1c1e2325074f1853f23d0b108823d1b5d13efda84953ce2693759cd38fa2b2c8e718b31f6276a93f0f4af04286f64c9","ssdeep":"","tlshash":"0e31b7e124e40899b5abfa497cc1e295f065ab32c255e0dfeeb00610cf4af770682b5c","first_seen":"2023-04-07T05:53:57Z","last_seen":"2026-04-03T21:00:26.979054Z","times_seen":1906,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/a061c1cb4cd56508b20d8d14c9eab3c4.css?ver=ab3c4","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/a061c1cb4cd56508b20d8d14c9eab3c4.css?ver=ab3c4 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"cdd-68d1a5d3-419eaf66f3c1c556;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 418\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3293,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3293), with no line terminators","md5":"07e59a4db7995b6ce66bfb90fc7fbd22","sha1":"6d134cea98609f38cea5011d9f16e2199a5b5730","sha256":"3cdc8768b77b752d62d488cda4d7917a5df5d334da0f7fa7c9f86aeae573923b","sha512":"46af6c4cc817db04827aa8f96de7710fd00922e8ff901e9296282f161f3335199e71a9ffc92d64283c667dc899434b8aa2565ddd6d602ce2450661b9b551c9ba","ssdeep":"","tlshash":"c5618e8cc5876eeb77a7036fb49b50147ed76cd2939eebc6600f901683c29a386741a1","first_seen":"2023-04-11T00:48:14Z","last_seen":"2026-04-03T21:53:18.77213Z","times_seen":1893,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vaimucuvikuwu.net/88/159153","fqdn":"vaimucuvikuwu.net","domain":"vaimucuvikuwu.net","tld":"net"},"ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vaimucuvikuwu.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:19:32 GMT","end":"Thu, 30 Oct 2025 05:19:31 GMT"},"fingerprint":{"sha1":"35:87:C8:60:07:AA:D4:C9:E9:EB:7C:B3:1E:4B:E5:C4:C4:D7:83:09","sha256":"6A:C3:77:FB:D8:62:C1:E1:AE:65:AD:FB:94:A5:AC:5E:8F:99:A3:44:C6:D8:3E:06:92:93:F5:D6:48:74:68:0A"}}},"request":{"raw":"GET /88/159153 HTTP/1.1\r\nHost: vaimucuvikuwu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: application/json\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4095,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"01ffb3f987229be9e4d90897da18ff49","sha1":"636856fe94229b19bc9a2b5506aad57d8e1d1abe","sha256":"a6b544d5213e1f31cef69c32f16bedfbe85ce8ecfe2c82eda12e37a4038db798","sha512":"d2ccaeb6c17a10d0fc851d1a69e6b4fadee458e6d49635631ecd97ba81ce8c6f9d35667fd8c38d7bc74e3c536875de174cfe1566d39584a7ccc7d276da36700b","ssdeep":"","tlshash":"2581f94e99553a7fd51603cfcc2f6a220bec2127b5c0785ad1ec0d4820d75c153aeb4b","first_seen":"2025-09-22T20:05:15.829941Z","last_seen":"2025-09-22T20:05:15.829941Z","times_seen":1,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":89,"dns":1,"connect":26,"send":0,"wait":31,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"roagrofoogrobo.com/400/9620870","fqdn":"roagrofoogrobo.com","domain":"roagrofoogrobo.com","tld":"com"},"ip":{"addr":"172.67.217.27","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"roagrofoogrobo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Sep 2025 08:53:17 GMT","end":"Tue, 09 Dec 2025 09:42:14 GMT"},"fingerprint":{"sha1":"36:98:FD:42:B8:78:47:61:E6:41:83:74:32:D8:4E:C9:12:FC:2C:73","sha256":"AD:8B:CE:31:0A:CC:4D:23:3C:85:D0:8B:34:06:05:78:E6:43:91:6E:E5:86:22:C3:39:44:DB:D1:EA:07:67:57"}}},"request":{"raw":"GET /400/9620870 HTTP/1.1\r\nHost: roagrofoogrobo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j2O6TxducemCNmPYFaIdSSV99mTuK1Mqtijm5aECzmKga8JljVarE7hPIJnwKG7Nds%2FQffSBXVsbIkIPZdlFSVXNl4ry58skATdedzlmlBF%2FKw%3D%3D\"}]}\r\ncf-ray: 9834451a8b998deb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":164550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8e094c1eb003e888932269aa65eb07c9","sha1":"a3e19239a9dd0cb78491d7d97872fea047bceea5","sha256":"65ad2d722ae876644571fe3398529fdbee26ab79c08323e4cfa9ffccecfe9632","sha512":"51e6aa6fe7fb9426347cbe52d89c73d86894ad2bdf462f488729809713a7152199b40cf7bed02229a76e8f4ec0f3c1202bed4f2f1c90a58ef34ae7ee7db89eb5","ssdeep":"3072:sIaz5kvovPphA8+QMbcRs5UDXzeaOARiCiB9vtmC7fcWeDcy1TfrGFV2NfS:sIatVAhQ4gsCjaB91z7fcWeDzRfr+V28","tlshash":"9af3ead97281745a2a736030526fee1f793b8e61648ec514f1a6f1b53e3880e9353eec","first_seen":"2025-09-19T12:11:56.519525Z","last_seen":"2025-09-26T07:36:47.307071Z","times_seen":39,"resource_available":true,"data":null}},"time_used":526,"timings":{"blocked":225,"dns":22,"connect":1,"send":0,"wait":72,"receive":0,"ssl":203},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"stats.wp.com/e-202539.js","fqdn":"stats.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.127Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 Aug 2025 19:44:50 GMT","end":"Tue, 04 Nov 2025 19:44:49 GMT"},"fingerprint":{"sha1":"E3:33:F6:CB:1D:54:80:51:6E:94:B6:72:D6:8D:22:88:EC:CF:5C:C2","sha256":"A2:6F:1C:4D:B8:5F:EC:D5:D1:31:F6:0A:A1:D3:C4:05:9B:6A:16:37:15:5E:C6:BE:AE:95:93:6E:79:6F:7D:8E"}}},"request":{"raw":"GET /e-202539.js HTTP/1.1\r\nHost: stats.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:41 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nx-minify: t\r\nx-minify-cache: hit\r\netag: W/7134-1748959715313.3396\r\ncontent-encoding: br\r\nexpires: Mon, 21 Sep 2026 07:15:58 GMT\r\ncache-control: max-age=31536000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nx-nc: HIT arn\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3812,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3812), with no line terminators","md5":"b1e85b83d13876fefcf2d873fde8da3e","sha1":"09d271f2a7dd17e66a19fcbfca887734d951ed2f","sha256":"2abd616c43c16e7a2d01f1f1c761d6c12acf4b2ed9a9a411289ee3bb5a681ffe","sha512":"a1ab2e32190702e46c440606a45e51dd073168fa11828683764aef077fb2b495343bd91ee784974244c37d0a52a8225d1a6359ffe0ddf0ec6971aeb7c50e3ec8","ssdeep":"","tlshash":"6b71646536c5f0381af630a5235f630af5ba8b7a7d4a9044c37cd4b07c79e8b9412f9a","first_seen":"2025-06-09T00:15:30.881783Z","last_seen":"2026-04-03T21:38:01.162652Z","times_seen":45001,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":36,"dns":6,"connect":7,"send":0,"wait":7,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620870?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /500/9620870?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:46 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: f6265e3f1e390a7f4f5ecd9cc0833eda\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:46 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1972,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"fbac45d663c21053e540eb4e821acf1c","sha1":"48aa9f2c6ff2d7fda00f2fc4f8ed43d2126880d0","sha256":"a9b8b350c3196cd0a7b91032c50f9c8fe2f184745c018a1c32f2f1c1d89b211c","sha512":"06da96fd64fd59c4e611ca33f8b67b9f1b4e0d569bbfd33ac19f3e92028c4442c23dee9870fa0fb5cd71018e1afb4aec48a6684b70c71cc43dcbac8b9dc0e0b0","ssdeep":"","tlshash":"1841083934ad3b562bca526818a47607c1d9c0db2cda7c8c491643af6ad9194bdef148","first_seen":"2025-09-22T20:05:15.831652Z","last_seen":"2025-09-22T20:05:15.831652Z","times_seen":1,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/5e2ab0eed18d035e0ff0c39cc5cfd27c.jpg","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:48.018Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/5e2ab0eed18d035e0ff0c39cc5cfd27c.jpg HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 19:39:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9910\r\nlast-modified: Thu, 27 Feb 2025 16:35:11 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67c0943f-26b6\"\r\nexpires: Tue, 23 Sep 2025 05:12:46 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 52021\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=URsos71K7EXZIPZRlj1%2Fe2OqHwoJY8VA%2BJRE7rVhLKHG%2BQhb8MifpWw%2BmxFR8nMotYkmfv9TlrjcgPwztWFTjpeyzqV1TkSnKrDw4S%2B7K4Zp\"}]}\r\nvary: accept-encoding\r\ncf-ray: 983445391c7c1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9910,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3","md5":"5e2ab0eed18d035e0ff0c39cc5cfd27c","sha1":"1baf8a735404756b573053e2e55471e90725e03c","sha256":"c2d42867eb040910ea0ac9142143ac620a1280c0160fdf2fa57bdb010ec318fa","sha512":"4a397ae895c598f1e07d5ba7f48e37900e633d576af80350f213dd997baa6d9198f2142421ad57a8504c2810e7c2830910594ab11415b401795c922513e88ae2","ssdeep":"192:eJZGe1Kgs442STFKHBahL4CxoUu47A5t4FUPVC15rC:ezGLgs+STFKHAh0C3NM5nC15rC","tlshash":"f212b0c4fca14c72db60cbbd1824d24a3f7c02539b91a75f22aa86315cba4bf71d55a2","first_seen":"2025-04-11T02:20:54.089609Z","last_seen":"2026-03-15T06:38:48.799887Z","times_seen":137,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/8636047c45c147a50167ee29f23ca7a8.css?ver=ca7a8","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/8636047c45c147a50167ee29f23ca7a8.css?ver=ca7a8 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"344-68d1a5d3-fdc3f6053cb24cee;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 282\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":836,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (836), with no line terminators","md5":"0c72d53cd406d29a3e4c9379e0e62481","sha1":"c364cc3dcec5c714909042f0712fb3b4f74eb707","sha256":"594bb2aa86ed0b291d099c964bd253b17210e36e2c534762947b8091a9c95bff","sha512":"15538a81f08756ba2463f1367bfadd0e12887642a7453ba83e64f396d0c96fdfbc06a6aa1721550428e11f2e2b1be9d8c31cd2b8553b45330f3db942dde5dd3d","ssdeep":"","tlshash":"9e010cb235e276589e6bcdf5cbb9324fb1547012832a12d64e206310e42a0d327eb057","first_seen":"2025-06-28T07:16:29.567045Z","last_seen":"2026-03-22T04:40:28.967214Z","times_seen":55,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/1b05a76a89b235ac27c5b916f622b87b.js?ver=2b87b","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/1b05a76a89b235ac27c5b916f622b87b.js?ver=2b87b HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"1ca7-68d1a5d3-239c2148354ba490;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1675\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":7335,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (7333)","md5":"ab2b109461499404e6308fc102ceba5a","sha1":"3400d0407e06e7746cb7b5b154b76aeebe6f5bb8","sha256":"0d5ef0324954e39c6b7804a30be454deaaed55369bdb76a965eb475e21e98d43","sha512":"f61bff510c3ac17ada29ab53682b03746cb73f6c1edd2ca51243a20f168fe865036f0dfb5312cce5ce1d3bf231e798dff0ad31bd76d47785029e0f738ce3e51c","ssdeep":"192:iQqHlWQZgROnqWgpkgJMhqDi92FY+alT/fnGtxTbvz:bqHngROnvgJUqDi9cNYTnGvTbvz","tlshash":"cfe112fa964412bb04ef29ca74e6e5c07b7568fdea0184302579c84d1fe8dc202e6bf5","first_seen":"2024-09-02T16:35:56Z","last_seen":"2026-04-03T19:34:45.023566Z","times_seen":659,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/e2c1e408d5c39db3f1a05b1b4e6ab3f4.css?ver=ab3f4","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/e2c1e408d5c39db3f1a05b1b4e6ab3f4.css?ver=ab3f4 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"105a-68d1a5d3-7b52a39aa0815e5f;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 979\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4186,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4186), with no line terminators","md5":"ea958276b7de454bd3c2873f0dc47e5f","sha1":"b143f6e8e8f79d8f104c26b0057ef5514d763219","sha256":"2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe","sha512":"2d40a1e713355eff88fa3bbf5471b4db5acc48fa2b978a555c034f2e5c7f131fcaf48e849d5d048df9d5dae068c4b6467a97b1dde99115e6b32f57e928569fc1","ssdeep":"48:wFfAeWkkqEsKO+TBxaBIIj+NqUFQW76d7JrOv2bN:wueWkkrLoI7U","tlshash":"d9810c1084149d2cf4eab33766cec75db43ad747fe75e7b86936e2b8c098a842073484","first_seen":"2023-04-05T04:06:46Z","last_seen":"2026-04-03T21:30:19.540137Z","times_seen":70310,"resource_available":false,"data":null}},"time_used":174,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":174,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tzegilo.com/stattag.js","fqdn":"tzegilo.com","domain":"tzegilo.com","tld":"com"},"ip":{"addr":"172.67.193.52","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:43.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzegilo.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 13 Sep 2025 14:26:46 GMT","end":"Fri, 12 Dec 2025 07:20:07 GMT"},"fingerprint":{"sha1":"F3:16:05:8F:DD:38:43:0F:BB:E2:C4:D7:85:80:BC:FF:31:61:3D:76","sha256":"B5:31:C1:B7:C6:EF:62:4B:FF:EC:63:B7:C3:FC:AB:46:1C:7C:09:8C:E2:11:C2:6C:DC:B2:3A:57:84:15:F3:EC"}}},"request":{"raw":"GET /stattag.js HTTP/1.1\r\nHost: tzegilo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 11 Jul 2024 10:23:58 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nlink: \u003chttps://flerap.com/\u003e; rel=preconnect; crossorigin, \u003chttps://fleraprt.com/\u003e; rel=preconnect; crossorigin\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MDKTMcS9K1i6IeWCLHKNblsSAE06eauipIFIB%2FJ9uNph0z%2Fswmwq4zgL2IGFylfc0tJkVDQpHaigsHBCMAS2fiChRY5%2BnHmkaw%3D%3D\"}]}\r\nage: 2752\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"668fb2be-45d7\"\r\ncontent-encoding: br\r\ncf-ray: 9834451f9d9e5688-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17879,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (17229)","md5":"01227f5edc20e0ff4ed643b27cb8bb68","sha1":"d71a88f7341f2b1bdaa7deb9a66888607bd52598","sha256":"75c91d86601e23ab56d872b31b42660f893fc6d6b0785e085c06c2c038e98fb2","sha512":"88046b07c07ff6de47ef7d1e0d7ca281fc48e91fc6a292cdf611457b96ac92bb0068971cfd55c0cc3e6179d7335e77a6a14b15fa502bbae7b2233546da6c0f98","ssdeep":"384:WDWdyJ+TJTwWV+6RUL2qq8L6jW4+QL1zWAWvVRIDiei:7so1V+g+d+j4pJ5","tlshash":"8d82094a72d525ee82a3a1d10cef612ffb664e86a97e1785e381b49c187404ec3d7f90","first_seen":"2024-07-11T16:28:55Z","last_seen":"2026-04-03T20:52:09.458634Z","times_seen":6339,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":83,"dns":22,"connect":1,"send":0,"wait":7,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/09/scratchpay-everything-you-need-to-know-about-pet-and-healthcare-financing-300x158.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/scratchpay-everything-you-need-to-know-about-pet-and-healthcare-financing-300x158.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Mon, 22 Sep 2025 08:43:17 GMT\r\netag: \"22bc-68d10c25-32114d96d7d8f2ed;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 8892\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":8892,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x158, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"aed2966257afc3a2dd6c6b7f60981b2d","sha1":"ee84b3b82f1575ed15272fa736cc7b12f441aefe","sha256":"de9f42c140a216eadfa5f783214ae2a888c0c422515fc2cb6fa708c7d12abf36","sha512":"025ca4bef6d6f597ab9a6108c9ca2b5bea02bc2945157f0f6682e5b662bd45b7d5b7d2545c7859e450c5d9dba58790379d25481f0987dfbe9dd7c32b08f6bb2f","ssdeep":"192:GR19gPihtkiqPTdr8er1+0h0lMkMZa1RvrQ9DxvnMHTTC:A199qPtb1+0hcMkEactdH","tlshash":"8c02b0c1edb9429cdbb19955bdd72a280c36b9fcee19c900cc9c7560802b5a24ade73d","first_seen":"2025-09-22T20:05:15.837271Z","last_seen":"2025-09-22T20:05:15.837271Z","times_seen":1,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/3bT/27mJf/universal.min.js?v=3.1.635","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:43.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"GET /3bT/27mJf/universal.min.js?v=3.1.635 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 22 Sep 2025 13:19:37 GMT\r\netag: W/\"68d14ce9-108f9\"\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":67833,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ec5363d2aa786937f4ef8b30764c9434","sha1":"20a8adaeb0cef2a2f630663865c9dc8e56c711a6","sha256":"ce6c17b349437cee7eba6e43333fb1c890154dfa7e1d440d74aca2841b886bee","sha512":"b7b3f6e2c68bec695fa65d1d561f3cc6bc36680c7f9f0c7705bf4322471cde1ba058d1b2bd9ee8d4696f86433cc8a93c4ae7c0a9c9e543ac6633a527e0915b88","ssdeep":"1536:sOVx6o6wlnWDMN4B7enuRY5+0LWyLe8bODjprn:sOVv6Knwu+eWyFyhz","tlshash":"7e63c7523e72ec5413e6a7c3d01fa256e7618540b86bf890a54ed5e204210e9cbeffe3","first_seen":"2025-09-22T16:48:47.201885Z","last_seen":"2025-10-31T08:17:13.379525Z","times_seen":195,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":89,"dns":1,"connect":26,"send":0,"wait":27,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-includes/js/jquery/jquery.min.js","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Thu, 12 Jun 2025 17:16:18 GMT\r\netag: \"15601-684b0b62-d15fb522728560f;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 29531\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-04-03T21:31:02.031134Z","times_seen":683899,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":228,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/06/ChatGPT-Image-Jun-28-2025-01_10_52-PM.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.996Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/06/ChatGPT-Image-Jun-28-2025-01_10_52-PM.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 28 Jun 2025 08:11:41 GMT\r\netag: \"fe7c-685fa3bd-b1f3f7f974655d48;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 65148\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":65148,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1200x720, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"02052a05fb4af1240927b6ee42b71943","sha1":"26005ce60d4c893cbe0a33a4c531c16f25e2c794","sha256":"813c6051e05ed037d9ebfa5c2e130daf9f4afc3ada21c936d8bc020a8a0b015f","sha512":"494e71cd0467c722a3312078cefeb87cee9980b173d61390bf79645afc35576f3d621f3ff53fbd5e3ebfd9d30de01d52591ef716dad870998e568ed349220113","ssdeep":"1536:RUzsJFPXjlBsrXC9u74nKkTUwhz9qydA49N+O:6zarzsrXC9uWhhqydr3","tlshash":"06530273f0657d1de15f8e34af827ed4acc7cc809da012a9f5ce4b2589538a2e4a48dd","first_seen":"2025-09-22T20:05:15.840577Z","last_seen":"2025-09-22T20:05:15.840577Z","times_seen":1,"resource_available":false,"data":null}},"time_used":325,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":64,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nContent-Type: application/json\r\nContent-Length: 388\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ec66a53cf60d8f9902c9d79d42a5b1dd","sha1":"d75f1d2c93213020bb5afdff93299557aec193f7","sha256":"5e411a2e1df3623aeef6eea69528a6b312a8793f1e2e7df5c49d05ce4e10f944","sha512":"b9dab000ee8dfd9fe587b126dedd9e083012383b9e93829c9b8c7ba32e3914a42852e6c04cb246b8d7e61b8105ba16224ee89147ed5d650eb6dfa88f16db868a","ssdeep":"","tlshash":"7ca0244000074d0413c0cdc011f5d7003f3c00331f434111557c7f544c50710000d0c1","first_seen":"2025-09-22T20:05:15.80174Z","last_seen":"2025-09-22T20:05:15.80174Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/impression/nu4ZNHeMEu3UFuvkrnUBPfrPnFNyXJfcVOlsZmZ05dg1oITAt-Cao4ST_xWhlbo7kY9_bgjURiXaLt9A-FeiflXuXn0y3RlAHK_z8AIpSwQayRllKl51BD9AS0NRj1bEhibA1SbIz0vejd3ogC-tJYNm1E7oYtLlPfdXoWhyIrMjrWnn7Wbblz_9uJlBs_5ys1XpARMaAV9nLqJa5dCQNwhfJDEpDJSoCzko1abwBHlFSHHHIWz3hVD2sm_jXplm7P57QDF51YXagceDobK5RBzEOcdldoZYb8dIEqT-CY_xlKgSTQvZ2Cl-uXbKIMpGYSGKkoFGkFX0ko-5KLayQnK-wM3Eb5gwZSEPwc6uRdDVCJL_H-Az87mjVsulSyk7cPcfJl2yS5vxj7rVwkdhBqrj4WDkygJU5_I9FI9LADIFXuAbf-81B4vAUaZZn8v-l0eFKl-LRlecsbE_EkburXy4lsf2tZ8-Vob4S4m4QhyPTxnqDhmJmXo-LCqNCpnpBfEVmsYrXu3UESQRt-RXsUbFmtw5p3Iz6W7iO8fHz-doSWwgmRtLRUBDoLnOsxCKsYuxIRIguNa_g4RPS9q2MfPBcvdzwSNXwo83NPso0f2OT6hJM4BSXbS9zTMId_ZnasamFuR5haDm0Xf-dM03UPNhEzrXuEGBiZz892rjPRAeVPVxuef5XVjkkzgSTySDzYspytoc1__7A4GXGNNVLPKXn3cfYGWjtS3xi7GNvx06hBeBWBXJdFLhToY8WmEseTldN6UsnB_-uXFuDcKEneasoW3J3eAFS4qef0NWLlNMAgn765UebMEiGhcIsWmK8G8sIg==?_z=9620870\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:47.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /impression/nu4ZNHeMEu3UFuvkrnUBPfrPnFNyXJfcVOlsZmZ05dg1oITAt-Cao4ST_xWhlbo7kY9_bgjURiXaLt9A-FeiflXuXn0y3RlAHK_z8AIpSwQayRllKl51BD9AS0NRj1bEhibA1SbIz0vejd3ogC-tJYNm1E7oYtLlPfdXoWhyIrMjrWnn7Wbblz_9uJlBs_5ys1XpARMaAV9nLqJa5dCQNwhfJDEpDJSoCzko1abwBHlFSHHHIWz3hVD2sm_jXplm7P57QDF51YXagceDobK5RBzEOcdldoZYb8dIEqT-CY_xlKgSTQvZ2Cl-uXbKIMpGYSGKkoFGkFX0ko-5KLayQnK-wM3Eb5gwZSEPwc6uRdDVCJL_H-Az87mjVsulSyk7cPcfJl2yS5vxj7rVwkdhBqrj4WDkygJU5_I9FI9LADIFXuAbf-81B4vAUaZZn8v-l0eFKl-LRlecsbE_EkburXy4lsf2tZ8-Vob4S4m4QhyPTxnqDhmJmXo-LCqNCpnpBfEVmsYrXu3UESQRt-RXsUbFmtw5p3Iz6W7iO8fHz-doSWwgmRtLRUBDoLnOsxCKsYuxIRIguNa_g4RPS9q2MfPBcvdzwSNXwo83NPso0f2OT6hJM4BSXbS9zTMId_ZnasamFuR5haDm0Xf-dM03UPNhEzrXuEGBiZz892rjPRAeVPVxuef5XVjkkzgSTySDzYspytoc1__7A4GXGNNVLPKXn3cfYGWjtS3xi7GNvx06hBeBWBXJdFLhToY8WmEseTldN6UsnB_-uXFuDcKEneasoW3J3eAFS4qef0NWLlNMAgn765UebMEiGhcIsWmK8G8sIg==?_z=9620870\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:47 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: b3ee01c53025faa03273da8cb312b272\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-03T21:32:24.566251Z","times_seen":96321,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/04/oatmeal_vs_cream_of_wheat_1_1200x720-300x180.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.608Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/oatmeal_vs_cream_of_wheat_1_1200x720-300x180.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 14 Jun 2025 10:06:52 GMT\r\netag: \"3520-684d49bc-c3de9f8e0c3eef2f;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 13600\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":13600,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x180, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"59f6cf60e58b6cebe757899b46919512","sha1":"454348ec13dd87b93f93d3407d297d3dbfb2e447","sha256":"82b723b011efd780690941726f0ec2cd8c4fe0a66ca4af736995222be8ec7fe7","sha512":"a72d41d528159065fcdc5d75e0eec270f3323ebf8d38366fcd09d664e88d09035a01ddebd16c8e7073162d5e01546daadeb1e2249b7ce8730f8b8fe23c1b9acd","ssdeep":"192:Bi5OtTAEvaBOvQdvExfjWS1+EAL81MQtr5RdpQ8dSgRduNWDGDXZj0YeH6oTnGdX:5RBvadTS8EYaMQnK8okZKzp0YaLEBVz","tlshash":"7252d0f5c5fd3c3ae26d3a8d0da504023a840d9c55caf020fb51efa71637867a18dd69","first_seen":"2025-09-22T20:05:15.84271Z","last_seen":"2025-09-22T20:05:15.84271Z","times_seen":1,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.368Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:48.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 22 Sep 2025 19:39:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 16893\r\nlast-modified: Mon, 17 Mar 2025 02:12:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67d78504-41fd\"\r\nexpires: Tue, 23 Sep 2025 04:27:50 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 54717\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wu78qz82vdpXHJQHQBgK%2FF6CDCXjZKlgAMLQOHL45ccjLvAfn67Q9azVaheF8OJlRmSDKRUu%2BA1HEscDFJ2w2n2KS5l3kwnSzThEjJa4LgP%2B\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9834453bbcc21525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"31f5bb5f43a7bd2800c6724e3a4125d2","sha1":"bc1bcd6aa31ac91dd34359c2fbbcaefb3e15c875","sha256":"e5dd86d52381d2bff5f1b74d3923443d3d95ced64048662307ed3ec2d52eb61b","sha512":"472e23766bb20f680ab31d5c358d9555ce56596444072978dd6340ca5e918aedcf1985a811c7f3f41b72bb15ce3df8ca98a2fddb5ec9a1eeb5f30d586fc7c23e","ssdeep":"384:wDIuIpXyvlnQ8HrcT30rRp8Rp6g9TzBtnL1Ti7DpHQ9:wsHyvBXHrQxF93By7DhQ9","tlshash":"0572c06f0a4a5703999d1c0d1eab7c9d667a425f007c2e6b23239c5cf94a36f6042df5","first_seen":"2025-03-17T02:19:44.486682Z","last_seen":"2025-11-29T07:50:01.235056Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/09/is-gym-a-sport-a-complete-guide-to-the-debate-2025-300x158.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/is-gym-a-sport-a-complete-guide-to-the-debate-2025-300x158.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Mon, 22 Sep 2025 06:39:31 GMT\r\netag: \"1934-68d0ef23-d5dde4ce0cc404b7;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 6452\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":6452,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x158, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7d866b29a4e8ca6590e19b0b0c2b427e","sha1":"9c5415e1641937643c76546443f169a4075d9ec9","sha256":"2a619021f8988183012189243f700ea085345d541fdd7a340b590b9798e76c9b","sha512":"689ac7d2e6bded2cca9d734005576362603a84c239ccc2b8d5d6478f830f3d5d1d94431f25272c00a76b2b3be242eec1e27fc3be4e34f820106d93d6e821ecbc","ssdeep":"192:xSXZzLLwE0SoX4UUuGxayAwTdmYCyF9jl8jz09lqNowreBPIJSRoP:xSNPwExoo3bAikmyj4U+wreCJSRoP","tlshash":"16d19ee125fbd04edf0f2079c9c63c20e0f94c26f9592a5c4f1295e25489dc75fa829b","first_seen":"2025-09-22T20:05:15.845496Z","last_seen":"2025-09-22T20:05:15.845496Z","times_seen":1,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/pfe/current/tag.min.js?z=9620873","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"GET /pfe/current/tag.min.js?z=9620873 HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 22 Sep 2025 13:19:37 GMT\r\netag: W/\"68d14ce9-785f\"\r\naccess-control-allow-credentials: true\r\ncache-control: no-cache\r\npragma: no-cache\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":30815,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (30815), with no line terminators","md5":"e8aa54e0f45caba29d1929319247d6f7","sha1":"6e5fc61dddf1cf4e9c933e768eeb8707009d224a","sha256":"4863ced089760be4f6407d16c4d661da7f5b899dc4cbcf16dd2cddc629a4cad1","sha512":"df7faecbcf89310902a7f19c1d23943632f68d60378cb82ed61c06cda951f01c251fb45a35e0ec39df9ec27a97e0d9aff84a5fbdd24817488e8925d475769961","ssdeep":"768:N0/yQI4xFlPlGbz9Z+CugqWc0QimcED40TZxlsl05JFGS3J03WYveZ7mSbiaB6sq:BWCT60rmcE2CLY/sKBVsm","tlshash":"80d2c6813ebb685127d257c3d03f941a93a1d60434abf5a3b50e659229320dacff3e67","first_seen":"2025-09-22T16:48:47.194022Z","last_seen":"2025-10-31T08:17:13.404319Z","times_seen":162,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":106,"dns":14,"connect":28,"send":0,"wait":26,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/400/9620913?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:43.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"POST /400/9620913?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2587\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/json\r\nx-trace-id: 8797d04caf205f038d1e18b3f6eee9a9\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:43 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2073,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"0632b8234b4bf11fc29bbac7d6cf039b","sha1":"01233ad5e06c1bb2140c1c319559f67d25574222","sha256":"c0096315a1e237ec9cdd44c5d034d7444b8a8acafc95235d8bdbca66c8fe71cb","sha512":"5fd7c643e71722833cd35ad0a76d4eacb83b09142cb8e79a08ebb79baad4df89be41c1b837595d49f72ede367ce5f89e5de49e8e618f275a3838760fa0b3ad14","ssdeep":"","tlshash":"6041d1089e18457a86ee5ab5ec076d470bb9411f3a4c762ee7454d1770ebce403eb10b","first_seen":"2025-09-22T20:05:15.852947Z","last_seen":"2025-09-22T20:05:15.852947Z","times_seen":1,"resource_available":false,"data":null}},"time_used":243,"timings":{"blocked":106,"dns":14,"connect":26,"send":0,"wait":30,"receive":0,"ssl":62},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.295Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/400/9620870?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:45.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"POST /400/9620870?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2587\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:45 GMT\r\ncontent-type: application/json\r\nx-trace-id: 57eb89dc73b307d3bac9fec26b171eba\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:45 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2072,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"8eb2216b9541289ed4dff2d00ee5835c","sha1":"55527f5007d78f8d7441dc5c10b28c57e9111e62","sha256":"82bc5fa7981c7ab251d0f24b38040b7f280f83e791d6fc09725dcb8104a8fd28","sha512":"79f169d11bb40c5e703fc6aafe41eeed281dd6aad00cff7260010ad8d95b52a261e29b05ea13d38da2881c8a93a4cc181c8e29d3767361d082bcb689e5e3f46e","ssdeep":"","tlshash":"7541e2089d28457a96de5ab6dd0b6d470bbd011f3a0c722ee7454d5770ebce103eb10b","first_seen":"2025-09-22T20:05:15.854781Z","last_seen":"2025-09-22T20:05:15.854781Z","times_seen":1,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620870?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"OPTIONS /500/9620870?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:46 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/6566818e34cf138a79891bb235f70e0e.css?ver=70e0e","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/6566818e34cf138a79891bb235f70e0e.css?ver=70e0e HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"1c668-68d1a5d3-f0a86d770c711905;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 14072\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":116328,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55654)","md5":"d0cb2a53625f20cb22d7ae2d18129847","sha1":"30e4b3e7f46956badb9ca6481e5c2363c46a78bd","sha256":"242eddaa92636d19d045d3b9098f529c63d3e24824253267ecaabd829c362644","sha512":"c9d1adcf7e0b3bbfd7e7e0f8a1d9a95bcea3f1e4b46d59135853e7f4455a6665b5562b2ceb3f5fbc6634b2a5caa0c652e31470ed2a28286cfbbcdc84d6624d06","ssdeep":"3072:PeeJu1iQg5MG7x+qehvP0x2pck2qkA3Pu:Q1iQg5MG7x+qehvP0x2pck2lA2","tlshash":"87b3615417b4dcf935ffa73a5e4ee248a503aa41c68a57ebe066d190618ca490cf3f0f","first_seen":"2025-07-16T05:23:56.480436Z","last_seen":"2026-04-03T19:07:30.089306Z","times_seen":2762,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":176,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/24fee2c4450eed712e2ba48391ee1cbe.css?ver=e1cbe","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/24fee2c4450eed712e2ba48391ee1cbe.css?ver=e1cbe HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"2c4f-68d1a5d3-e73828c50ab1231;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2389\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":11343,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11343), with no line terminators","md5":"6ea3a0c8e82f14ae2da24f8eba463de3","sha1":"98013a601c3436eca3777d33b4c55766158247b8","sha256":"19d348e191f1699df6701f98d9c7d52c854d33d3c4132dd96943780162ff15f4","sha512":"7f3af3dfa37f99340dff5f12868c0d69635d0a1315c6e04a70e2f1e08662a9f66282c2176de5569f55816243da574ee9c46ce1b4df495c089a29e49ec0893084","ssdeep":"192:xthsVmeDXD2ZnvgZenzA5KdXSMpNO96hDIzL79V1QVSD1CNxn6fR31r:czDSnvuenzA0NBhDInSwh31r","tlshash":"363223929c88212cf43795645ac107ec923fc303fd62ededb73c7679caca58a516a943","first_seen":"2023-04-11T12:48:36Z","last_seen":"2026-04-03T19:26:16.809817Z","times_seen":884,"resource_available":false,"data":null}},"time_used":175,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":175,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/b01144544f050057608f93fdfd28c606.js?ver=8c606","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.058Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/b01144544f050057608f93fdfd28c606.js?ver=8c606 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"30e1-68d1a5d3-1d38460cd3180656;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3363\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12513,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (12511)","md5":"3e71574fc61389daf15e9585bcc93fe5","sha1":"92394cddb2ae40c7060c709621db86634b25fe1a","sha256":"2f441c962e351ef150f80bda82823c79cbb9ca057e0be5761a3584a3ba89b9e6","sha512":"028551afde3dd00b87ebd86e58888da9a3c317753760af83697602d9796956e687f83e5b1d60e3844d6f9b6acfcbb9cf93088116a6872e72ea6c2fafec85c50f","ssdeep":"384:wwuf8OQL0sARrAZcNWLq/+Ffm/hibLexa2VautyX2fsL3ZHO1O95:wwuf8OQL0sAZAGNWmGcibLexa2Vau0XN","tlshash":"9c4235e16197e0f0c7c338a48816c051f2bf866cb8898054fb5dcdd22d5de07626b77a","first_seen":"2025-03-17T01:59:03.5715Z","last_seen":"2026-04-03T20:14:05.507077Z","times_seen":7155,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/04/cropped-sahorizon-1-32x32.png","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/cropped-sahorizon-1-32x32.png HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/png\r\nlast-modified: Sun, 13 Jul 2025 10:21:14 GMT\r\netag: \"210-6873889a-401b587f22f65a1d;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 528\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":528,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"4374696e16b1955d80a0b8e8bff43d9c","sha1":"cbf83064cd4bcfd52f2da233a4be446bf14aab24","sha256":"7a4b709e44634c99fa9e4f95bf0c6ab121521a2ca98f17dcb50e86286a0684d8","sha512":"d1efbde1480bef726e7ce5e5e064c311c28da04bf51d6b8a676128f8665fb63e65c3501b5c57487b12817bf9306fbccc5829345f0777cc9289066b9cc4bbe145","ssdeep":"","tlshash":"1df020cb0d604417c8c50b3b0b0a4d24bde2db2e5da35340829e6a764928019e182fd0","first_seen":"2025-09-22T20:05:15.859462Z","last_seen":"2025-09-22T20:05:15.859462Z","times_seen":1,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.370Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/7325e0dccf6fa932a66ddef7ef8fbaaa.css?ver=fbaaa","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/7325e0dccf6fa932a66ddef7ef8fbaaa.css?ver=fbaaa HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"d1c-68d1a5d3-18e26bc3707fd18c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 622\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3356,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3356), with no line terminators","md5":"f9b0b1948dca272b16005165ab098f29","sha1":"6e6ae044e8392eb26831476b5340808d076ff76f","sha256":"f67e99114807ecac9bba6fbb9f81eea467c50c9f03b59974fe696bdfab6ba227","sha512":"ef44daa0524b9154a0d83b57e66accc70284c318893df7ccee6de0bcb7e9f537d1fd47ca4e52c88de7d519290f53c76641812f1cdd0ddb4b5e90b6acb5718477","ssdeep":"","tlshash":"1b61ac2078759d2eb937450676f120086450a6ebea5a9cfb7cbeff76c4825c04c364ed","first_seen":"2024-02-10T03:24:26Z","last_seen":"2026-04-03T21:38:01.148451Z","times_seen":3916,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/04/mental_health_speech_topics_1200x720-300x180.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/04/mental_health_speech_topics_1200x720-300x180.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sat, 14 Jun 2025 10:06:52 GMT\r\netag: \"36b0-684d49bc-896dd7b452a63280;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 14000\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":14000,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x180, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"2fa829f1ea75a20645f40fddfdb13a96","sha1":"dbcbe1072aec6fdfc7d78092f1434b7717216f83","sha256":"543b5096d663fa5199defce9a6aff4a9212c69153eeb6c3c475d07b4e84df851","sha512":"05d1d7dc692ccb1f82fdcea294d6affc6b95db6aae20b7d6d656e849037c30cc06bb5938511e812300bfecb9b1126a92896d01277c110884899a1fb8c9a9b01a","ssdeep":"384:rWHDzaKvsAcJl4xyiRA7sMB8ho4c5y4lm6OjwtgQt05:yXaKvsAal4xyiOoMsj2lm6BJt05","tlshash":"7952bf08b2494e01d39769a39c63263e487bf1d7bbc859212161624df1d0a3cab4d9bf","first_seen":"2025-09-22T20:05:15.861656Z","last_seen":"2025-09-22T20:05:15.861656Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oamsursumsauz.net/500/9620871?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"oamsursumsauz.net","domain":"oamsursumsauz.net","tld":"net"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:53.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oamsursumsauz.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:35:01 GMT","end":"Sat, 18 Oct 2025 05:35:00 GMT"},"fingerprint":{"sha1":"15:08:E5:10:97:98:9A:68:4B:96:AF:40:16:99:5E:A2:7F:6D:1B:FA","sha256":"80:1A:EF:F3:CD:54:AD:65:88:C6:E0:97:07:75:81:E5:4C:41:38:16:E0:EB:F9:4F:72:C9:12:E3:8C:7A:C3:23"}}},"request":{"raw":"OPTIONS /500/9620871?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: oamsursumsauz.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:53 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":98,"dns":12,"connect":26,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"vaimucuvikuwu.net/wrr?z=9620869\u0026p_rid=e732fee2-1a30-491e-a7f5-32c1e4493fc7\u0026rb=B_JCt6BtFyztr16EIdoStuUXF-VqmrOXupnXwUG-SAZUET-cyZe9Y1hZ6mnsNGsl3Iej20RjqqJOJX8zU19Ec3wfO9YhcJsr_vbNUG73CeWow06VWqNrTSHhS4hsEYcjm_LtXVpoKU41ny-fvXCGaofywssrWXSsXOWYKPMBLg6fSGcoCDCJJQZOwxcizr_udH9ii0myx4ktsIFFu1t7ImsOlk2HXZVzolzOqz0odDCaFgKxdyRJ2avbJMnjvS9xPEecUNbRA1mECyPj-dByVn2PcoaEarXHiZWVoH3ESog=\u0026dmn=\u0026userId=08024c27e96042e6e9ac79095dc93a0b","fqdn":"vaimucuvikuwu.net","domain":"vaimucuvikuwu.net","tld":"net"},"ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vaimucuvikuwu.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:19:32 GMT","end":"Thu, 30 Oct 2025 05:19:31 GMT"},"fingerprint":{"sha1":"35:87:C8:60:07:AA:D4:C9:E9:EB:7C:B3:1E:4B:E5:C4:C4:D7:83:09","sha256":"6A:C3:77:FB:D8:62:C1:E1:AE:65:AD:FB:94:A5:AC:5E:8F:99:A3:44:C6:D8:3E:06:92:93:F5:D6:48:74:68:0A"}}},"request":{"raw":"OPTIONS /wrr?z=9620869\u0026p_rid=e732fee2-1a30-491e-a7f5-32c1e4493fc7\u0026rb=B_JCt6BtFyztr16EIdoStuUXF-VqmrOXupnXwUG-SAZUET-cyZe9Y1hZ6mnsNGsl3Iej20RjqqJOJX8zU19Ec3wfO9YhcJsr_vbNUG73CeWow06VWqNrTSHhS4hsEYcjm_LtXVpoKU41ny-fvXCGaofywssrWXSsXOWYKPMBLg6fSGcoCDCJJQZOwxcizr_udH9ii0myx4ktsIFFu1t7ImsOlk2HXZVzolzOqz0odDCaFgKxdyRJ2avbJMnjvS9xPEecUNbRA1mECyPj-dByVn2PcoaEarXHiZWVoH3ESog=\u0026dmn=\u0026userId=08024c27e96042e6e9ac79095dc93a0b HTTP/1.1\r\nHost: vaimucuvikuwu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"HEAD /witanime/ HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/3 200 OK\r\nx-powered-by: PHP/8.2.27\r\nx-dns-prefetch-control: on\r\ncontent-type: text/html; charset=UTF-8\r\nx-pingback: https://sahorizon.com/xmlrpc.php\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://sahorizon.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://sahorizon.com/wp-json/wp/v2/posts/4285\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://sahorizon.com/?p=4285\u003e; rel=shortlink\r\netag: \"67630-1758569938;;;\"\r\nx-litespeed-cache: hit\r\ndate: Mon, 22 Sep 2025 19:39:41 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"baithoph.net/400/9620913","fqdn":"baithoph.net","domain":"baithoph.net","tld":"net"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.351Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"baithoph.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 29 Jul 2025 09:15:16 GMT","end":"Mon, 27 Oct 2025 10:12:08 GMT"},"fingerprint":{"sha1":"6A:EA:6C:B1:AF:23:0A:8A:93:6C:81:F4:9E:05:AA:BA:E5:E4:B2:38","sha256":"3F:1A:8F:65:EB:4B:63:71:A7:19:59:BB:4E:E2:34:7B:60:89:D7:C6:C7:B2:20:83:9E:F8:B0:BF:C5:F9:83:1E"}}},"request":{"raw":"GET /400/9620913 HTTP/1.1\r\nHost: baithoph.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RijJMvoTlpcmC4sp2diEHxj1y90iDZ2vb%2BDz4ScTG6SQwDzgJBiXRJpKSifhP9wJZzC6mHMLMt8BhSjNeTKt6yWaobChuqkwhLgiJw%3D%3D\"}]}\r\ncf-ray: 98344515f8932efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":164550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"8e094c1eb003e888932269aa65eb07c9","sha1":"a3e19239a9dd0cb78491d7d97872fea047bceea5","sha256":"65ad2d722ae876644571fe3398529fdbee26ab79c08323e4cfa9ffccecfe9632","sha512":"51e6aa6fe7fb9426347cbe52d89c73d86894ad2bdf462f488729809713a7152199b40cf7bed02229a76e8f4ec0f3c1202bed4f2f1c90a58ef34ae7ee7db89eb5","ssdeep":"3072:sIaz5kvovPphA8+QMbcRs5UDXzeaOARiCiB9vtmC7fcWeDcy1TfrGFV2NfS:sIatVAhQ4gsCjaB91z7fcWeDzRfr+V28","tlshash":"9af3ead97281745a2a736030526fee1f793b8e61648ec514f1a6f1b53e3880e9353eec","first_seen":"2025-09-19T12:11:56.519525Z","last_seen":"2025-09-26T07:36:47.307071Z","times_seen":39,"resource_available":true,"data":null}},"time_used":191,"timings":{"blocked":52,"dns":34,"connect":1,"send":0,"wait":77,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"baithoph.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620913?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:52.906Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /500/9620913?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:53 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 2cdf1b3a79174a2ff7ba0e23ef9e28e5\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:52 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1883,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"8a5cf7dce7950a8eaa2d49f3a8168bfa","sha1":"f312b1540f462591d5a449bd086e06dab6959a18","sha256":"e70dbd313a970f840527f2c154d50833b2af29d4a278467d63bc169304514fb2","sha512":"f6dbc55f26f9dd883486bc3935e00e777b88e83e5af3da15359959f127afc6863acda5925361379e6786fbc939ee493086de9a5c2a9cf4f4779446ca8d6b163a","ssdeep":"","tlshash":"214119e4a64bad750f90cbc1466c3c18d170f88b5e90e73ce9afc48122da03196c2192","first_seen":"2025-09-22T20:05:15.863135Z","last_seen":"2025-09-22T20:05:15.863135Z","times_seen":1,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"oamsursumsauz.net/500/9620871?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"oamsursumsauz.net","domain":"oamsursumsauz.net","tld":"net"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:53.930Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oamsursumsauz.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:35:01 GMT","end":"Sat, 18 Oct 2025 05:35:00 GMT"},"fingerprint":{"sha1":"15:08:E5:10:97:98:9A:68:4B:96:AF:40:16:99:5E:A2:7F:6D:1B:FA","sha256":"80:1A:EF:F3:CD:54:AD:65:88:C6:E0:97:07:75:81:E5:4C:41:38:16:E0:EB:F9:4F:72:C9:12:E3:8C:7A:C3:23"}}},"request":{"raw":"GET /500/9620871?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=eehassoosostoa.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: oamsursumsauz.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:54 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: 8d3a27fa96d3811badc020f3ede855e1\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:53 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6075,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"b24ca933c7cb20eb1525f2fb2f01baf4","sha1":"010f9064553f9e03c6bb5fa48a170c07a23bbf1a","sha256":"dac5640138893f5c4ab1820b74d1458a876af96e7945067dda5283f88e7d349e","sha512":"d9e7d0e5d827b50c62a297478dff93f904049bee64df1eee47da7a2efbc52bcda75ff7b1c2614ad3995c307141be03e6e285b1530dd68e70dba3ebc0334f376f","ssdeep":"96:Jqmyb5IerWsB3ZRRX0gB7E8WQN3weA0rs7c/uRdhpPC7h+TReJNThdh2hJbDm:JXyb5pZ3JX15E87weABpPmWgD+Jm","tlshash":"08c1f9af3505c913de81df0c2ab22d7698db882a05e63b8cd38bd57642cd1b82cb7741","first_seen":"2025-09-22T20:05:15.866086Z","last_seen":"2025-09-22T20:05:15.866086Z","times_seen":1,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":14,"connect":26,"send":0,"wait":137,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"oamsursumsauz.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/61cf954a91c856e89bb2c079380418f9.css?ver=418f9","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/61cf954a91c856e89bb2c079380418f9.css?ver=418f9 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"a06-68d1a5d3-a1d18fd085f79a4d;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 544\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":2566,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2566), with no line terminators","md5":"ebc4817d78928435ca7eed8216d49e5b","sha1":"8e120ea34776bca556b3c6bccb361c45f0a7f964","sha256":"7c8eb7fd8354e29e58e77290872b6e05a65404a4d16fe26996b72b6f2f606281","sha512":"cbcc6cc2e06303e3e0fae560253b7f9438fef8a83f6a5dbf84d0b6f24ca9f4b8855e55e979dc55b41517a21ddb5e789f16957efa1e470978ad3b4a12110f8360","ssdeep":"","tlshash":"f8514bd9d1b8248640f34b2ff7d6865438f3a41452977a82a0db671548efe4607a3fbc","first_seen":"2023-04-06T22:42:41Z","last_seen":"2026-04-03T21:34:45.169109Z","times_seen":3549,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":172,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/08/wcofun-the-ultimate-free-anime-and-cartoon-streaming-platform-150x150.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.035Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/wcofun-the-ultimate-free-anime-and-cartoon-streaming-platform-150x150.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Fri, 08 Aug 2025 07:58:32 GMT\r\netag: \"fb6-6895ae28-4033a39a552ac88e;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 4022\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":4022,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 150x150, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"66975ddf8c55c2fde256887c9563e4cd","sha1":"205362517d30103c72f5fd6503edf08455b1193d","sha256":"94193a120d7ba1aead882d8ea09ceb5b05c764bfd4b9028b4ac4bed82a037246","sha512":"9797660eb03661b0142d4df1e240113fe5587441e77b120ec64eca0f3933df824eb1d347f6df281c2d4242ec3f4653e9facae8993db4d7ad3511ea813635b660","ssdeep":"","tlshash":"55817e11386a32da9b115a2cdd952bd030774911cf9caca265ddeb300dd004cb7d0dfd","first_seen":"2025-09-22T20:05:15.86992Z","last_seen":"2025-09-22T20:05:15.86992Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/01/Discover_Vuianime_A_Gateway_to_Anime_Wonders_2025_1200x720-150x150.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/01/Discover_Vuianime_A_Gateway_to_Anime_Wonders_2025_1200x720-150x150.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Tue, 17 Jun 2025 16:50:23 GMT\r\netag: \"2bfe-68519ccf-4f2bd0b97405e267;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 11262\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":11262,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 150x150, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a1a9e8817af201e466958213056dc555","sha1":"fcc07cbd5df6ed047bef96dc78b7278914725486","sha256":"29b4466fa66c9b2582374e5718928c8a7d01fdc02a36b4a34e03c531172bef90","sha512":"e7bc88bd94fa7f25822afd2e1db836de5e61690f32e91adb19f0be950dcf72cbf177781866803a8f296e3537cb39957807a937ce82e31d30d9cb9fe5e0a7d0b0","ssdeep":"192:mHuDJI16WZgvEpwbRMw7G2la3CompL7WODbZEikDLEpQpjVohYTbKBrB8Fl:f6161vEpgMwabalD2rQupjWhYqBrql","tlshash":"9232cf0a79fba79e1cd85c1166709e9d17387006c4c8aa0a07b7cd7cc09729a434da6e","first_seen":"2025-09-22T20:05:15.871569Z","last_seen":"2025-09-22T20:05:15.871569Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"eehassoosostoa.com/401/9620871","fqdn":"eehassoosostoa.com","domain":"eehassoosostoa.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eehassoosostoa.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Sep 2025 09:21:15 GMT","end":"Tue, 09 Dec 2025 09:56:36 GMT"},"fingerprint":{"sha1":"95:C2:F6:38:8F:A7:49:59:0D:33:06:36:19:4A:07:F9:D2:5C:EB:5B","sha256":"DE:42:1B:84:C6:7F:C7:85:F8:36:47:67:DC:45:47:57:51:96:BC:BD:C4:DF:A0:70:21:86:B6:D6:72:91:2F:54"}}},"request":{"raw":"GET /401/9620871 HTTP/1.1\r\nHost: eehassoosostoa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 19:39:43 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BtGTf%2Fkz9GjJYcjYqggnYOpi%2BbotiTo6OszyhX1XJh2zcLwyP91gJe83BOCZKQnBvTUws8DJ5nXhJIOicDWUpGLgYzAnS49DVNwaQOh0zmg%3D\"}]}\r\ncf-ray: 9834451afdb6b500-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168023,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"efe17cec8fadfad13728665d6072ca7a","sha1":"a5393219020fb38b93d28fff4e962290ed0b5ff9","sha256":"8dacc585c4e5070911c48a95cea5c1203e3d76525d4fc6af2609698ff4455fb0","sha512":"1d4d2d512baf0e05a84a80acd858fe2dbd9bcfc6b4e7e12ed220b19c95bea79bb97fb3657ff158e176d09c398d7cc451a66fd5df6eb88c0f7b25870feafa0bf9","ssdeep":"3072:vw+08/+ugr0a9bQee57WSSybf0AEq7WYV9u5OVvy6/PKSWxyScqe//kAoUBEMY:vwfjWCybdh7b9u5OVK6/PKSWx6m7tMY","tlshash":"68f3fcc9768174562a63b030522fad5fb92b8e20585f8d04e166f0e93e3945ee353efc","first_seen":"2025-09-19T12:11:56.547337Z","last_seen":"2025-09-26T07:36:47.386576Z","times_seen":56,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":287,"dns":34,"connect":4,"send":0,"wait":75,"receive":0,"ssl":245},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bobapsoabauns.com/www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png","fqdn":"bobapsoabauns.com","domain":"bobapsoabauns.com","tld":"com"},"ip":{"addr":"172.67.166.60","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bobapsoabauns.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 04:24:25 GMT","end":"Tue, 16 Dec 2025 05:21:54 GMT"},"fingerprint":{"sha1":"4D:D9:7B:8E:2E:B1:DF:4E:5A:71:CF:29:D6:3A:1D:7E:AA:3D:5A:A2","sha256":"88:8A:05:87:6E:69:15:70:D5:BC:48:78:60:76:1A:E9:45:82:CE:D7:2D:0B:89:EB:6B:09:58:DC:93:D4:79:E6"}}},"request":{"raw":"GET /www/images/31f5bb5f43a7bd2800c6724e3a4125d2.png HTTP/1.1\r\nHost: bobapsoabauns.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 19:39:46 GMT\r\ncontent-type: image/png\r\ncontent-length: 16893\r\nserver: cloudflare\r\nlast-modified: Mon, 17 Mar 2025 02:12:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67d78504-41fd\"\r\nexpires: Tue, 23 Sep 2025 04:27:50 GMT\r\ncache-control: max-age=86400\r\ntiming-allow-origin: *\r\naccept-ranges: bytes\r\nage: 54715\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Rbk5oenOjecQ4lVEDxU6mYR8sPXVR0babFTvMByO8bXSUwWBG6x70ViFsDLvFnIRjncmpTf548739E5ixJjWWPST6vnB7gnv1J7aJu7QM1c%2B\"}]}\r\ncf-ray: 9834452ec8ed21fe-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"31f5bb5f43a7bd2800c6724e3a4125d2","sha1":"bc1bcd6aa31ac91dd34359c2fbbcaefb3e15c875","sha256":"e5dd86d52381d2bff5f1b74d3923443d3d95ced64048662307ed3ec2d52eb61b","sha512":"472e23766bb20f680ab31d5c358d9555ce56596444072978dd6340ca5e918aedcf1985a811c7f3f41b72bb15ce3df8ca98a2fddb5ec9a1eeb5f30d586fc7c23e","ssdeep":"384:wDIuIpXyvlnQ8HrcT30rRp8Rp6g9TzBtnL1Ti7DpHQ9:wsHyvBXHrQxF93By7DhQ9","tlshash":"0572c06f0a4a5703999d1c0d1eab7c9d667a425f007c2e6b23239c5cf94a36f6042df5","first_seen":"2025-03-17T02:19:44.486682Z","last_seen":"2025-11-29T07:50:01.235056Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":43,"dns":21,"connect":1,"send":0,"wait":12,"receive":1,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/72c538806ede95c85cb2120229639bf5.js?ver=39bf5","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/72c538806ede95c85cb2120229639bf5.js?ver=39bf5 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"214e-68d1a5d3-c601cdde5302760f;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2664\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":8526,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (8524)","md5":"d3903fc6792b30db20d567ac27cb32d7","sha1":"3878ed47da14f29379d385c89b07c7c43e46235a","sha256":"e7802a0072e0400e012d016dfa8fcb77e5bc9d7d86dc5500d502c22b76467eb6","sha512":"c13ef44338efd56a34a0f02c89d246158187ffd6f3fcd78ec88222aac313170422f16b8465ad86c76d6cdcb2a42a9f6e4e040bbb48751f2425981cd0d1f10563","ssdeep":"96:BiLzZp1jH2BKyAWjjp9+1YYE7Aq5l0ok7yyAMGrrAU9gEuqOxVTHjiQzBSw6MCnp:B6jH2cK5IKD0Y3vm17iQz8VBAn06kd","tlshash":"9702d88cf71034b548bfc69e81dba500d1bbc92596439086f69d8c4e1949f6813e7fdd","first_seen":"2023-05-29T23:05:28Z","last_seen":"2026-04-02T16:55:26.615003Z","times_seen":156,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x7i0.com/tag.min.js","fqdn":"x7i0.com","domain":"x7i0.com","tld":"com"},"ip":{"addr":"139.45.195.12","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"x7i0.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 15 Sep 2025 11:38:54 GMT","end":"Sun, 14 Dec 2025 11:38:53 GMT"},"fingerprint":{"sha1":"19:03:00:84:7C:25:C8:1F:0B:20:51:91:CD:C3:22:2C:35:A6:7C:95","sha256":"1F:AE:71:43:F0:9F:64:A4:69:7D:CB:AD:A2:6C:5F:BB:D0:95:4D:81:0F:41:59:C4:A2:A0:21:B2:B8:E4:7D:EB"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: x7i0.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: a64dd5314227b5f330af67203e506c0b\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":109904,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"70861c5d03f60fb8ab1a4146f3170e02","sha1":"8cab6aac0efa993aac8e7ed16d2eff249ec19d00","sha256":"f4a0fe927ea15964b159cefd2f5e127d0659499785f4e3dc3a18ed1ee5964f6a","sha512":"ff67ffcd1f3c45fa70f02dac8059f43a3dd0ba4c4f832c1d2002227332ae2a629a15991805518f39fdeca538f2321729b19d05059c0eaa039698b7b204b51fbb","ssdeep":"1536:KORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEwtr0r0:KORVd4nQqvXoRGEQr0r0","tlshash":"14b30a9c625734711d7a9129785fc44daeeaef80048e89e4d0daac732653071d3bbfe8","first_seen":"2025-09-22T16:31:24.507837Z","last_seen":"2025-09-23T13:48:16.920429Z","times_seen":8,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":78,"dns":1,"connect":26,"send":0,"wait":57,"receive":0,"ssl":59},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"x7i0.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/09/gaming-news-e-true-sport-your-ultimate-guide-to-gaming-and-esports-300x158.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/gaming-news-e-true-sport-your-ultimate-guide-to-gaming-and-esports-300x158.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Sun, 21 Sep 2025 06:47:31 GMT\r\netag: \"1a44-68cf9f83-f347de5295376f02;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 6724\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":6724,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x158, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"c0882081a587d06b6a87d362a8856de7","sha1":"9206d3be7893c07ca52e5984555c9939e575626b","sha256":"9a7b75fda43303b9442b6d8f18a67b15344b6cc3934cc1b12a68c46c8ee06d02","sha512":"46588ee528e9e5daa3a32d4803782a1fc438f6a421167dbe528e8be9e40d5039ebed53662e0b01b7798edbd0e7ebb9d0bae27811afd42aa093798c5e4273c023","ssdeep":"96:MggSplzrLK4uc0IGWL78a8HFLKGFZRDVT34NkIkcUxdO3WxL3iiokDt7RAL+Rh1:pggprCVjKuKgRZWUxdsW4BCt7b","tlshash":"6dd19ef5879f3366c12c9d629a03fa522fda91b5b3cb036650f144abd0fce5441392c1","first_seen":"2025-09-22T20:05:15.875373Z","last_seen":"2025-09-22T20:05:15.875373Z","times_seen":1,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=ae728084-6fb4-4832-bbcd-75167fab0d44","fqdn":"fleraprt.com","domain":"fleraprt.com","tld":"com"},"ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fleraprt.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0","sha256":"9E:F7:13:45:55:C0:E9:09:A9:42:CC:D1:27:57:55:66:A1:63:5C:CB:EA:38:76:AA:6D:AB:5A:02:42:09:5D:46"}}},"request":{"raw":"POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=ae728084-6fb4-4832-bbcd-75167fab0d44 HTTP/1.1\r\nHost: fleraprt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1405\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.25.5\r\nDate: Mon, 22 Sep 2025 19:39:46 GMT\r\nContent-Type: application/json; charset=utf-8\r\nContent-Length: 12\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://sahorizon.com\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"adb4650bfc9d2a73d4dd69583b0ceb14","sha1":"1ce399d6e936232aaf2192cd7903a279c5015f22","sha256":"21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed","sha512":"3fbce22572bbed1aada0f7c6706f16a97e7c0ea132dfee1a7eb80f5e68da1cc63c891a5bc3ea8e87f0c97be3002212a0efbb2af9553acb45e0d447a685cd805b","ssdeep":"","tlshash":"436000000c3000000cc00c0000c00030ff300f00000f00c0000c00f003030c0c00c000","first_seen":"2023-04-05T07:30:31Z","last_seen":"2026-04-03T21:01:43.578834Z","times_seen":55969,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":140,"dns":27,"connect":26,"send":0,"wait":28,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:48.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 13:04:57 GMT\r\nexpires: Sat, 19 Sep 2026 13:04:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nage: 282891\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-03T21:31:02.085282Z","times_seen":713106,"resource_available":false,"data":null}},"time_used":143,"timings":{"blocked":63,"dns":0,"connect":7,"send":0,"wait":8,"receive":9,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-22T19:39:41.512Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /witanime/ HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/8.2.27\r\nx-dns-prefetch-control: on\r\ncontent-type: text/html; charset=UTF-8\r\nx-pingback: https://sahorizon.com/xmlrpc.php\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://sahorizon.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://sahorizon.com/wp-json/wp/v2/posts/4285\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://sahorizon.com/?p=4285\u003e; rel=shortlink\r\netag: \"67631-1758569939;br\"\r\nx-litespeed-cache: hit\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 66589\r\ndate: Mon, 22 Sep 2025 19:39:41 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"WordPress:6.8.2","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"WordPress Block Editor","description":"Sites using the WordPress Block Editor, also known as Gutenberg.","website":"https://wordpress.org/gutenberg/","common_platform_enumeration":"","icon":"WordPress.svg","categories":["Page builders"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":168534,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (35596)","md5":"ad7472d8e3e20d06e52c7f2e4a64ccd7","sha1":"cd753ee65e7274b896d61e6da7284e89eeb72760","sha256":"47b49b24de89356bcf3c529a1b1d828f3db4b32ad1774de1bfed39b7869e742f","sha512":"ca55737ffe3b2a5de3ab54c9a8cafb884b73ecbf869e4d81f48f1b0e1680b7af2f57a4e1f17c0a8d9a5990d693e88fd5ee154d66d0a8dc4094b768a41ba93d18","ssdeep":"3072:4d1FJ0Lb87HEB7MkAK/Lm54MY4PcxPREl2WoDefT0jcb:MXJ0Lb8LOMdaOPgSl2JqT0G","tlshash":"d2f36c726368207a373f479da19f770da254c04ade1b0ae8f1b1c45882c2df53676fa9","first_seen":"2025-09-22T20:05:15.883636Z","last_seen":"2025-09-22T20:05:15.883636Z","times_seen":1,"resource_available":false,"data":null}},"time_used":712,"timings":{"blocked":195,"dns":6,"connect":99,"send":0,"wait":102,"receive":200,"ssl":107},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.387Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"HEAD /witanime/ HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/8.2.27\r\nx-dns-prefetch-control: on\r\ncontent-type: text/html; charset=UTF-8\r\nx-pingback: https://sahorizon.com/xmlrpc.php\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://sahorizon.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://sahorizon.com/wp-json/wp/v2/posts/4285\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://sahorizon.com/?p=4285\u003e; rel=shortlink\r\netag: \"67631-1758569939;;;\"\r\nx-litespeed-cache: hit\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":101,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/500/9620872?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"OPTIONS /500/9620872?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:46 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fleraprt.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=ae728084-6fb4-4832-bbcd-75167fab0d44","fqdn":"fleraprt.com","domain":"fleraprt.com","tld":"com"},"ip":{"addr":"139.45.195.252","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.417Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fleraprt.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 11 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"23:5D:23:03:7B:8D:47:5A:E9:9C:E7:E0:5C:7E:E6:4F:A2:DC:B6:D0","sha256":"9E:F7:13:45:55:C0:E9:09:A9:42:CC:D1:27:57:55:66:A1:63:5C:CB:EA:38:76:AA:6D:AB:5A:02:42:09:5D:46"}}},"request":{"raw":"POST /async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f\u0026ruid=ae728084-6fb4-4832-bbcd-75167fab0d44 HTTP/1.1\r\nHost: fleraprt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 451\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.25.5\r\nDate: Mon, 22 Sep 2025 19:39:46 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: https://sahorizon.com\r\nAccess-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE\r\nAccess-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match\r\nAccess-Control-Allow-Credentials: true\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.25.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":120,"dns":26,"connect":26,"send":0,"wait":26,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel.wp.com/g.gif?v=ext\u0026blog=240632613\u0026post=4285\u0026tz=0\u0026srv=sahorizon.com\u0026j=1%3A15.0\u0026host=sahorizon.com\u0026ref=\u0026fcp=0\u0026rand=0.7886650144597481","fqdn":"pixel.wp.com","domain":"wp.com","tld":"com"},"ip":{"addr":"192.0.76.3","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wp.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Wed, 06 Aug 2025 19:44:50 GMT","end":"Tue, 04 Nov 2025 19:44:49 GMT"},"fingerprint":{"sha1":"E3:33:F6:CB:1D:54:80:51:6E:94:B6:72:D6:8D:22:88:EC:CF:5C:C2","sha256":"A2:6F:1C:4D:B8:5F:EC:D5:D1:31:F6:0A:A1:D3:C4:05:9B:6A:16:37:15:5E:C6:BE:AE:95:93:6E:79:6F:7D:8E"}}},"request":{"raw":"GET /g.gif?v=ext\u0026blog=240632613\u0026post=4285\u0026tz=0\u0026srv=sahorizon.com\u0026j=1%3A15.0\u0026host=sahorizon.com\u0026ref=\u0026fcp=0\u0026rand=0.7886650144597481 HTTP/1.1\r\nHost: pixel.wp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: image/gif\r\ncontent-length: 50\r\ncache-control: no-cache\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 6 x 5","md5":"e4d673a55c5656f19ef81563fb10884c","sha1":"1f2d8ed221d39329251ad3a6ff1edb20b7219443","sha256":"f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1","sha512":"e0b03411282a979cf772f700d9e5634b0c25c612e380ad33c0d59059b1b479d027016d5beb148403ef185430db35f5faed362f36ce2c8ecad0e6d8e30cea97b4","ssdeep":"","tlshash":"69900201f9a08180c1206535091a035c62049256490443062255751c5d546650616254","first_seen":"2023-04-05T23:53:38Z","last_seen":"2026-04-03T21:27:01.115987Z","times_seen":78109,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"oyo4d.com/5/9621002/?oo=1\u0026js_build=iclick-v1.1575.0\u0026userId=08024c27e96042e6e9ac79095dc93a0b\u0026dmn=x7i0.com\u0026tt=2\u0026ix=0","fqdn":"oyo4d.com","domain":"oyo4d.com","tld":"com"},"ip":{"addr":"139.45.197.118","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.172Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"oyo4d.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:09:42 GMT","end":"Thu, 30 Oct 2025 05:09:41 GMT"},"fingerprint":{"sha1":"CA:B0:55:2C:92:65:6D:F3:1E:6D:BA:45:88:FD:65:2F:07:36:13:27","sha256":"DA:EB:6B:D8:17:3D:D3:8F:2D:0D:B8:71:CE:2B:40:9E:83:B9:6F:46:25:7F:24:C5:24:83:76:CC:BB:09:4A:7F"}}},"request":{"raw":"POST /5/9621002/?oo=1\u0026js_build=iclick-v1.1575.0\u0026userId=08024c27e96042e6e9ac79095dc93a0b\u0026dmn=x7i0.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: oyo4d.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2587\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":239,"timings":{"blocked":100,"dns":14,"connect":26,"send":0,"wait":38,"receive":0,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/impression/_AN1tmkPAxhW-TAIiSzDIo5yDhmjPG554fqVZlTa8yuXLF9OIFeARCQHrMBQYG16ENtJYp-W595VX7A_8Shk4Qb7RUpEPczTdww7_EXVoL-jK_QnW3fQNkrdr3ndceXhGSO4mBqvz-ok0XUlekfSJ_7231vEb352vaR6QgjwJRHUTo4O9AiBta05NEXCl6CgA7LKAcbAyEETiw8Ncm8adOxyeT0K2FaZtmAELP1So_vwBlgdr-dAUDPkwhIvXld3AKB32_EntF1Mkpltg21OFG1CQoJ16k1I-ecYWQUZoxqeW1PxngdNUsvrpzYa-RUkDMKfCFLDsugRm4NFQwoT3uhAzV74M1dmBmzdE-zIG4PZFUzJ0508MgJDeFXEdRILBSHvc6X_nhNWH9GBxswFzu6wvD7EM8rhY5dK4TluPmnsfsl3ZBf02Q5Db0D_kGRi6WSHjGZW2d_4W-nyclFVvyDQydkScAEToKHPozJgRdS3Dyju1DscMo9KgUteV02JSrd8390RWSYiMWFerI5KN2M2TKLTG6WBMqi-XFmU5ENJWC9jlx_72SNSpc7KCjjxunvfLGkcLPy_7MpHVlsUkdzz3Z9ilkG9BZaxDhL1PE80g1U-H3BlspmSZpoFkwENn1V6bJldxViWR0DXtuI7OoRhc2XQAP1XFRMSpC7kPipDXxEMVlW0owj9ZoOdf_YHS6Q3mUtWhudq7HylmKSEjXbIo97_eOecBqRT8ZW2sOpDjwKbTWlQ0ad66Wk-nQzHQSxPSTXv0Eqc_tS8TYs42cYiE2dM42OMERubBm2ns5Fzz-Y4ph_naTIISkdNog3jmmVQU5l1L7Q=?_z=9620872\u0026sw_version=v1.735.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:48.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"GET /impression/_AN1tmkPAxhW-TAIiSzDIo5yDhmjPG554fqVZlTa8yuXLF9OIFeARCQHrMBQYG16ENtJYp-W595VX7A_8Shk4Qb7RUpEPczTdww7_EXVoL-jK_QnW3fQNkrdr3ndceXhGSO4mBqvz-ok0XUlekfSJ_7231vEb352vaR6QgjwJRHUTo4O9AiBta05NEXCl6CgA7LKAcbAyEETiw8Ncm8adOxyeT0K2FaZtmAELP1So_vwBlgdr-dAUDPkwhIvXld3AKB32_EntF1Mkpltg21OFG1CQoJ16k1I-ecYWQUZoxqeW1PxngdNUsvrpzYa-RUkDMKfCFLDsugRm4NFQwoT3uhAzV74M1dmBmzdE-zIG4PZFUzJ0508MgJDeFXEdRILBSHvc6X_nhNWH9GBxswFzu6wvD7EM8rhY5dK4TluPmnsfsl3ZBf02Q5Db0D_kGRi6WSHjGZW2d_4W-nyclFVvyDQydkScAEToKHPozJgRdS3Dyju1DscMo9KgUteV02JSrd8390RWSYiMWFerI5KN2M2TKLTG6WBMqi-XFmU5ENJWC9jlx_72SNSpc7KCjjxunvfLGkcLPy_7MpHVlsUkdzz3Z9ilkG9BZaxDhL1PE80g1U-H3BlspmSZpoFkwENn1V6bJldxViWR0DXtuI7OoRhc2XQAP1XFRMSpC7kPipDXxEMVlW0owj9ZoOdf_YHS6Q3mUtWhudq7HylmKSEjXbIo97_eOecBqRT8ZW2sOpDjwKbTWlQ0ad66Wk-nQzHQSxPSTXv0Eqc_tS8TYs42cYiE2dM42OMERubBm2ns5Fzz-Y4ph_naTIISkdNog3jmmVQU5l1L7Q=?_z=9620872\u0026sw_version=v1.735.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:48 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: b0b607d31c846d00ac7785a1d256af92\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-03T21:32:24.566251Z","times_seen":96321,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:40:03.839Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 22 Sep 2025 19:40:03 GMT\r\ndate: Mon, 22 Sep 2025 19:40:03 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26935,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"0674bb1b4725131d0ccedb9f2119d9fa","sha1":"354de89c766f790720b9b55a28ce76bc2f2878e8","sha256":"37e93534f20120328ca625c0011682d90e4e4f4e702b0f90baf22d0c1f7fc8b4","sha512":"db19ac78c34f52d076a4b91cc180acb24697a1c8385c2d848ea0363ca684177c9f01de0a7115c165c8a01d4ea1441e86c98c8ae32292c15d0bd373500c52db23","ssdeep":"768:DFAFRFYFKFf4FQLFDFXFRKNyEfSQv3rgXU/9ffQiqGr8vkSfEQNVR1GJuofOQjLh:EcvMo1","tlshash":"32c2fba108174000978358e223cebf34fe4f92507141d0b5abfdab6bedcbc6652693ad","first_seen":"2025-09-09T04:12:34.447807Z","last_seen":"2025-11-18T23:33:55.824058Z","times_seen":1117,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/ucss/7e8b9ac52ff28ecdfd9a57d441aba8c5.css?ver=1bbd5","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.083Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/ucss/7e8b9ac52ff28ecdfd9a57d441aba8c5.css?ver=1bbd5 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 01 Sep 2025 16:04:19 GMT\r\netag: \"2b43-68b5c403-f2a0f10fd7367041;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 2796\r\ndate: Mon, 22 Sep 2025 19:39:41 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":11075,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11075), with no line terminators","md5":"7e8b9ac52ff28ecdfd9a57d441aba8c5","sha1":"bc46196b2a6a6c50f8b8e1a8d0f5b56ec4ec527f","sha256":"8fd65054d322c274341fee0a83ee9b51e2b938f43acaa4e297bc82602e5323f8","sha512":"721d4f7c8ef1627e0a73f47815977adef587d6e31481f83161a84cae77d4dfcc4d022aecc5fdaa80b4d023a6a61f4495e6b1ff5e88e5b613d68ba6945dd19140","ssdeep":"192:oOwqWQXXI/c/0sUOwDw/XUtwWZ+8T7ryYOwhxDrQOhE:g/Lw/XUtwWZ+Z4DxE","tlshash":"fb32a6a147a064e8b56bca3aeac1e25cf014a511c20b52d7e9b2d310c5cd2772bf3b5e","first_seen":"2025-09-22T20:05:15.886867Z","last_seen":"2025-09-22T20:05:15.886867Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fpyf8.com/88/tag.min.js","fqdn":"fpyf8.com","domain":"fpyf8.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"fpyf8.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sat, 02 Aug 2025 05:43:54 GMT","end":"Fri, 31 Oct 2025 05:43:53 GMT"},"fingerprint":{"sha1":"36:76:3D:BD:D8:16:B6:15:82:A3:C4:56:19:6C:4A:13:46:7C:6C:3B","sha256":"94:27:7A:D4:8A:21:76:3A:7F:74:B0:23:CD:05:68:2E:3D:CF:BF:BD:80:EC:0D:4D:B3:52:ED:FF:1A:7D:E2:0D"}}},"request":{"raw":"GET /88/tag.min.js HTTP/1.1\r\nHost: fpyf8.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 42437\r\ncontent-encoding: br\r\nx-trace-id: c756baea6f6346fb4d6e1cc6b08b18af\r\naccept-ranges: bytes\r\nlast-modified: Mon, 22 Sep 2025 15:38:25 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":115359,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65494)","md5":"a7c94c4e9c63f7e44c93477b5844cd73","sha1":"cffe36c3cf761f1bffbde36eb844202d25ce5f1f","sha256":"dcc5f9d5eb107457c3e93e6118a0b3ddfca7a05e17c59ebd3129793e9cece823","sha512":"2cbd07984d7127c3e12416b41ca35bde95d77dc6c88394021db622f521154e1c09f6ff4c34aeebbbefc2d7efd04fddf20239bb9f0eeaa2303e873c52f567f839","ssdeep":"1536:+ORV5n7I9pN5MSHR8L6Ru5HjQdXog6wTEwtr0raOjLouEks:+ORVd4nQqvXoRGEQr0rjoue","tlshash":"f4b3199c625634711d7a9129785fc44daeeaef80048e89f4d0daac732653071d3bbfe8","first_seen":"2025-09-22T16:48:47.184849Z","last_seen":"2025-09-22T20:05:15.888697Z","times_seen":2,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":75,"dns":1,"connect":26,"send":0,"wait":62,"receive":27,"ssl":68},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"POST /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\nContent-Type: application/json\r\nContent-Length: 362\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-length: 81\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":81,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6821483ae6a206e99c0f586411bbbc77","sha1":"0ee24f507eb5426e6348aed148b1824f3b661697","sha256":"817d6ceb4bba7650abe5363247ac4c59ce57a7873782c257a7699d7e6b6b36f1","sha512":"63b1ca5b191b537583103c61349fa32e65ceea940842e52c56fd5b321a7c7744ef9d49ff9bed5763cf28302982b3a8d0ef2420cc765e3b19d857c9b966dfdc47","ssdeep":"","tlshash":"8da022b0200cca00a8ff03ae00f0fa80acbcc3330e3230a08ebc3c20803030203080e2","first_seen":"2025-09-22T20:05:15.890104Z","last_seen":"2025-09-22T20:05:15.890104Z","times_seen":1,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"glempirteechacm.com/401/9620872","fqdn":"glempirteechacm.com","domain":"glempirteechacm.com","tld":"com"},"ip":{"addr":"104.21.86.176","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"glempirteechacm.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 10 Sep 2025 09:17:39 GMT","end":"Tue, 09 Dec 2025 09:53:30 GMT"},"fingerprint":{"sha1":"3F:A8:06:E3:71:9A:6E:58:27:6B:91:B4:76:71:5E:AA:9E:52:1B:B7","sha256":"6D:1D:F8:7C:0A:4D:64:81:EF:3B:5B:68:B9:EF:9A:65:98:6C:FE:23:BD:43:71:6C:71:C7:BB:F8:A1:9D:64:CE"}}},"request":{"raw":"GET /401/9620872 HTTP/1.1\r\nHost: glempirteechacm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9z5dyxMUH1oNjmai0PoXLsJ%2FMYQ9Wr3zkjgWrKX7pi2gz7b5pFrZfNdcnXWE7wbi7pzbXvxT7EcSP5RZvBNE4f2Me79uDsHzdvTnXTF7%2FvAXK%2BM%3D\"}]}\r\ncf-ray: 983445196f5b2678-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":168023,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"efe17cec8fadfad13728665d6072ca7a","sha1":"a5393219020fb38b93d28fff4e962290ed0b5ff9","sha256":"8dacc585c4e5070911c48a95cea5c1203e3d76525d4fc6af2609698ff4455fb0","sha512":"1d4d2d512baf0e05a84a80acd858fe2dbd9bcfc6b4e7e12ed220b19c95bea79bb97fb3657ff158e176d09c398d7cc451a66fd5df6eb88c0f7b25870feafa0bf9","ssdeep":"3072:vw+08/+ugr0a9bQee57WSSybf0AEq7WYV9u5OVvy6/PKSWxyScqe//kAoUBEMY:vwfjWCybdh7b9u5OVK6/PKSWx6m7tMY","tlshash":"68f3fcc9768174562a63b030522fad5fb92b8e20585f8d04e166f0e93e3945ee353efc","first_seen":"2025-09-19T12:11:56.547337Z","last_seen":"2025-09-26T07:36:47.386576Z","times_seen":56,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":47,"dns":20,"connect":1,"send":0,"wait":46,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"vaimucuvikuwu.net/wrr?z=9620869\u0026p_rid=e732fee2-1a30-491e-a7f5-32c1e4493fc7\u0026rb=B_JCt6BtFyztr16EIdoStuUXF-VqmrOXupnXwUG-SAZUET-cyZe9Y1hZ6mnsNGsl3Iej20RjqqJOJX8zU19Ec3wfO9YhcJsr_vbNUG73CeWow06VWqNrTSHhS4hsEYcjm_LtXVpoKU41ny-fvXCGaofywssrWXSsXOWYKPMBLg6fSGcoCDCJJQZOwxcizr_udH9ii0myx4ktsIFFu1t7ImsOlk2HXZVzolzOqz0odDCaFgKxdyRJ2avbJMnjvS9xPEecUNbRA1mECyPj-dByVn2PcoaEarXHiZWVoH3ESog=\u0026dmn=\u0026userId=08024c27e96042e6e9ac79095dc93a0b","fqdn":"vaimucuvikuwu.net","domain":"vaimucuvikuwu.net","tld":"net"},"ip":{"addr":"139.45.197.106","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"vaimucuvikuwu.net","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 01 Aug 2025 05:19:32 GMT","end":"Thu, 30 Oct 2025 05:19:31 GMT"},"fingerprint":{"sha1":"35:87:C8:60:07:AA:D4:C9:E9:EB:7C:B3:1E:4B:E5:C4:C4:D7:83:09","sha256":"6A:C3:77:FB:D8:62:C1:E1:AE:65:AD:FB:94:A5:AC:5E:8F:99:A3:44:C6:D8:3E:06:92:93:F5:D6:48:74:68:0A"}}},"request":{"raw":"POST /wrr?z=9620869\u0026p_rid=e732fee2-1a30-491e-a7f5-32c1e4493fc7\u0026rb=B_JCt6BtFyztr16EIdoStuUXF-VqmrOXupnXwUG-SAZUET-cyZe9Y1hZ6mnsNGsl3Iej20RjqqJOJX8zU19Ec3wfO9YhcJsr_vbNUG73CeWow06VWqNrTSHhS4hsEYcjm_LtXVpoKU41ny-fvXCGaofywssrWXSsXOWYKPMBLg6fSGcoCDCJJQZOwxcizr_udH9ii0myx4ktsIFFu1t7ImsOlk2HXZVzolzOqz0odDCaFgKxdyRJ2avbJMnjvS9xPEecUNbRA1mECyPj-dByVn2PcoaEarXHiZWVoH3ESog=\u0026dmn=\u0026userId=08024c27e96042e6e9ac79095dc93a0b HTTP/1.1\r\nHost: vaimucuvikuwu.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://sahorizon.com/\r\ncontent-type: application/json\r\nContent-Length: 2587\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\npragma: no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"vaimucuvikuwu.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grookilteepsou.net/event","fqdn":"grookilteepsou.net","domain":"grookilteepsou.net","tld":"net"},"ip":{"addr":"139.45.197.122","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grookilteepsou.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 05 Sep 2025 05:23:12 GMT","end":"Thu, 04 Dec 2025 05:23:11 GMT"},"fingerprint":{"sha1":"74:73:06:C8:86:57:DF:47:5B:AA:44:AD:BD:29:95:9B:8C:28:2F:B1","sha256":"77:66:80:3C:82:1F:42:C4:C1:EE:ED:18:C6:2E:C2:C5:10:4D:8D:C6:19:69:D5:1D:5B:44:06:BA:E2:25:33:43"}}},"request":{"raw":"OPTIONS /event HTTP/1.1\r\nHost: grookilteepsou.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: text/plain; charset=utf-8\r\ncontent-length: 0\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid\r\naccess-control-max-age: 86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"grookilteepsou.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/500/9620870?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:47.835Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"OPTIONS /500/9620870?excludes=23316440\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=roagrofoogrobo.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://sahorizon.com/\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:47 GMT\r\ncontent-length: 0\r\nallow: GET, OPTIONS\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 600\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/07/cropped-sahorizon-1.png.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.993Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/07/cropped-sahorizon-1.png.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Thu, 17 Jul 2025 14:57:33 GMT\r\netag: \"7580-68790f5d-5924a68cfdf24b21;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 30080\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":30080,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7102b2c6400610f22e348a15415b45dc","sha1":"9a56c66e943db31a7440806827d2720e5c2083d1","sha256":"43f4944ca6eba253fd2b916d503f565a4537cfc86582aec329ba2fba0844601a","sha512":"9e6e46dea65fc16d64e5ec7d7bca7a5ad38d917781e43a8d64271a3a721284060fed26c5fc9b069da8696763f372312ea7717c97ee10ee7da7d7e9da3faf2e17","ssdeep":"768:4BRf8yHLuZ2jqsyRENuxzJj4fcK7pktvoCDh/5/QadR:YRf8yH6Q2syRENuvMrStRR1","tlshash":"75d2f1e58d18cd9bd303bfbd3bfe17ab142ca95bd49e0d38821cf5618649892d2b1209","first_seen":"2025-09-22T20:05:15.891677Z","last_seen":"2025-09-22T20:05:15.891677Z","times_seen":1,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/witanime/","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"HEAD /witanime/ HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/8.2.27\r\nx-dns-prefetch-control: on\r\ncontent-type: text/html; charset=UTF-8\r\nx-pingback: https://sahorizon.com/xmlrpc.php\r\nx-ua-compatible: IE=edge\r\nlink: \u003chttps://sahorizon.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://sahorizon.com/wp-json/wp/v2/posts/4285\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\", \u003chttps://sahorizon.com/?p=4285\u003e; rel=shortlink\r\netag: \"67631-1758569939;;;\"\r\nx-litespeed-cache: hit\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"WordPress","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"PHP:8.2.27","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T21:31:01.969645Z","times_seen":13304312,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/401/9620872?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:44.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"POST /401/9620872?oo=1\u0026sw_version=v1.735.0-s\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026st=true HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 24\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:44 GMT\r\ncontent-type: application/json\r\nx-trace-id: 26891f8742804f18cf3382beb7c0156d\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:44 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2074,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f8fa8139f0a6e287723f8f7407126ae9","sha1":"76821b078b5e9cfa2ec8b01c5b50a3715ed0522c","sha256":"2711c86f5c35681be57a909b57185ddd8c8c016273f40a5166176f2b77e6e621","sha512":"7e33be77baa3c4781ead6e3d94f3b6cb903075032d95905ceaf6273f03d0a556fae90ba5dc80097c73eb02257aa76f60b61e2cbc0a23afbde32f1926c7096f79","ssdeep":"","tlshash":"6641e4085d28457e82de5ab6dd0b6d470bb9051f390c712ee7494d5770ebce503eb10b","first_seen":"2025-09-22T20:05:15.892982Z","last_seen":"2025-09-22T20:05:15.892982Z","times_seen":1,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":114,"dns":23,"connect":26,"send":0,"wait":30,"receive":0,"ssl":63},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"zoojoujoaseeh.com/500/9620872?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"zoojoujoaseeh.com","domain":"zoojoujoaseeh.com","tld":"com"},"ip":{"addr":"139.45.197.244","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:46.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"zoojoujoaseeh.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:25:26 GMT","end":"Sat, 18 Oct 2025 05:25:25 GMT"},"fingerprint":{"sha1":"30:29:A2:9B:3E:28:C3:21:31:20:F2:F2:68:4A:48:A2:7D:F3:1D:0B","sha256":"9C:EF:56:02:8A:83:02:95:40:13:37:EF:17:5F:90:80:65:60:60:0C:02:CC:95:D6:61:4B:30:10:A4:DE:CB:ED"}}},"request":{"raw":"GET /500/9620872?excludes=\u0026oaid=08024c27e96042e6e9ac79095dc93a0b\u0026var=\u0026ymid=\u0026tgp=\u0026sw_version=v1.735.0-s\u0026dmn=glempirteechacm.com\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=3\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: zoojoujoaseeh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nOrigin: https://sahorizon.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:46 GMT\r\ncontent-type: application/javascript\r\nx-trace-id: f6fc2be4870eb4e534d812bd939aa94d\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: https://sahorizon.com\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nset-cookie: OAID=08024c27e96042e6e9ac79095dc93a0b; expires=Tue, 22 Sep 2026 19:39:46 GMT; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1978,"size_decoded":0,"mime_type":"application/javascript","magic":"JSON text data","md5":"ae5cd024e60c916abac6044984becf6a","sha1":"ad048d49e9fc13378a6cb30c6ff2fc8d38765b88","sha256":"cd79f7a60ef513709c4804237381fc91e70acab50733b565c99c742eab1991be","sha512":"ee7b230e0efc47ec2ddd1b3a4645f555d9dcf0fe4b6dc038ad9adee58149fddc0a5ee435c8475457a7d9b4a8644f9d3484ebadbb3fcaa9dc5ff4c681c8e82e96","ssdeep":"","tlshash":"fd410a7d57a48c3b3746428ea8de36356434002b9095c5dbac6f07443b68b482d47604","first_seen":"2025-09-22T20:05:15.894437Z","last_seen":"2025-09-22T20:05:15.894437Z","times_seen":1,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Theat Feed","description":"Hagezi Theat Feed","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"zoojoujoaseeh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"phoangaisool.com/impression/evjPJrc3fo6EYvItwrCcqUirydtdtx-XU7prfwJdSBgmm-96Fujxg7Y7DTycCFgTxj1QF1NFlCgthid9xUZNRRdHr_jTa2-CbDh_-YMbnM2ghC5qosk3yf28TAktWt6omtg7WO_ExWKaiSAnd3I11KNNK2EClopqba4aBvZOj9ourWD5UUxWCBsqaT5wWUbUdvEHnkXl2D33-0Ld528wKAdXpLN6qqEzvdAlwiAJtSRx0h_vKpZQ5et5x9I_BT5E5f0Y5KT2RmUrERVPOH2m4CDArMEZy8MzZTVWSiomRXBE81okJA4GLaLZneVOkeBTnVs4K6VvuWUDbO-joEU-THBBPFDx8jRIyD03sByh93i4agn3xAWY3yabP4LjKdLKAPjjUyzBcVZd3OqfVn1prLjnMEFNA6iqHIbvkoTHs2114_DKdX00OKCzPLFytRCxr7Uh7TP_WGf29dQ8hdCccHFLFtBMtF_VVivP5IQ4W5OxMn5HZkGIljOhWRVQo3mFO6MK1XIxmniqlKf4iA7IwaFGUOI9ySoPH7bMxngF7-bAsADPd1qdb3aGj_X-6N_bFEj8wsmhn_jp1XOlswVmd6L_8sl0OTiL-baesBXCR_AXB-rhyMS48--S84zacPw2GewJPm4-dLFvVWYOTZw2GciuDZRLzxhIO5P9UQZwfwIjFVA61iGA4cXhPXCybvhS5rFFTexVxppwCN3jBnbX8dIo952uFfR7iqXGhFjsmi-tx_NEQ0We3SFoZZq0uJyG2yLxddUS1N-U8K47YTFgfv-PGZBpCMf7cbwIiSRnyqexazuoLAlX6I6Ty3IyjLe8J3VU9LY0pfTYpWoQF1ELAn2mKkgl3RnmtUrq4cHQgO0=?_z=9620913\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1","fqdn":"phoangaisool.com","domain":"phoangaisool.com","tld":"com"},"ip":{"addr":"139.45.197.243","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:55.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"phoangaisool.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 05:27:33 GMT","end":"Sat, 18 Oct 2025 05:27:32 GMT"},"fingerprint":{"sha1":"1B:B6:A8:E4:08:A6:29:EB:A9:7A:9B:7B:F9:85:53:57:9B:C7:36:4B","sha256":"0E:69:6F:3E:06:9D:64:E5:1B:E6:9B:A0:66:40:B8:3B:8B:F7:A0:BA:DA:77:B5:E5:0B:C7:3B:FF:11:3D:C1:C9"}}},"request":{"raw":"GET /impression/evjPJrc3fo6EYvItwrCcqUirydtdtx-XU7prfwJdSBgmm-96Fujxg7Y7DTycCFgTxj1QF1NFlCgthid9xUZNRRdHr_jTa2-CbDh_-YMbnM2ghC5qosk3yf28TAktWt6omtg7WO_ExWKaiSAnd3I11KNNK2EClopqba4aBvZOj9ourWD5UUxWCBsqaT5wWUbUdvEHnkXl2D33-0Ld528wKAdXpLN6qqEzvdAlwiAJtSRx0h_vKpZQ5et5x9I_BT5E5f0Y5KT2RmUrERVPOH2m4CDArMEZy8MzZTVWSiomRXBE81okJA4GLaLZneVOkeBTnVs4K6VvuWUDbO-joEU-THBBPFDx8jRIyD03sByh93i4agn3xAWY3yabP4LjKdLKAPjjUyzBcVZd3OqfVn1prLjnMEFNA6iqHIbvkoTHs2114_DKdX00OKCzPLFytRCxr7Uh7TP_WGf29dQ8hdCccHFLFtBMtF_VVivP5IQ4W5OxMn5HZkGIljOhWRVQo3mFO6MK1XIxmniqlKf4iA7IwaFGUOI9ySoPH7bMxngF7-bAsADPd1qdb3aGj_X-6N_bFEj8wsmhn_jp1XOlswVmd6L_8sl0OTiL-baesBXCR_AXB-rhyMS48--S84zacPw2GewJPm4-dLFvVWYOTZw2GciuDZRLzxhIO5P9UQZwfwIjFVA61iGA4cXhPXCybvhS5rFFTexVxppwCN3jBnbX8dIo952uFfR7iqXGhFjsmi-tx_NEQ0We3SFoZZq0uJyG2yLxddUS1N-U8K47YTFgfv-PGZBpCMf7cbwIiSRnyqexazuoLAlX6I6Ty3IyjLe8J3VU9LY0pfTYpWoQF1ELAn2mKkgl3RnmtUrq4cHQgO0=?_z=9620913\u0026sw_version=v1.735.0-s\u0026dmn=baithoph.net\u0026fs=0\u0026cf=0\u0026sw=1280\u0026sh=1024\u0026sah=1024\u0026wx=0\u0026wy=0\u0026ww=1280\u0026wh=1024\u0026cw=1280\u0026wiw=1280\u0026wih=1024\u0026wfc=4\u0026pl=https%3A%2F%2Fsahorizon.com%2Fwitanime%2F\u0026drf=\u0026np=1\u0026pt=0\u0026nb=1\u0026ng=0\u0026ix=0\u0026nw=1\u0026tb=false\u0026navlng=en-US\u0026bto=0\u0026btz=UTC\u0026jsp=1 HTTP/1.1\r\nHost: phoangaisool.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/\r\nCookie: OAID=08024c27e96042e6e9ac79095dc93a0b\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 22 Sep 2025 19:39:55 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-trace-id: fa33eeb936dcdbb8346ae61ca7d06327\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT\r\ncache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0\r\npragma: no-cache\r\nvary: Origin\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Link\r\naccess-control-allow-credentials: true\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *, *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"b4491705564909da7f9eaf749dbbfbb1","sha1":"279315d507855c6a4351e1e2c2f39dd9cd2fccd8","sha256":"4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49","sha512":"b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14","ssdeep":"","tlshash":"c5900403d140d041c351c0300d0cc740174471304514030f70fc175dfc353510c13000","first_seen":"2023-04-05T09:54:56Z","last_seen":"2026-04-03T21:32:24.566251Z","times_seen":96321,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-22","alert":"Sinkholed","trigger":"phoangaisool.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/1aab721abfed4451b3f8e4d87fcf60db.js?ver=f60db","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.070Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/1aab721abfed4451b3f8e4d87fcf60db.js?ver=f60db HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"d54-68d1a5d3-b9d01e68d1ebea2c;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1279\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":3412,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (3410)","md5":"d5d0b7c237dd89001e581a2bb11eab58","sha1":"1f70db2d25a8d12904074c93edae9aebd0fa4ba9","sha256":"c88e4ababbd6ffaab46911bebb47d6ddcf4107062d058af2794300b7b9b6df95","sha512":"81ed1ee46bcaf92639da361c907dd63ce602ab95f0322df3215ac249e8739bfe48dd96f3deb0cc0b7a33545b105fa8b33b5a851a65b317763bc861e5530a8d13","ssdeep":"","tlshash":"ac61b9dc7764b67219fbe2b1906faa07f7711849a84f18204436ec583c7edda0152e7d","first_seen":"2024-09-02T16:35:56Z","last_seen":"2026-03-08T22:44:50.748001Z","times_seen":33,"resource_available":true,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/uploads/2025/09/money-6x-reit-holdings-complete-investor-guide-300x158.webp","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"lazy-imageset","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/money-6x-reit-holdings-complete-investor-guide-300x158.webp HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: image/webp\r\nlast-modified: Mon, 22 Sep 2025 07:25:27 GMT\r\netag: \"23a2-68d0f9e7-ae839cdda3a1f440;;;\"\r\naccept-ranges: bytes\r\ncontent-length: 9122\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":9122,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 300x158, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"060cbb38049e1e24454aeddf1a1865ec","sha1":"ea4e61b79130a716804992286a9aa153875bc1ae","sha256":"545f065f06ebd43faed8023a2982c3d9432292f2d1258549b016fd8f095bf40f","sha512":"3b744fde69b2642a351f336ddf85cef171e7da3d10d4fe05b91cec0a318b32ddbdbc891f0aa709591c001ad7cfa77349a2cab80298a75c528346342b7535d4a5","ssdeep":"192:L5vucAgk5A4GPocwebmKyNTv2SJ9DeScwboBYVQEaM5+ngj:L5igfNmdTv2SjIYVQtngj","tlshash":"d912bf062025b0497198fae12d5a916dc44aa10edd2027c375f9ec2bffa8c7a4f39d6c","first_seen":"2025-09-22T20:05:15.897015Z","last_seen":"2025-09-22T20:05:15.897015Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:48.431Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 22 Sep 2025 19:39:48 GMT\r\ndate: Mon, 22 Sep 2025 19:39:48 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":26935,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"0674bb1b4725131d0ccedb9f2119d9fa","sha1":"354de89c766f790720b9b55a28ce76bc2f2878e8","sha256":"37e93534f20120328ca625c0011682d90e4e4f4e702b0f90baf22d0c1f7fc8b4","sha512":"db19ac78c34f52d076a4b91cc180acb24697a1c8385c2d848ea0363ca684177c9f01de0a7115c165c8a01d4ea1441e86c98c8ae32292c15d0bd373500c52db23","ssdeep":"768:DFAFRFYFKFf4FQLFDFXFRKNyEfSQv3rgXU/9ffQiqGr8vkSfEQNVR1GJuofOQjLh:EcvMo1","tlshash":"32c2fba108174000978358e223cebf34fe4f92507141d0b5abfdab6bedcbc6652693ad","first_seen":"2025-09-09T04:12:34.447807Z","last_seen":"2025-11-18T23:33:55.824058Z","times_seen":1117,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":84,"dns":0,"connect":15,"send":0,"wait":33,"receive":0,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/css/8b8830280680682ef44c24febd4bbf0f.css?ver=bbf0f","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:41.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/css/8b8830280680682ef44c24febd4bbf0f.css?ver=bbf0f HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"96d-68d1a5d3-632a32ddc1f34dc9;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 779\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":2413,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2413), with no line terminators","md5":"be04df56711e114aae60fa2d8cb825fa","sha1":"1d69c0b5b03ace9804daf4ba4e10515e0122fd8d","sha256":"a3a04d7bf3d6b75ed03b1882e75414faa3fca8fde79ee82937a62360e0bf6f34","sha512":"dadefe1f0900fa2d5ef04eba47844e5b6693e4eccdb4993d83bbaed0c66007b5d563a83db59c72ccbaf24de41f9f25dc442a47bc9b58f44fc03110c1687ddeec","ssdeep":"","tlshash":"11411fa1868810254bf382f7aae1af4a73359892c427e76ab0da17784d7c7451623f0f","first_seen":"2025-06-26T12:17:55.2988Z","last_seen":"2026-04-03T20:06:39.781688Z","times_seen":8340,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sahorizon.com/wp-content/litespeed/js/a4ae22b9de8ef443d721c51017f95b42.js?ver=95b42","fqdn":"sahorizon.com","domain":"sahorizon.com","tld":"com"},"ip":{"addr":"82.29.199.200","port":443,"asn":0,"as":"","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://sahorizon.com/witanime/","date":"2025-09-22T19:39:42.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sahorizon.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 15:31:14 GMT","end":"Sun, 09 Nov 2025 15:31:13 GMT"},"fingerprint":{"sha1":"32:D7:1A:EE:F9:6C:EC:81:24:D7:5A:B2:83:70:24:B6:F8:34:44:CF","sha256":"03:65:9E:7F:6D:91:79:E6:CD:50:FC:E5:1D:F1:D6:5B:F8:4A:54:09:17:DC:5A:82:4A:E6:06:80:0D:DB:09:4E"}}},"request":{"raw":"GET /wp-content/litespeed/js/a4ae22b9de8ef443d721c51017f95b42.js?ver=95b42 HTTP/1.1\r\nHost: sahorizon.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://sahorizon.com/witanime/\r\nCookie: _lscache_vary=bf9f9cdbbd27762ebb435f2b8d942ddb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=31557600\r\nexpires: Wed, 23 Sep 2026 01:39:42 GMT\r\ncontent-type: application/x-javascript\r\nlast-modified: Mon, 22 Sep 2025 19:38:59 GMT\r\netag: \"bd4-68d1a5d3-83981f0d604534e6;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1249\r\ndate: Mon, 22 Sep 2025 19:39:42 GMT\r\nserver: LiteSpeed\r\nplatform: hostinger\r\npanel: hpanel\r\ncontent-security-policy: upgrade-insecure-requests\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Hostinger","description":"Hostinger is an employee-owned Web hosting provider and internet domain registrar.","website":"https://www.hostinger.com","common_platform_enumeration":"","icon":"Hostinger.svg","categories":["Hosting"]}],"data":{"size":3028,"size_decoded":0,"mime_type":"application/x-javascript","magic":"ASCII text, with very long lines (2991)","md5":"985d16c15a5d808e6e0f7be946467d6d","sha1":"20d4f72fb4f548801801d095fd1ab98e9d149d09","sha256":"33d653a7cac75f7275c3cb34afd1494a153c30b700fccf6dcba5e906eabcb22b","sha512":"7374bfe38507cba515eebe493dbf3a10ddfbd57e17e2ca79d53f94b4fd6247e3d5b180496df49a43ae18bc656fa0888b39ac8ccd5b3e6a420aa3d975accbc046","ssdeep":"","tlshash":"a351a7d437c95d762a83b3395efe930271712709a50805608826c86931bcfea63b67fe","first_seen":"2024-12-03T06:41:00.941906Z","last_seen":"2026-04-03T18:32:51.655155Z","times_seen":1416,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":136,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}