Report - tkshoppingmall.co/wap/

Report Overview

Visited public
2025-04-27 13:29:29
Tags
Submit Tags
URL
tkshoppingmall.co/wap/
Finishing URL
tkshoppingmall.co/#/index
IP / ASN
107.148.55.183
#398478 PEG-HK
Title
TikTok

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

258

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mall-test.s3.amazonaws.com	unknown	2005-08-18	2024-08-11	2025-04-25	25 kB	6.0 MB	3.5.28.130
hetao-shop-test2.s3.amazonaws.com	unknown	2005-08-18	2024-02-05	2025-04-25	1.8 kB	502 kB	16.15.216.27
tkshoppingmall.co	unknown	2025-04-09	2025-04-27	2025-04-27	54 kB	10 MB	107.148.55.183
firebase.googleapis.com	4897	2005-01-25	2018-10-19	2025-04-26	578 B	757 B	142.250.178.74
imgtest1.s3.amazonaws.com	unknown	2005-08-18	2019-08-25	2025-04-25	18 kB	5.6 MB	54.231.162.81

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed
2025-04-27	medium	tkshoppingmall.co	Sinkholed

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	tkshoppingmall.co/js/vendors~app.22fa4339.js	ScriptElement	3.5 MB	2025-04-27	2025-04-27
Pretty URL tkshoppingmall.co/js/vendors~app.22fa4339.js IP 107.148.55.183 ASN #398478 PEG-HK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 13:29 Last Seen2025-04-27 13:29 Times Seen1 Hash 7f8a9f4fe0e1b2f7aa42ca70c0710011 34c346d15f2dae804267f844235915bc341b7b00 715f00d232fab0dfb337f702a26e3b5ad82af3cb20a48747c25d7c22748df6ef Loading...

	tkshoppingmall.co/js/app.4bace1d5.js	ScriptElement	1.4 MB	2025-04-27	2025-04-27
Pretty URL tkshoppingmall.co/js/app.4bace1d5.js IP 107.148.55.183 ASN #398478 PEG-HK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 13:29 Last Seen2025-04-27 13:29 Times Seen1 Hash 698bd821e487e5dc8abd627b51656705 39ac91350953963c81592397ad1269e1664df165 fddd84b7bee008aac9da7b2597c56113e72e6dcc178b243359f77b6374461a93 Loading...

	tkshoppingmall.co/js/chunk-6ec4778a.efb92f70.js	ScriptElement	31 kB	2025-04-27	2025-04-27
Pretty URL tkshoppingmall.co/js/chunk-6ec4778a.efb92f70.js IP 107.148.55.183 ASN #398478 PEG-HK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 13:29 Last Seen2025-04-27 13:29 Times Seen1 Hash fe8e673c561b944a7ed7b313c868dcec 0f016ada6fc886c6d927e1acb9e30b93991398ac 48c7223eb8cf1c083485495348586a78bd82459c43e89610edb471775c6d1397 Loading...

	tkshoppingmall.co/js/chunk-478846d8.df129f08.js	ScriptElement	13 kB	2025-04-27	2025-04-27
Pretty URL tkshoppingmall.co/js/chunk-478846d8.df129f08.js IP 107.148.55.183 ASN #398478 PEG-HK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 13:29 Last Seen2025-04-27 13:29 Times Seen1 Hash dba3dd990d6693f2b16b38738b996e60 6d36eea713f3b6fcbd868d47a7284773fb754e88 c32d10d3f26f49f339a0b3420d4b7f28e7b703cb84fdce404e1d359d0ff81a17 Loading...

	tkshoppingmall.co/wap/	ScriptElement	488 B	2025-03-10	2025-07-21
Pretty URL tkshoppingmall.co/wap/ IP 107.148.55.183 ASN #398478 PEG-HK Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-10 17:58 Last Seen2025-07-21 04:21 Times Seen142 Hash f3a21df0ceb3d3c532c413e79fe34487 bec2ab171b01a80d2c53fab95ea0d2476737a186 bc16fecd3fc0937f1178835079da1848705706f3b0d4352332965aac336131a9 Loading...

	tkshoppingmall.co/wap/js/app.6e1cc4c0.js	ScriptElement	1.6 MB	2025-04-27	2025-04-27
Pretty URL tkshoppingmall.co/wap/js/app.6e1cc4c0.js IP 107.148.55.183 ASN #398478 PEG-HK Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 13:29 Last Seen2025-04-27 13:29 Times Seen1 Hash dc69b120e16943b424624dc13d108193 68fee0b687b680678a6af17697adc0edfd52c7b8 3420882b1bfe0bbdd176f0aaf682001675e9a8fb2110e87fa83f7b07debd31d3 Loading...

	tkshoppingmall.co/wap/js/chunk-vendors.e001476c.js	ScriptElement	2.0 MB	2025-04-27	2025-04-27
Pretty URL tkshoppingmall.co/wap/js/chunk-vendors.e001476c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-27 13:29 Last Seen2025-04-27 13:29 Times Seen1 Hash 4531cdc021020caa69bc62405898efba 194a51bade692fcb0f1acffa92629c4650b39c4f 81cdd22e2fa896a4fccf70b70daa1dfb353e480bd912061efa1d6f4b5b503409 Loading...

HTTP Transactions (231)

URL IP Response Size

GET imgtest1.s3.amazonaws.com/type/2023-03-29/40488675-237a-40d9-b2d3-e5d53b0e6455.jpg

54.231.162.81

200 OK

44 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/40488675-237a-40d9-b2d3-e5d53b0e6455.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
44 kB (44216 bytes)
Hash
a5941f987a0fe015714bc8b8cde4baff
88c88146f9813942943df5777e08d4486db3040a
41da4ebe3b85b5ca006db2a633baa60593618feeb72f3db99e110d74e1cbd918

HTTP Headers

GET /type/2023-03-29/40488675-237a-40d9-b2d3-e5d53b0e6455.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: MwPk1GaP0jobyUmjrLWvPpc8TVIuYhq1DMQrJBZTI/jiXYtJk1QghvoyzafehwypOcddamjDiKw=
x-amz-request-id: SRRQ6GZKMEDW0VRK
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:18 GMT
ETag: "a5941f987a0fe015714bc8b8cde4baff"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 44216
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/type/2023-04-14/fb09769f-95b0-4418-bc5a-8f91952ddf75.png

54.231.162.81

200 OK

147 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-04-14/fb09769f-95b0-4418-bc5a-8f91952ddf75.png
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Size
147 kB (147078 bytes)
Hash
e1d0a17b2eb5865bccc7dff6330f6562
c956ae8ac7dc2720241d709e92d963ce814550bb
9d0495f4e08deab21e64eb8cbe00de00a937aba37d3ff7a3714f30e551f978e0

HTTP Headers

GET /type/2023-04-14/fb09769f-95b0-4418-bc5a-8f91952ddf75.png HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: z/pZz8TtPvrU6x2QiV97v0uJRMxA+dQBy39dptcjri5LRTaoSCOWYbk122yuP2ApCyCsg+Te88Y=
x-amz-request-id: SRRQFD9P7P1KQFJF
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Thu, 23 May 2024 01:50:35 GMT
ETag: "e1d0a17b2eb5865bccc7dff6330f6562"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 147078
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/5a905e1d-1756-453e-bc49-baabb5267acb.jpg

3.5.28.130

200 OK

48 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/5a905e1d-1756-453e-bc49-baabb5267acb.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
48 kB (47706 bytes)
Hash
d65489337eec1ccd7aa3b7d4e85cce6f
363ebd6574ea0eef5bd9fa6ea4245988329dbe21
9e10a358d6e01dd67c6fb8668c84cf319256fd3e31e95a65fcce29f090c43baa

HTTP Headers

GET /test/2023-03-28/5a905e1d-1756-453e-bc49-baabb5267acb.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: I7FELQj4TmiqRWA/VG6Vtj92pGzVNPJmfC0Ge/HPQXiHlwEQ0aAiEys6eu12BTqMLyolWfrUFvRhRy8kwxU12oFcwLFRAqj5Tbq+nxo3N28=
x-amz-request-id: SRRZAYGNEFKKBW3D
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 20:49:42 GMT
ETag: "d65489337eec1ccd7aa3b7d4e85cce6f"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 47706
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/8079ebc6-d2b4-43f7-89c7-dc411bb5aaf4.jpg

3.5.28.130

200 OK

50 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/8079ebc6-d2b4-43f7-89c7-dc411bb5aaf4.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x898, components 3
Size
50 kB (49579 bytes)
Hash
116cc9f735722403d051fda88faa94db
35730a41661671a1c0c18455a8fc7e4579f2316d
ac48bc5d246cb840136f91c6a52a475a1ebd6b1ccfaabbf2543b4046ac2caf53

HTTP Headers

GET /test/2023-03-28/8079ebc6-d2b4-43f7-89c7-dc411bb5aaf4.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ncOJoinDQfRzAE8xUWZ7BT1wZvkB+9g83a4KOdp4UN2KrmlR2WyH5hWqhf8RGOjDHsKzIn3dUT19xYz5KOBYA2hRXkoj5benWgQ+zMRz3Rs=
x-amz-request-id: 22QMGKKQVJM1HMFV
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:51:04 GMT
ETag: "116cc9f735722403d051fda88faa94db"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 49579
Server: AmazonS3

GET hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-19/a1d35a60-4f42-4bf9-ab32-07966231188e.jpg

16.15.216.27

200 OK

113 kB

URL GET
hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-19/a1d35a60-4f42-4bf9-ab32-07966231188e.jpg
IP
16.15.216.27:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x810, components 3
Size
113 kB (113353 bytes)
Hash
2bd61348f3b28cca6de43407a3276c9d
6a9cb3901b43754d88746568ce83ea4b377b42f2
ae3b41baf8a932d7d2dca20bb6d0728be951f1da8e1744240635c7bb06790675

HTTP Headers

GET /avatar/2023-11-19/a1d35a60-4f42-4bf9-ab32-07966231188e.jpg HTTP/1.1
Host: hetao-shop-test2.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: iSRCouKRIYFqlcr+q2B3DBhXwAa/udjT5dw6McwaJwPSzYXN4T826ld5ekXDstN/efqTxdzjMi9b7lVfI72N2MYQBBc/1ytNMGprNSQhhsQ=
x-amz-request-id: FFR12JZBA0DYBG4N
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Sun, 19 Nov 2023 09:01:38 GMT
ETag: "2bd61348f3b28cca6de43407a3276c9d"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 113353
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/selle/2023-05-16/576efa67-81cd-428a-8bde-80d57cfb647d.jpg

54.231.162.81

200 OK

158 kB

URL GET
imgtest1.s3.amazonaws.com/selle/2023-05-16/576efa67-81cd-428a-8bde-80d57cfb647d.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
158 kB (157843 bytes)
Hash
78fed38df6c4b0312d8a91c509beafa5
513703e7631878f7bbfc8e7c73781e316c87335c
fd89c86a8b6a78742cc14d754a5fcff661630041af1d6ce07fec8d5daf63d30b

HTTP Headers

GET /selle/2023-05-16/576efa67-81cd-428a-8bde-80d57cfb647d.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: fS9pCG+IZimEoSjszwszSCvC7ohayAXIjkRQdObC/6wNi+MEcWeDiZV+8XqzwCmG8vY6mUV9jm0=
x-amz-request-id: FFRC3PVZW24JWC3F
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Thu, 23 May 2024 01:44:21 GMT
ETag: "78fed38df6c4b0312d8a91c509beafa5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 157843
Server: AmazonS3

GET tkshoppingmall.co/img/TikToklogo.30307054.png

107.148.55.183

200 OK

21 kB

URL GET
tkshoppingmall.co/img/TikToklogo.30307054.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 1080 x 1080, 8-bit colormap, non-interlaced
Size
21 kB (20869 bytes)
Hash
3030705461eff801a58f12c563305a62
5c84017bb3e4fe11ddde4c84d6691abff4ba85e0
3092005e94379fde1f27b52c6e08e4be9fd031a7e8f0f60e2471a419d46480f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/TikToklogo.30307054.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"20869-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

POST tkshoppingmall.co/wap/api/index!download-url.action?lang=en

107.148.55.183

200 OK

52 B

URL POST
tkshoppingmall.co/wap/api/index!download-url.action?lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
52 B (52 bytes)
Hash
213a56436707da6ac41f1994c540f1dc
da3e1aed1d5955fa09da0eae61f5312f02922c2a
b4a72c91aee4538f345d62ba4f24d69ac779d11b5918614765a832d7cace62e3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/index!download-url.action?lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/d80b2606-3bc7-47a2-bee9-d040619a34a6.jpg

54.231.162.81

200 OK

46 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/d80b2606-3bc7-47a2-bee9-d040619a34a6.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
46 kB (46207 bytes)
Hash
ad3bb72e6cf979df37c56cc70e70710c
f0bff01c9d923ad55250ef7de41afae41cbe3f90
50294b071e29cc9e8afdac176dd2fbc62f4c36265d5f494d96a7ab2908c1a643

HTTP Headers

GET /type/2023-03-29/d80b2606-3bc7-47a2-bee9-d040619a34a6.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: qasH20a6+HD/ZR4Rxf2e5aOOcVs4en2h9cQhIYWwihlMGOR2puQDNvx/HdYr2zPTtXpe/W1ETN8=
x-amz-request-id: SRRY4KEFV3CSY8A6
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:19 GMT
ETag: "ad3bb72e6cf979df37c56cc70e70710c"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 46207
Server: AmazonS3

GET tkshoppingmall.co/wap/api/activity/lottery!getCurrentActivity.action?lang=en

107.148.55.183

200 OK

222 B

URL GET
tkshoppingmall.co/wap/api/activity/lottery!getCurrentActivity.action?lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
222 B (222 bytes)
Hash
eb928f7963c708a00aa0d81f5c75cc14
201f911dd987e342a0d9fe43b9d447b8cbe585b5
f1a96eb7886c759186a116a73f1ce64d06e265e6360e63b06e02be2e1b12957e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/api/activity/lottery!getCurrentActivity.action?lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/e06b455c-8412-4866-b1b3-653027bd1c10.jpg

3.5.28.130

200 OK

116 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/e06b455c-8412-4866-b1b3-653027bd1c10.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
116 kB (116417 bytes)
Hash
c204487a7d3a52dd08d0cb8bd82d4383
0d1d0939727c3ce06382233272c124b3e0d023e8
522ae93f5824674a9d56c6bd1e7973d5b98b171fbf00cd8e36369a842d416b6e

HTTP Headers

GET /test/2023-03-28/e06b455c-8412-4866-b1b3-653027bd1c10.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: frveQ7WJfwbA2mRVZP4u1CaIvx9anY2ARbVBMC/jciAu6vdxWqymChsAuC1vmG+BM3Rt1+/wQa3AJVOLWwCpyJ7UsKkJARYGwNtveAZO6co=
x-amz-request-id: 22QNRZM5NMQTYEGZ
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:54:36 GMT
ETag: "c204487a7d3a52dd08d0cb8bd82d4383"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 116417
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-11/afd940a2-7696-49e5-a23b-ef4091c6be16.jpg

54.231.162.81

200 OK

32 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-11/afd940a2-7696-49e5-a23b-ef4091c6be16.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
32 kB (32548 bytes)
Hash
5c856b901a31b431ed87f5e70ece2e82
3d36dbe905fb3ec08d6e8fcd0a61f98d77e016e5
b8a774934093913b41038bef87cf16ba142f42b56dc355c0f616ac698fe6c0c5

HTTP Headers

GET /test/2023-03-11/afd940a2-7696-49e5-a23b-ef4091c6be16.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 6aIHpgl/7JnXUTEJSGMvyFl6x5wJu+g7cy8mB3L84BMkBvDrRkEkRKrXFfG4NGjtqzSHgA7gSXE=
x-amz-request-id: 22QTYNXXVYWW5E0P
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:02 GMT
ETag: "5c856b901a31b431ed87f5e70ece2e82"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 32548
Server: AmazonS3

POST tkshoppingmall.co/wap/api/sellerGoods!recommend_new.action?type=1&pageSize=24&pageNum=1&lang=en

107.148.55.183

200 OK

152 kB

URL POST
tkshoppingmall.co/wap/api/sellerGoods!recommend_new.action?type=1&pageSize=24&pageNum=1&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
152 kB (151679 bytes)
Hash
46ad75b43871f76dad367b0c0985d611
c798af668a205857c7a0141faf26d85d7d4c36ef
de4e3b9f50cf5411095f573a1d1bd325b8b2f11cd0bafd1140b1b6d1daf7fdfb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/sellerGoods!recommend_new.action?type=1&pageSize=24&pageNum=1&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-07/941c30b2-62d5-4efd-b6b8-11c5879a55e2.jpg

54.231.162.81

200 OK

442 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/941c30b2-62d5-4efd-b6b8-11c5879a55e2.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1179x1500, components 3
Size
442 kB (442241 bytes)
Hash
a626c0c072e344502f816d25e4c1f01b
33571162bd11a36ba55c0af44bb055e6c6ee9eb0
80de3ce88cbd7734ec83bcd85a0a515f60fa36dc7e0c0479a1f3d844951ec749

HTTP Headers

GET /test/2023-03-07/941c30b2-62d5-4efd-b6b8-11c5879a55e2.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: KqXItkev3o1IigXKjnpyqPkG2FpQEnahw9RM4UKzsKTW+WJF/fIuIuQq3uJmgBbpvcDgOueTJyQ=
x-amz-request-id: FFR83BFMNT4D3EC9
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Thu, 23 May 2024 01:47:28 GMT
ETag: "a626c0c072e344502f816d25e4c1f01b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 442241
Server: AmazonS3

GET tkshoppingmall.co/matashop2.svg

107.148.55.183

404 Not Found

764 B

URL GET
tkshoppingmall.co/matashop2.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (760), with no line terminators
Size
764 B (764 bytes)
Hash
69f9eeff8ff8c26a8602efe25136b391
0e1a331738a6ce2fcbbe986377e29b4683f4a5c1
51e65909d5d59a35b8e5d260ac636f7f405fdf4b146193057fc11aea164adf39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /matashop2.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 27 Apr 2025 13:28:53 GMT
content-type: text/html;charset=utf-8
content-length: 764
content-language: en
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/d2355e87-0f42-48d3-9924-966b9fd8d2e0.jpg

54.231.162.81

200 OK

28 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/d2355e87-0f42-48d3-9924-966b9fd8d2e0.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
28 kB (28164 bytes)
Hash
3fb702f913ff64c272d67742c3fade6d
9d59af9b1418caaf57ed3f938074958affbdbf5c
effe7b76be1c47da3ab9aaf81e6542743506dc40affd341687094417a4feea49

HTTP Headers

GET /type/2023-03-29/d2355e87-0f42-48d3-9924-966b9fd8d2e0.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 3PLaZT+9xdPqlFdkZn2N/gGGx2Ps8t/3ydDRKiXDbvmno3SogEJFXncS2feTyiL8TAmufg+SgJk=
x-amz-request-id: 22QWMN3NJT6811VG
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:19 GMT
ETag: "3fb702f913ff64c272d67742c3fade6d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 28164
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-1dd2e722.cef909eb.css

107.148.55.183

200 OK

8.7 kB

URL GET
tkshoppingmall.co/css/chunk-1dd2e722.cef909eb.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (8746), with no line terminators
Size
8.7 kB (8746 bytes)
Hash
a9f7568dde80e88681aba65bbecf5f33
978fd8c46bbd31ae3809fb457f7db1d814ac4288
c1e0b14ce48db8d126963d441da10999c79b47cbe282ca0e23002deb1f0d4066

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-1dd2e722.cef909eb.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:56 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"8746-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-5a7cd9d5.9511c0b0.css

107.148.55.183

200 OK

1.4 kB

URL GET
tkshoppingmall.co/css/chunk-5a7cd9d5.9511c0b0.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1374), with no line terminators
Size
1.4 kB (1374 bytes)
Hash
c4d3966d6bc298b38adbfdd1b1fbe010
cb04a9c7b9e4343b764d9e8dada0833cf9cf54a0
390639c3a54b75a4407790b2135ec0e70829d6f4859b9a3e39247712b1fff6ac

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-5a7cd9d5.9511c0b0.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1374-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-2d216994.4f6412c0.js

107.148.55.183

200 OK

242 B

URL GET
tkshoppingmall.co/js/chunk-2d216994.4f6412c0.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with no line terminators
Size
242 B (242 bytes)
Hash
1848a82b0051355113b7ba2c4c8c3a45
3a828b0a984048ed553f470fe2e1c9915eb6a61e
5576e076d5e45c201b5f124f80daf6f7120812f9a0d236389ec35252e09f56c7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-2d216994.4f6412c0.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
content-length: 242
etag: W/"242-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-5ccc6cb4.8008045c.js

107.148.55.183

200 OK

32 kB

URL GET
tkshoppingmall.co/js/chunk-5ccc6cb4.8008045c.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (31756), with no line terminators
Size
32 kB (31756 bytes)
Hash
e2c2fbbf73b433be27d693b2cddce55c
af215feb0398c416d431397b61431b895d5e45c0
274eda01f6bc37bff51aa56034eeb142939b4c24c9b820762c2c03eed779cb79

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-5ccc6cb4.8008045c.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"31756-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-8a9eff90.a06b230a.js

107.148.55.183

200 OK

27 kB

URL GET
tkshoppingmall.co/js/chunk-8a9eff90.a06b230a.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26625), with no line terminators
Size
27 kB (26763 bytes)
Hash
39a76529dd9f5794a85288237e143862
0f8dc50a6c83f67ff125c2ca883b559ae4144ad7
7ea85a14484dd10a8d4f27e88da41d63e7f47ed0610370cdd4d9dc48c05af0dc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-8a9eff90.a06b230a.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"26763-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-28/b95dc824-0d77-4013-a5b6-73fab1c9e4c5.jpg

54.231.162.81

200 OK

17 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-28/b95dc824-0d77-4013-a5b6-73fab1c9e4c5.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
17 kB (17300 bytes)
Hash
0527d1653d7ad2d9fce0c6e3e6ff3f8d
96f83c2be0860f8d33bda1e5955d2f69e1947cce
91d6492646ed09c0cd914e6d6b5756d5e5ce01c44334b1e4fe035ead232a3f00

HTTP Headers

GET /type/2023-03-28/b95dc824-0d77-4013-a5b6-73fab1c9e4c5.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: NuV2cP2wXaW0oMXNe69uTOT9A+xsMtx9ruCEzOxufwGT58cu6NFN6PZMy3f8AwVMd0Qloyt0Q7s=
x-amz-request-id: SRRSF28BAKNBBMBA
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:17 GMT
ETag: "0527d1653d7ad2d9fce0c6e3e6ff3f8d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 17300
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/cb96f794-0a2c-496e-aa26-ab6b279d2f68.jpg

3.5.28.130

200 OK

56 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/cb96f794-0a2c-496e-aa26-ab6b279d2f68.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1365x1365, components 3
Size
56 kB (56451 bytes)
Hash
caad5ce9aae1754f7c5bddfe540beb9a
426aa6930c891900c2d0c7f153ffd99e5c60f92a
a60a9f18bd2465a00567a344571f0f0fb16fc4fe351d8f075e617ff68137cbb6

HTTP Headers

GET /test/2023-03-28/cb96f794-0a2c-496e-aa26-ab6b279d2f68.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: gvBi5YcgUm4Mc+0AcEicSt+P7+SbcTPZTo4P+DLHirocmGXqoDH/53M3lMU2JRiRDV57AoESjMbz3QKXVezSCVTS3bQ3uX88EFSwra76dyQ=
x-amz-request-id: 22QXCH1XB089P3WR
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:53:50 GMT
ETag: "caad5ce9aae1754f7c5bddfe540beb9a"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 56451
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/d242b41f-a56b-4d36-86c6-d91b086f2e80.jpg

3.5.28.130

200 OK

98 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/d242b41f-a56b-4d36-86c6-d91b086f2e80.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1095x1077, components 3
Size
98 kB (97622 bytes)
Hash
9eaa232e9d3003f7a969175be379afca
64d4d553fc1340b9d1e932e111c6059f03fdf5cd
3219dde1f8200c3350e1a01e6d83e5840cf68f87e27e901ec9c77275021bef14

HTTP Headers

GET /test/2023-03-28/d242b41f-a56b-4d36-86c6-d91b086f2e80.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: NH40U/ktIzmXQnyt5zWDe2I/JZImCi4P4YxXDqdy7Awlp2v7AlBncUd8Sg1ZdROwhzaZKzQ/SdNXZdVTWYfC3t/xdbceA1EYJNMbY5ia2wE=
x-amz-request-id: 22QHZG4NCD3EQ0VY
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:54:04 GMT
ETag: "9eaa232e9d3003f7a969175be379afca"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 97622
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-07/dc0af8d7-d6fd-4d17-b74c-2ed7629fdb8c.jpg

54.231.162.81

200 OK

251 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/dc0af8d7-d6fd-4d17-b74c-2ed7629fdb8c.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1481x1500, components 3
Size
251 kB (250989 bytes)
Hash
ceb0053e4ead213a14ea00bb6fd83059
b8ef9c555d7d6b02ef1f4347d740e8d35f37b668
526095a10d5399932f459a0f773a198e1f0284bad0ac07b3ea3a545ea9bc2ae4

HTTP Headers

GET /test/2023-03-07/dc0af8d7-d6fd-4d17-b74c-2ed7629fdb8c.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: CT/MDObVknxjX7wklr0oRjuGM6i4g6brh/RDsJGaP5yYskx/rGif0pLd9HceD7IIaPLVJZrNu1M=
x-amz-request-id: FFR8NK23HZYA8CZ9
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Thu, 23 May 2024 01:48:24 GMT
ETag: "ceb0053e4ead213a14ea00bb6fd83059"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 250989
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-6ec4778a.06a027b9.css

107.148.55.183

200 OK

25 kB

URL GET
tkshoppingmall.co/css/chunk-6ec4778a.06a027b9.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (24873), with no line terminators
Size
25 kB (24873 bytes)
Hash
bc321dcc2084c53ff89f7717d8df940f
e02caebdffe5dd8fa00b526c29d8b33dabc276ea
267a796778863844f93e794f19a95722811050f3dec96321e3abbbc177fe1495

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-6ec4778a.06a027b9.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"24873-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/bfa34439-cd8b-4b7c-b849-8cd85c7b6a33.jpg

54.231.162.81

200 OK

40 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/bfa34439-cd8b-4b7c-b849-8cd85c7b6a33.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
40 kB (39527 bytes)
Hash
46155632d481869cb9c3e853c7832bea
988a2fdc538ca57eadd8730f028800f736e1ee86
1e4dba5d9d5fae2a3aafe91ae59ff2f9f938229ee17b6af825d3d7ae78a93913

HTTP Headers

GET /type/2023-03-29/bfa34439-cd8b-4b7c-b849-8cd85c7b6a33.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: LFvXy9l8T+k0BhDz8l4oU2rZj3PJdUzB3aUhinTRLSHqCXGLikvdppFu0E16Ss3pDv9ApcTVe+A=
x-amz-request-id: SRRTZSEEZM4PQ80Q
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:18 GMT
ETag: "46155632d481869cb9c3e853c7832bea"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 39527
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/type/2023-03-29/2df406e9-dc70-492e-a7d5-4db89889fe58.jpg

54.231.162.81

200 OK

28 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/2df406e9-dc70-492e-a7d5-4db89889fe58.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
28 kB (27557 bytes)
Hash
882acb8a590986400f716b14ce87dbd7
69d9585cebff24ca05746278353d9723ac581960
1c488a620a2342179fea9b5325ea4b5e0e450de64f3bc3383c67e3040242d1e0

HTTP Headers

GET /type/2023-03-29/2df406e9-dc70-492e-a7d5-4db89889fe58.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: +GA4jVFeLr5gzPLKaLEHCLZXyQfvhGe3fZ5yDhD72FDHNqaBxDQsanQHmYSKTFjyG1UVP3qM0vc=
x-amz-request-id: SRRGA4X282C3243Q
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:18 GMT
ETag: "882acb8a590986400f716b14ce87dbd7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 27557
Server: AmazonS3

GET tkshoppingmall.co/img/home_b1.9b89b798.png

107.148.55.183

200 OK

114 kB

URL GET
tkshoppingmall.co/img/home_b1.9b89b798.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 620 x 688, 8-bit colormap, non-interlaced
Size
114 kB (113766 bytes)
Hash
9b89b798ec99e95c1563e85575d1c27d
ca2aeddd832a48145235cbbb58d68112ed21ace9
0f28b63d6199617222437686f535e12b02609a1fa49af4bbf50e299de7231c14

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home_b1.9b89b798.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"113766-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/b62216d2-e350-4603-a071-38ceef9857ee.jpg

3.5.28.130

200 OK

65 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/b62216d2-e350-4603-a071-38ceef9857ee.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
65 kB (65290 bytes)
Hash
e38c7b2db29e613281d1f649ea95bdec
0e4ecd0f7030abf581c7736e8cb1776928b5c346
68e7f0f0cf6c41ef90650252073c37bb7421bbf0b7dc6d5ea2e52cb65d04f1f9

HTTP Headers

GET /test/2023-03-28/b62216d2-e350-4603-a071-38ceef9857ee.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: vfASPV1Lhi+bojfTV6EL7rBH9I+IBHsVOOhGCu8kkIiqdC/7waSkVpqbd8vacgZjJs+cNpOYKNiww+ahgqs8l2ysq8PJVfcgwLjRl7C6XEw=
x-amz-request-id: FFR7E24R09C1ZS8R
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:53:03 GMT
ETag: "e38c7b2db29e613281d1f649ea95bdec"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 65290
Server: AmazonS3

GET mall-test.s3.amazonaws.com/pc/gp/B0BWHQNC1Q/61idku5S0OL._AC_SL1500_.jpg

3.5.28.130

200 OK

140 kB

URL GET
mall-test.s3.amazonaws.com/pc/gp/B0BWHQNC1Q/61idku5S0OL._AC_SL1500_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1240x1500, components 3
Size
140 kB (140255 bytes)
Hash
c1919b2a63a247de2c7b20964bbe4509
b42dbae7426e08d4e1623074860b48fa84bf7eba
f5afd872d6f83091454dd9f88ae2daa4b7092cb506b0482739cd9f70e477ad2b

HTTP Headers

GET /pc/gp/B0BWHQNC1Q/61idku5S0OL._AC_SL1500_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ryBGJDXuInzzpfHjy7VmFnfxUw20zpz5RFXUEvpgV1+xNOkUCxnu1vCQHbb6kyNXUkRavyMc3NDXCyZG6aOazI35Ug+sEG2qymr3ICqTwZ8=
x-amz-request-id: 477669YKHV4Z8633
Date: Sun, 27 Apr 2025 13:28:59 GMT
Last-Modified: Wed, 22 May 2024 10:07:09 GMT
ETag: "c1919b2a63a247de2c7b20964bbe4509"
x-amz-server-side-encryption: AES256
x-amz-meta-sha256: f5afd872d6f83091454dd9f88ae2daa4b7092cb506b0482739cd9f70e477ad2b
x-amz-meta-s3b-last-modified: 20230614T091726Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 140255
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-5dded65c.da7e3d4b.js

107.148.55.183

200 OK

27 kB

URL GET
tkshoppingmall.co/js/chunk-5dded65c.da7e3d4b.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26698), with no line terminators
Size
27 kB (26699 bytes)
Hash
bfa7a9f00c88f6748f1ec9189077ef03
2e86624a89e518f1884dc0491be7a72ef1d64e2e
97d15baf4bce0a3b3ad47b8cac75df9f5daa3a10ca19377e5bffc850eb37f4d6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-5dded65c.da7e3d4b.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"26699-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-4bf9eb2e.0026f1cb.js

107.148.55.183

200 OK

52 kB

URL GET
tkshoppingmall.co/js/chunk-4bf9eb2e.0026f1cb.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (51782), with no line terminators
Size
52 kB (51840 bytes)
Hash
1c575da4a175170233190797efe51934
28f9a872c6e863365d432c7e8696b3e734809b71
e1cf3eaede59d66b94fd8e661decc30e71693a8574348d983312caa382f1ac7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-4bf9eb2e.0026f1cb.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"51840-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-ce857350.8ac55a04.js

107.148.55.183

200 OK

28 kB

URL GET
tkshoppingmall.co/js/chunk-ce857350.8ac55a04.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (27465), with no line terminators
Size
28 kB (27507 bytes)
Hash
ce7591b737b685e184d0f181e63eaaad
a3ba93214c482244dc945872eb596f6dd6bf52bf
007a0e4df10f805c4abb063c967a8c1119e5ef17f50c42f7ffc3c789f897e165

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-ce857350.8ac55a04.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"27507-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/wap/css/app.9b7ef5db.css

107.148.55.183

200 OK

662 kB

URL GET
tkshoppingmall.co/wap/css/app.9b7ef5db.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/wap/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
662 kB (662487 bytes)
Hash
d7471a7c43f3f039046ef21e8d0aaf5d
1b2d1c555803421bfb0c5717dd3f39fbafd3dcf9
07b603e41b353cb88e568b639a289d949f8d59fb52522fffd48d4956f0848a47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/css/app.9b7ef5db.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tkshoppingmall.co/wap/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:48 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
etag: W/"662487-1745462386000"
last-modified: Thu, 24 Apr 2025 02:39:46 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/acc8fc49-f110-45dc-ad47-ed783751d459.jpg

3.5.28.130

200 OK

53 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/acc8fc49-f110-45dc-ad47-ed783751d459.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x964, components 3
Size
53 kB (53448 bytes)
Hash
c634a23e1cf05e83125aa10432132296
d852a10bd34b690c8e498ee73ae2d6c5faae1732
5b09946f350ed1fd218a76b5910d839c13519d8e17a1db3e796de2073f40b98b

HTTP Headers

GET /test/2023-03-28/acc8fc49-f110-45dc-ad47-ed783751d459.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: PuI4kF68xAy+bB6gaxWjcJQygVvXwUS1fwOZ1kPVelB0GEjL+z526YmGh/ZQvZQG/yIqu52jDvDvayEPZNu1iyn7KqcLfqYNurPMdJfN5Hk=
x-amz-request-id: 22QJCZFQYHYDSG5B
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:52:42 GMT
ETag: "c634a23e1cf05e83125aa10432132296"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 53448
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-274dd964.4955a745.js

107.148.55.183

200 OK

25 kB

URL GET
tkshoppingmall.co/js/chunk-274dd964.4955a745.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (25441), with no line terminators
Size
25 kB (25449 bytes)
Hash
a8b84cafaa0994fa8c2ae0f740446d44
c05b26bbd2b3b3e6f468d467ed6f284d9378f618
4779d1f9a0773dcf477ad3a5a5b120101b51c741979a6517f9c71b951849bff6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-274dd964.4955a745.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"25449-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/app.4bace1d5.js

107.148.55.183

200 OK

1.4 MB

URL GET
tkshoppingmall.co/js/app.4bace1d5.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (64391), with no line terminators
Size
1.4 MB (1439037 bytes)
Hash
f44211139f26c6e4b7ab1676e02cc9c4
9772a504869a95f102c01bb5df7d946f0dda47a9
e0ccd31df85b8268d5ffdd41ae720e2301f4d690eca9b60ecfbc481c330b68b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/app.4bace1d5.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:51 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"1439037-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/msg-icon.f8cdbed7.svg

107.148.55.183

200 OK

588 B

URL GET
tkshoppingmall.co/img/msg-icon.f8cdbed7.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
588 B (588 bytes)
Hash
f8cdbed74cd46c6724800df01204b1e6
6186c0c1125f1115f0dc244d49f4a11ff44c9d9a
d1c9e38df374cad7e3c176c2cb7661cc4b1d2565ed8c814103ec0f74da6e70d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/msg-icon.f8cdbed7.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/svg+xml
content-length: 588
etag: W/"588-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/eb69d269-5d26-4d9a-b88a-69619b792f8b.jpg

3.5.28.130

200 OK

153 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/eb69d269-5d26-4d9a-b88a-69619b792f8b.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
153 kB (152758 bytes)
Hash
7cd9231cdbef3a49083c777d7ec5913f
ac5ceeb7309227bc740705f776267cc637920618
332af7eb8e1fa2ac25c3478b01b70be25f3af76c242e86c0472645ddf9511cb7

HTTP Headers

GET /test/2023-03-28/eb69d269-5d26-4d9a-b88a-69619b792f8b.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: VxMuzmuajHb0zX2TqyfwKGYEVD3kh06oU40NAbk83EiRcMOiQGmKi1yQTVrTUu/DANBZyJT6x7bLnmOMEdQoZcMw3UuPmvQJ+XDKagItYco=
x-amz-request-id: FFRDW9RYM3BGP3GQ
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:55:00 GMT
ETag: "7cd9231cdbef3a49083c777d7ec5913f"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 152758
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-154e4148.4afb06f2.js

107.148.55.183

200 OK

3.2 kB

URL GET
tkshoppingmall.co/js/chunk-154e4148.4afb06f2.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3177), with no line terminators
Size
3.2 kB (3183 bytes)
Hash
983705423b985ef147cfd427c7a20940
9b42dedd13b99125ba63f40ae756ff371aa42c75
fa9260ca1872ff899eaeca9f61ab7e681472f920222323dbc37cc654a25101ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-154e4148.4afb06f2.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"3183-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-354d74d0.b82dbdbc.js

107.148.55.183

200 OK

11 kB

URL GET
tkshoppingmall.co/js/chunk-354d74d0.b82dbdbc.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (10939), with no line terminators
Size
11 kB (10939 bytes)
Hash
7ab65c4f693f30223604ba095b592873
5876277d549def8564c2ae252f707d50d356e1d0
265e58da81b340417113a7fbc4183292963b52c592b4118e161d1c0e772cd3f4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-354d74d0.b82dbdbc.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"10939-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-388ec078.e99eb741.js

107.148.55.183

200 OK

48 kB

URL GET
tkshoppingmall.co/js/chunk-388ec078.e99eb741.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (48013), with no line terminators
Size
48 kB (48071 bytes)
Hash
63b2aed57b2acad07f178604378b3514
b884c889a7d1992eefa431af2e5b77f7477cee21
1810b70cdf789e945afa430d932dab3ba830163ebefd3c2654d3bef701b61405

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-388ec078.e99eb741.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"48071-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-6ec4778a.06a027b9.css

107.148.55.183

200 OK

25 kB

URL GET
tkshoppingmall.co/css/chunk-6ec4778a.06a027b9.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (24873), with no line terminators
Size
25 kB (24873 bytes)
Hash
bc321dcc2084c53ff89f7717d8df940f
e02caebdffe5dd8fa00b526c29d8b33dabc276ea
267a796778863844f93e794f19a95722811050f3dec96321e3abbbc177fe1495

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-6ec4778a.06a027b9.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:53 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"24873-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/goods/2023-03-31/e176f2b0-1aba-4fa7-8696-c56d6f9452b8.jpg

3.5.28.130

200 OK

90 kB

URL GET
mall-test.s3.amazonaws.com/goods/2023-03-31/e176f2b0-1aba-4fa7-8696-c56d6f9452b8.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x1200, components 3
Size
90 kB (90073 bytes)
Hash
d41fe5fce66ed4dc3bf1fe64e18c2159
87abf9fde0e3375db455b1a9784d165757315ca7
1ac5dddab96f0c70eea490a04579aef746677d90d3c204c74dee3bc17ef57b94

HTTP Headers

GET /goods/2023-03-31/e176f2b0-1aba-4fa7-8696-c56d6f9452b8.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: pjNoHU4nM7xOpJmV3oDEMR+U/TyoaBqDr6BQlItq3RrCpmQ8PwhE/J6J36JA+iiFiaBQRbiclTakaRgqYkdwX0O1NRwLa8H5yr2OgvagwKw=
x-amz-request-id: 22QWTMVNTYD3EBJ1
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:40:10 GMT
ETag: "d41fe5fce66ed4dc3bf1fe64e18c2159"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 90073
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/30b476d2-2a51-4c17-a8b4-b57d7df5f00e.jpg

3.5.28.130

200 OK

67 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/30b476d2-2a51-4c17-a8b4-b57d7df5f00e.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1488x1483, components 3
Size
67 kB (66684 bytes)
Hash
fde0c1aa02cceddb35ad54b683fbf143
c3f958df892d41c2f9725f70e833c342b0f67f01
d21cf0f51f8a537018d4a53b1962ff0c6fde6f637f9fa448f50c60671809c182

HTTP Headers

GET /test/2023-03-28/30b476d2-2a51-4c17-a8b4-b57d7df5f00e.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /MgfyFVqLa6jDtDgdaVJKuFr+szUPHEUmL7Y7sFIGeOMvdYgy3zzLb7PDaOz+sbsLWHA3p6K1Stn3EX26g23C6Xshqfk9DVUQonrW/EhZyo=
x-amz-request-id: FFR75723SMQ9YV9Y
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:48:12 GMT
ETag: "fde0c1aa02cceddb35ad54b683fbf143"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 66684
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-c00af8b0.2ad88316.css

107.148.55.183

200 OK

19 kB

URL GET
tkshoppingmall.co/css/chunk-c00af8b0.2ad88316.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (19221), with no line terminators
Size
19 kB (19221 bytes)
Hash
465e0e288596cbc532a37fc48576ad59
fcd5cc17d737858890dfa54a4344241520dfcf4e
a9db852724c919c6c8a7f3d412bbccad1cc7b1c9805762a1b510a95384d9d32c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-c00af8b0.2ad88316.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"19221-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-09-27/fec070f0-ebcb-41bb-9d4e-b383ced7bf87.png

54.231.162.81

200 OK

167 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-09-27/fec070f0-ebcb-41bb-9d4e-b383ced7bf87.png
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 704 x 314, 8-bit/color RGBA, non-interlaced
Size
167 kB (167342 bytes)
Hash
9f38d77d904f502b512c9ec5b8ea5906
1bebdca8e525a4c016780265cf05ba2e0621f652
7be1f4180d586218d352c2e46603c046fbacdf908313b987becca84e09bbcc2d

HTTP Headers

GET /type/2023-09-27/fec070f0-ebcb-41bb-9d4e-b383ced7bf87.png HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 5pMk90ZpxFNSbpD1DVlFFYLpWPNY25EJGmoRBhSa4GIzpJ+HeGCadlLCJKQI0A13hd2e4ixQTdI=
x-amz-request-id: 22QS02GH5KFPBGJY
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:35 GMT
ETag: "9f38d77d904f502b512c9ec5b8ea5906"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 167342
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-4545d2fe.1e22d0d8.css

107.148.55.183

200 OK

1.4 kB

URL GET
tkshoppingmall.co/css/chunk-4545d2fe.1e22d0d8.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1392), with no line terminators
Size
1.4 kB (1392 bytes)
Hash
e4415b614f038d5d4d1e545a5e8a2335
20b4489841f8757e536469884854256ca52f5f07
64eb0ec6e75b7c10b6c3a3d8137c7b07e8855f6587f7674562da8855a5b2a5b0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-4545d2fe.1e22d0d8.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1392-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-05f8b4f3.671a3fa6.js

107.148.55.183

200 OK

12 kB

URL GET
tkshoppingmall.co/js/chunk-05f8b4f3.671a3fa6.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (11784), with no line terminators
Size
12 kB (11784 bytes)
Hash
204fc41820110f4c05fe1e82a5d6fb9f
31c35674101bbf741e5fd13b013d38ef7f2627ef
477f0a34f2c6689bef9b828d7b8100be55dcd08fea8136f003a87ddce8e9eeaa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-05f8b4f3.671a3fa6.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"11784-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-48908bb2.e0e0e899.js

107.148.55.183

200 OK

3.1 kB

URL GET
tkshoppingmall.co/js/chunk-48908bb2.e0e0e899.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3097), with no line terminators
Size
3.1 kB (3103 bytes)
Hash
003d9a4855b8f140a6309a2826fa01b2
a31afa8ba5745ae351a1e413756beaaba9f907ee
acce02d70af5800ea4513c1bf8cb2a1597c3bd1696bcf6041adb95cee669ef38

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-48908bb2.e0e0e899.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"3103-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/vendors~app.e108408d.css

107.148.55.183

200 OK

249 kB

URL GET
tkshoppingmall.co/css/vendors~app.e108408d.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
249 kB (248557 bytes)
Hash
358451a21672b858ad25a76fb5c17031
d117a17bfe8738c61b95c5bd2451cd3c8b3ec4e8
77986877e9bb514c6af36a2939d05ae6512437499c7ffc2867b57827efebeb55

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/vendors~app.e108408d.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:51 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"248557-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/9a213d9c-85e4-4845-ba6f-92cdb3aadc7c.jpg

3.5.28.130

200 OK

214 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/9a213d9c-85e4-4845-ba6f-92cdb3aadc7c.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1492, components 3
Size
214 kB (214318 bytes)
Hash
79f3749e1ce4bf0c9b013f036b12791b
2383c153836375b545a5a5d7c0587ce23bbf1785
516a56ae2089333d31ff7eef34b9942743c8b077a55dae222d567e90f58b553d

HTTP Headers

GET /test/2023-03-28/9a213d9c-85e4-4845-ba6f-92cdb3aadc7c.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: okkvPMu11GBn9P1SwHlqcis5tDRlXcUd1qsT61DqHF9x32lOqnNMVK7nwiKqJml143h910aLWamvnKwWKiwMJ2QPl80uNI0MDzRqSjQXG2I=
x-amz-request-id: SRRWHMV4WTN78VSV
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 20:52:01 GMT
ETag: "79f3749e1ce4bf0c9b013f036b12791b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 214318
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-31f9dee8.2e9ccf88.css

107.148.55.183

200 OK

3.3 kB

URL GET
tkshoppingmall.co/css/chunk-31f9dee8.2e9ccf88.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (3344), with no line terminators
Size
3.3 kB (3344 bytes)
Hash
71d173800890f0b59b26a92bb28418a5
a3e20c0cd34302413e29614fe48e170fdf1035a7
443e57f1e0277e11e1441e74c5255f4d2827b98b4a6dcaf1d1401c148f05e66c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-31f9dee8.2e9ccf88.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:56 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"3344-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-31f9dee8.b3d703db.js

107.148.55.183

200 OK

18 kB

URL GET
tkshoppingmall.co/js/chunk-31f9dee8.b3d703db.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17970), with no line terminators
Size
18 kB (18002 bytes)
Hash
0865e6ce2c04aab9b643842445c941e2
a57cb64b11e9bc58a66451aedf1855c63a13a0d6
a8a9f2fb8b18418aed55fa8bc5c876e0adce7db6f4ed027f0da33a08596dddb3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-31f9dee8.b3d703db.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"18002-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-756f215a.e73bfcff.js

107.148.55.183

200 OK

23 kB

URL GET
tkshoppingmall.co/js/chunk-756f215a.e73bfcff.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (22622), with no line terminators
Size
23 kB (22632 bytes)
Hash
a9fd6d6d1afe2612fc21d604ccf1ddab
49ffb83f351c89c7e73db9c9cd319a59993c7226
d2414ccd84c30dd1f0d4ecb5a0e7a4194c2888a3a8c23a0cb9972b230faf2f8d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-756f215a.e73bfcff.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"22632-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/home_b5.c082b863.png

107.148.55.183

200 OK

27 kB

URL GET
tkshoppingmall.co/img/home_b5.c082b863.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 746 x 281, 8-bit colormap, non-interlaced
Size
27 kB (26556 bytes)
Hash
c082b8630c0b563377e299e2f0b3c4a7
4f058c51abec186fb59bed082748f66a5e161394
e4001876cbdeee2269eb285d1b1220a8cd077845b841a0a08bbf12a9159e6e21

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home_b5.c082b863.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"26556-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-0b03322b.c74123cc.css

107.148.55.183

200 OK

935 B

URL GET
tkshoppingmall.co/css/chunk-0b03322b.c74123cc.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (935), with no line terminators
Size
935 B (935 bytes)
Hash
a58337c4c62165a875e32b7abbcaa6ad
e9af0c88333e2fcb8225b37f74f4f7134d6a6db7
8e2e92f15ad1719022cc15406d5a4ff30b0b963b41b612628df0abbd7ac33811

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-0b03322b.c74123cc.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: text/css
content-length: 935
etag: W/"935-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/fd370537-bc59-4d31-a9c8-e7bbfebb9c9f.jpg

54.231.162.81

200 OK

30 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/fd370537-bc59-4d31-a9c8-e7bbfebb9c9f.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
30 kB (29992 bytes)
Hash
87706f749b341f09c0d4f313a08fc43e
1509845938ec37024267488237d11e718cde9f13
b7fe2721d939005c3d167ba39f1512ee5ba880a08fe370ab93dab990ff0a914f

HTTP Headers

GET /type/2023-03-29/fd370537-bc59-4d31-a9c8-e7bbfebb9c9f.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ZNJ5A4HSL2JLHHWf8IgDjnNNxTN1NwosPBsfBEU5plAUCJ789CkKNjAubyigL9jCBCKdCaUOka0=
x-amz-request-id: SRRPPN7GVE71CTAS
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:19 GMT
ETag: "87706f749b341f09c0d4f313a08fc43e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 29992
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/8f28f605-9543-48c6-a4c6-e8c636de7e5d.jpg

3.5.28.130

200 OK

43 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/8f28f605-9543-48c6-a4c6-e8c636de7e5d.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1258x715, components 3
Size
43 kB (43286 bytes)
Hash
57ccd4508cb9aa0770d6f99eb7d7aa41
7b297c1fe1347760132907f13ee3ed23e053d9d4
39111c493bd0463e579cf0032e909fdb655cc21522f36c4c14d7cd6aa9750dd0

HTTP Headers

GET /test/2023-03-28/8f28f605-9543-48c6-a4c6-e8c636de7e5d.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 12zv0UTD6y+vycj7k6io45wR42NM5PQBFu/zRGU+kC14WNNBJqd8dOpkl62Hx6dh0yfI5h+aSYrLvFpcYmpPxw92MvYShJ3r3RmOGaaQJPU=
x-amz-request-id: SRRJ3C9QT95XVZS8
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 20:51:37 GMT
ETag: "57ccd4508cb9aa0770d6f99eb7d7aa41"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 43286
Server: AmazonS3

GET tkshoppingmall.co/wap/css/chunk-vendors.402fc01f.css

107.148.55.183

200 OK

176 kB

URL GET
tkshoppingmall.co/wap/css/chunk-vendors.402fc01f.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/wap/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
176 kB (175519 bytes)
Hash
256d76086360d930240bbd58dad3fc17
fd622601f5474c180cb72172da163cdc1b24a20d
84e27bc01bd35ca804235d3160d2e1e2932e77eb8431991fe22793253d5d2c7f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/css/chunk-vendors.402fc01f.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tkshoppingmall.co/wap/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:48 GMT
content-type: text/css;charset=UTF-8
vary: Accept-Encoding
etag: W/"175519-1745462386000"
last-modified: Thu, 24 Apr 2025 02:39:46 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-07/c8ec458e-d863-4987-962f-ffcfe4f54175.jpg

54.231.162.81

200 OK

70 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/c8ec458e-d863-4987-962f-ffcfe4f54175.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 998x1009, components 3
Size
70 kB (70050 bytes)
Hash
f87e7fb1936b7674ce2db3ff1bd51be9
74046f5896c4ea5701895a0bcad36116deffd811
15161b624d29b2f059293432a831953d9dccf18ebf936b3d3c270f12f152a1dc

HTTP Headers

GET /test/2023-03-07/c8ec458e-d863-4987-962f-ffcfe4f54175.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: il2yD5OCF+KqgEOvdqv4Xk3vXn4eGYq3AWa3qbQeEljnDhg3ecRDCMKTsK5Xe93ex88gEVLyQOA=
x-amz-request-id: FFR597A4VRWT5WVD
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Thu, 23 May 2024 01:48:09 GMT
ETag: "f87e7fb1936b7674ce2db3ff1bd51be9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 70050
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/0fc428b6-ce78-4e40-8720-2895a3ca6279.jpg

3.5.28.130

200 OK

97 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/0fc428b6-ce78-4e40-8720-2895a3ca6279.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1150x1500, components 3
Size
97 kB (97265 bytes)
Hash
d9968fece3b7b4f5c0d3a7d9e94f5d78
e81e3a0033687bf57696241a4c467ff0cbfbb6e6
e6f90de0dc032a6005bfad5d014e90f27e656eb78e9e8750971a35c80f213552

HTTP Headers

GET /test/2023-03-28/0fc428b6-ce78-4e40-8720-2895a3ca6279.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Yi8yzPN0lF4NsfVITLP3tmn0455+gxUp8XLttuqXkPSTPTSKvdwyFW7CDnBVKOaxqJxWsDaGpvfrzKuus9mrRgg0SGW/5nVkQi5QbBI5gKs=
x-amz-request-id: FFRCXXKC73RFAB1V
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:46:59 GMT
ETag: "d9968fece3b7b4f5c0d3a7d9e94f5d78"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 97265
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-1dd2e722.f4861e54.js

107.148.55.183

200 OK

52 kB

URL GET
tkshoppingmall.co/js/chunk-1dd2e722.f4861e54.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (51772), with no line terminators
Size
52 kB (51772 bytes)
Hash
8fd4597209d51b28f31111c04534eecd
435f605987077c5daa554818bc73537631ba2c9f
9f01b418905eb5973e80f9407d6006ac1ebce2eac97f01a1654f2ab605d4286b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-1dd2e722.f4861e54.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"51772-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/c2ee0f57-1116-40ad-aca7-49b9767dcc11.jpg

3.5.28.130

200 OK

281 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/c2ee0f57-1116-40ad-aca7-49b9767dcc11.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1350, components 3
Size
281 kB (281097 bytes)
Hash
7faa3f2b42141a423b8e1f6d3ee74747
97663a192dc66edfe4b73619cad276fa004591c2
1df45324d5aa6cc03dede1031d87e58bac480731fa32b35be4e155f55cc8fac6

HTTP Headers

GET /avatar/2023-03-22/c2ee0f57-1116-40ad-aca7-49b9767dcc11.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 2MzZEWpGC+bxX3Bd28oQalisLy5E1OBZx1y7QpWD4suvAe7jMMK+e1+vGsPKubrqZ8xpkO7y/iL5EonLa/xpRafgPNZ4qJA5osyliVb5w5Q=
x-amz-request-id: FFR5A7HKXZTRQW65
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "7faa3f2b42141a423b8e1f6d3ee74747"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 281097
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-21/d1abc8d4-a966-4870-a143-b1f7d2116070.png

3.5.28.130

200 OK

7.9 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-21/d1abc8d4-a966-4870-a143-b1f7d2116070.png
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 315 x 315, 8-bit colormap, non-interlaced
Size
7.9 kB (7931 bytes)
Hash
bc384844f94f6222249217ee70960e98
d85569714428c6aec8441fc8e7c7e7fe32ce1a76
a05442c1d03f8499cb61309832916f97c5cd55cf6de36e132b8a5ef37e1a0c64

HTTP Headers

GET /avatar/2023-03-21/d1abc8d4-a966-4870-a143-b1f7d2116070.png HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: butCUqqAydBdcr0wUfkuKY8Mwn9IB5NGvqMe0f+CNIma5bG9AixQ58E2yX6TU4jpOm7JW9wZ7nr/OptBhH7Cv6vCRVluB2zSxYhTzZYk71Y=
x-amz-request-id: 22QST3FD1SE18HXH
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:21:39 GMT
ETag: "bc384844f94f6222249217ee70960e98"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 7931
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-9e9a3e9c.6429c2fa.js

107.148.55.183

200 OK

453 B

URL GET
tkshoppingmall.co/js/chunk-9e9a3e9c.6429c2fa.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (453), with no line terminators
Size
453 B (453 bytes)
Hash
1a121b52484919abb124867e484cae99
116e3dff4119429dcecdf62675f72e002d235382
487a044d00d3078013c9dc75400dfdd198da5ae9c23ee6715c7f035453558e08

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-9e9a3e9c.6429c2fa.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
content-length: 453
etag: W/"453-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/wap/

107.148.55.183

200 OK

1.4 kB

URL User Request GET
tkshoppingmall.co/wap/
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (368)
Size
1.4 kB (1393 bytes)
Hash
a0ada4267dc9dfe966f6d5640bae66db
223d4ebb95f36c4344afe7ff5c1dbead6dfcbe6e
78df462f04b35437bf8ce42a31b9b0997a12b8fd846e5ad1bd6a6ea9a578fa6c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/ HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:47 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
etag: W/"1393-1745462386000"
last-modified: Thu, 24 Apr 2025 02:39:46 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/06f91542-f535-445e-b3aa-04e3fb05fe8a.jpg

54.231.162.81

200 OK

27 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/06f91542-f535-445e-b3aa-04e3fb05fe8a.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
27 kB (27057 bytes)
Hash
1b8714109ac1c300a6848b18f4b10531
1c40a9917624327dcad395e8d0a9a204e24d73d0
952d26075b0ffa3fd64c6add8791e566a5d7010f52382b468a3f1672c5496320

HTTP Headers

GET /type/2023-03-29/06f91542-f535-445e-b3aa-04e3fb05fe8a.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 7jRKXTuRhDo/H2bM1FSAEFkUaGzmGBHObBO24lRh0qc7/5a09Do/iJsfdkghEa1AN2HqH97Tkjo=
x-amz-request-id: 22QG8E0AX66ZF890
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:17 GMT
ETag: "1b8714109ac1c300a6848b18f4b10531"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 27057
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/1fe3d3fd-05fc-4b1d-a8fc-364e9d33fcc4.jpg

3.5.28.130

200 OK

12 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/1fe3d3fd-05fc-4b1d-a8fc-364e9d33fcc4.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1060x507, components 3
Size
12 kB (12326 bytes)
Hash
ccff69006dcd3e1ecc8e139bfe9c5a9c
723f319128c6d63041259ce5725aaf670ef7f890
d3e206d3a678978521738381d06e6fdd5e0371d55a6429cbf8f526c66cde11aa

HTTP Headers

GET /test/2023-03-28/1fe3d3fd-05fc-4b1d-a8fc-364e9d33fcc4.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: XzIxuYDVTBpHOoRC32xOrlCHLxzDcXqu1MjZTEOeLN9GUj6gbRsv5xK6yeM2cg+3RoLWci6IX8llCaGdVlw7gckKjQSw6V/Dwu2xMbeOiKg=
x-amz-request-id: 22QX4MAS6R8NXDGJ
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:47:35 GMT
ETag: "ccff69006dcd3e1ecc8e139bfe9c5a9c"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 12326
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/d0fa772e-25da-44e1-a9d3-8fdfec84f7b9.jpg

3.5.28.130

200 OK

167 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/d0fa772e-25da-44e1-a9d3-8fdfec84f7b9.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
167 kB (166741 bytes)
Hash
2c56a052345660ad6a7c6e688a1a3058
0fc34a8a0d5743e9d81ecae6cdeff33826d18444
26f3ba0fd2212969ade9b2461b240d4da8425282d4b4f9b7b40c2d7fd7dcb95e

HTTP Headers

GET /test/2023-03-28/d0fa772e-25da-44e1-a9d3-8fdfec84f7b9.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: asMf1UWjQQrnBIciPhpVD119RairNTCY3HVodbkyoK3Y4247J5osnYk8MCwMCEjKWmU7actEXHGdEoZDCo9Z3DY3zxpcKbC5GwaX4W1Fym8=
x-amz-request-id: 22QP3W6ZVWNXD111
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:54:01 GMT
ETag: "2c56a052345660ad6a7c6e688a1a3058"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 166741
Server: AmazonS3

GET tkshoppingmall.co/wap/api/syspara!getSyspara.action?code=customer_service_url&lang=en

107.148.55.183

200 OK

58 B

URL GET
tkshoppingmall.co/wap/api/syspara!getSyspara.action?code=customer_service_url&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87f201052e0dc6c3b8a4a53b83bf44b5
f6b152fa79c655449e9e938e4417a5676a2e06da
fb522b0841e80aac3e1cb4fe0f613ae4bfd87fcbe1c03d0137e5c10fbdb86cf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/api/syspara!getSyspara.action?code=customer_service_url&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-274dd964.8c9689a5.css

107.148.55.183

200 OK

8.3 kB

URL GET
tkshoppingmall.co/css/chunk-274dd964.8c9689a5.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (8320), with no line terminators
Size
8.3 kB (8320 bytes)
Hash
2037b17edfa7195050c7d68f877171dd
ab924f9397d4e987d2f4017f86d846188a863c9b
ba9f8a5f7f829d793bd00dac906f51092bedf2583f8ebc10eebf05b5678dc124

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-274dd964.8c9689a5.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:56 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"8320-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-388ec078.8d021302.css

107.148.55.183

200 OK

13 kB

URL GET
tkshoppingmall.co/css/chunk-388ec078.8d021302.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (13187), with no line terminators
Size
13 kB (13187 bytes)
Hash
d0f858f022fe24ba202bc439c52ded36
7a015c0d63dc5642904ae4c113e82e2ffda3a6ad
f1ce3d90be0d33ed7f9eb9476e9ff5117e8acfc1e0d92954a39b8ed540983fad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-388ec078.8d021302.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"13187-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-6ec4778a.efb92f70.js

107.148.55.183

200 OK

31 kB

URL GET
tkshoppingmall.co/js/chunk-6ec4778a.efb92f70.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (30508), with no line terminators
Size
31 kB (30778 bytes)
Hash
fe8e673c561b944a7ed7b313c868dcec
0f016ada6fc886c6d927e1acb9e30b93991398ac
48c7223eb8cf1c083485495348586a78bd82459c43e89610edb471775c6d1397

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-6ec4778a.efb92f70.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"30778-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/home_b3.b9d6ba6d.png

107.148.55.183

200 OK

24 kB

URL GET
tkshoppingmall.co/img/home_b3.b9d6ba6d.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 426 x 337, 8-bit colormap, non-interlaced
Size
24 kB (24014 bytes)
Hash
b9d6ba6df123c4d019fa431706068b33
e26945bc830f3ba73d9756dd3cdaa74d4476e26f
da257cec62a2db3b17dc3bbec97829f29e63319bbebc460cda18727b36d14499

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home_b3.b9d6ba6d.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"24014-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/24d6b74e-f4eb-44d4-86fc-bba207f24d23.jpg

3.5.28.130

200 OK

96 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/24d6b74e-f4eb-44d4-86fc-bba207f24d23.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1125x1500, components 3
Size
96 kB (96163 bytes)
Hash
9be647a74de795386541434285edbd8d
b503f1ec4dcbb115539579fff23d285ec01d8748
6947267bc07c27d8485e3a3894124696aa1ba4508f3ceb62fb5f418b95a7fed8

HTTP Headers

GET /test/2023-03-28/24d6b74e-f4eb-44d4-86fc-bba207f24d23.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 4daqzjAHPq/WFHEPHuw/qF47+xBbnJDf31b7/z96DTzL3nI0jzuaEqN7LuPYeTV8ZItKhEvRBT+3u3S7idFWYQsKzITSwfATjS1TV1OND9E=
x-amz-request-id: SRRP6ZKXR14CSE5D
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 20:47:46 GMT
ETag: "9be647a74de795386541434285edbd8d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 96163
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-5ab1e75f.f12c939d.js

107.148.55.183

200 OK

21 kB

URL GET
tkshoppingmall.co/js/chunk-5ab1e75f.f12c939d.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20983), with no line terminators
Size
21 kB (21111 bytes)
Hash
de5326d17cc78513b3c7ed29db3e3948
8384773e797a534c944720bffcb05e75cc5e239c
fa35cb49f37fd6872553624b8033cf0f364ce9ecc090a3dfab315bb9727f581d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-5ab1e75f.f12c939d.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"21111-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-6699a1ea.2bfa4f9b.js

107.148.55.183

200 OK

3.6 kB

URL GET
tkshoppingmall.co/js/chunk-6699a1ea.2bfa4f9b.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3634), with no line terminators
Size
3.6 kB (3638 bytes)
Hash
386966f3ab997702d8aa929295543687
ac08f9a2106631d0db295f76f6301e27ba8132f7
3f845e929e3e94848fbdc2601954617666db728859a4d960cc76cedd6fa3ea90

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-6699a1ea.2bfa4f9b.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"3638-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-11/c5a63bc0-28ed-4a64-9e72-b58af5897c43.jpg

54.231.162.81

200 OK

114 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-11/c5a63bc0-28ed-4a64-9e72-b58af5897c43.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1258x1333, components 3
Size
114 kB (113686 bytes)
Hash
d85cdd88cbe7726f1f354bedbb0e0705
99a01bf50cfb668fd087bf30fb597e44f542c8ad
0dd206e3bf18b10a0aef408e1f7576894ea0e4b5a37098b3c13df3ca89622975

HTTP Headers

GET /test/2023-03-11/c5a63bc0-28ed-4a64-9e72-b58af5897c43.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 8HCxyNjtdKVXktOiFYjYsImslR5BoAMyhB488F3DPFyq45DkiMbxS8vylXCuhiTJVWgmFuvfcfs=
x-amz-request-id: 22QRTVCG3DWWQW6W
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:10 GMT
ETag: "d85cdd88cbe7726f1f354bedbb0e0705"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 113686
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/selle/2023-10-01/8fea6a94-0d59-4f71-9a73-296d5c8b06c4.png

54.231.162.81

200 OK

1.6 MB

URL GET
imgtest1.s3.amazonaws.com/selle/2023-10-01/8fea6a94-0d59-4f71-9a73-296d5c8b06c4.png
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 675 x 1200, 8-bit/color RGBA, non-interlaced
Size
1.6 MB (1583585 bytes)
Hash
a014c9ab5391140187e76b6275dad58d
492c7e9265ed3619b395ac9a02fe77462e7347dd
1af0d189396ff409bd264b37b79d84ea7ec32c1d7fe4c9dbdb7f1c6faef9dc28

HTTP Headers

GET /selle/2023-10-01/8fea6a94-0d59-4f71-9a73-296d5c8b06c4.png HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: ZO6LPdy8Y40HvhOKTjeZ8ejtSfEsJl7Z7w1LtsSp8wKPUsreRGWRdEcmQg9HxVZGbL2YyYM4XxA=
x-amz-request-id: 22QVRV1S2HJHD8N6
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:44:40 GMT
ETag: "a014c9ab5391140187e76b6275dad58d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 1583585
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-574f8736.f3d103e0.js

107.148.55.183

200 OK

6.6 kB

URL GET
tkshoppingmall.co/js/chunk-574f8736.f3d103e0.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6528), with no line terminators
Size
6.6 kB (6630 bytes)
Hash
f0c27939355077ea9b0cca01817e7ff5
6f55f4086898a6c55e366364f9a9a594be6fb495
112b39c65040c66adbdaefe3479a7a0f258af8f2f0e31f46a0b4260711d6ec16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-574f8736.f3d103e0.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6630-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/wap/api/syspara!getSyspara.action?code=customer_service_url&lang=en

107.148.55.183

200 OK

58 B

URL GET
tkshoppingmall.co/wap/api/syspara!getSyspara.action?code=customer_service_url&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
58 B (58 bytes)
Hash
87f201052e0dc6c3b8a4a53b83bf44b5
f6b152fa79c655449e9e938e4417a5676a2e06da
fb522b0841e80aac3e1cb4fe0f613ae4bfd87fcbe1c03d0137e5c10fbdb86cf4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/api/syspara!getSyspara.action?code=customer_service_url&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/ee56ce9f-d4ca-4967-b1cb-16e49b0496ae.jpg

3.5.28.130

200 OK

198 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/ee56ce9f-d4ca-4967-b1cb-16e49b0496ae.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1024x1024, components 3
Size
198 kB (198020 bytes)
Hash
fe31795718d6b7c88834debbf8c3c5c1
9f559719e377968dfc30f832bf5884883ff7195a
3a727f4d97f6c35e698cb43abd9aa5c092afe6de25fe14aa0d994eca852c04aa

HTTP Headers

GET /avatar/2023-03-22/ee56ce9f-d4ca-4967-b1cb-16e49b0496ae.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: BqfglltRLXh3Ev2HD6s/zRfj27siaKH8Z1yYk+NASKC5oY2aDWx1Ej84dmCCt1+N8L3P0Mue3XsEEKIYcq0XXDhmLPOxgkkjnD8ucTdGHlU=
x-amz-request-id: FFRDWPTEFXAB7YHW
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "fe31795718d6b7c88834debbf8c3c5c1"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 198020
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-4bf9eb2e.6c52956b.css

107.148.55.183

200 OK

19 kB

URL GET
tkshoppingmall.co/css/chunk-4bf9eb2e.6c52956b.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (19443), with no line terminators
Size
19 kB (19443 bytes)
Hash
1562ad10344a538692f44cbc7b956965
244e73c41a2338855275450c20eea007fbe825b7
e554499c7c7fb9ef89f1fee1acdcc655ece91908ff4fc335cf5ff77f2da50382

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-4bf9eb2e.6c52956b.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"19443-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-07/f204d4bc-b984-45d8-b4c0-c64cd323a50b.jpg

54.231.162.81

200 OK

96 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/f204d4bc-b984-45d8-b4c0-c64cd323a50b.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 552x1500, components 3
Size
96 kB (96209 bytes)
Hash
eb5830f9537ac75127130551276084ef
79cd82c86181ee69f0202b0817623ed0ddcd9753
4c513da923d6affb6789d80dc2193fdec698edf2269ee75adcca490a8104b007

HTTP Headers

GET /test/2023-03-07/f204d4bc-b984-45d8-b4c0-c64cd323a50b.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 1Oj3BOh6irLnCgYarK9VdCKrPNrOnFP8xBjnykI6Coo3o0RON9Y17MexPWNaM879T8A2gUZL2YI=
x-amz-request-id: FFR8NJ28RHPN3K1V
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Thu, 23 May 2024 01:48:42 GMT
ETag: "eb5830f9537ac75127130551276084ef"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 96209
Server: AmazonS3

GET tkshoppingmall.co/wap/api/newOnlinechat!unread.action?lang=en

107.148.55.183

200 OK

32 B

URL GET
tkshoppingmall.co/wap/api/newOnlinechat!unread.action?lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
32 B (32 bytes)
Hash
472e9a7530675f76d965067fcba6278d
e1fdae764ba06c37792e7b2a2549c88cf3350b09
26de7e215697f7b90d77581633fd7fe0b379ba230d1a9c1a0b502ed862b3f5bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/api/newOnlinechat!unread.action?lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-09-27/de5825e3-c72f-4186-9503-2b6b89af399a.png

54.231.162.81

200 OK

227 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-09-27/de5825e3-c72f-4186-9503-2b6b89af399a.png
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 704 x 314, 8-bit/color RGBA, non-interlaced
Size
227 kB (227074 bytes)
Hash
fe338c9b5d010848cb21a1db76fadf7e
45eb4551bb82a4993dbc63c4bbc236b89b52fe61
eac06e949524de896c14555b703c2a7c6e63c573083b7544a336f8c027fdde81

HTTP Headers

GET /type/2023-09-27/de5825e3-c72f-4186-9503-2b6b89af399a.png HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: YmkTUP1hc4Kx/4hOTFUlFwjKX7GLLAUWoM8w3G0JzTSDDI+Rp9AEHO8roEghXe7fJx7xywVar3g=
x-amz-request-id: 22QWW87MZRX0KH9J
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:35 GMT
ETag: "fe338c9b5d010848cb21a1db76fadf7e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 227074
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-7faf5b68.bc2a974c.js

107.148.55.183

200 OK

11 kB

URL GET
tkshoppingmall.co/js/chunk-7faf5b68.bc2a974c.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11071), with no line terminators
Size
11 kB (11101 bytes)
Hash
aeba9ff9a2460402798adaae8134b45c
59d71755fcd21a1c911142ca69982a3d39f8b32b
46341b38e9ef472853a63603d09a541dbe74bbc7d162a9b839dd8776cc95732e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-7faf5b68.bc2a974c.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"11101-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/tiktok-logo.5d29d620.svg

107.148.55.183

200 OK

9.3 kB

URL GET
tkshoppingmall.co/img/tiktok-logo.5d29d620.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
9.3 kB (9251 bytes)
Hash
5d29d6206258b00671a9be83ea87f0f8
28297cb32a2f17352df7ce48e2bbe4ca8a7a4cc1
4d853abc9945eaff24db8ad09774de37b6dcbeb9981d014299afee9993f8637c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/tiktok-logo.5d29d620.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"9251-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-09/c91ba668-dfab-45bb-aa0a-3da0c51bcea4.jpg

16.15.216.27

200 OK

10 kB

URL GET
hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-09/c91ba668-dfab-45bb-aa0a-3da0c51bcea4.jpg
IP
16.15.216.27:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x400, components 3
Size
10 kB (10354 bytes)
Hash
1462e358545cb821cbeaa45af5e348a7
006a0eeda10263f0d06c4ea385878873e33b013d
4aa44b79ccaea4eedd06125ae12b9e0939682f73db39438e7e86d88f3652b88c

HTTP Headers

GET /avatar/2023-11-09/c91ba668-dfab-45bb-aa0a-3da0c51bcea4.jpg HTTP/1.1
Host: hetao-shop-test2.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: N9FkkE2PegMymi8Ti4tgrbfjJvpImZzSfoNTtfiexgdGlFf94df6DZE0pfP8JZqYcmPyQp8keR9jjSFWpnDuNedi0TwkhqSPYvwgryqKm5U=
x-amz-request-id: FFR94KQWV7D731K7
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Thu, 09 Nov 2023 07:44:26 GMT
ETag: "1462e358545cb821cbeaa45af5e348a7"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 10354
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-11/5b2e7318-d3dc-4133-9cdd-a3e8bd8dc152.jpg

54.231.162.81

200 OK

169 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-11/5b2e7318-d3dc-4133-9cdd-a3e8bd8dc152.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
169 kB (169277 bytes)
Hash
5221395ee29242605dd924706d012aea
b5c84a3be7b040a8bf20336a09f01ce3d5da1910
fae9f02ada935d525035e324b5903d79ee5309649f5f960cdae175afc4b53331

HTTP Headers

GET /test/2023-03-11/5b2e7318-d3dc-4133-9cdd-a3e8bd8dc152.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Q1HlIKuIiNyleSypEd45Srsq6FMaPfezsBcTvnAVjBW3aUq3wKS2P5qwxzpcyTncgTxP2hFu028=
x-amz-request-id: 22QMZS5X51ZRQBXP
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:49:28 GMT
ETag: "5221395ee29242605dd924706d012aea"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 169277
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-5a7cd9d5.4b39f7fa.js

107.148.55.183

200 OK

29 kB

URL GET
tkshoppingmall.co/js/chunk-5a7cd9d5.4b39f7fa.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (28345), with no line terminators
Size
29 kB (28795 bytes)
Hash
d6b90157e3125a0803229960750099ed
e06fb1f742dc9e6cec285fe15a018ea8451093fe
5b848a6a865dac6f79fe64d79cd5db7584e89dcdd2019a4a4bf3fe1a13a5d27f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-5a7cd9d5.4b39f7fa.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"28795-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-27/19c6380e-1306-46a7-a234-79dda7f1ddb3.jpg

16.15.216.27

200 OK

54 kB

URL GET
hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-27/19c6380e-1306-46a7-a234-79dda7f1ddb3.jpg
IP
16.15.216.27:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 612x609, components 3
Size
54 kB (54406 bytes)
Hash
c2313b7303225b3b2fee461c3cba8e86
8b994f42c7ed8dc2412c283ef7b9da2e24aeacb0
0aac09bb52414f093911679a498791ca6206764797fa9322728df3e6ad5511b0

HTTP Headers

GET /avatar/2023-11-27/19c6380e-1306-46a7-a234-79dda7f1ddb3.jpg HTTP/1.1
Host: hetao-shop-test2.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 0PaHNxX0QxwqggKWCJLTFTppNkQEGWk1Ig/MsPzju8XLSgs3jUqsMaMRYV5dGlfhECp5wBuMYT5MKIHiQUpxue1+OumDuWE+5zLGN+kxGsQ=
x-amz-request-id: FFRD4JQV3AAXFS5C
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Mon, 27 Nov 2023 07:09:25 GMT
ETag: "c2313b7303225b3b2fee461c3cba8e86"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 54406
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/4d106467-e1bb-4199-91a3-14c09c397800.jpg

3.5.28.130

200 OK

83 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/4d106467-e1bb-4199-91a3-14c09c397800.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1470x1500, components 3
Size
83 kB (82584 bytes)
Hash
14d9f42f2c63b1613cc542428d426122
00e4462aa838f47df6791daf815e8eb0a5cd4bdb
755dcfb51fca83949bf37ee825b678dab8b0cdd28d284dc614d367e147e6464f

HTTP Headers

GET /test/2023-03-28/4d106467-e1bb-4199-91a3-14c09c397800.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Do8rs9zzUaF1ln98xKznpCfNrYCDSQR/Xj4Tkh4u6CCQDXkkTDX5kxNq474dkfov95PIDrpWYncZ1ntJeg5gWx78M28zw9LBC5tgdVDCxRY=
x-amz-request-id: FFR6VM3B3HFD7VJW
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:49:13 GMT
ETag: "14d9f42f2c63b1613cc542428d426122"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 82584
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-478846d8.df129f08.js

107.148.55.183

200 OK

13 kB

URL GET
tkshoppingmall.co/js/chunk-478846d8.df129f08.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (13189), with no line terminators
Size
13 kB (13197 bytes)
Hash
dba3dd990d6693f2b16b38738b996e60
6d36eea713f3b6fcbd868d47a7284773fb754e88
c32d10d3f26f49f339a0b3420d4b7f28e7b703cb84fdce404e1d359d0ff81a17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-478846d8.df129f08.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"13197-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET firebase.googleapis.com/v1alpha/projects/-/apps/1:270054984552:web:cdf4559c94bac0e24d64dd/webConfig

142.250.178.74

200 OK

258 B

URL GET
firebase.googleapis.com/v1alpha/projects/-/apps/1:270054984552:web:cdf4559c94bac0e24d64dd/webConfig
IP
142.250.178.74:443
ASN
#15169 GOOGLE

Requested by
https://tkshoppingmall.co/wap/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint7E:14:87:08:DF:BA:04:65:17:BA:3B:4F:BA:EA:BC:8C:3F:0A:A4:00
ValidityMon, 31 Mar 2025 08:55:43 GMT - Mon, 23 Jun 2025 08:55:42 GMT

File type
JSON text data
Size
258 B (258 bytes)
Hash
c4dc4689afde3f8151bc0f6771b086d0
2c455582e34489183c6dcbec53eca9656a1ad759
d1ee15c4f3e3c22f70a0119b04f80142aef6f226cc3921542dd7877295671a60

HTTP Headers

GET /v1alpha/projects/-/apps/1:270054984552:web:cdf4559c94bac0e24d64dd/webConfig HTTP/1.1
Host: firebase.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tkshoppingmall.co/
x-goog-api-key: AIzaSyCAfTDznXqUGIw8odfEwVgmCg_2KwWnRps
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Sun, 27 Apr 2025 13:28:51 GMT
server: ESF
content-length: 189
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://tkshoppingmall.co
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/60a1fbda-8b7a-4e10-8330-6b90300f8177.jpg

3.5.28.130

200 OK

68 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/60a1fbda-8b7a-4e10-8330-6b90300f8177.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1402, components 3
Size
68 kB (68214 bytes)
Hash
6c940aad2dc2544cd2897468bb9fd97e
f72f714028b0db42c1ceadeb3bc0778347189736
830c5b0169830cac824ae8d0298c5072a7c9c3e1ee9842303d5999480581c0c7

HTTP Headers

GET /test/2023-03-28/60a1fbda-8b7a-4e10-8330-6b90300f8177.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: j/D9LZfnPG5JwPkiQvWzVBfmeX6s2GpiDPV09Fjj78a3+RyJSTOHehAeDPRI/K1b63FxApJ2H6xvH69TLwjvZDyFwpVvaePPLKlVUOmekeo=
x-amz-request-id: 22QGX8P4ENPCJ4QB
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:49:55 GMT
ETag: "6c940aad2dc2544cd2897468bb9fd97e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 68214
Server: AmazonS3

GET tkshoppingmall.co/img/cart-icon.5a38f867.svg

107.148.55.183

200 OK

1.2 kB

URL GET
tkshoppingmall.co/img/cart-icon.5a38f867.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1191 bytes)
Hash
5a38f8670fc30481f726e876e5565822
4f77b532d773da5c92c3c7f422295dff683fc333
5bc7ebb0010656c541db3a1a4b02f5402be06b70f825c21512af050fe7cbbdbb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/cart-icon.5a38f867.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"1191-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/b07acf47-c478-464b-b17a-ba9226a7e00e.jpg

54.231.162.81

200 OK

27 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/b07acf47-c478-464b-b17a-ba9226a7e00e.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
27 kB (26582 bytes)
Hash
3cadf1789eb8f8d80a12e5ad0e19ea67
90a7bb2b2bf9588a95f5895d19564e8e0d7a1b01
4a1e05ded030983d325fa2a293dffeb39ce70d4948634927f6752dfc6d2f1dbe

HTTP Headers

GET /type/2023-03-29/b07acf47-c478-464b-b17a-ba9226a7e00e.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: FRtroCKHPpfsEQqBeBbDs6LWf+FT1JQC1hYl122r2yXiREzwf+koA2RYOrFuZv7Q2OBraEGLJ/Y=
x-amz-request-id: 22QPRF1964YJFFYW
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:18 GMT
ETag: "3cadf1789eb8f8d80a12e5ad0e19ea67"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 26582
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/type/2023-03-29/e1158c3f-a786-4374-aab7-3f4dac76589d.jpg

54.231.162.81

200 OK

66 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/e1158c3f-a786-4374-aab7-3f4dac76589d.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
66 kB (66319 bytes)
Hash
dbb5460537325e381060d6a696bdabba
852c6ea174a0fcdd7e7351b5bc5c1ddc309d87a1
3ff029feb7f2d1b0a7bffa8d5060030474f569524abd014585f373a17fc09695

HTTP Headers

GET /type/2023-03-29/e1158c3f-a786-4374-aab7-3f4dac76589d.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 6uLvEIthCaE2+XEHL1prXC5VclMrIql7srG2NTYcNn6jXrR1IctvCcQWVcQGzPbI6ZDEcmzY0UI=
x-amz-request-id: 22QG70YEH9ZYB2SV
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:19 GMT
ETag: "dbb5460537325e381060d6a696bdabba"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 66319
Server: AmazonS3

POST tkshoppingmall.co/wap/api/sellerGoods!recommend_new.action?type=0&pageSize=24&pageNum=1&lang=en

107.148.55.183

200 OK

142 kB

URL POST
tkshoppingmall.co/wap/api/sellerGoods!recommend_new.action?type=0&pageSize=24&pageNum=1&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
142 kB (141987 bytes)
Hash
61d114b3090e83426220d6bd481cf424
8ddf505cbb054bdfa93fc347c5722564df66bd82
c1295d6ba61184dd5afb0d42c3ca5b0d932fb08be9ebca66f7fda4bb643c7af6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/sellerGoods!recommend_new.action?type=0&pageSize=24&pageNum=1&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-b3e2ad50.34082bc3.css

107.148.55.183

200 OK

2.3 kB

URL GET
tkshoppingmall.co/css/chunk-b3e2ad50.34082bc3.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (2347), with no line terminators
Size
2.3 kB (2347 bytes)
Hash
1b6f485aff44fc03f17b06e862dbc4ae
178ca8a26fcc11cca20b0319b411c2255438dc6a
a302163bc161084fa0addc5e7a9cb90febf5f3aa39a696d4ea3794dcd613908f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-b3e2ad50.34082bc3.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"2347-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-874afab4.e9938ee0.css

107.148.55.183

200 OK

4.6 kB

URL GET
tkshoppingmall.co/css/chunk-874afab4.e9938ee0.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (4616), with no line terminators
Size
4.6 kB (4616 bytes)
Hash
222d8ea2956f9887bf35bd578588bdf6
62e0aa42622757e99ee01089545eaa3b357acbeb
1fe8d8e64b9b623a328bcaaf8c30668b71c318de2e73231c2abb7fbd142caa6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-874afab4.e9938ee0.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"4616-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-05eb9f86.dac8e76a.js

107.148.55.183

200 OK

12 kB

URL GET
tkshoppingmall.co/js/chunk-05eb9f86.dac8e76a.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (12236), with no line terminators
Size
12 kB (12268 bytes)
Hash
7a03b640ff6b37482444cf05263139ea
c53a9e1fb89bf989185f2c5ccdcf8fbe51b557d0
9268f8d812618df61aa88ec7200feb2745aa2d313630fdcf5ffb245a94d0a41a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-05eb9f86.dac8e76a.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"12268-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-478846d8.df129f08.js

107.148.55.183

200 OK

13 kB

URL GET
tkshoppingmall.co/js/chunk-478846d8.df129f08.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (13189), with no line terminators
Size
13 kB (13197 bytes)
Hash
dba3dd990d6693f2b16b38738b996e60
6d36eea713f3b6fcbd868d47a7284773fb754e88
c32d10d3f26f49f339a0b3420d4b7f28e7b703cb84fdce404e1d359d0ff81a17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-478846d8.df129f08.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:53 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"13197-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/pc/gp910/B09J24LHCX/61QegK7thpL._AC_UL1500_.jpg

3.5.28.130

200 OK

38 kB

URL GET
mall-test.s3.amazonaws.com/pc/gp910/B09J24LHCX/61QegK7thpL._AC_UL1500_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1492, components 3
Size
38 kB (37930 bytes)
Hash
2ed4199aa9584821790b1841c8353686
a192261d2c55103fa2300cbc5177bf5b45551afd
a1005e120733ba2420d6ab3495dc51103d7c5a2ac608ef46923fcd18f71d8b5f

HTTP Headers

GET /pc/gp910/B09J24LHCX/61QegK7thpL._AC_UL1500_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: dcJ3EOXZgfwz41POHVmp9xdnOojKCqvP+e7n+fj6EgY+AGKu+c5CHxkp3UGJT5jg+HdD1Lnb/vJkaRUNc3HF4x9OFaLD65owuRvi/O0dbwE=
x-amz-request-id: SRRN6JPZRQV2JM7C
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 14:04:11 GMT
ETag: "2ed4199aa9584821790b1841c8353686"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 37930
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/55080912-43dc-4b0e-9011-ca007581a20c.jpg

3.5.28.130

200 OK

491 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/55080912-43dc-4b0e-9011-ca007581a20c.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, orientation=upper-left, xresolution=74, yresolution=82, resolutionunit=2], baseline, precision 8, 1000x667, components 3
Size
491 kB (490882 bytes)
Hash
68190771588f77a99ac114c18afd6ee8
9106b9b966a0cd3ead00089d0ff1596140da0464
59db0755967917dde7595f890a44cd7a6cec59cfc5832460b527502055ae7098

HTTP Headers

GET /avatar/2023-03-22/55080912-43dc-4b0e-9011-ca007581a20c.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 4lSUzitGcmeS8W0fFDUW1sxTzxyJNfSYAOTBK7lVaVA0w+jFPKh15GWMj8eSF9+qjGv3vbBRraYN0gCpk/Zbfn9p8ixEJ1pI/obqjCqk4cI=
x-amz-request-id: FFR723XVCH436Q4Z
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "68190771588f77a99ac114c18afd6ee8"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 490882
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/304ce03b-5dd7-4e7f-a074-7d7c71886fb0.jpg

3.5.28.130

200 OK

56 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/304ce03b-5dd7-4e7f-a074-7d7c71886fb0.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 594x745, components 3
Size
56 kB (55808 bytes)
Hash
a3fdf184d72fcd6264f3e56d08724060
44b803a692f1d5a4ceaa59481d693e1af0493826
804ba7da443132d09e928652b04212b8481c8da88e893fe4b7a76a4771e9deaa

HTTP Headers

GET /test/2023-03-28/304ce03b-5dd7-4e7f-a074-7d7c71886fb0.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: SlMRW3zSFuxnw4Ak5gj45nPrjTS1b0n4V85BVj8EfXpasBjLgKhGlo+g+dtLeg/cR0wz2csIQD4O8xUq3bF+npY9qAtmFOmka9ikw0oTIFk=
x-amz-request-id: FFR4E8E0MJHG150F
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:48:11 GMT
ETag: "a3fdf184d72fcd6264f3e56d08724060"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 55808
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-01aa4ef8.516eb7f2.css

107.148.55.183

200 OK

600 B

URL GET
tkshoppingmall.co/css/chunk-01aa4ef8.516eb7f2.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (600), with no line terminators
Size
600 B (600 bytes)
Hash
bb200e6dfa10d96aec3e70b2fb0133d4
eb32d37c1fc98d48ceb550a37295546e597886a1
cd0615889510f43d71cc8688c5ee26a144ccab2e98fee564303dc688bed1edb4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-01aa4ef8.516eb7f2.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: text/css
content-length: 600
etag: W/"600-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-07/1b624419-30da-466f-9d2d-b0413cb30428.jpg

54.231.162.81

200 OK

88 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/1b624419-30da-466f-9d2d-b0413cb30428.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1458, components 3
Size
88 kB (88025 bytes)
Hash
dd9bf4005d21a4d398581ee790deffd0
03f62c4320e1236c0e1408079419e62e8043168a
97d5ca61ef391b0128979a0e568af2d0d56fdcf41a5aff34ba1feb2f270402c2

HTTP Headers

GET /test/2023-03-07/1b624419-30da-466f-9d2d-b0413cb30428.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: nIL9e+e+0/8U5Rl/VYeW1ae+owmAcw57nyeBoJAvdCIrbG2Egs69CGtsi4CT2UjcYs/hPmM0/yA=
x-amz-request-id: 22QZXME69FS6MJCN
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:45:54 GMT
ETag: "dd9bf4005d21a4d398581ee790deffd0"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 88025
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-dffb9062.9888b375.css

107.148.55.183

200 OK

428 B

URL GET
tkshoppingmall.co/css/chunk-dffb9062.9888b375.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (428), with no line terminators
Size
428 B (428 bytes)
Hash
c9a52eb446fcc85a2c736a27c60dcee7
c7d187cf51f6e8407ea7aa80bc1fba3ee9a32168
b5e18159e5c68c970fa73e310bec42ee3af06aefa4c3c6f02428d9f3d44bec82

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-dffb9062.9888b375.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
content-length: 428
etag: W/"428-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/cc9f0c02-1a92-4528-8753-c155478fe852.jpg

3.5.28.130

200 OK

237 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/cc9f0c02-1a92-4528-8753-c155478fe852.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
237 kB (237188 bytes)
Hash
d858d55afc3e656ee3bfdf0a377589f5
4aad0028082baab839dcf77b15dbb1c1f8cd9cba
d642984a117d89349a1406a829df5859a6bcb1c7e55241b7a647bb238b2be1f3

HTTP Headers

GET /test/2023-03-28/cc9f0c02-1a92-4528-8753-c155478fe852.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 3ok3Rpoz+a7od43pto3gTb6qgqPedo9adIQPAT/J2ppyIMgvxdUchUydCgp44aLWC5tk3K9Xl7ynBuXnA4tdcKIlbo5K4kfLK3Q7xHVSVTI=
x-amz-request-id: FFRCGMEGJRRSX4A4
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:53:52 GMT
ETag: "d858d55afc3e656ee3bfdf0a377589f5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 237188
Server: AmazonS3

GET tkshoppingmall.co/img/home_b6.e1fcd549.png

107.148.55.183

200 OK

56 kB

URL GET
tkshoppingmall.co/img/home_b6.e1fcd549.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 746 x 281, 8-bit colormap, non-interlaced
Size
56 kB (56316 bytes)
Hash
e1fcd549ef00b0ef36c038b697291050
9caea977987da5297d520cffeb3ab0012a405f59
d1c912fd740b2bc69308c8d2fc76a53fc520888cb71a2b477e75c243cd0f29d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home_b6.e1fcd549.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"56316-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/2720fdb5-6ec5-4112-a839-a2eda817faf4.jpg

3.5.28.130

200 OK

6.4 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/2720fdb5-6ec5-4112-a839-a2eda817faf4.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 313x161, components 3
Size
6.4 kB (6424 bytes)
Hash
d1713f7a0e5570f2e80a4085e378589b
df7946e6c07358e0f4050464d66955b33c865a94
6cd83eb1bdc17b4e673082f2f723fb6496fcbcdd9333722a42e0624e6bc21d4a

HTTP Headers

GET /avatar/2023-03-22/2720fdb5-6ec5-4112-a839-a2eda817faf4.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 01eONB5w7jCtzIhMqmb5+IRKOh1TArkUTpN537pwQcQwS1veRvqG1Kr0MbYv+7FVuPQaiNkmctSA7WyVZo8WDtcuxI1iiJnONP32d6oRw5Y=
x-amz-request-id: 22QJAAXJWFXQSXC8
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "d1713f7a0e5570f2e80a4085e378589b"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 6424
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-15/e784c612-43a1-4248-92ca-68f8c7771479.jpg

3.5.28.130

200 OK

125 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-15/e784c612-43a1-4248-92ca-68f8c7771479.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1440x1440, components 3
Size
125 kB (125293 bytes)
Hash
4fefd642d0ba649e2638d79aba1f06a9
2804f3147c498add7926958e9fb5c6561df5c4af
57f57a5716871604f452cfbbd9ccc5dddf928412ebd6c445cb85e3b79ff559e6

HTTP Headers

GET /avatar/2023-03-15/e784c612-43a1-4248-92ca-68f8c7771479.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: jq3vEUVt7qWBg8HuEe5mLFF2+DNKsxrb2tdYPeidUSuno0A/b+1yZr/Nr6BC48Aml2RcAy2e1b+blsvEAo8Akac/bFxCQ/GoospfnjTyyZg=
x-amz-request-id: FFR5GNXBEV008S7T
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:39 GMT
ETag: "4fefd642d0ba649e2638d79aba1f06a9"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 125293
Server: AmazonS3

POST tkshoppingmall.co/wap/api/sellerGoods!recommend_new.action?type=2&pageSize=24&lang=en

107.148.55.183

200 OK

123 kB

URL POST
tkshoppingmall.co/wap/api/sellerGoods!recommend_new.action?type=2&pageSize=24&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
123 kB (123438 bytes)
Hash
b0d1577421d12fe7250ef8bfec604c10
3abeff5b0ee3673f4971f2c03e5a4b2c1e43c48f
e28595dd77307713fef88d5ba03b5fc4d2ffda51393dd27ce14e50172a6ce124

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/sellerGoods!recommend_new.action?type=2&pageSize=24&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-574f8736.1308f1e4.css

107.148.55.183

200 OK

971 B

URL GET
tkshoppingmall.co/css/chunk-574f8736.1308f1e4.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (971), with no line terminators
Size
971 B (971 bytes)
Hash
364b94b45eaf72b8e38bf5dc4b2348f9
869691808bc786803fba4730ffaecb8c2c95a975
2da93f714bc866a0e4f302d78c7e5d14d291c27551b29d27969cb57089a191d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-574f8736.1308f1e4.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
content-length: 971
etag: W/"971-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-8a9eff90.3858f274.css

107.148.55.183

200 OK

4.3 kB

URL GET
tkshoppingmall.co/css/chunk-8a9eff90.3858f274.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (4287), with no line terminators
Size
4.3 kB (4287 bytes)
Hash
259b888a02c1a67898a8e39d4aa4746f
d7012caa64b9fa0ebce72c8cfe017028c9b073ae
2a603661a9ccfe6b0e4dca1883b2ad4567ebbf8f996ab27f8344197e68fdba39

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-8a9eff90.3858f274.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"4287-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/head-icon.a9738a5f.svg

107.148.55.183

200 OK

575 B

URL GET
tkshoppingmall.co/img/head-icon.a9738a5f.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
575 B (575 bytes)
Hash
a9738a5fd45ccf2ff907f62e01f45f23
7818099d5e641ce71fb8229c8693f04bec31b0e4
f9ffdbce80e0f0e8322c6d5448a3db1564d0749d6e7cf782ed8aa4747d18dd58

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/head-icon.a9738a5f.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/svg+xml
content-length: 575
etag: W/"575-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/more_icon.9327cb36.svg

107.148.55.183

200 OK

328 B

URL GET
tkshoppingmall.co/img/more_icon.9327cb36.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
328 B (328 bytes)
Hash
9327cb36c3f2f8aa02c3375bb2b902ca
b7477df5855a9c56d6f73d4770f5f59643370bc6
f982ded8e868bab40f1ab23b1d3cf05d0ff847ffff6c591062dab8d2517d2bdf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/more_icon.9327cb36.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/svg+xml
content-length: 328
etag: W/"328-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/avatar/2023-03-21/018722f0-dcd4-468b-8911-7397500e4fe4.jpg

3.5.28.130

200 OK

11 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-21/018722f0-dcd4-468b-8911-7397500e4fe4.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 216x233, components 3
Size
11 kB (11040 bytes)
Hash
bfc6dd323cdb141a2aee1f353768a6d8
127b0e69dcef76de2e35087fe3e7b2dbff72f82d
557c7d801510e095c76edd6ad5d5caaabb55698858af3c6d5271264d38964a81

HTTP Headers

GET /avatar/2023-03-21/018722f0-dcd4-468b-8911-7397500e4fe4.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: kbcriEEkFmgCcmBP/+j2AOgHKQIMeWOiC0fcZAZn0wnXTmVIjn7uBSis0IxsaRmKjFg9XW/qeNbYcRBXODO49WROJrXj86owrjyanlOlTOg=
x-amz-request-id: 22QG8H3EYDC4W9RQ
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:21:39 GMT
ETag: "bfc6dd323cdb141a2aee1f353768a6d8"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 11040
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/avatar/2023-06-15/1a50c40d-e3b7-4a80-8161-6b85fca1cb33.jpeg

54.231.162.81

200 OK

6.5 kB

URL GET
imgtest1.s3.amazonaws.com/avatar/2023-06-15/1a50c40d-e3b7-4a80-8161-6b85fca1cb33.jpeg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 318x159, components 3
Size
6.5 kB (6474 bytes)
Hash
5f75afa191b18dbe4eda90b06d5eb13a
508be43c8041b9a4494522e49ae4283750df4a65
d34a8487479442e9c70ddac03933e6fa12e605778b7e63f4c667c6f0c6bbd48e

HTTP Headers

GET /avatar/2023-06-15/1a50c40d-e3b7-4a80-8161-6b85fca1cb33.jpeg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: PhSzsPFpASXCzTHPF11/U/XlvOdLM27Rp0vG+x3vH6YMHAfkuqn0pGwwing29B0as/awkcvOx+k=
x-amz-request-id: 22QP6WJVV0JQV3GY
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:20:56 GMT
ETag: "5f75afa191b18dbe4eda90b06d5eb13a"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 6474
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-21/a5b316de-9750-4c11-90ff-6513cbbb14a2.jpeg

3.5.28.130

200 OK

183 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-21/a5b316de-9750-4c11-90ff-6513cbbb14a2.jpeg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1200x675, components 3
Size
183 kB (183108 bytes)
Hash
9b6c33b71e999512cdc23c8969a770bf
56b23d4f53c7078fe265f8a78f47c98700384c31
8c17b47ad3b13b0e08ec98668339c89bde103c360cf78568cb7a1e811ee00997

HTTP Headers

GET /avatar/2023-03-21/a5b316de-9750-4c11-90ff-6513cbbb14a2.jpeg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: G1lxlXe/+NcsgLBmyAcl2Ulm5RGSXoK/39Nj2DrHciHzIX3WNbRCs3Yrui0Sx0DcrVdZhYnSU5VRmcEECXUAM4kt/fr0pKt/9M5HNi1wVj8=
x-amz-request-id: 22QP0W13NGX0GWS3
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:21:39 GMT
ETag: "9b6c33b71e999512cdc23c8969a770bf"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 183108
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/0a654302-766e-4f6c-a080-77480fd2d67d.jpg

3.5.28.130

200 OK

42 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/0a654302-766e-4f6c-a080-77480fd2d67d.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x866, components 3
Size
42 kB (41898 bytes)
Hash
5612708a66da7b6b5bc434c77e7fb2f4
5e0bb4437865b1b45ffc884c26f66c2e4b46e54d
fd55b1e6bc25293dcd6f277779a7007a1acc89c59d2184d8216da7897ff92ee8

HTTP Headers

GET /avatar/2023-03-22/0a654302-766e-4f6c-a080-77480fd2d67d.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 9AshR8Mbqxw3xP6pRlLoc3D/cDOYRN85WEtZETtnP1R+7K8UMNqFdHVuHTdbwH2Gx5hGH71vW0wlJd+67EkSOWfzfX0m6Y79wfetIKX8goU=
x-amz-request-id: FFRBECZ1KSWR5M16
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:39 GMT
ETag: "5612708a66da7b6b5bc434c77e7fb2f4"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 41898
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-736dde4c.b4f635c5.css

107.148.55.183

200 OK

11 kB

URL GET
tkshoppingmall.co/css/chunk-736dde4c.b4f635c5.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (10947), with no line terminators
Size
11 kB (10947 bytes)
Hash
b2bf216b22f5f211c04b0ed8aed58992
696947ec1e7f3039f41d2ed78da987fc3c659c0b
b0fc449405ae0b2297ea94b6eb376da5d9ad3d5aebc64dea59fd9b2a967ecf52

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-736dde4c.b4f635c5.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"10947-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/38e35767-2052-47cd-8cc7-573464957f89.jpg

3.5.28.130

200 OK

131 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/38e35767-2052-47cd-8cc7-573464957f89.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1110x1500, components 3
Size
131 kB (131190 bytes)
Hash
2e91d081bb998d2dddda0970b892c068
af2243998869e67409f2286640fcaeaee6c70f3b
3e4011f81f02eb72f8166c17ffdb60bd2dcb460319f122f87263a28ae7c132d2

HTTP Headers

GET /test/2023-03-28/38e35767-2052-47cd-8cc7-573464957f89.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: peVmqUfD4tqipvhVjMvlogsIMzim3nZGxHRp5mpFlYbiaLSvlIRJ3RqjWZw0ERRwGNdJbwTnd5HmNCDCoE4qtXMRv3dgSQvt3H4ryVaKx84=
x-amz-request-id: 22QYJH85D5QGWB3T
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:48:30 GMT
ETag: "2e91d081bb998d2dddda0970b892c068"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 131190
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-48908bb2.7a9910be.css

107.148.55.183

200 OK

3.5 kB

URL GET
tkshoppingmall.co/css/chunk-48908bb2.7a9910be.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (3500), with no line terminators
Size
3.5 kB (3500 bytes)
Hash
41bd4cf87436495f5936fa303348dee5
cbad77f665c5bbaa7cfecc1b4015928d5f034991
23fa8a37e59a9a23be7e8cb2907c8086599ad8255c458e8c1fc766cb0b5a33cf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-48908bb2.7a9910be.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"3500-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-74926972.83a7e3fb.js

107.148.55.183

200 OK

89 kB

URL GET
tkshoppingmall.co/js/chunk-74926972.83a7e3fb.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (54608)
Size
89 kB (88898 bytes)
Hash
2142f5884705a44701f72822b6e0762f
eec977efcdcc5fa0001fd9927eb4684854b79744
03136f8c143ebd53f575dfd4abadf8486b94dd5f5224910bc75a0b686b210897

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-74926972.83a7e3fb.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"88898-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-04-14/d8d17705-42b6-4aa5-ae9c-82d7e8cc7bdd.jpg

54.231.162.81

200 OK

21 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-04-14/d8d17705-42b6-4aa5-ae9c-82d7e8cc7bdd.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3
Size
21 kB (21173 bytes)
Hash
1e463b0bfc58cbe93de38ad62f2ac7ee
ae83334518cc12da8587ae98f78a5dd7de9b7a98
de1fc345b3fe2ed5fbac321243e8814cd39a37a5554fa0d6b665284da90a6e28

HTTP Headers

GET /type/2023-04-14/d8d17705-42b6-4aa5-ae9c-82d7e8cc7bdd.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 7F/kbBDDato7nIeoWiK/islElrfEye93sR2ZegCf/X4OmysQx7A92Eq0F1wHh7Nm+zhkyo9OvQg=
x-amz-request-id: 22QS50RR8Z75EWN5
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:34 GMT
ETag: "1e463b0bfc58cbe93de38ad62f2ac7ee"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 21173
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-07/b36d2777-fff7-4cec-b168-5b68c3d256b6.jpg

54.231.162.81

200 OK

235 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/b36d2777-fff7-4cec-b168-5b68c3d256b6.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 981x1500, components 3
Size
235 kB (235022 bytes)
Hash
2cc7debe43917ab58c294485e5c478d5
1dcb28255d99596d828673da4d474ff999c98905
590d7d4cd7f3fa7833565c83bbae73b56e3fc935cfec091c542e28de866d7d5c

HTTP Headers

GET /test/2023-03-07/b36d2777-fff7-4cec-b168-5b68c3d256b6.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: hVcIexfrq0QI88rIgZvomXdz8QNucYOKBHaQZ7Sgs7kBVFSp/b5Q3ydFf8lAej/hiBsh8JIOEm0=
x-amz-request-id: 22QXDW7KX0VFR9J7
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:47:52 GMT
ETag: "2cc7debe43917ab58c294485e5c478d5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 235022
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-07/02a275d6-f6e2-4a03-863b-4f4a8e5553a2.jpg

54.231.162.81

200 OK

224 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/02a275d6-f6e2-4a03-863b-4f4a8e5553a2.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1220x1500, components 3
Size
224 kB (224131 bytes)
Hash
5a1dff9153a77d8a9378efd305a31020
b280f6a2970151e339afd5e73361e0c6a734744e
8ee4ccfa0296fd6e5c7ca878aa83aa308acc4699ede63a1cabc0be5af3798602

HTTP Headers

GET /test/2023-03-07/02a275d6-f6e2-4a03-863b-4f4a8e5553a2.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /+sG2RxoeOhCWo6aaTeIzMT/aBWAWSWvhRONLt4DnPljc64irR7tnVe+9ULBCQfRWbemP/sXlfo=
x-amz-request-id: 22QVHKWQF8DGD8G1
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:45:35 GMT
ETag: "5a1dff9153a77d8a9378efd305a31020"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 224131
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-504476c0.5b24c995.css

107.148.55.183

200 OK

8.4 kB

URL GET
tkshoppingmall.co/css/chunk-504476c0.5b24c995.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (8358), with no line terminators
Size
8.4 kB (8358 bytes)
Hash
ed48d703c732bc64521409f98aede54d
48de4c6013ac86c293411f343facdbe41f2af71f
c30d68786b1fc1558dae792003de428af4a44b9e75dbbdec7f44aea40fe98ed8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-504476c0.5b24c995.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"8358-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-09-27/4ccad6d7-1ac4-4b71-91a2-7f303bae5eb3.png

54.231.162.81

200 OK

204 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-09-27/4ccad6d7-1ac4-4b71-91a2-7f303bae5eb3.png
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 704 x 314, 8-bit/color RGBA, non-interlaced
Size
204 kB (204466 bytes)
Hash
5a8141a1e3f9ae20e358558f847715f5
f7be50d3868c793818255a6094e78053690db2e9
620a101a1e114bcc50bddbec1e1bbc157276a7d86918c943589c479e1f824d24

HTTP Headers

GET /type/2023-09-27/4ccad6d7-1ac4-4b71-91a2-7f303bae5eb3.png HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: miCKnNTBjQLz9PCmpZmNcpd/rk1M2Ml4VHtXPrsy0wGcZ3/jrRUzNdOZ8L00LCBuEdSw3r3hRPQ=
x-amz-request-id: SRRXH5M3P5713MJB
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Thu, 23 May 2024 01:50:35 GMT
ETag: "5a8141a1e3f9ae20e358558f847715f5"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 204466
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/934bd401-d507-4fc9-b0db-4099d4526cab.jpg

3.5.28.130

200 OK

117 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/934bd401-d507-4fc9-b0db-4099d4526cab.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1337, components 3
Size
117 kB (116640 bytes)
Hash
20634fd0a258dfd9db3f35673c6a5082
28286a852b3e3f3c89c28b4467f3958c092a42c4
5f768a1b9540212d042e1d290af8c1b1fcc101cdcf1892e2dacdcf3e497e025e

HTTP Headers

GET /test/2023-03-28/934bd401-d507-4fc9-b0db-4099d4526cab.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: YzJJh+jZCp/QV5YQ0zx/Gpt73T7BUyG9a3BkhldKnCEdnzTNVFRwiAvpM0TMkCJ5U3rzlW3wAHd4CstGbYjiq6UdEvQZg/GE+hZEEW7Ic1E=
x-amz-request-id: 22QZPX5DFP50QBEA
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:51:47 GMT
ETag: "20634fd0a258dfd9db3f35673c6a5082"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 116640
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-b3e2ad50.5cd577ca.js

107.148.55.183

200 OK

9.9 kB

URL GET
tkshoppingmall.co/js/chunk-b3e2ad50.5cd577ca.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (9904), with no line terminators
Size
9.9 kB (9926 bytes)
Hash
d6d89fc088a985164b462d4da4cfb53f
556a3f6da9561e4fc8c836048f5e94a7e83d24c5
ee3049827aacd5332ae48a356cd4be44a5b7243f0cb43e470fe319796d1141b5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-b3e2ad50.5cd577ca.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"9926-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-315c31be.b1142145.css

107.148.55.183

200 OK

1.6 kB

URL GET
tkshoppingmall.co/css/chunk-315c31be.b1142145.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1609), with no line terminators
Size
1.6 kB (1609 bytes)
Hash
af55a2da246dd97496146b93b87fd2a1
e39a3a758c8efbf1d3b496dd4d75a145085672d5
663feadb4bafa7c29f01131800a6d6ba30399308ff7c432ef2b10380b7345d02

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-315c31be.b1142145.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:56 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1609-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-61fb8206.0364e2fe.css

107.148.55.183

200 OK

1.4 kB

URL GET
tkshoppingmall.co/css/chunk-61fb8206.0364e2fe.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1368), with no line terminators
Size
1.4 kB (1368 bytes)
Hash
a18d3fb57b5c64a45d09c28c5d8e5a26
a360590c427820e022cd26e02bce86831b744666
fd7870efd0855f3b5d1e819cae3e5cd48fe7653780ad34196f76d130fdfd5163

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-61fb8206.0364e2fe.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1368-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-00d66c48.16397440.js

107.148.55.183

200 OK

32 kB

URL GET
tkshoppingmall.co/js/chunk-00d66c48.16397440.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31241), with no line terminators
Size
32 kB (31481 bytes)
Hash
efc5d57ae4d83feeafccdfe3b7b61af2
a117f6a739611f4240a6edc0202583e118edc68b
5955e7ca0f333de3dbb2c881e643032e9cc85319db6c6213e3da5dafce344414

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-00d66c48.16397440.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"31481-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-61fb8206.729fa386.js

107.148.55.183

200 OK

2.3 kB

URL GET
tkshoppingmall.co/js/chunk-61fb8206.729fa386.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (2256), with no line terminators
Size
2.3 kB (2256 bytes)
Hash
66b2c8dffa4e660571e68460ccb9c465
aa8daa570251d676c3595cff6ed39c84856b4a41
dba77bc592e308790fdab88b9c1647b9887f08bc688d24fb624c79a616972e87

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-61fb8206.729fa386.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"2256-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/store_add_bg.b08d867a.png

107.148.55.183

200 OK

256 kB

URL GET
tkshoppingmall.co/img/store_add_bg.b08d867a.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 1531 x 400, 8-bit colormap, non-interlaced
Size
256 kB (256418 bytes)
Hash
b08d867a0bc6fc9d632255faafc15c69
21ef96473ad623c6aa7308d0c4c63ec1ec44072e
1fd83f9addf9e759873cca37277f0f5313f6bc8f7544b5b982fcd4e9bfb0ae59

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/store_add_bg.b08d867a.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"256418-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-05eb9f86.0f63ff64.css

107.148.55.183

200 OK

4.2 kB

URL GET
tkshoppingmall.co/css/chunk-05eb9f86.0f63ff64.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (4173), with no line terminators
Size
4.2 kB (4173 bytes)
Hash
db6b1794f1b626184fcac8ce073c1a17
b120b4b89fbaa6eb355794d6c9a827a7223bb465
e32b537e33f4393599e8e3146062eff42312584fffe5a3adad956c51f8289aa2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-05eb9f86.0f63ff64.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"4173-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-05f8b4f3.de992bd1.css

107.148.55.183

200 OK

7.3 kB

URL GET
tkshoppingmall.co/css/chunk-05f8b4f3.de992bd1.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (7255), with no line terminators
Size
7.3 kB (7255 bytes)
Hash
30e0e2d9a96845e0cd1e43c29ccf2cfe
819bbd2161e2002f9dac92de7a3f218a9199e527
c1aac8b7ea81299eb3a69cda5c4543ee05e9711a7ab713840065f494ef5a6e6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-05f8b4f3.de992bd1.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"7255-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/pachong/gaoqing/B083TRDV5R/51n3W0JxmfL._AC_SL1500_.jpg

3.5.28.130

200 OK

60 kB

URL GET
mall-test.s3.amazonaws.com/pachong/gaoqing/B083TRDV5R/51n3W0JxmfL._AC_SL1500_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 914x1500, components 3
Size
60 kB (60364 bytes)
Hash
024f3ba30a6e5258147db3fc66755883
37d404ba13429e44bcba4d4a9a49aba6215e93b9
25549193484395a6960481470b9eb8284a667b3fa147a766f9e725717aba24f3

HTTP Headers

GET /pachong/gaoqing/B083TRDV5R/51n3W0JxmfL._AC_SL1500_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: +jcpP57e01Ep1nm2L8kHl6dR5Q2XjvrzJRsc7nNuJPCUsbsMAini4DNcUavxDs+It+zLkxyDC7oig5HvrQCDvxgxHocyJtqyfpvzX3q4+GM=
x-amz-request-id: 22QYBG2Q9VPN54JC
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 20:30:08 GMT
ETag: "024f3ba30a6e5258147db3fc66755883"
x-amz-server-side-encryption: AES256
x-amz-meta-sha256: 25549193484395a6960481470b9eb8284a667b3fa147a766f9e725717aba24f3
x-amz-meta-s3b-last-modified: 20230415T142456Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 60364
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/type/2023-03-29/d29f0843-33ad-4b3f-8a90-b56fc21b0e77.jpg

54.231.162.81

200 OK

49 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/d29f0843-33ad-4b3f-8a90-b56fc21b0e77.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
49 kB (49034 bytes)
Hash
6a85f34af56b3c034d5137d4ec807895
75fd4cec7f44e8b8f20655dfdb165720d7223bd6
67488643bc9d3ae11bd5cababff694c1f7a131c289d81eb79e25576f78dd4fa8

HTTP Headers

GET /type/2023-03-29/d29f0843-33ad-4b3f-8a90-b56fc21b0e77.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: MwPIswWYYMW4ECboxPvftEHl5AvrGYP6CYZ3AxOVTTIZWkFLkKWOvu51rqkO9nZ/Z+24FjobW+Q=
x-amz-request-id: 22QG9C3ZQN58KDTY
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:19 GMT
ETag: "6a85f34af56b3c034d5137d4ec807895"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 49034
Server: AmazonS3

GET mall-test.s3.amazonaws.com/pachong/gaoqing/B07DWPTLJR/514KL6gAvYL._AC_SL1000_.jpg

3.5.28.130

200 OK

30 kB

URL GET
mall-test.s3.amazonaws.com/pachong/gaoqing/B07DWPTLJR/514KL6gAvYL._AC_SL1000_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 888x970, components 3
Size
30 kB (30129 bytes)
Hash
333bc9f8102abd9920062f747fd1aece
e9e549efd4c0bff166582969196d4c48963d64c5
45252b2a7e6e7d31e4b51f95f215232c8cc5de8eb6d719a60ee4aa70022d8f70

HTTP Headers

GET /pachong/gaoqing/B07DWPTLJR/514KL6gAvYL._AC_SL1000_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: S5I1W9PgHasS6mu9+oCGOkLSTjGT/8S4IQFiHxyay5BzOSlzEv4GiBJEuKG8IpQ9Qg1EIBUqr25BzLvNngsLelhg2nAH1vz9YiCCaHntyR0=
x-amz-request-id: SRRGKYPXSJZ0T2GE
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Tue, 21 May 2024 18:47:46 GMT
ETag: "333bc9f8102abd9920062f747fd1aece"
x-amz-server-side-encryption: AES256
x-amz-meta-sha256: 45252b2a7e6e7d31e4b51f95f215232c8cc5de8eb6d719a60ee4aa70022d8f70
x-amz-meta-s3b-last-modified: 20230415T142418Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 30129
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/1bf64a41-5716-4bfb-9f3d-dad3bbd57850.jpg

3.5.28.130

200 OK

157 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/1bf64a41-5716-4bfb-9f3d-dad3bbd57850.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1431, components 3
Size
157 kB (156716 bytes)
Hash
7443614779454cc0a775aeaaa0617173
9ccf2b06ef2d4142709adfd982b64ac0fb259628
c820e8cd027c822920b9c59d92e54d107bd10c818e943166d5d5cfd1300bf620

HTTP Headers

GET /test/2023-03-28/1bf64a41-5716-4bfb-9f3d-dad3bbd57850.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 8gelO8IH1ed4pI6xtnyoHrjKrK7Vd4yohfMfzERFoP1J9cdkQ0IHTfKnfXz6Fq8D3p71FlPajcvGJjuxCxXqKJAmHZsl0qNLdd+GMPDzu7I=
x-amz-request-id: FFR0VAFN6VZC1CGW
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:47:26 GMT
ETag: "7443614779454cc0a775aeaaa0617173"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 156716
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-4545d2fe.d2a8192c.js

107.148.55.183

200 OK

6.5 kB

URL GET
tkshoppingmall.co/js/chunk-4545d2fe.d2a8192c.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (6493), with no line terminators
Size
6.5 kB (6507 bytes)
Hash
2dca9c96338ac45dfac1ada43e309ecc
042de3477bcdf506747406ff7bd0f05864e4b719
4dd91d0fb9a6669460bdcbf710d15423d69ae8703cc58393f76af09c08357e16

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-4545d2fe.d2a8192c.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6507-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/50277ee1-dc11-4e3b-948e-f2f37f4858da.jpg

3.5.28.130

200 OK

105 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/50277ee1-dc11-4e3b-948e-f2f37f4858da.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1166, components 3
Size
105 kB (104771 bytes)
Hash
cf0c2ebda19a43267a2348c11f0e9b1a
f530278c1954d58bd91d7fd632ec98745670d158
f38fad678825212dd76b489f41c44d65f661ffa87f0391f2a1f12823ffa01adb

HTTP Headers

GET /test/2023-03-28/50277ee1-dc11-4e3b-948e-f2f37f4858da.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: YXVdL5f+dm8eNLuk2dl+jjhAz2TAxJTcKotiLMmDo2wT4v4jI5SUYkHJ7CHpPFBDfKXuAwHETqKJWuNUK3ow8P4ABkEBVTr7o34QfrBY72I=
x-amz-request-id: 22QM8CA3AZWNWJC2
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:49:21 GMT
ETag: "cf0c2ebda19a43267a2348c11f0e9b1a"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 104771
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-11/946a7bc7-97f9-47e1-a545-5d6225a7b4cc.jpg

54.231.162.81

200 OK

205 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-11/946a7bc7-97f9-47e1-a545-5d6225a7b4cc.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1174, components 3
Size
205 kB (204661 bytes)
Hash
579b662c6df2b3a78037574279a6dbf0
ed24732a5a0395104ca95e074bfb18cf78622f50
d6ff3f43a65f9161644219724424fe7856866883c30db94beba7ebad88e4f246

HTTP Headers

GET /test/2023-03-11/946a7bc7-97f9-47e1-a545-5d6225a7b4cc.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: T3bQkwVhTeKUZYcHy9ZaSfATMPy8vAssVUTSryxf9mIhnOyfFvMQ4MjtcFDMUpiLk9alJKg6gPo=
x-amz-request-id: 22QZT0DZBEP8SDMX
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:49:51 GMT
ETag: "579b662c6df2b3a78037574279a6dbf0"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 204661
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/b732a846-082e-4b0b-97e1-c86868265f98.jpg

3.5.28.130

200 OK

176 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/b732a846-082e-4b0b-97e1-c86868265f98.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1346, components 3
Size
176 kB (176187 bytes)
Hash
6fceaa6e34f375a041ec66634cfc6725
31053b46f41939e94062c9fa767f62cee6eee48f
55784a4ba3778f443432f82e1d96eb9303954742dce30428bec292f20549b46d

HTTP Headers

GET /avatar/2023-03-22/b732a846-082e-4b0b-97e1-c86868265f98.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: rwx7bqK2dx7EtIhjR2YEIiqzumijxKA1KielQzPUQQfmFs0jirKvWGkVLDcJQgsW7LJj7nKzyOW6/UsMmjb9AQhaGTUfg6FpAOC+xQRuEZc=
x-amz-request-id: 22QPXAMMHX3MAAW8
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "6fceaa6e34f375a041ec66634cfc6725"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 176187
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-559d101c.4506bd19.css

107.148.55.183

200 OK

1.2 kB

URL GET
tkshoppingmall.co/css/chunk-559d101c.4506bd19.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1224), with no line terminators
Size
1.2 kB (1224 bytes)
Hash
770e6266348d2d7cb9d011d8c4cd5e8e
99ddba3203994fb33f7bf4f3de493325ea66cf3b
8289a2a5a2793fff595c18974d8459be9307cee8a164860dfde45fb8a3188e44

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-559d101c.4506bd19.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1224-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

POST tkshoppingmall.co/wap/api/seller!list.action?isRec=1&lang=en

107.148.55.183

200 OK

28 kB

URL POST
tkshoppingmall.co/wap/api/seller!list.action?isRec=1&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
Unicode text, UTF-8 text, with very long lines (27721), with no line terminators
Size
28 kB (28077 bytes)
Hash
2bf4e9e0727a7e58dad801ced80e10f5
396a5c3fc41ae2ecc24e2aa1316b8281598162a1
822f6340d8791cae4842b010b79f149598b3425644319bf5014570a3148b2a88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/seller!list.action?isRec=1&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-00d66c48.2530d44f.css

107.148.55.183

200 OK

7.0 kB

URL GET
tkshoppingmall.co/css/chunk-00d66c48.2530d44f.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (7049), with no line terminators
Size
7.0 kB (7049 bytes)
Hash
ea041f12dde66617f522c89b60e6b16b
e15346a069e9c499257bb64b2d84a111061057ed
b05b7b1834a0cf8e2e7064053e94455878c683cb2ac1dadceb3f6c86aa3b5cff

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-00d66c48.2530d44f.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"7049-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/97f3899d-51d4-4cd2-9720-0af99206dabb.jpg

54.231.162.81

200 OK

40 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/97f3899d-51d4-4cd2-9720-0af99206dabb.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
40 kB (40407 bytes)
Hash
74ce2539c3d1d018eb92f94dd3b9bd23
1ed07808d60d8ff4965899591136f4f1ccc880e3
5a3f2be7dd8069790a3bb5098aa704996a51c1c689459abf286b29a0a99a3d26

HTTP Headers

GET /type/2023-03-29/97f3899d-51d4-4cd2-9720-0af99206dabb.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: CuWmYbm0gtopjz/pVwZLr7DLYQu1D+DO5jm8FLERlhBA28Bo+1M9c68am0zBS7IeM+pz4UNuILQ=
x-amz-request-id: SRRRCZQMCGMRY8FH
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:18 GMT
ETag: "74ce2539c3d1d018eb92f94dd3b9bd23"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 40407
Server: AmazonS3

GET tkshoppingmall.co/img/collect-icon.c585fa6c.svg

107.148.55.183

200 OK

498 B

URL GET
tkshoppingmall.co/img/collect-icon.c585fa6c.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
498 B (498 bytes)
Hash
c585fa6c5a6901824eedccbb7d4913d9
927cc7881e92d4967898141138f07cdf5aaaf968
7d8543cbf255fac5b23bdf30b6f91d6ab7f4cf50a5f068e61b1955cab518946f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/collect-icon.c585fa6c.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: image/svg+xml
content-length: 498
etag: W/"498-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-478846d8.b839a80a.css

107.148.55.183

200 OK

6.4 kB

URL GET
tkshoppingmall.co/css/chunk-478846d8.b839a80a.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (6398), with no line terminators
Size
6.4 kB (6398 bytes)
Hash
e0b073a1146ef81c8ba85acda7a521d7
82cb31ed90513727ffa0479c2c099a777382dafa
5960cd527b80f241a6bf26515f2105288422537e7e67568d3b0b5ebb441d7fe0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-478846d8.b839a80a.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"6398-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-c00af8b0.6e1d6d2d.js

107.148.55.183

200 OK

27 kB

URL GET
tkshoppingmall.co/js/chunk-c00af8b0.6e1d6d2d.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (27195), with no line terminators
Size
27 kB (27351 bytes)
Hash
3c018987974e45399acd875279c27e29
6d07ff1181283aa046cb31e5a940886f0e84bed5
f9a95c94236bc6e6df70f94bd82d712958ec72d43ac9b40dbdf4d055f2a4b564

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-c00af8b0.6e1d6d2d.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"27351-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/deng.ab898199.svg

107.148.55.183

200 OK

3.3 kB

URL GET
tkshoppingmall.co/img/deng.ab898199.svg
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
SVG Scalable Vector Graphics image
Size
3.3 kB (3307 bytes)
Hash
ab8981994be178ad2a8c4c35e420a912
e133d4b4ae608ed1645aa56118bd0bf670cfe4fb
8586097341b9c52302a437d09f860c8e2df9d16666f6c8641524304d19d6dfef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/deng.ab898199.svg HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/svg+xml
vary: Accept-Encoding
etag: W/"3307-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-154e4148.3282c3d4.css

107.148.55.183

200 OK

2.6 kB

URL GET
tkshoppingmall.co/css/chunk-154e4148.3282c3d4.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (2626), with no line terminators
Size
2.6 kB (2626 bytes)
Hash
4de71840b0b30e201ea60f365df627f9
27107793e97c76381181d61ee6ee8a43249993ed
e882ac8758b7bf84dc7556856fd1ba93db3f56da6d1f943976023ba3b0acb670

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-154e4148.3282c3d4.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"2626-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/60bcf681-c939-4679-bde0-509eccd7574b.jpg

3.5.28.130

200 OK

146 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/60bcf681-c939-4679-bde0-509eccd7574b.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1306x1476, components 3
Size
146 kB (146526 bytes)
Hash
ec86b66965224b96bab443b8410395d1
53b8c9b7a8a7aa82d70fd8b4ec6e3cdbd2ef37af
4807823160aae195643949285d31c04cd2748742c243cf1ad55e04cf2c302d77

HTTP Headers

GET /test/2023-03-28/60bcf681-c939-4679-bde0-509eccd7574b.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: DcK3iRO2Cc8wZvB1DSXq6SOHlxr1XV4c/yYC9ZiA8Ij+MfSSzXB+GVIs1J9dwCMOvpF9J8kHO8AYTqhKfDk45Ph3fLoeH3duFmphxen6Eac=
x-amz-request-id: 22QKHMNVHW631ZW4
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:49:56 GMT
ETag: "ec86b66965224b96bab443b8410395d1"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 146526
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-21/0d5a21f1-ed79-4cc9-8779-240cb4bf5732.png

3.5.28.130

200 OK

68 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-21/0d5a21f1-ed79-4cc9-8779-240cb4bf5732.png
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 265 x 227, 8-bit/color RGB, non-interlaced
Size
68 kB (67611 bytes)
Hash
7175102fc4616889be030062b226e3a3
be71c0c658b31579b771392f78bd595d79736263
514fe41fbd4810bf3f4c32bf00fe1a52b3c8554155f35522f273d07e2efe573c

HTTP Headers

GET /avatar/2023-03-21/0d5a21f1-ed79-4cc9-8779-240cb4bf5732.png HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: YASHiElGswla2gjfCg/xYVgV6dxRKhvMBDCjgeXcDkAcuXCm7TILDoQ9f82vTxGjeUUx68LHGiBLZW5jzzsRrFrLD0KQrq09oHemuJOYOAU=
x-amz-request-id: FFR3K2RZKW8HWDXR
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:39 GMT
ETag: "7175102fc4616889be030062b226e3a3"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 67611
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/0289f107-7fb4-4016-bf41-00405c76db55.jpg

3.5.28.130

200 OK

118 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/0289f107-7fb4-4016-bf41-00405c76db55.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1000x1000, components 3
Size
118 kB (118530 bytes)
Hash
5121c6c654da43d16cb203d4103181c2
c7ed8e39d4ca57488ff21a40bfc82b068ec54604
daf812c394f5200d1785c3f11f06f0ad0b804f44d0dfa5ff22ee173a7876af30

HTTP Headers

GET /test/2023-03-28/0289f107-7fb4-4016-bf41-00405c76db55.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: UoRJImlD739vXytEfxcIF/YMUEU1g7/NSj+KRQAnFCrBu+TQtbfcSu4XtGb+ZsUZOmUT+YXdKkjGJ1b49gFgIR+XkSbMx8iech4noTAjNxs=
x-amz-request-id: FFRFD783H3R5QG4M
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:46:29 GMT
ETag: "5121c6c654da43d16cb203d4103181c2"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 118530
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-6699a1ea.b4d9b687.css

107.148.55.183

200 OK

1.3 kB

URL GET
tkshoppingmall.co/css/chunk-6699a1ea.b4d9b687.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1252), with no line terminators
Size
1.3 kB (1252 bytes)
Hash
b50aad23d365ccde72e78b8313b4e7c2
82e1ed3080ed69d8b4384e17044cdcf837769a03
e36128c4817614792876d24a43ab454dd8cdd52f66965bb00f14406da9011f3c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-6699a1ea.b4d9b687.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1252-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-7faf5b68.3145b5bb.css

107.148.55.183

200 OK

410 B

URL GET
tkshoppingmall.co/css/chunk-7faf5b68.3145b5bb.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (410), with no line terminators
Size
410 B (410 bytes)
Hash
880b7b91791e4c733585e7cabc25edad
bcdb3eaf6362ec8755eaed0df690bce612780f63
7e5ceeee64e14c284854ad910a4df21b1ea4006b2819265a5b896bacf06d8bbd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-7faf5b68.3145b5bb.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
content-length: 410
etag: W/"410-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/vendors~app.22fa4339.js

107.148.55.183

200 OK

3.5 MB

URL GET
tkshoppingmall.co/js/vendors~app.22fa4339.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (37841)
Size
3.5 MB (3507106 bytes)
Hash
7f8a9f4fe0e1b2f7aa42ca70c0710011
34c346d15f2dae804267f844235915bc341b7b00
715f00d232fab0dfb337f702a26e3b5ad82af3cb20a48747c25d7c22748df6ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/vendors~app.22fa4339.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:51 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"3507106-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/fonts/element-icons.535877f5.woff

107.148.55.183

200 OK

28 kB

URL GET
tkshoppingmall.co/fonts/element-icons.535877f5.woff
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
Web Open Font Format, TrueType, length 28200, version 1.0
Size
28 kB (28200 bytes)
Hash
535877f50039c0cb49a6196a5b7517cd
0000c4e27d38f9f8bbe4e58b5ce2477e589507a7
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /fonts/element-icons.535877f5.woff HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://tkshoppingmall.co/css/app.5b286951.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: font/woff
content-length: 28200
etag: W/"28200-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

POST tkshoppingmall.co/wap/api/syspara!getSyspara.action?code=mall_max_goods_number_in_order&lang=en

107.148.55.183

200 OK

71 B

URL POST
tkshoppingmall.co/wap/api/syspara!getSyspara.action?code=mall_max_goods_number_in_order&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
71 B (71 bytes)
Hash
7c4654fa4ff81d11b3c8d322ec628880
080c15bfaa6d03e4ccdd092630344aaf1f003c47
1f9573c145cceac2e7ec7273293953edd53fd282aca6e50acd9334f59f34a5fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/syspara!getSyspara.action?code=mall_max_goods_number_in_order&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-04-14/9f9c23cc-7abd-41ee-a116-01eed9d588a5.jpg

54.231.162.81

200 OK

23 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-04-14/9f9c23cc-7abd-41ee-a116-01eed9d588a5.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3
Size
23 kB (22652 bytes)
Hash
8d6323e7fdd7e06d404af122b2c85f3f
a5d01f7b4ad71db23c48fa3f117f7cfcc444e189
8e2b0eddf8d540aaa3b2076eefe4ba494c7acabed1f15431bafffe5bd3513f72

HTTP Headers

GET /type/2023-04-14/9f9c23cc-7abd-41ee-a116-01eed9d588a5.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 0jVdmkZsUDI6gsMeYD8O/D2OkKCRbq6tUa46S8+4XkWroT7WJXw1b/Q8kpaXVbwyRXeJFm8DR1o=
x-amz-request-id: 22QMQ610TSYSE27V
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:34 GMT
ETag: "8d6323e7fdd7e06d404af122b2c85f3f"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 22652
Server: AmazonS3

GET mall-test.s3.amazonaws.com/pc/gp/B07CJZR74J/81TGHVdB0FL._AC_SL1500_.jpg

3.5.28.130

200 OK

227 kB

URL GET
mall-test.s3.amazonaws.com/pc/gp/B07CJZR74J/81TGHVdB0FL._AC_SL1500_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1196, components 3
Size
227 kB (226571 bytes)
Hash
156fd7b422e71e646000b5d432ebd6e4
72a3f9e5bce4ab928f25c063920866a8f8647fc3
3aa1c33d318c13792766f12f41749fb25eb4a2c74440df9e978375a8280fdc71

HTTP Headers

GET /pc/gp/B07CJZR74J/81TGHVdB0FL._AC_SL1500_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: pAXrTzzhloW0PTLuZMDtrZqcR5opOrDln14Psi/OksZggP8jpFcPk56Fe5q2rpZV2H2uhkzgqqfWmKTM5LjfaHZarBPpVMifURBNncf/kow=
x-amz-request-id: SRRXM1Q7SEYTZH8V
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 01:10:03 GMT
ETag: "156fd7b422e71e646000b5d432ebd6e4"
x-amz-server-side-encryption: AES256
x-amz-meta-sha256: 3aa1c33d318c13792766f12f41749fb25eb4a2c74440df9e978375a8280fdc71
x-amz-meta-s3b-last-modified: 20230915T060107Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 226571
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-11/b4fea0b7-8319-4135-ba22-a78892456e35.jpg

54.231.162.81

200 OK

164 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-11/b4fea0b7-8319-4135-ba22-a78892456e35.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
164 kB (164479 bytes)
Hash
798834cccc740a3295d495cac60f0149
5919a207c2cc7faecd8997f61a87edd42a7bc91a
c2dfff9df4fe2c89659ebf7be17b30643735145b0430a0db2b3eec09811564f3

HTTP Headers

GET /test/2023-03-11/b4fea0b7-8319-4135-ba22-a78892456e35.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: DUwmCpILnNaBka8qYQEZbJV8KoPujIphnrpE+sNch1or9ceW1BZWkL/B0I+HEv4m/tQAWSQcSa0=
x-amz-request-id: 22QWXQ1728KT4VZ5
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:04 GMT
ETag: "798834cccc740a3295d495cac60f0149"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 164479
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/ba21b1de-1bd6-41cf-993d-cbf59051931d.jpg

3.5.28.130

200 OK

48 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/ba21b1de-1bd6-41cf-993d-cbf59051931d.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1468x1500, components 3
Size
48 kB (47710 bytes)
Hash
bb218f576009cd83b9417c5a229c3203
77dff04586788827f80934d71f78f4c88f8356df
d0855f819cdc09557f7e383dfbc5e6165e09a50668d15dfd0210949bbdaaa17f

HTTP Headers

GET /test/2023-03-28/ba21b1de-1bd6-41cf-993d-cbf59051931d.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 9cqmvXLQW3ia7Xutyxy/pmt5cP0e0kSjcCUlxA4PSLcSjpe9oMz74FmpthMZwMw7YkmQJH7AVDZ60cOA/oiU2McEqByQ06HXAVxlxm6EOYo=
x-amz-request-id: FFR6MR9FGEPEW6RG
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:53:12 GMT
ETag: "bb218f576009cd83b9417c5a229c3203"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 47710
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-e9d3b542.daa5a739.css

107.148.55.183

200 OK

6.4 kB

URL GET
tkshoppingmall.co/css/chunk-e9d3b542.daa5a739.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (6371), with no line terminators
Size
6.4 kB (6371 bytes)
Hash
c9ed335678a7dca23c8a0250cc212105
78e181633687bb11561837b36f8d1ad6426c5361
5cf089b1093edf8e20b27cbfb4385bbd909daf84eccefd9c79990be6dfa5aaea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-e9d3b542.daa5a739.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"6371-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-dffb9062.d2716d36.js

107.148.55.183

200 OK

12 kB

URL GET
tkshoppingmall.co/js/chunk-dffb9062.d2716d36.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11530), with no line terminators
Size
12 kB (11560 bytes)
Hash
24479fb9e99200022aec044114cecb64
b698655d4f0504df9ee131c74ff145848c590025
f5d4b07367f5eee277aef040f0642f91a33574dcded5f7788ba6037addc68e37

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-dffb9062.d2716d36.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"11560-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-fe46833a.ef847fc8.js

107.148.55.183

200 OK

4.4 kB

URL GET
tkshoppingmall.co/js/chunk-fe46833a.ef847fc8.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (4361), with no line terminators
Size
4.4 kB (4361 bytes)
Hash
e989d8fb29569d25ce281f8cdae4c061
b5aad17af3ec59c1777d4234d41c4aad5befc2f8
8e458e4d9bd8f4d0d9cf52f9f2a046c5b6fb75fce2a129ad0a7c0e9aca1000f9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-fe46833a.ef847fc8.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"4361-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-04-14/a8ed7145-c86e-4506-8da2-b8b27f610db4.jpg

54.231.162.81

200 OK

20 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-04-14/a8ed7145-c86e-4506-8da2-b8b27f610db4.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 500x500, components 3
Size
20 kB (20191 bytes)
Hash
d88ae54a30fed8843621233e2c13698c
9fa542e8677ab97712a7fdc7e1250e36536ec3a5
dbe475f26aed9df934e9dca6ef2115b5d0968f312174dfecb9da3ddd3c9640bf

HTTP Headers

GET /type/2023-04-14/a8ed7145-c86e-4506-8da2-b8b27f610db4.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: MA39uTmD7IrNSfcmoc5hc7AM4jj+j4TfVnvw6a9CIVWDyS9MD133KHQpmr8Lz4cXRtkxC0Je2iw=
x-amz-request-id: 22QS18K3YEM4KBDH
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:34 GMT
ETag: "d88ae54a30fed8843621233e2c13698c"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 20191
Server: AmazonS3

POST tkshoppingmall.co/wap/api/banner!bannerList.action?pageNum=1&pageSize=8&type=pc&imgType=0&lang=en

107.148.55.183

200 OK

44 B

URL POST
tkshoppingmall.co/wap/api/banner!bannerList.action?pageNum=1&pageSize=8&type=pc&imgType=0&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
44 B (44 bytes)
Hash
f2982955040e03da061e625bb0bf375c
20181528c67d8f347372b93f90d96e7d6c3cfd0b
aa16d955b045de5c2728a37653d3f51d5f24f6e43879c0214e7b015079356608

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/banner!bannerList.action?pageNum=1&pageSize=8&type=pc&imgType=0&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:55 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-5ccc6cb4.40e60c81.css

107.148.55.183

200 OK

12 kB

URL GET
tkshoppingmall.co/css/chunk-5ccc6cb4.40e60c81.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (12307), with no line terminators
Size
12 kB (12307 bytes)
Hash
706a2b4527599a75b3a229b6a230c593
59443b222c5295eb698cbc6ec4ea6ed38f72b77b
b123b882242d80192abf45132d01cdcc31800b3d9beea6f3bb4d908a69973058

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-5ccc6cb4.40e60c81.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"12307-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-478846d8.b839a80a.css

107.148.55.183

200 OK

6.4 kB

URL GET
tkshoppingmall.co/css/chunk-478846d8.b839a80a.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (6398), with no line terminators
Size
6.4 kB (6398 bytes)
Hash
e0b073a1146ef81c8ba85acda7a521d7
82cb31ed90513727ffa0479c2c099a777382dafa
5960cd527b80f241a6bf26515f2105288422537e7e67568d3b0b5ebb441d7fe0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-478846d8.b839a80a.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:53 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"6398-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/home_b4.90695e30.png

107.148.55.183

200 OK

43 kB

URL GET
tkshoppingmall.co/img/home_b4.90695e30.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 881 x 322, 8-bit colormap, non-interlaced
Size
43 kB (42782 bytes)
Hash
90695e3071372c8386126435b45f5856
bb84dd52786a83755de4e21869468ffaa537d8a2
293aba0a600d74e4a6e68ad215e7439e0fc9a8ba34764b84553cc1e2ae9af264

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home_b4.90695e30.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"42782-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-07/8e9a2789-2f98-4d6d-b3d6-a7a570294ab1.jpg

54.231.162.81

200 OK

58 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/8e9a2789-2f98-4d6d-b3d6-a7a570294ab1.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 881x1500, components 3
Size
58 kB (58351 bytes)
Hash
88c4c3b44123e6ec53c9e726c0bdaa7b
b601151b09e528b424c164e804ff00bfd38171f3
081210cd43eaa0a064cbdfc50755156ea4de114f7bdd43d2ace15989d1a9334e

HTTP Headers

GET /test/2023-03-07/8e9a2789-2f98-4d6d-b3d6-a7a570294ab1.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: TVdexf3P/gax2AnJXlC03eN2mrZ7bKbcE2wtxPhyHgQxGZzx8RMDC0a6Llqf/cAU2/Ffyd940cc=
x-amz-request-id: SRRRXPPBGX603NK2
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Thu, 23 May 2024 01:47:24 GMT
ETag: "88c4c3b44123e6ec53c9e726c0bdaa7b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 58351
Server: AmazonS3

GET tkshoppingmall.co/

107.148.55.183

200 OK

7.8 kB

URL User Request GET
tkshoppingmall.co/
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (5843)
Size
7.8 kB (7799 bytes)
Hash
8b1ea7009122da07c7e710726f3af2b9
fbd99025722b77820acc31337fae945412cd4532
2b3c200c694f714a84cacfa450704fca2951fab39130088c8aad5a73a6775ab7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tkshoppingmall.co/wap/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:51 GMT
content-type: text/html
vary: Accept-Encoding
etag: W/"7799-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/83ac7d5d-fa38-4678-af79-63b4066ea171.jpg

3.5.28.130

200 OK

138 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/83ac7d5d-fa38-4678-af79-63b4066ea171.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1448, components 3
Size
138 kB (138263 bytes)
Hash
7fac67ccc5152addd1ee354754ded6f8
76a721dd33cbe5db8b2b88cec77411504ecac3a8
793dc1d79d43111b0d0f51a97639335a2e3b9e183fccf7f9977d4ee211f0abab

HTTP Headers

GET /test/2023-03-28/83ac7d5d-fa38-4678-af79-63b4066ea171.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: C15OdREXyom7wVhLaxg/jBaP6wGKf2XdyjyQF508psVQS/gQfAMsBR1yHlDsalukfpQC/CypndNKlnXPYLmDw0ZPvGXy09ypbQqhF3PRYvk=
x-amz-request-id: 22QKY12GMNQVB9DW
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:51:12 GMT
ETag: "7fac67ccc5152addd1ee354754ded6f8"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 138263
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-559d101c.aa898f0f.js

107.148.55.183

200 OK

14 kB

URL GET
tkshoppingmall.co/js/chunk-559d101c.aa898f0f.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (14298), with no line terminators
Size
14 kB (14526 bytes)
Hash
05111fb1db8e3cf1c3b7e7ca469583f4
82ab4d0e933daeb98ae4086d8500417d1d3e41d5
fdbd843f901f225c3ef511f20c045200aa483d851567e94ecdab5a9170313407

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-559d101c.aa898f0f.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"14526-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/home_b2.e1c935f1.png

107.148.55.183

200 OK

24 kB

URL GET
tkshoppingmall.co/img/home_b2.e1c935f1.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 425 x 337, 8-bit colormap, non-interlaced
Size
24 kB (23460 bytes)
Hash
e1c935f1f325cf19907d7caabd0bdc7f
85b51ed06f594b0ae3b39c703c015ea41659d72b
eb9629cefac529d38b57491119ebadaa767544b449e7061059594e0d5a811776

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/home_b2.e1c935f1.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"23460-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/a7892ec6-7c9a-4017-92d9-5d88ec058706.jpg

3.5.28.130

200 OK

46 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/a7892ec6-7c9a-4017-92d9-5d88ec058706.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x816, components 3
Size
46 kB (46462 bytes)
Hash
4733341abffafac1a80a87d73b929a0e
2ed57cdd64866e32ea7315eab53f957943fe7535
488b95a8657fe774d74f2c2b03f858888868a277580ae75cd4c45796bccd447c

HTTP Headers

GET /test/2023-03-28/a7892ec6-7c9a-4017-92d9-5d88ec058706.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: bH5clwxUjnR1GiR7uCyl17S9BmjFgb3ua+Dr89k4g1thAGrAs8CEmd3PoEElHVUWyZbYH3tY+GCBAnwiB4psfkpjk1k5rK8fiCE4pDu6F60=
x-amz-request-id: 22QS0Y4V66MB426R
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:52:31 GMT
ETag: "4733341abffafac1a80a87d73b929a0e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 46462
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/3ef08b60-1786-4e4f-a4d5-c64d14a88792.jpg

3.5.28.130

200 OK

34 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/3ef08b60-1786-4e4f-a4d5-c64d14a88792.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPCM), density 47x47, segment length 16, baseline, precision 8, 720x408, components 3
Size
34 kB (33919 bytes)
Hash
ea575f7c46f9d4acfade497a3071cdad
067f138058f71d980ef28506d47db4bf0e8e156c
b6c8251b680eadebf126f1b05acc0d60fe53ef015322886f68668a241af6f76e

HTTP Headers

GET /avatar/2023-03-22/3ef08b60-1786-4e4f-a4d5-c64d14a88792.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: bh103OK13SwyOX0CjJ9oW0kHXpMMYvHAZr51C8Bcd5s63SVx1ZkZ3YrftyWVfRr9gmfd4LloD1MZySbkL2Hjy9FS9kDNi6kbX2UNIPcMLtw=
x-amz-request-id: 22QR74ZW55R37D3P
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "ea575f7c46f9d4acfade497a3071cdad"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 33919
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-ee285500.c489e901.css

107.148.55.183

200 OK

111 B

URL GET
tkshoppingmall.co/css/chunk-ee285500.c489e901.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with no line terminators
Size
111 B (111 bytes)
Hash
6fa0ecf4147c8ce0222c50c699e3807a
a77f07547a33f9b6ec67e6eed37629f508f97a6b
6943a6d74dcebdb81ed9b48152a94e537946bd452b87590c4179c966722f5719

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-ee285500.c489e901.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
content-length: 111
etag: W/"111-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-492ced6d.616d12d1.js

107.148.55.183

200 OK

12 kB

URL GET
tkshoppingmall.co/js/chunk-492ced6d.616d12d1.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (11423), with no line terminators
Size
12 kB (11465 bytes)
Hash
9ed0bb7ae46abcbd76b0a53b6ef80a09
dba37d18dc6f484ba0a63400dac339180e55b637
505f468b4caad45eb9bfb0ba238df235b0bbf8ba7ca6bb0ebbc3bccdea9f4c6f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-492ced6d.616d12d1.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"11465-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-9572d47a.6e32cfe0.js

107.148.55.183

200 OK

24 kB

URL GET
tkshoppingmall.co/js/chunk-9572d47a.6e32cfe0.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (24185), with no line terminators
Size
24 kB (24205 bytes)
Hash
f35ce4a21ceb83d986dee27f0b7b9d07
5f8d11ee8267cce27b9bcb9e07467ed4911c0bb3
1ac0259ff17c0287589a708a50e6189aa84fd7b7dbdb540d18409cca50a551c9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-9572d47a.6e32cfe0.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"24205-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-e9d3b542.6f9fec7a.js

107.148.55.183

200 OK

14 kB

URL GET
tkshoppingmall.co/js/chunk-e9d3b542.6f9fec7a.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (14326), with no line terminators
Size
14 kB (14440 bytes)
Hash
65a02086632c2bfe1498fc969ed7bebc
e11b6f03b9f2c46c24ae5cf988febd83f04f2b7c
7aa10b017f8d848d464eba738d3d8a8ff43e9bac47be390e94af1c57c1515e6a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-e9d3b542.6f9fec7a.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"14440-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/97370077-5bb4-4ba0-b043-317fd2630620.jpg

3.5.28.130

200 OK

118 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/97370077-5bb4-4ba0-b043-317fd2630620.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
118 kB (117647 bytes)
Hash
f00577509189cfac258c844cfff6d626
d9b3dc81b547e1526d8e03786cbafdfe02052682
f9b7361d0d2beb9d63e7fddcb0ab7f6e15a7e6f5b0d819d05fa459f464b42df4

HTTP Headers

GET /test/2023-03-28/97370077-5bb4-4ba0-b043-317fd2630620.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: +ExPM9uTF7uZfQAp7ZhLwwBxV6ZTtduNIZU0pkq3AXLzJBOP/Q0+v7eJgu+hFccgR2+J8iXARWHe8VcSmkl7wmJYyVyd1ArOurC58/y3XDc=
x-amz-request-id: 22QMH3NZ0A9W9RG5
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:51:55 GMT
ETag: "f00577509189cfac258c844cfff6d626"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 117647
Server: AmazonS3

GET mall-test.s3.amazonaws.com/avatar/2023-03-22/62e99ac9-6e29-49b2-b196-c8c2059ef5e2.jpg

3.5.28.130

200 OK

118 kB

URL GET
mall-test.s3.amazonaws.com/avatar/2023-03-22/62e99ac9-6e29-49b2-b196-c8c2059ef5e2.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x723, components 3
Size
118 kB (118009 bytes)
Hash
c40c6a8a3d7a2eb1d7ceacf170e11865
528dae6c2096d0e89c8747ad8667705b4760d4de
861954a67e07f1669ca277df8316a05057c77054a30bf57afd188fb61cd41394

HTTP Headers

GET /avatar/2023-03-22/62e99ac9-6e29-49b2-b196-c8c2059ef5e2.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 1rucdrym8D3InvaRozg9qVuE61AuhZX0kpalbGLlY+cd0xuekAemH6f/87lbrvaD97t+5tK0Djwft2Ullh6aepw6wTdaXpI4IZlW+sUiRrc=
x-amz-request-id: FFR3183CEEZBZ7G0
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 21 May 2024 17:21:40 GMT
ETag: "c40c6a8a3d7a2eb1d7ceacf170e11865"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 118009
Server: AmazonS3

GET tkshoppingmall.co/js/chunk-874afab4.1c457982.js

107.148.55.183

200 OK

3.7 kB

URL GET
tkshoppingmall.co/js/chunk-874afab4.1c457982.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3654), with no line terminators
Size
3.7 kB (3660 bytes)
Hash
e4d98de2b976619264ce870aaf8b6826
ff02035c3053371a457272fb72a58e679e9586a6
d8c6fbdee8a2cd0e918658c0722c6fc4727d213b6102cbe11bad5323c511412e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-874afab4.1c457982.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"3660-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/img/deals_bg.6497b40b.png

107.148.55.183

200 OK

153 kB

URL GET
tkshoppingmall.co/img/deals_bg.6497b40b.png
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
PNG image data, 1531 x 500, 8-bit colormap, non-interlaced
Size
153 kB (153224 bytes)
Hash
6497b40b38f9144fcf47f4592138a250
b0476ab731d71f49b7cc8f6b5ccb27badb243a3f
94cbc25f796654a18e0d6c76891cd3f993da149235992e924b04d579d67ef93d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img/deals_bg.6497b40b.png HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tkshoppingmall.co/css/chunk-6ec4778a.06a027b9.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: image/png
vary: Accept-Encoding
etag: W/"153224-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/test/2023-03-11/2b1f361d-49af-4f07-99de-f8e65f804abb.jpg

54.231.162.81

200 OK

56 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-11/2b1f361d-49af-4f07-99de-f8e65f804abb.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 962x1031, components 3
Size
56 kB (55668 bytes)
Hash
8e45ef03c4d3d3f8338e907948eb5268
6d8847195c0a42f8310bdcf575ea57a0bb889766
de9af8571cfab6b7bdcee5e4fc038ff690fa02e497205a7136633e8fd284f600

HTTP Headers

GET /test/2023-03-11/2b1f361d-49af-4f07-99de-f8e65f804abb.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 8nrSiOQ77Nq6rCRwmb0BQKDUamXA2DHDKovGdZftL1U0OMM/co8hoAvgGneDeStD3l6YIVX5pv4=
x-amz-request-id: 22QX09SHMX2AM48C
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:49:09 GMT
ETag: "8e45ef03c4d3d3f8338e907948eb5268"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 55668
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/c75813da-de7b-4cfe-88de-c4c53e9781e0.jpg

3.5.28.130

200 OK

66 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/c75813da-de7b-4cfe-88de-c4c53e9781e0.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 982x557, components 3
Size
66 kB (65543 bytes)
Hash
00fa1c0a4617a61327a1d380275add30
599af04c1ed473fdd21379036aaf3aca5e2ca925
204c1065e2ec225a77e1f069abd3fed50c9e05df04b1ab1ff745328effdb616a

HTTP Headers

GET /test/2023-03-28/c75813da-de7b-4cfe-88de-c4c53e9781e0.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /CDrAX4+NASZ2SDrDDqVv0d/P/Leh6KWS3ImKxXqtxChq2w+Am6iL0gsp0K8gKySse/C16EoWcej2BUyX0iwBbfRsKpcViRAT3F0FXx0YSk=
x-amz-request-id: 22QGWVYCEVFVP4K2
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:53:41 GMT
ETag: "00fa1c0a4617a61327a1d380275add30"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 65543
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-fe46833a.5be8e938.css

107.148.55.183

200 OK

731 B

URL GET
tkshoppingmall.co/css/chunk-fe46833a.5be8e938.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (731), with no line terminators
Size
731 B (731 bytes)
Hash
04fddaebcf220f89065a61a8972e9ff6
a72aaad63f69552c1bfc2ce529d0934877a151a5
fde628e3bf1d28a032a27b15fb82ee652f593c2de925664d244ef73294ca3002

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-fe46833a.5be8e938.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
content-length: 731
etag: W/"731-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-492ced6d.f9837a03.css

107.148.55.183

200 OK

1.1 kB

URL GET
tkshoppingmall.co/css/chunk-492ced6d.f9837a03.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (1118), with no line terminators
Size
1.1 kB (1118 bytes)
Hash
51469bb71eb3ad53d091813383d59f9f
2dc9da09668fefdab35ccfe6c6a3ec5485ceea3d
d9daa1e1faf153cb40d02fe3294adfbf28aeb622797e00cf94c101ccfcf0e073

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-492ced6d.f9837a03.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"1118-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-5ab1e75f.606a4652.css

107.148.55.183

200 OK

4.7 kB

URL GET
tkshoppingmall.co/css/chunk-5ab1e75f.606a4652.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (4663), with no line terminators
Size
4.7 kB (4663 bytes)
Hash
425829f747f667d04904eb3e3cb1496f
a909465b280eca67b61073dd0a2a152b10ff3e8d
7c7679670303f6f08c1d6eb7838b6b23ac0e1b66c1940123f83f48cdf2b1bbd9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-5ab1e75f.606a4652.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:57 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"4663-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-9e9a3e9c.9342188a.css

107.148.55.183

200 OK

578 B

URL GET
tkshoppingmall.co/css/chunk-9e9a3e9c.9342188a.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (578), with no line terminators
Size
578 B (578 bytes)
Hash
471a8367aeafd7732dd964992d4132d0
b8ce2731e281098221537e64d8f67b245520332f
e9257bb48b7e21d5fe8936398837e9ca9ec58f4184267f5f821e99e2fdf055c6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-9e9a3e9c.9342188a.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
content-length: 578
etag: W/"578-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-ee285500.598380cf.js

107.148.55.183

200 OK

9.5 kB

URL GET
tkshoppingmall.co/js/chunk-ee285500.598380cf.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (9488), with no line terminators
Size
9.5 kB (9522 bytes)
Hash
e51d9871f57b8c40b71ab069411b2ff3
db31be5d8bdcc9c7eaac3b9d01bb61feca3e8259
1ccf96c15bc2e98897269b3f3bec41d614468bd2c8dfb50b4f7b7f9727d10783

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-ee285500.598380cf.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:01 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"9522-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-24996071.25f9378a.js

107.148.55.183

200 OK

6.9 kB

URL GET
tkshoppingmall.co/js/chunk-24996071.25f9378a.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (6895), with no line terminators
Size
6.9 kB (6895 bytes)
Hash
aadb61211b1bd3ef4476d3cec500788a
b731afcefd306b507c2b7fcb6ca1af5e52cf4642
dac6c8b7d525141f5c5af9089e0113f785fba4c0be4046a449be6b79318a74bd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-24996071.25f9378a.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"6895-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-07/42e1eb73-13a4-4a53-9984-7ee0be2fc222.jpg

16.15.216.27

200 OK

322 kB

URL GET
hetao-shop-test2.s3.amazonaws.com/avatar/2023-11-07/42e1eb73-13a4-4a53-9984-7ee0be2fc222.jpg
IP
16.15.216.27:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1080x1080, components 3
Size
322 kB (321506 bytes)
Hash
6d6e67e8bd9678f3ac633fec6f9ffebf
04c42393049077a43f73d59e56b0792275715f8d
e46eb77190ef9026f77e891d703b20b76105d3b59a9c9c442d0fbea72e6b67e4

HTTP Headers

GET /avatar/2023-11-07/42e1eb73-13a4-4a53-9984-7ee0be2fc222.jpg HTTP/1.1
Host: hetao-shop-test2.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: tTfyi2F7lN4rCOLqM3Po+0GF8p619MqUf5hyqB1OZNKpBBT+DjwC/UPjBnnimJlfh/BPNni54G8wEdFQMiWe7iwWV+dpVq9OBsq+IfQ6LRI=
x-amz-request-id: FFR1PH24YWQK83CW
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Tue, 07 Nov 2023 06:12:14 GMT
ETag: "6d6e67e8bd9678f3ac633fec6f9ffebf"
x-amz-server-side-encryption: AES256
x-amz-meta-myval: test
Accept-Ranges: bytes
Content-Type: application/octet-stream
Content-Length: 321506
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/208bfce2-9f5e-4564-9ff0-3f42b091c6e1.jpg

3.5.28.130

200 OK

71 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/208bfce2-9f5e-4564-9ff0-3f42b091c6e1.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1419x1500, components 3
Size
71 kB (70775 bytes)
Hash
1994307f8b89af5cfce1809d993ccd77
18a1e5b438175e9c250289af987baf9737f6eef3
6fcf1c0fd9d63f09ab28bb88303bf4a07948cf20d7f2ada3b98d61b1c72c58b0

HTTP Headers

GET /test/2023-03-28/208bfce2-9f5e-4564-9ff0-3f42b091c6e1.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: /oVAW/VOIvH8Hu8Cul09BU3qxwrgDUFFdyTEN7lNQh/P9XsSlkPE4lp6o02Tw+U18CtYKf/fxS1aVo0fchsBv8UhDxvV/ZsOTckHuuJ08IE=
x-amz-request-id: FFR5PNRP1JFHYBKR
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:47:36 GMT
ETag: "1994307f8b89af5cfce1809d993ccd77"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 70775
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-756f215a.d10e0fe9.css

107.148.55.183

200 OK

9.6 kB

URL GET
tkshoppingmall.co/css/chunk-756f215a.d10e0fe9.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (9587), with no line terminators
Size
9.6 kB (9587 bytes)
Hash
dcb9491ed99472ef86358c19b91652db
45eb7dfbc83f4713d04349bb35d7d13123874c8b
69b7d94ca5916dc7fdbaa20cb3b87792e9623c1b82217e7b9ab49e2046254a58

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-756f215a.d10e0fe9.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"9587-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-01aa4ef8.211083e3.js

107.148.55.183

200 OK

2.0 kB

URL GET
tkshoppingmall.co/js/chunk-01aa4ef8.211083e3.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (1950), with no line terminators
Size
2.0 kB (1950 bytes)
Hash
9801cfc8a222880bcddbf58147eaef47
60272769f9ea26c14b6d96559a620c6bcdb9f72a
cc67a65322d6461df742d7378f6fe403186ed410a7afca758e8f5326eb4bf21d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-01aa4ef8.211083e3.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"1950-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-504476c0.d26ef498.js

107.148.55.183

200 OK

37 kB

URL GET
tkshoppingmall.co/js/chunk-504476c0.d26ef498.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (36695), with no line terminators
Size
37 kB (36786 bytes)
Hash
ec86254efcc3c15e8df55cd7e8e77b53
e9c69f97e3d998616d96680a371d72b35b062fcb
59de13ebd8c8c0913eecdc7ed015545ec8dd8423f80692a849aae72746335ec0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-504476c0.d26ef498.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"36786-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-315c31be.fb1bf657.js

107.148.55.183

200 OK

17 kB

URL GET
tkshoppingmall.co/js/chunk-315c31be.fb1bf657.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (17005), with no line terminators
Size
17 kB (17009 bytes)
Hash
250646c14f7e4846744ad5add972fce1
091989efa58b7ab50fcb288b93b56362bef1900e
50b6117229d21f2ac8636ca40806ade04e6a6798e6f38c278b5e64bdea9918e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-315c31be.fb1bf657.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"17009-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/app.5b286951.css

107.148.55.183

200 OK

240 kB

URL GET
tkshoppingmall.co/css/app.5b286951.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
240 kB (239633 bytes)
Hash
45f7be32444e3f616ed3bbf67b6e7b53
faab353ef71e2724a9e19e86fb1d98c537e10e33
86277f8f6a5d6451288f9df791215a00e48fe64fa0870f3d9a5eef996d54a0f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/app.5b286951.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:51 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"239633-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-04-14/d26d36b6-6435-4071-a1ed-647cf4e9214b.png

54.231.162.81

200 OK

180 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-04-14/d26d36b6-6435-4071-a1ed-647cf4e9214b.png
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced
Size
180 kB (180465 bytes)
Hash
60e10d77ebe5877fc1c9385748e2cf72
77082da3f7af090dbcf9ac692bf2ba4e0d699aec
f1343ddaa389f3aca6568d15637793f510925e7f88d13a6ff93591a326a66c48

HTTP Headers

GET /type/2023-04-14/d26d36b6-6435-4071-a1ed-647cf4e9214b.png HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 4MV59G+F0VVt2woOOjbBBEdHXSa8tFCvGyfiZ93bu7e42mnuyhAwV8ISGM9H//e5tBF8dGr14Jk=
x-amz-request-id: SRRT32PQ2RCPHX49
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Thu, 23 May 2024 01:50:34 GMT
ETag: "60e10d77ebe5877fc1c9385748e2cf72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 180465
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-354d74d0.7fe8044a.css

107.148.55.183

200 OK

7.5 kB

URL GET
tkshoppingmall.co/css/chunk-354d74d0.7fe8044a.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (7517), with no line terminators
Size
7.5 kB (7517 bytes)
Hash
84bd9f29be0926f0864dde09c3094100
a12fb2de369dd32d46838a5b8a76ce3003f34791
ac861d3876c55f30125204be8ec991ae215148700ed1a5190ae63d6069251db8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-354d74d0.7fe8044a.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:56 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"7517-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-0b03322b.df7fcd48.js

107.148.55.183

200 OK

2.3 kB

URL GET
tkshoppingmall.co/js/chunk-0b03322b.df7fcd48.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2322), with no line terminators
Size
2.3 kB (2330 bytes)
Hash
6b3ab6726376701ad4b525482938ce95
dbb985834ebc188e4d7b3077c5ac3c56559ab450
2244b02e48dd2f476a9e3eefba875e05c4d19aac6c5610d12b4691fb0c95d329

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-0b03322b.df7fcd48.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"2330-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/test/2023-03-28/f7afcb31-8430-46eb-9114-c2bacf56fc71.jpg

3.5.28.130

200 OK

42 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/f7afcb31-8430-46eb-9114-c2bacf56fc71.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 724x889, components 3
Size
42 kB (41611 bytes)
Hash
4c85719fadd1dd49d50764ebb37f8bf4
202bd373f578df56177fa741f81f7961a7d0a9d6
ee62d20d0f0ec21165f8f72ccdcae8656724084b83fb33275674a13ab9d9c283

HTTP Headers

GET /test/2023-03-28/f7afcb31-8430-46eb-9114-c2bacf56fc71.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: tjjLTdWjiOtC7v3uZs0bu9FLeE22NC9fWlMcleiCdb0/Di/0Mdr0ODNOnxvyoSm4GCVPiaqCXjMI5LrrTx+LLh26IBnLvTXhBch9S1TTT0w=
x-amz-request-id: 22QG7BRDGTVR87AR
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:55:26 GMT
ETag: "4c85719fadd1dd49d50764ebb37f8bf4"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 41611
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/f70eeeb1-a83c-4724-bd3e-7c6dc72637c1.jpg

3.5.28.130

200 OK

53 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/f70eeeb1-a83c-4724-bd3e-7c6dc72637c1.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1326x1393, components 3
Size
53 kB (53094 bytes)
Hash
c37d660217f7d4c257006d2042c09e5e
ea529657eb74db371f9a05e1c3d720cfd06c11ac
ffe20fabb47fca3b0a55a877370f03f6168625efb804473ba88443d0e0513a38

HTTP Headers

GET /test/2023-03-28/f70eeeb1-a83c-4724-bd3e-7c6dc72637c1.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: i9VHB36ZBKmNIu2J7cJPmy961xOuSGnsy5QnGmR3vuHnf+ub6oWMIz04TI7VfzxznUnNmUyb48zIp38+DYotk+PNez1da9dTZ+mAhOThd6w=
x-amz-request-id: 22QTC5DWXCDWHVF2
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:55:25 GMT
ETag: "c37d660217f7d4c257006d2042c09e5e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 53094
Server: AmazonS3

GET tkshoppingmall.co/css/chunk-24996071.353ecc21.css

107.148.55.183

200 OK

6.6 kB

URL GET
tkshoppingmall.co/css/chunk-24996071.353ecc21.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (6585), with no line terminators
Size
6.6 kB (6585 bytes)
Hash
7850f8ff1951499d9d6862632055b93f
6f42d8a81488c73eee45947d9dedbd55ff2f371b
0cb53ad787d44b856f8f882a40917f4461974f5ce04c6e6a6b3a5cda52d9db8e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-24996071.353ecc21.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:56 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"6585-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-2d216070.d6541306.js

107.148.55.183

200 OK

358 B

URL GET
tkshoppingmall.co/js/chunk-2d216070.d6541306.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, ASCII text, with very long lines (358), with no line terminators
Size
358 B (358 bytes)
Hash
49fe497cd9edb2b28ba875d23798f2e8
4566de79364cbcacd8d047f3195955966c39d5dc
90dc47eaa9fbfcae6a6863b1e07bcee10529f6f2f9e76c71382903052a141c94

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-2d216070.d6541306.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:59 GMT
content-type: application/javascript
content-length: 358
etag: W/"358-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2

GET tkshoppingmall.co/css/chunk-9572d47a.55e20e7f.css

107.148.55.183

200 OK

3.6 kB

URL GET
tkshoppingmall.co/css/chunk-9572d47a.55e20e7f.css
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
ASCII text, with very long lines (3642), with no line terminators
Size
3.6 kB (3642 bytes)
Hash
f225ac26b8258d7ea7012cea551d1a6e
16fe461d9e3d6965045ad93f6953bf5fe69122f9
5e0e668d447166c3c2feb7f82247c97d43b653f9694721c2f04ef558799f8bc8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /css/chunk-9572d47a.55e20e7f.css HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:58 GMT
content-type: text/css
vary: Accept-Encoding
etag: W/"3642-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-736dde4c.a0998f34.js

107.148.55.183

200 OK

22 kB

URL GET
tkshoppingmall.co/js/chunk-736dde4c.a0998f34.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (21863), with no line terminators
Size
22 kB (22025 bytes)
Hash
82f9d6eb8d5ef470fb215e919d874c9d
b0ccd622d995d79b75308af2b25a75cbe663d6d8
f0ac40b9b67e1941fb47f16e07cf4bb3f9ba2e542710e5ec0cccfe526a3273c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-736dde4c.a0998f34.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:29:00 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"22025-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET tkshoppingmall.co/js/chunk-6ec4778a.efb92f70.js

107.148.55.183

200 OK

31 kB

URL GET
tkshoppingmall.co/js/chunk-6ec4778a.efb92f70.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (30508), with no line terminators
Size
31 kB (30778 bytes)
Hash
fe8e673c561b944a7ed7b313c868dcec
0f016ada6fc886c6d927e1acb9e30b93991398ac
48c7223eb8cf1c083485495348586a78bd82459c43e89610edb471775c6d1397

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /js/chunk-6ec4778a.efb92f70.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:53 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"30778-1745462389000"
last-modified: Thu, 24 Apr 2025 02:39:49 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-03-29/f638f5c6-610e-4035-8a7d-1b49bd18a6ea.jpg

54.231.162.81

200 OK

43 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-03-29/f638f5c6-610e-4035-8a7d-1b49bd18a6ea.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 90", baseline, precision 8, 500x500, components 3
Size
43 kB (43151 bytes)
Hash
b367a1a2939abed5721ba1cf5fd272ac
14494a7fe1017a29f9fed7421f7d652257490203
46d322495677c8a7c5394e265b4ff29491e138ca470aa1ca2d8abf364db9cd21

HTTP Headers

GET /type/2023-03-29/f638f5c6-610e-4035-8a7d-1b49bd18a6ea.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: eC7s0Xlqkob2FeZPaSrQqxsEbxXgimks3DwT65vMZx8eyDFMYOFF9cVJTs8ejm/WbGwDxFT7PiA=
x-amz-request-id: SRRW213090PJFBF0
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Sun, 01 Sep 2024 17:37:19 GMT
ETag: "b367a1a2939abed5721ba1cf5fd272ac"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 43151
Server: AmazonS3

GET mall-test.s3.amazonaws.com/pc/gp/B081ZM1WCX/612R3o6fxOL._AC_UL1000_.jpg

3.5.28.130

200 OK

125 kB

URL GET
mall-test.s3.amazonaws.com/pc/gp/B081ZM1WCX/612R3o6fxOL._AC_UL1000_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 613x1000, components 3
Size
125 kB (124665 bytes)
Hash
d3decea8391c9438833b1a43efbd65bb
0766c3512513c39cb540cfe4c8b23cdd80d34398
366e5455e146a21387311ce2e547db36d12b1f7fc257388984b81f5fbeb6cd46

HTTP Headers

GET /pc/gp/B081ZM1WCX/612R3o6fxOL._AC_UL1000_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: FZcjssXWWkbRUPq5MpZ1Ivm/ytLABX/6k6NTDYfWuWSf6+gOhYJpsmmqRXDuZWxHRca0+2KTPp9qpVfGgphRMHxLC8reuTT73pwn3juZ7UA=
x-amz-request-id: SRRKEPMM705BWM40
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 02:51:02 GMT
ETag: "d3decea8391c9438833b1a43efbd65bb"
x-amz-server-side-encryption: AES256
x-amz-meta-sha256: 366e5455e146a21387311ce2e547db36d12b1f7fc257388984b81f5fbeb6cd46
x-amz-meta-s3b-last-modified: 20230718T074922Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 124665
Server: AmazonS3

GET mall-test.s3.amazonaws.com/pc/gp910/B09J23VG1K/71dP%2BKs3A9L._AC_UL1500_.jpg

3.5.28.130

200 OK

78 kB

URL GET
mall-test.s3.amazonaws.com/pc/gp910/B09J23VG1K/71dP%2BKs3A9L._AC_UL1500_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1424, components 3
Size
78 kB (78538 bytes)
Hash
d1399f783effb404f33499a69bbad84e
68cce910f839c9bfbc399cca57ea58873bafb565
8296ff976fa5552479fbd0d64f398544af292d655b41f378fb8d12ea998d97af

HTTP Headers

GET /pc/gp910/B09J23VG1K/71dP%2BKs3A9L._AC_UL1500_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: cRTdjZZygvHRJY1b/xwZYk4QdEISVyqpin8qcWBt24CJJko09ARI+RXqGNeZl8mn9ciIUhIxZNzctez1GVddHuYoAXIbp9dEh0oV2hWY4Ws=
x-amz-request-id: SRRPPR80RKD0GWJJ
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Wed, 22 May 2024 14:04:11 GMT
ETag: "d1399f783effb404f33499a69bbad84e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 78538
Server: AmazonS3

GET imgtest1.s3.amazonaws.com/test/2023-03-07/78b9c29f-800a-499a-a640-a12d95b6cc7c.jpg

54.231.162.81

200 OK

48 kB

URL GET
imgtest1.s3.amazonaws.com/test/2023-03-07/78b9c29f-800a-499a-a640-a12d95b6cc7c.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 857x1050, components 3
Size
48 kB (48075 bytes)
Hash
013fe4aba3bf16f7e54fc87414f2fcc9
78d37fb3e926e07ff603a0e1d2246523301dbf9c
0ea676e6317e0aa668ec454888b2f5a28b97008372616a9b73246ea783643b4c

HTTP Headers

GET /test/2023-03-07/78b9c29f-800a-499a-a640-a12d95b6cc7c.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: Ln4lh0yQLoClQhNJ8LPpBmYWGQSZbguRzO9qsUD65XqdHDE0RVpERaeMd/eoUohbPaazG2+I+j4=
x-amz-request-id: 22QRC0JDYAYFBB3Z
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:47:07 GMT
ETag: "013fe4aba3bf16f7e54fc87414f2fcc9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 48075
Server: AmazonS3

GET tkshoppingmall.co/wap/js/app.6e1cc4c0.js

107.148.55.183

200 OK

1.6 MB

URL GET
tkshoppingmall.co/wap/js/app.6e1cc4c0.js
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/wap/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (53523), with no line terminators
Size
1.6 MB (1646515 bytes)
Hash
b3ca62c41c67c76f83614e156171c0c8
b2059381f1c76ef1125d2af5a95cee9d7140dfdc
6f53d0588229c9f47662feb7a65d3248604ff842bd2bd13a64491336bc5a192e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /wap/js/app.6e1cc4c0.js HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tkshoppingmall.co/wap/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:48 GMT
content-type: application/javascript;charset=UTF-8
vary: Accept-Encoding
etag: W/"1646515-1745462386000"
last-modified: Thu, 24 Apr 2025 02:39:46 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

POST tkshoppingmall.co/wap/api/category!recommend.action?&pageSize=50&pageNum=1&lang=en

107.148.55.183

200 OK

7.2 kB

URL POST
tkshoppingmall.co/wap/api/category!recommend.action?&pageSize=50&pageNum=1&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
7.2 kB (7233 bytes)
Hash
5cac8f9349f4eb20108dcfb6511287c9
4598493640acc373f9f5a7a35a67b70fc1319621
a49fd06433adc1b9b4419bfe8382c46e696d3a206c655a99f3a7007f8cc08245

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/category!recommend.action?&pageSize=50&pageNum=1&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET mall-test.s3.amazonaws.com/pachong/gaoqing/B08HD6SMMY/61Hmfj-ZbBL._AC_SL1000_.jpg

3.5.28.130

200 OK

98 kB

URL GET
mall-test.s3.amazonaws.com/pachong/gaoqing/B08HD6SMMY/61Hmfj-ZbBL._AC_SL1000_.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1000x1000, components 3
Size
98 kB (98499 bytes)
Hash
a1734188bf728af1d2bc1d1208e0f770
029eb0c3d5fc7fb25561834526d3d84e90b79997
8474ec05ed643c5a71ab1b8e419f23ac2093beaf3a310b98d9b70713795d4c4d

HTTP Headers

GET /pachong/gaoqing/B08HD6SMMY/61Hmfj-ZbBL._AC_SL1000_.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: lia1kqOoog8aB+xpXOVP8//a83SZ6zXX/fs2riL6OX6LimWzNC72l18CpzVuE/nL1XQieM5YuuEogcDV3dP+/JhhfsjSf9pcbFA4Zp2kbuU=
x-amz-request-id: SRRG29HJTS7E5T33
Date: Sun, 27 Apr 2025 13:28:56 GMT
Last-Modified: Tue, 21 May 2024 20:59:39 GMT
ETag: "a1734188bf728af1d2bc1d1208e0f770"
x-amz-server-side-encryption: AES256
x-amz-meta-sha256: 8474ec05ed643c5a71ab1b8e419f23ac2093beaf3a310b98d9b70713795d4c4d
x-amz-meta-s3b-last-modified: 20230412T102755Z
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 98499
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/1f3ad39a-de14-4bb6-b713-a1396ed75c7f.jpg

3.5.28.130

200 OK

120 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/1f3ad39a-de14-4bb6-b713-a1396ed75c7f.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1485x1491, components 3
Size
120 kB (119825 bytes)
Hash
266a63a968acae1a54665dca8a490404
7fff0ad6152540aec2acfe4f36c9673aaa845383
5e9f410a632a8fe5120628c6672e80edb59fe0e137250f5f8ef88032d8f877e2

HTTP Headers

GET /test/2023-03-28/1f3ad39a-de14-4bb6-b713-a1396ed75c7f.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: zVLKu9Gs9f4KLQ4ZY6A3mKk6XMs0OeI2XPZ8HB/K03oKuTKwJVIDMVQxzwYuJ5FRqxuERGQ6Z3IznE9mOkTlAIiixqjj7Uo7LHP3e4bY2Bg=
x-amz-request-id: 22QSX2HE3D4YV8BB
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Wed, 22 May 2024 20:47:33 GMT
ETag: "266a63a968acae1a54665dca8a490404"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 119825
Server: AmazonS3

POST tkshoppingmall.co/wap/api/banner!bannerList.action?pageNum=1&pageSize=8&type=pc&imgType=1&lang=en

107.148.55.183

200 OK

865 B

URL POST
tkshoppingmall.co/wap/api/banner!bannerList.action?pageNum=1&pageSize=8&type=pc&imgType=1&lang=en
IP
107.148.55.183:443
ASN
#398478 PEG-HK

Requested by
https://tkshoppingmall.co/
Certificate
IssuerLet's Encrypt
Subjecttkshoppingmall.co
FingerprintAE:2E:E5:8E:32:C3:96:41:E9:48:1B:47:68:CC:99:C7:38:60:A1:3D
ValiditySat, 26 Apr 2025 16:37:02 GMT - Fri, 25 Jul 2025 16:37:01 GMT

File type
JSON text data
Size
865 B (865 bytes)
Hash
53dd6ac5a79d871d89b020fb37444627
271f2a1815dca38dc42d7fe047fb49c1e1b7edbd
1e39a4acd929650c609a0572f365cf56c43d3f63abfbbe7551377103b45d68ad

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /wap/api/banner!bannerList.action?pageNum=1&pageSize=8&type=pc&imgType=1&lang=en HTTP/1.1
Host: tkshoppingmall.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://tkshoppingmall.co
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Apr 2025 13:28:54 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2

GET imgtest1.s3.amazonaws.com/type/2023-08-14/29e5a33a-f02d-43f6-b4ce-5edb8be1577a.jpg

54.231.162.81

200 OK

96 kB

URL GET
imgtest1.s3.amazonaws.com/type/2023-08-14/29e5a33a-f02d-43f6-b4ce-5edb8be1577a.jpg
IP
54.231.162.81:443
ASN
#16509 AMAZON-02

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, baseline, precision 8, 500x500, components 3
Size
96 kB (96012 bytes)
Hash
a7d470fbe103fb9a6784c6e3bd450ccc
cef53fa7fec6b069bc298b96adc02886d48a2bd6
4529834992120ae959682d5dfc40e76a46db199fdbe4b20fd77e5d1ce92accd0

HTTP Headers

GET /type/2023-08-14/29e5a33a-f02d-43f6-b4ce-5edb8be1577a.jpg HTTP/1.1
Host: imgtest1.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: 8BkeiO/Z9ZagrTGrFypj/B8+x8Y/dHdWPJQewUVn7yCUAhSLDWnaXd2ctYIHpKZfsPRRroj2GEE=
x-amz-request-id: 22QXGR2BK6S7MXNK
Date: Sun, 27 Apr 2025 13:28:57 GMT
Last-Modified: Thu, 23 May 2024 01:50:35 GMT
ETag: "a7d470fbe103fb9a6784c6e3bd450ccc"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 96012
Server: AmazonS3

GET mall-test.s3.amazonaws.com/test/2023-03-28/3e25aaf9-50d2-4f5f-947b-4e440b685a95.jpg

3.5.28.130

200 OK

120 kB

URL GET
mall-test.s3.amazonaws.com/test/2023-03-28/3e25aaf9-50d2-4f5f-947b-4e440b685a95.jpg
IP
3.5.28.130:443
ASN
#14618 AMAZON-AES

Requested by
https://tkshoppingmall.co/
Certificate
IssuerAmazon
Subject*.s3.amazonaws.com
Fingerprint2E:BA:63:64:95:A8:CE:55:DD:7E:EB:A9:98:83:14:B1:6F:6B:61:69
ValidityFri, 14 Feb 2025 00:00:00 GMT - Sat, 07 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1500x1500, components 3
Size
120 kB (120128 bytes)
Hash
35321efbba20476448ab4968f2c839fe
83fe2761c569f528754a33a765321eece0353ae2
7527a61b9948d7cd050a7d4168625cb179f796be363438ff508ac8207c8b82ce

HTTP Headers

GET /test/2023-03-28/3e25aaf9-50d2-4f5f-947b-4e440b685a95.jpg HTTP/1.1
Host: mall-test.s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: z1G/uHMGKT+CuhBdF5pDpJiDm1FDbx4z0nm0Kn7ouK6mQ/P1q2TQMqR8q+l87fjyz0FGms3C1SJLvl4M7fKbGtb9DuWjxBdZb6kLQ8lhMkE=
x-amz-request-id: FFRED7YMRJV88V5F
Date: Sun, 27 Apr 2025 13:28:58 GMT
Last-Modified: Wed, 22 May 2024 20:48:41 GMT
ETag: "35321efbba20476448ab4968f2c839fe"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Content-Length: 120128
Server: AmazonS3

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (231)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers