{"report_id":"63cfde3a-7ca0-4a81-8921-e7674fca5346","version":6,"status":"done","tags":[],"date":"2026-02-02T12:27:38Z","url":{"schema":"http","addr":"down.tk-shopping.click","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"down.tk-shopping.click/","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"title":"Get your first business on Tiktok Shop today!","dom":{"size":30371,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (339)","md5":"de02afd5fc85b2e499ddeb01ee7a3e04","sha1":"57ef43c23d11f1186a0b63cf79ff6552188260b7","sha256":"95157e24d44ccb38c435787bceea5aaa6f8fe0e839f78fb405e64aa1581fe3ea","sha512":"cd14f3e17a3cbc17a82b855773418656d9aa24cdc97f099668b76c3479c809fa9177b3946fa66d2f5431007f50bfc04fcbbb6ddefbbe1821fffdf68f1e004997","ssdeep":"384:7sNbO7FtpUmA1f327j+ewsNj1KMtiGkIpw:7sszpLA1vOjMsNBKMQ","tlshash":"fdd2511144f8a96305f38a827ab51da7bed19007db0a4840b6fc0be9ef95c85cd5f39d","dom_hash":"domhash09a2a3b8422a851f21e1f823e3f90398","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"down.tk-shopping.click","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-09T12:27:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"down.tk-shopping.click","ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2025-10-27","domain_rank":0,"first_seen":"2026-02-02T07:51:29.491358Z","last_seen":"2026-02-02T07:51:29.491359Z","alert_count":260,"request_count":65,"received_data":2450062,"sent_data":31475,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"tk-shopping.click","ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"2025-10-27","domain_rank":0,"first_seen":"2026-02-02T07:51:29.492724Z","last_seen":"2026-02-02T07:51:29.492724Z","alert_count":3,"request_count":1,"received_data":7739,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"down.tk-shopping.click/","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"50aefcc0aa5bf250b34f6fece51b03a0","sha1":"8cab6eee2068e99da3fcd120def9c4970f32aaad","sha256":"8399301057f17eec10be0533de591755b149acd82c1a4850e7b29dbcaa77f8b0","sha512":"f92241e192e94bc78736c36db376abc7abb661e17af4924cb17f4adbe54dc98219664dbe22faaa183ca86c7741fb31d9c2c2682cf72c328e5097e90d025fc88b","ssdeep":"","tlshash":"3ff030ab158119316d5f07e525157b8c7663a40ff85cfc65715cca810fd4da1001e994","size":492,"data":"","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-09T17:51:51.732934Z","times_seen":44,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"5f80e37c3df77b0d82644f5933dd4dab","sha1":"a9cc39394093a9599ab6833623249b29a2806018","sha256":"3f7b3190cb681e56af6e2eb95483978664d8d862adc1ed454628b6ddc891dd05","sha512":"9dc00085f9fdbbd1d75e593e8c68f2becb5a63c8f5f83b45cf30d6fbda345da22a033f63e2e723c1fc0d7ff88971d17447027988819ec6ff5f20022b06a2ce76","ssdeep":"","tlshash":"b411994705b220331e1b166c0f0e29087152246b6f4dec01ba2d23d00f6d1a342bbbdc","size":932,"data":"","first_seen":"2026-02-02T07:51:34.950631Z","last_seen":"2026-02-02T12:27:44.816912Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/i18next.min.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"12ecb47960392a3fc855b7fd50e37cb5","sha1":"89091e446743ad290bbfcc7e0712b07b718ed645","sha256":"9a910161d3b09fcf59d5865c907ab140ffa5689598417f978b0324b90c10beea","sha512":"6e1692496675a763907cfbc6fd207650381c80beafd0498057cadc1523e375a7335b7e96571f7d8f584b8c2c0cf5cce2fef10c940afa4bb0073af4d4806c395d","ssdeep":"384:mITfijf2+Vu38flPKA6H0jbh/k9mhwk9BkXHoePQhI7HGi8K/cho1rzA7Ih3mIYP:o9NPEPbmikmmIYECO/NXZ5MYaYs","tlshash":"2003f88c719772624fc360a4142f230ab279a95554c89808f932fed5ede1e8da3e7f34","size":41339,"data":"","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-04-09T17:51:51.668384Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery.min.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-08T19:45:51.152223Z","times_seen":134004,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/language.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f1c641ed54d889286ec33d707912d01","sha1":"ce16d3f9a19fb965afe9127318092039749c2088","sha256":"f0732982c2eeae9ffbc608e2f6b882a07cc7ef6237ef0facb3e97d9356f1d29f","sha512":"1bf2987b7f32f27880be0a4c47fea4470d37a7f2827a44393c23f401a894c815c645926da07c7a520ec79eb3dc6ebbcb19bb7fb6dcfe56f61293c203d130a8af","ssdeep":"1536:z6Hg1LAYNOEcOjDXSbDkupuCT11yqM5ssvcXdebwDDBXjj+N:z/XEpW9vcNpDDBM","tlshash":"e673e8fa6a5a5110868a5d0f938d3342b527480bed43b420bd0e9a763f4d16de2f77f8","size":78163,"data":"","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-06T21:32:19.985011Z","times_seen":34,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery-numerator.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"841867584297992c64714a8b0edc2b2d","sha1":"fa87257216ab66b8e6666a9aaacfeb2024249718","sha256":"182c170e6dd6e4ab7bf46f19f66d1de60535a952c9fd431b7d6cc33d2d90fbb5","sha512":"af3148ffc75cf1b09995f275064a2ec1603b868b29438f9f926b434848788b37b9ded46eb2766fd95168aa2c523a83622aaf2ceccc543cd85d3eee40c5c171f8","ssdeep":"","tlshash":"1371cb083ae62014817734b9ca6f524672348917142efe997dbd42d05f68cb862b3ffd","size":3783,"data":"","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.722527Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery02.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"529fa2567d61b1146470254906e43216","sha1":"e2c8cb8669b73e1db710227d3d2e8f57463bb1e5","sha256":"83b1569d251f1294e3c023ca5850b956f490cfa311ff79f8a339a3c3f6eb6337","sha512":"4958efb53f6b857bfc77529ac9a99bf3da12a47ba24d7d2a71021b87aa85cad2ba1a79547f0675c1edb9312bc2fcc5cf2071be94f3c03dc0af3dbf8a32da4e2f","ssdeep":"","tlshash":"3001f6aafcb180150a4b30b844ef42452eb54057ae4ccd1479cf6dd95f80034ee657dc","size":750,"data":"","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-04-09T17:51:51.649343Z","times_seen":53,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"d939b86d872b28f668015c20ea927907","sha1":"506ee09d80564f887d3bbce66db82a62d4bc6527","sha256":"a07e1919ea60ba5fd199ec852f2f4529bf8376ee957337e5abaaa1c9f9c0d740","sha512":"daa80e2dcd738a0d8094967fb9cb203aadf66b4e3fe8e79aa6de0db22ce578b47b26f835a71413c7fbea06579c6742b38e678696b24c2fb6117ed8e2ef8f6d0f","ssdeep":"","tlshash":"2801594a09f260331e4b257c1c1e19093152306faf0efc01ba6c21d00f6d5a242bbfdc","size":756,"data":"","first_seen":"2026-02-02T07:51:34.95182Z","last_seen":"2026-02-02T12:27:44.817489Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"9d9fd60a5e364c84b0da6d314a235528","sha1":"2ad8c2f42763ff8dcc02d05fa80ac7be3a27ea33","sha256":"d3922978a5f6ca0759f1a6ae8f856ab6f5bc85fb4f6369b60e8f12ef8ffb3511","sha512":"b41e4714dee95da039c333e9705fbac46da20a42cea5afb3df8facf88b13a285f69cd017eb3af05ab8f14b61dddbb20c11129e3226ef8c606a63ae59689a9c54","ssdeep":"","tlshash":"9d01b49aeca43351f34330ee291b4899b055048b2759fd097b4e69984f4635019f779d","size":805,"data":"","first_seen":"2026-02-02T07:51:34.953015Z","last_seen":"2026-02-02T12:27:44.818004Z","times_seen":3,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/swiper.min.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"9f50ccbb93a31e1c50f403a3316b8943","sha1":"fda9efb6327b471e503a14b3c263867c2d3edff1","sha256":"53527b91b391eba9507aaf3fdd2cbc059c0f9d17171d89b51981814139a6930f","sha512":"f9d982db11b0351af039c1f781c8f39b8e98a73a0de2b0790b0faaf6d4940e7299d02852df02f95cd8993d71c1d8751aee22e0f97795a0f4bfad1be62448018c","ssdeep":"3072:rr6hL+BaTePGoAslwTL/yXmO9FLtPYJyfymmFGXk:f5aylwTL/yWO9FLtPYJyfyMXk","tlshash":"9334f80b57e62475a5a3b27a4f6f81006275840f6e0afd983e9c46948f5c83c13b9ff9","size":243148,"data":"","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.723378Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/counter.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e2ace7cf03fa94a2c0e89b2f74bb13f9","sha1":"4bd857944aa30de00c4827a9b2f8424e349c8646","sha256":"d4ead53304126941b0511c7b14d23d61454184a2bc255d32b1d83d5db7b7cd10","sha512":"d05fb701869627ec20302d6e33351e067451cc5f02776687332ea3d254af1a6ae9de5c229bbd9f39a9db97ba64ede7a4b39c83661b7393a028dc69b7b7374200","ssdeep":"","tlshash":"f8116b3c7ae1080078bbb1790f2f530412624967840ade10bf8eeab5bf1547f7691af6","size":883,"data":"","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.696232Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery-3.6.0.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"74bc2c439bb7c987f814b5d38af6b2ec","sha1":"ae894d020892f0a4c3ca1e4d91817b099edcbdf1","sha256":"e77ba171e3f45ad6ec917e2018c017ea029b77f6219fc7ff0d0caba489c6314a","sha512":"688d2c27c65ce0512dfeb19383d5a7ae81178d98842a7b7e76da57d3cfcfae8c0454d5392c5b6f9ff53e7957d048447332d0a9aebe5ab497707561fb15a7d800","ssdeep":"1536:1jeETmdTfImTrlJRQTipT4eZSz5IuI7GkBOSnZRU2y4ge8cL7sgRcORBFVhwKKkC:1jeEzrkogRU2y4N7GK8khrwLoecgwl8/","tlshash":"15c39699b3d632318647f03a9dafcc09b1b6545f26c8ed05710c94a65f2486c93bafec","size":129403,"data":"","first_seen":"2023-03-13T03:25:24Z","last_seen":"2026-05-29T00:32:28.099158Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/swiper.custom.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4abdf80065d4e341b2f3dcd87e00644","sha1":"2c0e63f29e76b93f98f5114bb52286dc4676705e","sha256":"3ee57c4c67e5ceda512c7aa0c8cf10cd1c52947ede94a759fe2e024ace0fe7ba","sha512":"320f79e11960076c8bb1af9ab99e082d5a396676fbc8151847833b859bf4e92a8dc7d5586140c17aec5251091ef33a01f47200acf04eebf05a74d9dd99a8d08b","ssdeep":"","tlshash":"8ef02601229d14265537c838ad6fd3028ba4c346197f3970e59503056e2f33cb2f6ae4","size":637,"data":"","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.66349Z","times_seen":63,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/jp.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/jp.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 420\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\netag: \"6629a09a-1a4\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":420,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced","md5":"10958397bc7c25c746e6e122365c003c","sha1":"3c5b175471d77c6e813a140c6859bca53952d9d3","sha256":"5efce88ac7228ea159bcf7fd1cc56d73c19428394218706524bac0e9151d4c61","sha512":"de6380d995a3f7ba70e05112332a4ba72f88ac2aa2f502a308d3f979197dc0a75c9822012b491c7f2f95519571ad6ca15b757b10a05cb95dc7006b0bde650ea3","ssdeep":"","tlshash":"38e0f1a2aa503d76c95c4fe1b98649a0e0728ca408358bcacb099e240e76b5dd5e09d7","first_seen":"2023-04-07T17:29:43Z","last_seen":"2026-06-08T08:31:54.099804Z","times_seen":2860,"resource_available":false,"data":null}},"time_used":1629,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1007,"receive":622,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-7.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-7.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-18e5c\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":101980,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"8d957a06dd6d65ca1bb1be41e95c49b1","sha1":"fbb34b317516df14e949f36451444a9950eb8f49","sha256":"0e916709b4c0a8c2c5bac0bf461a8e20382595aeec1c1eafcb94900c8f494866","sha512":"1a070f28accb7bc7f5b622856e01ccc421967d3995a821beca2baa11af0f3a505b03e5affd31908d35db11ee7e951ec04ec87c46849bab1e8eda4a4a807be180","ssdeep":"3072:5vFjm0FIehvK4TqAENgjyk1T9cqOnzkSqtZ:5vw0FtKiqOjraqOztI","tlshash":"8aa31213ba270326edd91c32320febf1cc15a6897a73d3fd751048f624e0aa8e155e99","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.32268Z","times_seen":59,"resource_available":false,"data":null}},"time_used":1002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1002,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/icon-5.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/icon-5.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-a1c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2588,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aa514f9be956d4b87060f662414b013e","sha1":"9d48e6f43038c2b35994a0e7f52dfadcc3b2bc93","sha256":"91adc2957b4b420a7fc5cef44ab3e7227ae641ac2cab1b7673d0cdc6832564be","sha512":"429f9a6f6c142ab09b51642c4d7036c78dc7d6426c27e010d969685330c4f4a1f4a2db4c4b05a6f0c6eb5b2d52e6d149df8496a497352939236af85eea5173e2","ssdeep":"","tlshash":"755132c03a7543b5ec02d672da2a41b5975facdf439108f0cb923f6a9885877ec75ae0","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.704956Z","times_seen":39,"resource_available":false,"data":null}},"time_used":1007,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1007,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/ievi2zhzi2ecn5jzbjeets9weq8-32megcqybw.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/ievi2zhzi2ecn5jzbjeets9weq8-32megcqybw.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 15660\r\nlast-modified: Thu, 25 Apr 2024 00:13:50 GMT\r\netag: \"6629a03e-3d2c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15660,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15660, version 1.0","md5":"d7b0b953a50fddaa88089b5b787cf719","sha1":"2f85bc568b27659a3d6452f58f9fd7678450326d","sha256":"e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516","sha512":"acad9ef3812275ed352a6265f41e51596561c401cde7c5dd298621c5958fa340cecba759d65bdcbc1496deabf0fd56b921e67ee83bcd8b053bfa47f0b5d56e8c","ssdeep":"384:pRO3mqcIlsRMvUV6QPNRusB4qDyzoiJxtntdK6MY4AA:pR6Nc5CW6w44yHJxtPJA","tlshash":"a262d01fb86864ce1d8c5fb6c4bf27b16dc5d1d426c59eeb636c28f9e8d0a081206f06","first_seen":"2023-04-05T14:04:03Z","last_seen":"2026-06-06T15:28:11.441788Z","times_seen":1990,"resource_available":false,"data":null}},"time_used":2314,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1657,"receive":657,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-02T12:27:16.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:17 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 01 Feb 2026 17:03:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"697f8759-5514\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Swiper","description":"Swiper is a JavaScript library that creates modern touch sliders with hardware-accelerated transitions.","website":"https://swiperjs.com","common_platform_enumeration":"","icon":"Swiper.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"jQuery:3.6.0","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":21780,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"786aff87585a03031b9e49a19678584b","sha1":"83e390aba7701c31ffa6e3f14cfaf11c821ed4e1","sha256":"4a23d2fa1076296281e78e31fd48f3eb4e7de7ff38639ed5ded2204a19015973","sha512":"ab9313549aaf1e930a1b0064490ad0ee24f249b919173692072aff83083b1963289014ad57219440775702e62f8401af4ad54c324b2231fc2fd61aaed79f7df5","ssdeep":"192:FlpO7EJcOSvtTaI/CxRcRWh/sQwHDfPZyRnM8oUsUrugGyLksnCWYL:FlGbJQwHLPZyRnM8DiGkIpO","tlshash":"9ba20c1104f9a12305e399c27fb11e6bbed1e04bca0a5908b6fc1bd99f92d86cd5b34d","first_seen":"2026-02-02T07:51:34.88988Z","last_seen":"2026-02-02T12:27:44.778431Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1734,"timings":{"blocked":707,"dns":59,"connect":320,"send":0,"wait":320,"receive":0,"ssl":325},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/css/swiper.min.css","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/css/swiper.min.css HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 25 Apr 2024 00:13:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a038-339b\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13211,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"52847fbd6c33f9bfd602d45936ac93f0","sha1":"58802010fcc6f05ee3e1c324e5a65ac67259ed35","sha256":"4afa49b1e72bd476d99ecd6449172948a5dab0618f9d67da26ff150c48148f9e","sha512":"f428346fda42e12845709a18aceaf7e08a22d9eab69405f69f4626729bfe98680266b67c11405166fde1cedc102b245338dc91081c6ad2375074f1773b3ac54b","ssdeep":"384:ti0QzB609AL8xyzXoFVCQDx+FbwFREuJu2N:ti0QzX9AL8xyzXoFVCQDx+FbwFVJu2N","tlshash":"e352f28417b01c23b3768f6e1962d735a76898424a4bdcacb3c0dc48effd5f8621e655","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-04-09T17:51:51.724195Z","times_seen":45,"resource_available":false,"data":null}},"time_used":323,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":323,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/hk.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/hk.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 527\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\netag: \"6629a09a-20f\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":527,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced","md5":"389d0451c5c2ff40e88a93588dcbd6f1","sha1":"bdf1eff892d67a3df37e57976a7e552e883ede62","sha256":"21a3c54b0f51243f34747eeb2feb2b2627c29133e6e3a8a1126b7bda81708dab","sha512":"dc6dd12a3ee38386248a1d0d560af8d8b04d0565ab1a69f29458d5f6935ce18973222d2378b4d712cd3d78c4dc67833be28e764b501319614836028fc0a065c8","ssdeep":"","tlshash":"7af005d6760cc43dfcd7509035c6d571b8179958166e4279f0cac521dd7850bab49086","first_seen":"2023-05-10T04:51:45Z","last_seen":"2026-06-08T08:31:54.106195Z","times_seen":1062,"resource_available":false,"data":null}},"time_used":1631,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1009,"receive":622,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/fr.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/fr.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 545\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\netag: \"6629a09a-221\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":545,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced","md5":"c1cf1874c3305e5663547a48f6ad2d8c","sha1":"0f67f12d76a0543772a3259a3b38935381349e01","sha256":"79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842","sha512":"c00e202e083f703e39cafbb86f3e3f6b330359906e3a6c7a6a78364d6adeb489f8b8ab1b2d6a1b8d9ef1a17702cfc8fc17219cf1aae3e5a7c18833f028037843","ssdeep":"","tlshash":"02f075e32bccc07cc90a0572b79ba030f4b2c9c85a5493d9509210f92f6078cdec2a28","first_seen":"2023-04-10T00:37:21Z","last_seen":"2026-06-08T10:45:29.940459Z","times_seen":3307,"resource_available":false,"data":null}},"time_used":1627,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1006,"receive":621,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/yn.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/yn.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-ccc\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3276,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 301 x 200, 8-bit/color RGBA, non-interlaced","md5":"db3ba9453dcbf0d6e6538449f207eb07","sha1":"376296c276b76046f7c00b8457be4b94a1be2c1b","sha256":"d688463a357d144fea6309d6d0f7404bde79a7c0dfed783162f7a8b6aacffb0a","sha512":"c2412ad2d7f6f841efc6ded1f64a2af2e344a2eba4e423bfd077403af4b39bd6bb2b4b295692716a7704057983d6c830888f53e7187ff96566e9ce793582ba0f","ssdeep":"","tlshash":"0861f9ca681980d7e5caf9ff8808a41493e8b7d4b16a8b192b7df3d8065030c6f5ec47","first_seen":"2024-09-26T14:10:26Z","last_seen":"2026-04-09T17:51:51.728458Z","times_seen":38,"resource_available":false,"data":null}},"time_used":1005,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1005,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/language.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.169Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/language.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-1316e\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78190,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (513)","md5":"3f1c641ed54d889286ec33d707912d01","sha1":"ce16d3f9a19fb965afe9127318092039749c2088","sha256":"f0732982c2eeae9ffbc608e2f6b882a07cc7ef6237ef0facb3e97d9356f1d29f","sha512":"1bf2987b7f32f27880be0a4c47fea4470d37a7f2827a44393c23f401a894c815c645926da07c7a520ec79eb3dc6ebbcb19bb7fb6dcfe56f61293c203d130a8af","ssdeep":"1536:z6Hg1LAYNOEcOjDXSbDkupuCT11yqM5ssvcXdebwDDBXjj+N:z/XEpW9vcNpDDBM","tlshash":"e673e8fa6a5a5110868a5d0f938d3342b527480bed43b420bd0e9a763f4d16de2f77f8","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-06T21:32:19.985011Z","times_seen":34,"resource_available":true,"data":null}},"time_used":1010,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1010,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/en.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/en.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 609\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\netag: \"6629a03a-261\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":609,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced","md5":"968591e0050981be9fa94bd2597afb48","sha1":"dd9e149e2b5ad59dd8b4b262f5fdeb5cc10ecf43","sha256":"36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585","sha512":"ba8e09654cff264d428b1b3cf6df764699c6a754f2db329643881fb75cc8647a9c2777f05bb8c0d81b9d648d345796ffdb14fd231e2bb1caf71530098d12f219","ssdeep":"","tlshash":"9cf002c1fb856ae9e16a52610d7a16701c07c3a4217640a46c26ded41929f0dc2d8221","first_seen":"2023-04-07T17:29:43Z","last_seen":"2026-06-08T16:52:19.127926Z","times_seen":7537,"resource_available":false,"data":null}},"time_used":1630,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1008,"receive":622,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-4.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-4.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-d92b\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55595,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"0f0b37b38733842d668e358b50f8d354","sha1":"fd676fa05dcbb70d419a09236e3dd8f59ac2bf5a","sha256":"59129b9dd0924244b5f72a76fdcfea3c7ebb19c43e184561524ef2525af9cf2c","sha512":"f32fc6f43dfec8dc094936f28c13c1c0e85cbffbf3631ab5c6a29f39adba60dc326c75b9b44d67875660eafa323a724a75810cf27082865514c813108af4d244","ssdeep":"1536:5mLBjIJdAzVKmSVH04QrJR5GYAGtHBNhm8LBsFjMy74:5mLVI/OVKmEHEwYNtHb4hFjMyc","tlshash":"024301477b10022df6afe8306fecc5c1a42b1e1c290a875d3262d9a9b5e7d485de4b1e","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.350147Z","times_seen":58,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/counter.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.218Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/counter.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 883\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\netag: \"6629a03a-373\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":883,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"e2ace7cf03fa94a2c0e89b2f74bb13f9","sha1":"4bd857944aa30de00c4827a9b2f8424e349c8646","sha256":"d4ead53304126941b0511c7b14d23d61454184a2bc255d32b1d83d5db7b7cd10","sha512":"d05fb701869627ec20302d6e33351e067451cc5f02776687332ea3d254af1a6ae9de5c229bbd9f39a9db97ba64ede7a4b39c83661b7393a028dc69b7b7374200","ssdeep":"","tlshash":"f8116b3c7ae1080078bbb1790f2f530412624967840ade10bf8eeab5bf1547f7691af6","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.696232Z","times_seen":63,"resource_available":true,"data":null}},"time_used":1376,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":992,"receive":384,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/img_mv-vertical.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/img_mv-vertical.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-17d74\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":97652,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 638x1136, components 3","md5":"e74bfd91c3713ebe6d725d8b4c96cf7d","sha1":"1945b18e00e96d74e1be2233d1a43eac0d618fd4","sha256":"f1eb98eb079fa1e85a2cf7915bcb7210aba28988c651c43d84e1fcc7b1751f90","sha512":"b20d20373afbd49ac35dc85420552f2ed04a8b172806aba971cecb373c0b7cf9069b632abc621d37a6c2eda3a044b04278952c76b08994a8b17b7aa805754a24","ssdeep":"1536:qQd/Go+ucX29ZKFBdiF7RpH188Kl2INsaUTMuXbyTN81LN5VvDE8277k:qQsTKfmdihRN18822IiaCX+ivDE377k","tlshash":"7a93024592b8acb8d129527937f70e06d5298c0f3d2179ec7519e82b04f70cee48edba","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-05-30T18:34:50.312303Z","times_seen":66,"resource_available":false,"data":null}},"time_used":1003,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1003,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/solutions-01.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/solutions-01.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:15:52 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0b8-7ce\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1998,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3e9686360c18d8a3144cd10671cdacb0","sha1":"4903d14219fc15d286b24bd4d7aed212b8164ad5","sha256":"fe9a85e49cc0b479aeae082f81349b789c928fa064c564e2042debc1db8ec4d8","sha512":"e7cf9cd2088dcf104d0452f201f5953adf337d9b731385611ec47e501bee261d7cf4262cfdb7ab39d3e3a70b122d22d278049ad76edb85388babc222caf36bec","ssdeep":"","tlshash":"f841b8f6734c0abdf4a84bb4f665783420031496940191c413866e7aaf460fe2dfe4fe","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.635615Z","times_seen":39,"resource_available":false,"data":null}},"time_used":1004,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1004,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/foot-logo2.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/foot-logo2.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-1470\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5232,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit/color RGBA, non-interlaced","md5":"aa8153c91aa61c963f586d650c8dc280","sha1":"7282c4f4541cfb664bb8b2dd67e9aff7285192a4","sha256":"479979fc5747561aad727c6fbc8b6d21efd828eab288942f6b458840ee48ec20","sha512":"3835b1512637a213e4bb5861210cd249b55c7fb4bf04143f2abcf0735d32f9fb6dae50c11e5b4774075ada7d9a3ec8174b1969dd6d975dbf0709299e1bc7af15","ssdeep":"96:9SMllcHitlIxv9vk7C1+I4wWHLihk/xPvPiccaNsDSawODnsv9r4ST2jMd8cQ9L1:9SHIIHUCD4wadiDaNsDSawYs1HT2jMdw","tlshash":"f4b19fc68c41451801890e253abbdb024e7bf195731aef58ada8939ecd14d50ac31f1f","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-09T17:51:51.719081Z","times_seen":43,"resource_available":false,"data":null}},"time_used":997,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":997,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/img_mv-wide.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/img_mv-wide.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-1365d\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":79453,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 990x768, components 3","md5":"bb5ea441402cf7c9d477493ee886535d","sha1":"7a855df30c8cd2c2c350262fb9b7911874532415","sha256":"8d6160e4cfb386127daa455fdf08fe1d18374451331300c586ea77cc2255a6a4","sha512":"2fe3b3c67e6bebcb9fda285913fdfee8839156d52615a205ea894f84b4928e9f2ede3c94a6533a10c04ae46d800435e8457de66dd30a1586e2a3f4cfadbc46e0","ssdeep":"1536:pDwcPWI9tSreUtlcZUI3IxC0aK9bgzf01vtkYGAKndv+DJbhu8h/D:pDwYb9tSYZUCt0ahJJACWlbEYD","tlshash":"d473027255eac9e8b8043cdc81821bf5c50991af482644f067b3b913bfcd6e996e2f12","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-05-30T18:34:50.338055Z","times_seen":65,"resource_available":false,"data":null}},"time_used":1004,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1004,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/icon-1.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.203Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/icon-1.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-639\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1593,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1fecab76136d787657216e8b01d6d009","sha1":"5345685dc0046b59af02a05fdeb7a359576c9346","sha256":"d6fdd77ecffbb5a16b33dd89f285ea36e042214239d0fd26ee5f9006ec8b96ae","sha512":"45d524a07c203a73799ace56835bdb84ad0d81c4cfcc87e890c6fd75d022d49b07a6a1d0b25e59176a4221a7bbda4295938d579eabe50b1bfd64ac11ca61e947","ssdeep":"","tlshash":"973165c831d452e4560192f5db2e108b7f4f25dd8b45993fc6512f0af46d4fae4488d7","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.720564Z","times_seen":41,"resource_available":false,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":996,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/swiper.custom.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/swiper.custom.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 637\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-27d\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":637,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"e4abdf80065d4e341b2f3dcd87e00644","sha1":"2c0e63f29e76b93f98f5114bb52286dc4676705e","sha256":"3ee57c4c67e5ceda512c7aa0c8cf10cd1c52947ede94a759fe2e024ace0fe7ba","sha512":"320f79e11960076c8bb1af9ab99e082d5a396676fbc8151847833b859bf4e92a8dc7d5586140c17aec5251091ef33a01f47200acf04eebf05a74d9dd99a8d08b","ssdeep":"","tlshash":"8ef02601229d14265537c838ad6fd3028ba4c346197f3970e59503056e2f33cb2f6ae4","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.66349Z","times_seen":63,"resource_available":true,"data":null}},"time_used":1566,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":990,"receive":576,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/ievl2zhzi2ecn5jzbjeets9weq8-19k7dq.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/ievl2zhzi2ecn5jzbjeets9weq8-19k7dq.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 15700\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\netag: \"6629a0bc-3d54\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15700,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15700, version 1.0","md5":"3d7f7413fca69bff4d231ebdc50aaab0","sha1":"cb18e7943b6a8a0e3672d7242197c19a226b92e8","sha256":"6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36","sha512":"8a6b6fce2e9a1a86b1525af54bb43eda4d49c0dfd403bb89fbc3ab28d246773e8a76e86c8a49cce4622dabda6c97f2173867df859aa35c2fb6c9e023f9f910a6","ssdeep":"384:Le8o+bMv3GkzdCK4JiYuEBXPJU/U038IDSbN0ENhJYAbwY:M+E3Gmd1EBfS/dFAN3hJl","tlshash":"6c62c008679ea752f09fdf3055627729270edc576a2b49a8133c1ea87d457c0bc0a7cd","first_seen":"2023-04-05T14:04:03Z","last_seen":"2026-06-08T06:10:35.54099Z","times_seen":2372,"resource_available":false,"data":null}},"time_used":2310,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1653,"receive":657,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.116.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.116.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 17256\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-4368\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17256,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 17256, version 1.0","md5":"63dfc8cea87f72834fd1bf9246f7c3ff","sha1":"882d0e8a7f0fddaef410227649ce4134522fa1d4","sha256":"b5fbbc607f7c2098efd768968f63eb1df6496cf5861eadb3d20cfc37731d5046","sha512":"3513bb8a2a16caee6984e8180e3b39456c2b0e38c2b324c039b58504982cfc3efd993770a006477b3b9dae520d295309b01b5210cc747a079f693775362b7e75","ssdeep":"384:3DFKsv8kHWYwo3uAvDAUU9J49J3a37aSgLkSI5M:T8svjHWYR+AsXJ8igLXIK","tlshash":"9472d0ae61b38530c6e63496508ac5480cd40758d43c7dcaaef768b799be86d2dc6348","first_seen":"2023-04-14T15:09:59Z","last_seen":"2026-06-01T14:11:06.697648Z","times_seen":895,"resource_available":false,"data":null}},"time_used":2297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1631,"receive":666,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tk-shopping.click/","fqdn":"tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Dec 2025 03:58:43 GMT","end":"Thu, 26 Mar 2026 03:58:42 GMT"},"fingerprint":{"sha1":"62:4A:64:B3:A5:6B:C3:1E:B2:F6:8D:2A:3D:51:C1:8C:8B:34:E1:E2","sha256":"0F:6F:4C:EE:22:B3:D1:B2:D0:72:82:F6:74:31:73:05:63:F8:1F:45:D0:75:5D:4E:97:9E:3F:A5:4A:E9:1D:55"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://down.tk-shopping.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:20 GMT\r\ncontent-type: text/html\r\nvary: Accept-Encoding\r\netag: W/\"7289-1761655904000\"\r\nlast-modified: Tue, 28 Oct 2025 12:51:44 GMT\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7289,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5351)","md5":"fcfe354e1d3fe3729322dda0aa933a3d","sha1":"5672b0ead5e3ebe447d128fa2ff781da6c38351d","sha256":"52a6947a93e89c448eae22cff6db0bfc4e5783afc7db52168b85c29b92be6eef","sha512":"9b50799f702192d533b86448e8427315220a9c7c4891677192cd916ad7fe19365401c1fab40fea74dc317a1d089639f2b171ca9d6d26752fdd1c3b10c492884e","ssdeep":"96:DCckG7+f82tAHhvDYEp2NVNt/0AU2Q4MBdRzvhBH67oQ:DCcufJt2vDYbNVNt/0AU2Q4YRzv+oQ","tlshash":"6ce1dbb9ce00608ee9b1ce879e28e72ae9cb8c771130e454e258944fd968fd4516b983","first_seen":"2025-10-30T05:16:06.57665Z","last_seen":"2026-02-02T12:27:44.790135Z","times_seen":5,"resource_available":false,"data":null}},"time_used":1922,"timings":{"blocked":784,"dns":79,"connect":349,"send":0,"wait":353,"receive":0,"ssl":355},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-2.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-2.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-1e3b4\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":123828,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"c477a3a2b853ecba12a8f02880578d78","sha1":"016941b55a1c96466750b2facc548b55c3a139c8","sha256":"2f0d9836675ff71541a388a9824aac67a3a60cad852fbac9fc31467fd43e6cf4","sha512":"a2e6507903d46ae41de34d6340aa253bdbe049c0a51524236fce64a9bc1bac4c2f0d16e35d504b2a2df698d5b4502ecef6291af91b2a9a582b278eca76c5633c","ssdeep":"3072:rVRlgMj1NpB1RUye2Ka4L7Od4J7HoieYIg8WotZM:rLjTpB1RUy7p4PnJ7IitUu","tlshash":"c8c31275ca8610d2ed4257393c9cd091e3a8afef2ccbc9942b847cf90f6169e7566341","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.333137Z","times_seen":61,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-7.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-7.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-cf34\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53044,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"ef8a11f73cafbb8544f7276126d9eaab","sha1":"4b3567d396eb2bf8fe9b01b5c0a179999626a7eb","sha256":"257d6646ea5284ffac10022938b2769555ee87f68a4a5efdf2893963e39206fa","sha512":"1a3da9d125927eef4a0f7d96afad30a3a64f105565bab2228dd006f06b786766a2099414ff83eb8d8d3cb4b22a6ad11efbac678e7637f27aa959c6f65bfeff06","ssdeep":"1536:0nn3A96m85GDO1o70yinT/d4LvNZKqD5Iup:gW98IDOu70LnTF4y7y","tlshash":"cd33f18bc8dd9752c628f97a1984cf1a891a1b371413b5ae158114ff271ca8176f723f","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.303056Z","times_seen":63,"resource_available":false,"data":null}},"time_used":998,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":998,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/css/style.css","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/css/style.css HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 25 Apr 2024 00:13:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a038-795e\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31070,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"f6eac681bfbdde49e35daba63e8c3514","sha1":"6b7d4ba38b22ed8e693acbf9d9eb411d8ce305ab","sha256":"6d13a50cda77fb831c64c220e6ae31d30d7e15cce937f703a69240e4af754945","sha512":"473841d09d0acf3c466fee17f131cd3a685d6a8b143c37cb4c7d31ae2957302996f483be673bd86d37b5356032e78036f54e77d2c9964b2a6f03e52c0592ec0f","ssdeep":"192:4uCtzM59/qVFYrT/YERnMUHX9jYj0jk1DT9aFtna2uLjjVymCuSXy+wXyzQ32Zyv:4iRkZBNiFQrejkTfx","tlshash":"94d2319b2ea31508bd07d45c6bb6175a2228c007954fcc7c7f8ea24ccfc96e991e678d","first_seen":"2025-04-23T11:49:02.555677Z","last_seen":"2026-04-09T17:51:51.725413Z","times_seen":20,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":331,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-5.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-5.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-9d96\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40342,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"3b36e6e440a7d7c06c654e0a8f9cdb51","sha1":"65573d156f429679b831c97cf5bd2bdb22129a88","sha256":"cacdc388dfe8a0bd1431e3454be4082b256636e4ccf0b3bc0acd295ec6e090d7","sha512":"1d78941738f1478bb25d04a3bd8c038d4707cb2fc6c8a41c29729a381db0b4c03faba813def19f24113e994a05a57a5e655079afef35ec394aa2d94d910960a5","ssdeep":"768:bN7930+Lqmdu0gkk81roluNBU05imBgw5l/1yc672JfxVtvToKIpW:bN79k+LzduseluN6DmNH/1y+JLt0DW","tlshash":"b603f161b38dbc6ace143a7ecb792c4c6da5418f2db708b63d0266e91b75c03e39418d","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.300661Z","times_seen":59,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-8.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-8.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-982c\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38956,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"4735c9ad9b722a7b8eb950a2046efdec","sha1":"fb566fb0ca49ea063c80212c4a5d309d603fdd53","sha256":"d4988c0b5ef63a6374d7fe1206f34b56a2bb91019f10b8d24bf32cc4c0725265","sha512":"571c9f00a72acf2c1d9c319315fb4bd35ce7513bd28a7db559bd9a002797882552f7e05e960b77a453afb4b0dc8dc5b9bd7f42a8dc8a7f5043b5983db107283a","ssdeep":"768:WHjd0ctm5nDbZQoMpctdt7IhYZzwPBSq+UooJNjVTCNIbxDNRzN0:Gd0ctSG3ctP0hYhyeuJjY8xe","tlshash":"9803f1ba9b70d6aaff688f7e0ad35160d2f455edd2ee253f85921dacd044cb4600ec20","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.346459Z","times_seen":61,"resource_available":false,"data":null}},"time_used":997,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":997,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery02.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/jquery02.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 750\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-2ee\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":750,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"529fa2567d61b1146470254906e43216","sha1":"e2c8cb8669b73e1db710227d3d2e8f57463bb1e5","sha256":"83b1569d251f1294e3c023ca5850b956f490cfa311ff79f8a339a3c3f6eb6337","sha512":"4958efb53f6b857bfc77529ac9a99bf3da12a47ba24d7d2a71021b87aa85cad2ba1a79547f0675c1edb9312bc2fcc5cf2071be94f3c03dc0af3dbf8a32da4e2f","ssdeep":"","tlshash":"3001f6aafcb180150a4b30b844ef42452eb54057ae4ccd1479cf6dd95f80034ee657dc","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-04-09T17:51:51.649343Z","times_seen":53,"resource_available":true,"data":null}},"time_used":1380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":996,"receive":384,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery-numerator.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/jquery-numerator.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-ec7\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3783,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"841867584297992c64714a8b0edc2b2d","sha1":"fa87257216ab66b8e6666a9aaacfeb2024249718","sha256":"182c170e6dd6e4ab7bf46f19f66d1de60535a952c9fd431b7d6cc33d2d90fbb5","sha512":"af3148ffc75cf1b09995f275064a2ec1603b868b29438f9f926b434848788b37b9ded46eb2766fd95168aa2c523a83622aaf2ceccc543cd85d3eee40c5c171f8","ssdeep":"","tlshash":"1371cb083ae62014817734b9ca6f524672348917142efe997dbd42d05f68cb862b3ffd","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.722527Z","times_seen":60,"resource_available":true,"data":null}},"time_used":993,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":993,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/swiper.min.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/swiper.min.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-3b5cc\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":243148,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text","md5":"9f50ccbb93a31e1c50f403a3316b8943","sha1":"fda9efb6327b471e503a14b3c263867c2d3edff1","sha256":"53527b91b391eba9507aaf3fdd2cbc059c0f9d17171d89b51981814139a6930f","sha512":"f9d982db11b0351af039c1f781c8f39b8e98a73a0de2b0790b0faaf6d4940e7299d02852df02f95cd8993d71c1d8751aee22e0f97795a0f4bfad1be62448018c","ssdeep":"3072:rr6hL+BaTePGoAslwTL/yXmO9FLtPYJyfymmFGXk:f5aylwTL/yWO9FLtPYJyfyMXk","tlshash":"9334f80b57e62475a5a3b27a4f6f81006275840f6e0afd983e9c46948f5c83c13b9ff9","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.723378Z","times_seen":63,"resource_available":true,"data":null}},"time_used":991,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":991,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.117.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.117.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:20 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 12996\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-32c4\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12996,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 12996, version 1.0","md5":"88cfb88a2e9d1299483ad43f84de76b4","sha1":"22c49a3aa9b2d622da5fee109a19c82a648df5c7","sha256":"e4ef32d9cbe1aae87a030055a413910355b58d0bd381b110e2d989900bbe18cf","sha512":"57dc5e29d45ab4ea3e1d0ad903496ecfa305e686042bb72c00e55e03abb3bbd0f396c4704e0d4714a81f2e01796ea5c5d0b61188ec4f1599f1a602b7cbf44dd6","ssdeep":"384:bgZ+hQGNOLh8A52Vxhteo/weR5tEEcil+A:EoK+OL2yrww5EciR","tlshash":"8042bf0cc84b0559f33919f2d3bc0652f08ae9b68504d9e0dc77a51fbf342304aa49eb","first_seen":"2023-04-14T15:09:59Z","last_seen":"2026-06-01T14:11:06.696739Z","times_seen":916,"resource_available":false,"data":null}},"time_used":2181,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2181,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/css/c2097e37812c42baa00cd343aac05e67.css HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 25 Apr 2024 00:13:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a038-36aa6\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":223910,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1981)","md5":"0a0a2416eb4541cffb8241aa262d6b10","sha1":"b29bb3ad00ed2e13faa9085edad5407547dbaea7","sha256":"00a9fb88d6bce9e7f9e2164910d8897643dbe9278a55d626c10143ef7067829f","sha512":"b1b893867a81fc28d1b015b3c2fef4e185e594fb2a886de05175cd18a173a9b9e33840d5e3d5db1b548675e38c84e697f3cbfb1ad0952272ba82bc958675fb34","ssdeep":"1536:zVWqKrC2F7bYhG45p3+QXsT/8CrVsX5Y93npWUCKELIIZGy7VIvIEC2D76xTGeJO:2JF78lhYmQ3gL0icD7epBdvbaWRC5","tlshash":"70243f60450755cffea36ca792dee515be68247cf981883e12f918c3ac6e408d1dbb8d","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-09T17:51:51.642094Z","times_seen":43,"resource_available":false,"data":null}},"time_used":652,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":652,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-2.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-2.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-100f4\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65780,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"23aef61e91789931d614071ab32b0595","sha1":"ce5c7f5025fa9ba9615a090050954e86581bb140","sha256":"e97e3e71eca441f4483a9211fa4cafb681080fd750ff6b15e810b7b4ba258e1e","sha512":"d85daecd7ac43268d579a6e05fb453891f064ff32c437c6b72deba707c79f41c48cbbeb1ac6cd37beb94b6a6742780d56034b0fd9e59905eadc7727ebe1ab001","ssdeep":"1536:PtHn9FVACQCG1H3zoSFBuv/yMmO4n26mJzSE:5n9ExoSbMLd4n26mJGE","tlshash":"05530297399f9171d1027e36f3e3e228f9011a0d7b514fbad130599261c14c2aff2a9b","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.298148Z","times_seen":58,"resource_available":false,"data":null}},"time_used":1003,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1003,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-6.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-6.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-cc4d\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":52301,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"353a70df713638db17ffb4cfc05a2749","sha1":"580a77e77ea00bec2e107b331d103cc3971fce70","sha256":"5b6c11d25d1176002c37b716243cbbd96317deeea7d541d7294f895126cf8fa4","sha512":"4c8238b2208e489ec5334c5e01ef002f9a206a176f5b185a4d4889d846557e6e9870bc9c37ee829293b7365891301b742081e754999593dcc92c0d9ffe035ec9","ssdeep":"1536:gArK8kuPA3GxgQhFcYDzb5QDRiyVKQizJxcmJIkhD:gb8LQdQ15Q9dwtnN","tlshash":"333302a0e7286d12fd08ef3886d1b908d257fdda8a7e49f449c514c52fbc256aff0046","first_seen":"2024-08-20T03:20:43.371957Z","last_seen":"2026-05-30T18:34:50.330794Z","times_seen":53,"resource_available":false,"data":null}},"time_used":1002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1002,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/icon-4.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/icon-4.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-15ee\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5614,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"41b3a19cb772898442dc8096e3da09f2","sha1":"c72666de93dbdf8c1a0b322998a8fadeb1fd44d6","sha256":"f029e6753728bd207881c0a6aec0bcb2b9a73b1f78eb5ceee1b8ba273037a4cd","sha512":"ebabbaf97435780037370b6eceabaa6adbba96867b8e33d492b7f9a9e9a4e0ea031b653cc308328da3373e2de6e5c800971c900d5a1bca5c98900af52e8c2362","ssdeep":"96:OvpXRHXc+xRIS9RmH0KedbAkUmnTT6VRf8hhadxJSdg/mG0h26OONr4NxX:ErHXc+xRIS9R60KetZDnv+Rf8oLChlNq","tlshash":"8fc154c83b7503b6f0a3e4dae76721686f4f64d666808fb0c3165d1464ae0b5dca2c99","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-05-30T18:34:50.327497Z","times_seen":52,"resource_available":false,"data":null}},"time_used":1009,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1009,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/icon-6.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/icon-6.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-1be0\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7136,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"44a2435cb2ae421e4812ce6afa74984b","sha1":"4911e0512c32baa878777d538440af609056b1e4","sha256":"d9aaea01f5adfabed8737749bb769728d2216a778fcce0563cc67f3ad8f198e3","sha512":"22765e696e593747dc3d9fed9a3d9aefff67deb2b6073e27db7fe7d84d29f6f1a1706f9339d28a5134d9ba4fc2ff89acf1f412e999810de7be040012bf0562ea","ssdeep":"192:KRg9aF9zDQCfLwydkMXBTFLYZK/TFKxCjgUfK:RaHDXfjWMXBOoKxCj3S","tlshash":"4de132d42b619364f401b1ebfe267da5fe4e38d452c49cf5c3246de1d42b82ade528e0","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-05-30T18:34:50.347167Z","times_seen":50,"resource_available":false,"data":null}},"time_used":1006,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1006,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.100.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.100.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 22820\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\netag: \"6629a03a-5924\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22820,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22820, version 1.0","md5":"887581fd176c9bba17ff237b59c0d818","sha1":"bf769f74e5dbdfccdd5acb777af5e32a5bc1712a","sha256":"2ee2afd31f55456f94d0e5195bb9f339ec973076217b66a6ae6ab447ec984da1","sha512":"d4926f175865e42d6c297b678975f121a5d07fc20486d65d7c098f16b35beb0910d7b08f40a5daf6a008eff4fbbf445960ae163976155dbb72288f9fddd83753","ssdeep":"384:8uKRAyUiTT+mjW1AkHqGEeTSiRlAO7DvZV7bangtoTSHMaTGJyucx:SSyU4CmjdXgHvP7bEsoTSHlTgVA","tlshash":"8da2d0ac353db0b9ec874d787ba36126453c8b106fa0bff71841e3049c654ea7e75a20","first_seen":"2023-04-17T01:55:30Z","last_seen":"2026-05-11T06:55:01.49827Z","times_seen":651,"resource_available":false,"data":null}},"time_used":2298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1632,"receive":666,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.119.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.119.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 78972\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-1347c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78972,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 78972, version 1.0","md5":"217dc33c822eb6c0923a99892a905258","sha1":"12f0ce73476f3ece58e1b240d239bd7517334054","sha256":"9151040be84927c7e12fe497ef65d29af26874d9df53c4e62bcbc43c4a668e83","sha512":"57489a09b0122113673b757516409b16bb865d7abdb337edcfee45a79e03e4400c76e405a9c96361252a30e9d2a979a5818c397c369e9dd6823173d682bee22b","ssdeep":"1536:ed+D9+dN+zy5zWL9UwTYFqoUO3ecG0nUL5FuXhkhHM6vM9:ei9+dIzyd+huqs3elJL50RkM6k9","tlshash":"72730205776a94aece26eee27783171b856eae760cebc4512101795b0dcc601b0affc7","first_seen":"2023-04-14T15:09:59Z","last_seen":"2026-06-01T14:11:06.690773Z","times_seen":950,"resource_available":false,"data":null}},"time_used":2537,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1676,"receive":861,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-9.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.201Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-9.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-be7f\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":48767,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"46af0f1068a8673f7d4461931305b90a","sha1":"1f857670f365244a507bdb830cf874e85f8d5da5","sha256":"9d2e285de9ce491e9f954e64ae74f1ded5de61409b6bb26f74baf01a31abfe81","sha512":"28abdda2099c1dd8ec6d75d4b52e335f7ee7a64bcabc5fe11c14166ba8722291ebdae0e04a9e06c4b3953ec4461e0440373c6f1b11b91a0d947a24ffedb76fe5","ssdeep":"768:iMeZUqtxkt6PqFLOHspBGzfr5RsL60UTvoesm5TT+AMt4bmkQU5uo1jQ3o:CTGFL3ozTzsL60UTgdmAATbmhq2o","tlshash":"1d23f280457fe986c0c906b7e65d6e67cf658863e59be3127115c212ebf2c122b24fca","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.313353Z","times_seen":59,"resource_available":false,"data":null}},"time_used":997,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":997,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.117.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.117.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 12996\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-32c4\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12996,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 12996, version 1.0","md5":"88cfb88a2e9d1299483ad43f84de76b4","sha1":"22c49a3aa9b2d622da5fee109a19c82a648df5c7","sha256":"e4ef32d9cbe1aae87a030055a413910355b58d0bd381b110e2d989900bbe18cf","sha512":"57dc5e29d45ab4ea3e1d0ad903496ecfa305e686042bb72c00e55e03abb3bbd0f396c4704e0d4714a81f2e01796ea5c5d0b61188ec4f1599f1a602b7cbf44dd6","ssdeep":"384:bgZ+hQGNOLh8A52Vxhteo/weR5tEEcil+A:EoK+OL2yrww5EciR","tlshash":"8042bf0cc84b0559f33919f2d3bc0652f08ae9b68504d9e0dc77a51fbf342304aa49eb","first_seen":"2023-04-14T15:09:59Z","last_seen":"2026-06-01T14:11:06.696739Z","times_seen":916,"resource_available":false,"data":null}},"time_used":2298,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1631,"receive":667,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.59.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.59.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:20 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 19776\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\netag: \"6629a0bc-4d40\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":19776,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 19776, version 1.0","md5":"c47f487f50a6d083bfe0a7cb520c1c61","sha1":"55d3eeaf1fb165e9bdde9e4afc9efaec5de0ac7f","sha256":"012e7c76cdb9fb62187ffca5924af6cc03d6b3d3d3d721e85c44691d2137f6b5","sha512":"9e87f0d3f3f745716e5ac118c20fbd7d95ed19f3adcfa6980011a549e92878547edc9996db5fd22d478071aa31d447c75caf1a705143becd4e3cabae71c3b85d","ssdeep":"384:D4CiNoZb8R7OuLSOmWclp+3ET4Ik00cY590SdI+CHznRfi5cLDINNKJgCtnAvzhZ:kNw8zTmWclp+UTWco0SO+2jLDiYJgCWD","tlshash":"6a92d02b33cd905ec49d6ef0a90490df6a5b140f5577eb3c3ac1b05d6e8e8bc8699b90","first_seen":"2023-05-03T12:46:00Z","last_seen":"2026-04-09T17:51:51.667553Z","times_seen":71,"resource_available":false,"data":null}},"time_used":2187,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2186,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-1.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.188Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-1.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-7aa5\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31397,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"484ec07db9a8ef7cbf01f39bc0275515","sha1":"ae0612fa8e665f7a19c542011e962c9ef7fa1b90","sha256":"655287b9ec70a20cead4ce6ea7e0e4945519499de67c55242d0de2291cb5b0e1","sha512":"ac8e715098731dc3f4c06bdce3912fda982e1aada6e228f74fb72851c167c3f167dd831c33332e2c70515504b5fa56eb497d23031f211bc239a1ac43e369283b","ssdeep":"384:51re4atxlUZ0CKbGfcBlBEHp3XLd3Y7ndJJgo449x8BgtOAT7CNGT1B6vgOTY6DG:Ti3C8r+C+GOAOGRAoO86DJ0z80ou","tlshash":"c2e2e19f57859801f4e5653a815806f7fb76d23be58d7433b70dbeb940ae3d4a03a402","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.340232Z","times_seen":59,"resource_available":false,"data":null}},"time_used":1003,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1003,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-5.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.190Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-5.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-8451\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33873,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"62d27c5a4d20ad9815ebde3b1261ad49","sha1":"1ed74be266efb4c752ae8ab71c08d3eb24d4dae2","sha256":"1a79d092c56ebf10cdbe1bb9e1c069f744dbdf46a1e1df2a5749ed3f27d661cf","sha512":"db4be75c607f21c7db931acb923a6af9e3d77793f5661d2364d4f64699c293296faf3a5c29ab656d6b30e50788ab37aa1e61f48e6b44fd3745f2ab75c233dc1b","ssdeep":"768:GinWsse2pqXk+cmTv5aWK1YXwXKUbxpMQRFwPtWN:hs+XQ+htVmbxnFwPtWN","tlshash":"11e2e0fe2f9dbf91c9e8e3704a8f3c3555a70ac3e14fa7e5ba0a84d0153e5134890699","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.349504Z","times_seen":58,"resource_available":false,"data":null}},"time_used":1003,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1003,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery-3.6.0.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.215Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/jquery-3.6.0.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-1f97b\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":129403,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1334)","md5":"74bc2c439bb7c987f814b5d38af6b2ec","sha1":"ae894d020892f0a4c3ca1e4d91817b099edcbdf1","sha256":"e77ba171e3f45ad6ec917e2018c017ea029b77f6219fc7ff0d0caba489c6314a","sha512":"688d2c27c65ce0512dfeb19383d5a7ae81178d98842a7b7e76da57d3cfcfae8c0454d5392c5b6f9ff53e7957d048447332d0a9aebe5ab497707561fb15a7d800","ssdeep":"1536:1jeETmdTfImTrlJRQTipT4eZSz5IuI7GkBOSnZRU2y4ge8cL7sgRcORBFVhwKKkC:1jeEzrkogRU2y4N7GK8khrwLoecgwl8/","tlshash":"15c39699b3d632318647f03a9dafcc09b1b6545f26c8ed05710c94a65f2486c93bafec","first_seen":"2023-03-13T03:25:24Z","last_seen":"2026-05-29T00:32:28.099158Z","times_seen":60,"resource_available":true,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":996,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/alb.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/alb.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-88e\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2190,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 200, 8-bit/color RGBA, non-interlaced","md5":"1639ec6275d5c6a6b35ffef332780232","sha1":"c47e2eed0d112e0825dd7c48e2df0e71ed5eba6c","sha256":"3f7cb50c0bac9b348ed54579ddba5f097e28a2f56cb788af9e7223cfcb724b64","sha512":"c7c422c8d3b18bb816713345feb5a84f2ffd9863012037cb9794aedc8e0d89e6f9288f263671afc15d2426c17659ee7869603d64f89ae995f7a5a963ed368507","ssdeep":"","tlshash":"ca419eb489f552237dce1ec4100c96b499fac6a57f88ecce78b291d0d389fe84879881","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-09T17:51:51.644504Z","times_seen":30,"resource_available":false,"data":null}},"time_used":1004,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1004,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-1.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-1.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-f030\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":61488,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"65bbe11df4958c4ee6c3bcd5a06f8e8c","sha1":"7b5b86a1e5816a6fa0d7d59607707f6a1a6a97be","sha256":"3debb22fa225ab818111850ad1928dd78df291850a219bdbb5376d069aa96731","sha512":"fa4600b8946f48b050c8f65c9ff0b0fc745439b02a5744cb8b68a7a33a8afdf8631a3093690e6d697f54bb3ca02e812777b603f0f3cc48b1a3369a0bacf2c5a3","ssdeep":"1536:eMYqGRPB6LMVRYYSXzGDCXh1nfGcWgDeNaDUkMuRXfX:Wqn+szG42csNGUkMKXfX","tlshash":"4553017b67c70916e3f357f45ddd689667b8dc1c3bc6eaae23169052005a62f0300b6b","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.325615Z","times_seen":59,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.118.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.118.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 18284\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-476c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":18284,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18284, version 1.0","md5":"3a424ba11ffc44a32c51b7b73ec927e2","sha1":"d86ee30f7b7371c53eeb3aaf5ec423ce0aae6d0a","sha256":"117fff37ba6ea3e99b22807af3436c5053aff3d6c8280d9b8c70b05fa86a56f8","sha512":"a69dbe2c8431ec88238992663d30f53f45afed3bdcc80a63268ebe9194c6ac27a6e9be76bdf29e4ab94ee129ef47705197156d8dc39b1f2db9d20e5425700773","ssdeep":"384:hAvqhPHoCOq5iu8BFbn80aumy3fsqDxuBWYUoS2pZ0wt0Cq:hGS/oC6u8Dw0JMoxuBejURW","tlshash":"de82e1c91084b595e616e8301b87e1da7c5c45960893bf8041b3ab7bf5853ed6d3ddc3","first_seen":"2023-04-14T15:09:58Z","last_seen":"2026-06-01T14:11:06.691367Z","times_seen":808,"resource_available":false,"data":null}},"time_used":2297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1630,"receive":667,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/icon-2.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.204Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/icon-2.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-726\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1830,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"440030adb5e8e653fe6a633c9d98f4a1","sha1":"5714460ae7b5b69cd8b7bcff94e8e5e532683c0d","sha256":"13477f24ec487d505f7fe6b222826f7beec72e8c9e7ba006789d0bffd16d8891","sha512":"c298472383a506c31780755de5c521709240af1d6e3b0a30334db810576762ee17c13b29e43d5bf15df07715e49d5d02a8bc4a7e5e56380b0c0cd29a28af0611","ssdeep":"","tlshash":"fb3115ce1b753779e104f1f9da3b66e8ef4924e652868a74c3906dc7001a25ace460e0","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.661095Z","times_seen":39,"resource_available":false,"data":null}},"time_used":996,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":996,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.119.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.537Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.119.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 78972\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-1347c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78972,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 78972, version 1.0","md5":"217dc33c822eb6c0923a99892a905258","sha1":"12f0ce73476f3ece58e1b240d239bd7517334054","sha256":"9151040be84927c7e12fe497ef65d29af26874d9df53c4e62bcbc43c4a668e83","sha512":"57489a09b0122113673b757516409b16bb865d7abdb337edcfee45a79e03e4400c76e405a9c96361252a30e9d2a979a5818c397c369e9dd6823173d682bee22b","ssdeep":"1536:ed+D9+dN+zy5zWL9UwTYFqoUO3ecG0nUL5FuXhkhHM6vM9:ei9+dIzyd+huqs3elJL50RkM6k9","tlshash":"72730205776a94aece26eee27783171b856eae760cebc4512101795b0dcc601b0affc7","first_seen":"2023-04-14T15:09:59Z","last_seen":"2026-06-01T14:11:06.690773Z","times_seen":950,"resource_available":false,"data":null}},"time_used":2530,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1667,"receive":863,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/logo.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.171Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/logo.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-1c9f\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7327,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 80, 8-bit/color RGB, non-interlaced","md5":"9be876f5aa708c8a6fcf5a5ce87cb307","sha1":"ae74f74c42769ac3283d43f5d42d6340dc2509f2","sha256":"8ec12d0ce53656a8c822b247e9a7c6bf5ab0423ef2179644d176f57fac82fd18","sha512":"ac96acd572686785e2b1dcf52eea93aa3e0e0e02cdea7fbc397ededeabfcee710a8b41cb78f089f9d600be4f0e615d78e686b7ecea3447f4eda783b28e4c8bc6","ssdeep":"192:lS7kn6eE7gvoWKrXhO4tIjfLH1WiZH0zrXsg:EQnWMvsrX04GrLHvZUD","tlshash":"e8e18f0ded11a9513a68d30ffddea2931f33139986629c05edce8a2b64b1479c40c4ee","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-05-30T18:34:50.345644Z","times_seen":69,"resource_available":false,"data":null}},"time_used":1010,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1010,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/kr.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/kr.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\ncontent-length: 592\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-250\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 11, 8-bit/color RGB, non-interlaced","md5":"cf63c15bf955e54afed8061497c7f7ea","sha1":"8f58e042f4b2047c6f8a83da65b8b329fc764125","sha256":"6fdd24bd96b3a482bc058d5c9bcfd6f1c664d91bbd47658d65ac5d852535f7fd","sha512":"2c6fdd60a7f555ce52c7c54e9a3e475067be9de952c74bf7dd00f5b1ae57ca9d31640a2e436c9268c93723351a80d7cbf32e5855f8bf333333ed88b3eb96e8a9","ssdeep":"","tlshash":"a0f041c3b3e00160c9ae0676b493a271fb3e2bb5c52c026586c2e50e309073584da84a","first_seen":"2023-05-10T00:06:02Z","last_seen":"2026-06-07T08:18:38.828298Z","times_seen":2486,"resource_available":false,"data":null}},"time_used":1629,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1007,"receive":622,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/xby.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.184Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/xby.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-26eb\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9963,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 298 x 200, 8-bit/color RGBA, non-interlaced","md5":"80d891a23ea593ca3a0cf6aec17e04b4","sha1":"0c2b30150b8fa4042c617094a01a47602f15e2a7","sha256":"4ead550af3cb10dc33e6eb88c74bd013d7139e16860322a719a999427104ffe9","sha512":"0967fa2355f7669ec0964bfb42e750de9eddfdd716fbdbc79184b2885fa30072f3d94785ee11fc86c19f52423efad4aa3a83c01656289f05bb67d29f53f7f4ed","ssdeep":"192:4cFGjzaCV7hlFhyQR9+6dRf5JlGg/FC1vh3wEFIgnXTFb7ZxeUJjAwkt:4oGphXM6dRxJIgM1vh3bFtnBeU+wkt","tlshash":"34229e976d30ab23903374179eab53ae21c739a4a26dd220430f4d99a31edd6378da70","first_seen":"2024-09-09T05:52:24Z","last_seen":"2026-04-09T17:51:51.671809Z","times_seen":40,"resource_available":false,"data":null}},"time_used":1005,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1005,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-3.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-3.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-a30f\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41743,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"5766c8a565ececb6dff784aeaec39167","sha1":"80f5d58d43e170e92be1fbab74bb62fc110bfb30","sha256":"983e1c93b7573124e0d95710a21515b711aa74656402648b4f4fcbd4434fc667","sha512":"559fa2ef4b2968b8e9b54fa28b5f686954213d1a1df9038f1dd2c720ad03d5c29871b6f319c9e6181ad82ab9342fc56599434612c3f1e7b9a40fc8d0cdc53d85","ssdeep":"768:kPcdcJkWwPi/kP7TJDu/mXBs2c5+eiGahRm+pKMFGd9ihIrv/UhOP8FGriLXGA:k3wAkHJDGmxs2c5+DSe3s8hkNPWu/A","tlshash":"aa1301da558f97dac0f75c7c871c240b8bb3ca58924af78d232af8561cb9c168f31488","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.332409Z","times_seen":57,"resource_available":false,"data":null}},"time_used":1000,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1000,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_2-6.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.199Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_2-6.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-19801\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":104449,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x451, components 3","md5":"6f774d2efa09c97ac182ccec9b451aa3","sha1":"7bfc6bb5bc0694c4f66175d85f3e6db78342076a","sha256":"24bde4714977bd3ce5190957df0d9c2abf8454f9b1de917d2c1bf2fe80e50c84","sha512":"dfa7800b071358ec44787f2bdbb949bb497849f2530abfb2ba7ac1d7149dadcedcc16c980cb496ea9a4203539b2a9358cd5c1523c30a384107fe7e948b26183d","ssdeep":"3072:5qLlqJKRspSOZLr1Z//l/h3F7cNB/Bec324lCRhF9K9:YLlq4gRhr/Nh3+Nlp2mshFk9","tlshash":"ada31294b22c9589dc7e94b8a57baed8ff2da1743f0211817d1bc2b231bc005ad65a1f","first_seen":"2024-04-22T17:39:15Z","last_seen":"2026-05-30T18:34:50.341177Z","times_seen":61,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/solutions-03.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/solutions-03.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 904\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\netag: \"6629a03a-388\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":904,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fca743ec8ce00f330e980d8e5a18eeb8","sha1":"ed5b3231400a8d3cf2475b4bf05ee52e3f40796e","sha256":"14f91342f31b7ca480b81e8176a94ad824c78cf29c019dc8e8ca64c6beaf974d","sha512":"a6120495d9dcaa944f479d29254ca5bff530f780d95538fbc7c780ff8815227be74e46ca9430a22ec61248065c2a81096b4588a1f7cb71db50359989b0de962f","ssdeep":"","tlshash":"6b11446a31dfdd39e114a2ac8529e8387027219add41c050e6c0ad1d34990eb38185df","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.721574Z","times_seen":48,"resource_available":false,"data":null}},"time_used":3013,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1000,"receive":2013,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/foot-logo1.png","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/foot-logo1.png HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-2ccc\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11468,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 74 x 74, 8-bit/color RGBA, non-interlaced","md5":"eb4e506bfbb6d0d48360eab66a6fd3b4","sha1":"9392b9cba39c9d23794c5182af0f25b861267d62","sha256":"c504537133a4d3bc83e5ee485da155ad46d4579a6ff82af3a81623a8d752d325","sha512":"ac4309982d36c1074ab0201c797db483a081ce3649d45ef02fe8b659d49da346407fcb1518e6444b9633801126ce522826f8c290d8bf7cff486d18957cd6b277","ssdeep":"192:SSHIIHUCD4waBY2mQFWokDnBuE8F0OyYYAn/86myv0cp8:t50waI7FuEqfpTZ8","tlshash":"b832c0cc6809c461a1874a2e763fd7cc61ab60d2b32ce3396e5dc35dc3405ea6c66b99","first_seen":"2024-09-26T14:10:26Z","last_seen":"2026-04-09T17:51:51.731853Z","times_seen":44,"resource_available":false,"data":null}},"time_used":998,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":998,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.118.woff2","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:19.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/fonts/-f62fjtqlzi2jpcgqbnw7hfow2oe2ecp5pp0erwtqssws9jezazjcb4.118.woff2 HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/static/css/c2097e37812c42baa00cd343aac05e67.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:19 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 18284\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\netag: \"6629a0ba-476c\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18284,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18284, version 1.0","md5":"3a424ba11ffc44a32c51b7b73ec927e2","sha1":"d86ee30f7b7371c53eeb3aaf5ec423ce0aae6d0a","sha256":"117fff37ba6ea3e99b22807af3436c5053aff3d6c8280d9b8c70b05fa86a56f8","sha512":"a69dbe2c8431ec88238992663d30f53f45afed3bdcc80a63268ebe9194c6ac27a6e9be76bdf29e4ab94ee129ef47705197156d8dc39b1f2db9d20e5425700773","ssdeep":"384:hAvqhPHoCOq5iu8BFbn80aumy3fsqDxuBWYUoS2pZ0wt0Cq:hGS/oC6u8Dw0JMoxuBejURW","tlshash":"de82e1c91084b595e616e8301b87e1da7c5c45960893bf8041b3ab7bf5853ed6d3ddc3","first_seen":"2023-04-14T15:09:58Z","last_seen":"2026-06-01T14:11:06.691367Z","times_seen":808,"resource_available":false,"data":null}},"time_used":2317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1671,"receive":646,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/css/html5reset-1.6.1.css","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/css/html5reset-1.6.1.css HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 25 Apr 2024 00:13:44 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a038-6ca\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1738,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"7b54fcae298c6ad3e68e98f599bd0930","sha1":"1804f423de3079720c6c188706f6408e40a3f4c0","sha256":"ca34543f54fcc98596714a07b452be4824bb1c65166ebf47fd3f06f1aec857a1","sha512":"51353fad20251338fe797175705c99cf80219805e7e4de6439165d50ef72ef192e83113b3d1f6ddc0c5b2701f9d5ab960db4148a1b8067ede82cf26215d8568f","ssdeep":"","tlshash":"7631676877b5c8949239c565f499eb20731c416b4d0fedb8efb9a06d5e0829050b3b0e","first_seen":"2025-04-23T11:49:02.517595Z","last_seen":"2026-04-09T17:51:51.650343Z","times_seen":30,"resource_available":false,"data":null}},"time_used":321,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":321,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/jquery.min.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/jquery.min.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-1538f\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-06-08T19:45:51.152223Z","times_seen":134004,"resource_available":true,"data":null}},"time_used":1011,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1011,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-8.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-8.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-d999\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55705,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"099361a4a69dfc659341e7ddc962d4c7","sha1":"8bd61b19644a682bc4f1af415aa66ebedec92d99","sha256":"ad754f3a1d885e342ecaffdb22dc292768bd42810cc564dde7ec68e9461304ec","sha512":"331e39f9fb9e3166e68d9b871b9816ed8d5bcd0a12798b025feca07d31d7b3deacbea2e63d462ca5a7c64697995e41f550e76db70a0740b5daf79a17e23eea3c","ssdeep":"768:SxTLSI3c8qU3uWuXaT2wa184jaX5ZGR9Ih0PUxe0u/zf9BA/EuL/n0WV0WJf13Gi:AH3cw3tuXaTFaRaXWX5/Ho7Tnh/f1Gi","tlshash":"334301a1c7a6a386fd58127c318e3341ac2545cff2d563a600fd8505cabdaf8739da38","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.331465Z","times_seen":55,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/creator_1-9.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/creator_1-9.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0bc-fdf7\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":65015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 601x450, components 3","md5":"f43359eb2048ab8de6ae0deb2c218c2b","sha1":"c25ad2f27957bc474aacdb9fffbb7c36758c2e56","sha256":"11ce253478fdacb2a77823af6caa50ca79f8420c1a018617c8d1fae1f30c89b3","sha512":"16f318d54b724d09717e1258fe618e888ed480a0882e27835fbf78a80d063c7b03725cc85a8b8d874bbdeee11bddbcae74186b614e174d795f4d307c72d9fde7","ssdeep":"1536:iUSepAz9Mqd0qQmIcberGEDiXhu1x42dua9L7ZELdOSZN:KepAJMUSvcberG8iXU42dusL7ZEnZN","tlshash":"e25302e73b9b2806fda43b746f28751a150373abd2d1cd98b7acd17145201e069b63ce","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-05-30T18:34:50.328991Z","times_seen":56,"resource_available":false,"data":null}},"time_used":999,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":999,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/icon-3.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/icon-3.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-1543\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5443,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a70efe17750698caac125be6ea51a219","sha1":"bd278be4d540a412af811b71893a058d4d082bbd","sha256":"3095c4721fa916fdf7c4ff808c35cab9ce2b707245a40ad3228098558c7c0989","sha512":"fccc53f5ef453be8f5083891572becfaa4acc17ddf61a3368983df39ba0b0f3abf93879a7c421d46f53918a56c2f41292c597b3869e612b782cbeef2784a7aab","ssdeep":"96:KTxLfUKOxvadXryNtU+l+48/vy4HmYa8IVhrDTTOiqRo6K:ixYF1aZryH5Bb95hzT9qRTK","tlshash":"7cb1b7c83fa8c3f4fa41e2fbc60654b97b5f74e9a38585b4c3512c4a94830e6eda55e0","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-05-30T18:34:50.328237Z","times_seen":50,"resource_available":false,"data":null}},"time_used":994,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":994,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/favicon.ico","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:22.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 138\r\netag: \"689edd57-8a\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-06-08T18:47:35.209623Z","times_seen":279633,"resource_available":true,"data":null}},"time_used":320,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":320,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/js/i18next.min.js","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.168Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/js/i18next.min.js HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 25 Apr 2024 00:15:54 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a0ba-a17b\"\r\nexpires: Tue, 03 Feb 2026 00:27:18 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":41339,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41339), with no line terminators","md5":"12ecb47960392a3fc855b7fd50e37cb5","sha1":"89091e446743ad290bbfcc7e0712b07b718ed645","sha256":"9a910161d3b09fcf59d5865c907ab140ffa5689598417f978b0324b90c10beea","sha512":"6e1692496675a763907cfbc6fd207650381c80beafd0498057cadc1523e375a7335b7e96571f7d8f584b8c2c0cf5cce2fef10c940afa4bb0073af4d4806c395d","ssdeep":"384:mITfijf2+Vu38flPKA6H0jbh/k9mhwk9BkXHoePQhI7HGi8K/cho1rzA7Ih3mIYP:o9NPEPbmikmmIYECO/NXZ5MYaYs","tlshash":"2003f88c719772624fc360a4142f230ab279a95554c89808f932fed5ede1e8da3e7f34","first_seen":"2024-04-22T17:39:14Z","last_seen":"2026-04-09T17:51:51.668384Z","times_seen":56,"resource_available":true,"data":null}},"time_used":1010,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1010,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/tr.jpg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/tr.jpg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 25 Apr 2024 00:15:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a09a-1c95\"\r\nexpires: Wed, 04 Mar 2026 12:27:18 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7317,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 280x200, components 3","md5":"1789edc7cf03ac974460485fdc27c1cc","sha1":"e0dda129e8550ef40e77afbe079d6521a4e94f8a","sha256":"8971a8c652d554127269eb06a3ae68f93e7ceded8914b4e9bfcd4e5d0ded96f8","sha512":"b0565222e193ff499f0dcb27dc32a34d8035fe7874ae06d5143142352111c21bb0ecec8ef3eed006607e586270b0e815518fddd20ecf69cf6d6d0df16876e8c6","ssdeep":"192:A8p8KKekCXFvUZwMRQY44j43CB7g4FcRepPwFe+:AI8KKkXCBR/4483CB7go8epPa7","tlshash":"60e16d55ea13600bd6f419fa46f61373e743bb3860c1d19ea5028c57df618c32d1588e","first_seen":"2024-09-26T14:10:26Z","last_seen":"2026-04-09T17:51:51.658666Z","times_seen":42,"resource_available":false,"data":null}},"time_used":1006,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1006,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"down.tk-shopping.click/static/picture/solutions-02.svg","fqdn":"down.tk-shopping.click","domain":"tk-shopping.click","tld":"click"},"ip":{"addr":"134.122.177.154","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://down.tk-shopping.click/","date":"2026-02-02T12:27:18.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"down.tk-shopping.click","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 01 Feb 2026 16:00:47 GMT","end":"Sat, 02 May 2026 16:00:46 GMT"},"fingerprint":{"sha1":"08:F6:33:E2:34:E0:69:C7:75:90:DB:F7:AB:52:11:4A:22:3E:FB:3A","sha256":"F5:B6:E0:36:5C:8F:49:3B:2F:1E:BD:82:AB:1C:94:4E:72:63:D0:41:B9:6C:F7:F6:A0:2E:81:54:AF:1D:1E:45"}}},"request":{"raw":"GET /static/picture/solutions-02.svg HTTP/1.1\r\nHost: down.tk-shopping.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://down.tk-shopping.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 02 Feb 2026 12:27:18 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 25 Apr 2024 00:13:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6629a03a-6ae\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1710,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d06e5b1b1d045edf039e1784ada2b328","sha1":"6a2005b109b7719578f81cfad7718304d07f8643","sha256":"c3d5a9221be3285f1d2065a5f96e9ba41a78a976e233b4b264e88349fc3a0720","sha512":"392ca60a72aace25f2b6b7ceb5ca25ccbd5e1b0cebe8c4fca82c441a8855f40534fa59992c17cc4b4c72074a674dccd4d36d9f729492147696ec76e7048284e0","ssdeep":"","tlshash":"013174a5f3846b79e01eebb4f661b03d240e139f2802d38415d88e38451c09eccb94ec","first_seen":"2024-03-26T14:13:18Z","last_seen":"2026-04-09T17:51:51.731334Z","times_seen":39,"resource_available":false,"data":null}},"time_used":1002,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1002,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-02","alert":"Sinkholed","trigger":"down.tk-shopping.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-02","alert":"Phishing Block","trigger":"down.tk-shopping.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}}]}