{"report_id":"7f7ecd82-64be-4300-a0d7-e36d2a193e61","version":6,"status":"done","tags":[],"date":"2025-10-18T01:43:00Z","url":{"schema":"http","addr":"tkmall58.vip/","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"https","addr":"tkmall58.vip/","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"title":"TK-Store | buy, sell and discover on TK"},"submit":{"url":{"schema":"http","addr":"tkmall58.vip/","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":0,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-22T01:43:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":1,"urlquery":0,"analyzer":5}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T01:42:35Z","timestamp":1760751755,"ip_dst":{"addr":"172.18.0.18","port":50010,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2025-10-18T01:42:35.575084+0000\",\"flow_id\":331721539814826,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.166.179\",\"src_port\":443,\"dest_ip\":\"172.18.0.18\",\"dest_port\":50010,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-10-18T01:42:35.296362+0000\"}}"}],"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"tkmall58.vip","ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":332,"request_count":67,"received_data":12383655,"sent_data":31738,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Lodash","description":"Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm.","website":"https://www.lodash.com","common_platform_enumeration":"cpe:2.3:a:lodash:lodash:*:*:*:*:*:*:*:*","icon":"Lodash.svg","categories":["JavaScript libraries"]}]},{"fqdn":"p16-oec-sg.ibyteimg.com","ip":{"addr":"23.36.77.107","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2019-07-19","domain_rank":45551,"first_seen":"2021-12-22T12:54:34Z","last_seen":"2025-10-10T21:19:04.2769Z","alert_count":0,"request_count":3,"received_data":17900,"sent_data":1569,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sf16-va.tiktokcdn.com","ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"domain_registered":"2017-09-20","domain_rank":76103,"first_seen":"2020-09-03T03:29:30Z","last_seen":"2025-10-11T12:00:54.288899Z","alert_count":0,"request_count":12,"received_data":5540102,"sent_data":6428,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2025-10-18T01:42:35Z","timestamp":1760751755,"ip_dst":{"addr":"172.18.0.18","port":50010,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"severity":"medium","alert":"ET DROP Spamhaus DROP Listed Traffic Inbound group 25","source":"{\"timestamp\":\"2025-10-18T01:42:35.575084+0000\",\"flow_id\":331721539814826,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"134.122.166.179\",\"src_port\":443,\"dest_ip\":\"172.18.0.18\",\"dest_port\":50010,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.Evil\",\"ET.DROPIP\"]},\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2400024,\"rev\":4421,\"signature\":\"ET DROP Spamhaus DROP Listed Traffic Inbound group 25\",\"category\":\"Misc Attack\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Any\"],\"created_at\":[\"2010_12_30\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Minor\"],\"tag\":[\"Dshield\"],\"updated_at\":[\"2025_08_01\"]}},\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":74,\"bytes_toclient\":74,\"start\":\"2025-10-18T01:42:35.296362+0000\"}}"}]}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-polyfill.144bde91.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"4d409a82f1fd1ccdb4146719442dc76f","sha1":"513830bb776dc7f35be3c4259dabcac2b5c3aab8","sha256":"c5425790d0cba801d53c4e17a27acb6897f5b3908397ef6f803140dfb408b003","sha512":"806134eebc7ff56dfaf3e8d0ba7089aba86c57599e490edcb5b87221b7598aa2a35587a5b12443b2ed14acd0c66d9ba8c6e0ab1c787a984e9e8ab49a02774e78","ssdeep":"3072:la0q8CJLo4Mhy7a2O+MqOTkhMaJt+iFjvGW:m8YwhycmjjvGW","tlshash":"dd34b988b292f0e64bf264d4407f8407f1771a64a44da851ffa1d884687bd4fb07babd","size":247143,"data":"","first_seen":"2024-09-28T07:23:58.455437Z","last_seen":"2026-04-03T20:29:52.879697Z","times_seen":567,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/83.97401b30.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"9645b1f5ab1bf07083a13d39627de505","sha1":"74262c4077855e038042a7b30a61515811f247dd","sha256":"b442a68ba589101ee961131f60e5ff500213799774f9b510e892726a7c83ccea","sha512":"c6d68587d9ea87d2a2cb51eb0d7a1ee26c13ad30a6d35df9a05ef5ec1e33efdc088e6c4ca362f9084e099841b35d15492011a137134551fb9fe877d4960fcdc9","ssdeep":"6144:DRHbIYnZo0nf6lg9bPmEOuOcxOkuKoE+oZS:D1UY60Ci9bPpOWTYEtg","tlshash":"86b43acdb299702503e364b9903f110ab33a2a58744dc028f575e9e56cb994ea33bf7c","size":530518,"data":"","first_seen":"2025-01-28T12:57:32.280556Z","last_seen":"2026-04-03T20:29:52.925756Z","times_seen":523,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/463.1d0eeca0.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"57c75c145966a9b3876015314e58c6cf","sha1":"587f7c1ceb37ccf305198586d16a2f12cd37e127","sha256":"5a204106103fa388c30ee10c5b601ece0295f6d235d841e0c00b566310bd8e06","sha512":"b6877bd4a897bcff4450b0f3a045f94b451ed6f6abe3f5fb0d6cbde22205210e8283bd9bdcb4493067ebc95bdaa344addcbbdcddb1add020ddb052a9ff8a943b","ssdeep":"1536:cDk6atQ8eLahR1gDk6atQ84LahRDFRTq7/631:cDk6adeLahRGDk6ad4LahR67/631","tlshash":"d2b3a4c9f6c6b0610397b470913f550af33b2d54789e80a4e266d5d26cb968ea237f3c","size":117728,"data":"","first_seen":"2024-09-28T07:23:58.369894Z","last_seen":"2026-04-03T20:29:52.924118Z","times_seen":449,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/353.b3bb0bfa.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"40ca993782cf703c4565c62dbb358437","sha1":"9388e191ad5335b498edf6570f6e8f9ab5fe4e51","sha256":"57fbb4da17f365666d1a6f3ef530e3cad7b3d5595d89e535d2ea496b5eae4220","sha512":"c60f0565f8d3deec75fb59da88a8c7e36cd9c0ef19e31843f32c4658bd10b0520fb9c552abdb24450198e08bf6621a4adaef28f0f3ec1da5c2884cfe6eea1cea","ssdeep":"768:nMKFAF4f+zJoh6lmNARMdJoJwayF2VjcWzEQL5ah0dFabqh8:MKFcRKJ8wzF2ha2j8","tlshash":"2e633ba8b2d1706187c312a1c22f830633375499554a8424f637d8ea2db5d2f76bbfbd","size":68942,"data":"","first_seen":"2024-09-28T07:23:58.368094Z","last_seen":"2026-04-03T20:29:52.870758Z","times_seen":450,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"988ffbb27ebdcf644769e6e0ec0a6229","sha1":"25a488d27dd59713e41bf61de79406d25f23c824","sha256":"965470f5e55092f33504f4a3f5887691402738cc52d437542fa8f547cc4406fe","sha512":"245bed655e5beb0b93fd0123ee180a0677d502fd18db869a492df7f41af6e6151c77cdde49cd8f2ea880ef00b6303ebe4da878bb31bb5e50ba987821be78f76a","ssdeep":"","tlshash":"91f02224087870a3a648b1a46c331a94937262dbde38706bb78c07294f1e47f89f47ac","size":482,"data":"","first_seen":"2025-01-28T12:57:32.366762Z","last_seen":"2026-04-03T20:29:52.938748Z","times_seen":427,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-lodash.bf84b211.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"6be4803af01cf9e16ddf93fb04a1db72","sha1":"0487ddef043cdb2e15e9bf5c599134f35a166ce1","sha256":"853623d58dedcd9a5e536bef349e9ff83dded42d4b1dd2fbab7fe601bb28626e","sha512":"ca190dab6ce3f636419cb5d23cb65d4948126e212756d9f05e6dd2702b09689488b5059277b32ff31d7b1497205804278f77f2f996c4608544322aa3686f71a6","ssdeep":"1536:52fmxNB/M6lzihdLUVnCsmdaKWsq5l1frkn9c/pn4QJn9pyHX:vPadIVlKWHDeCpL9pM","tlshash":"f09393c9bad3f05943a77860402f040bf23e6e54a88e9594d262e4dcbcbc55ee177f1a","size":95095,"data":"","first_seen":"2024-09-28T07:23:58.446746Z","last_seen":"2026-04-03T20:29:52.93395Z","times_seen":570,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-axios.de405cb7.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"44cbfad9b61a51d2124298a49b29c009","sha1":"7443225d2d6bbd323ba0ba811cc2de7f2230d3a3","sha256":"55a2f4274446416598c3b4cee096005842f8529f232507aea4336b04ca1d22a1","sha512":"a0c4762905258d7f6f12285601e915d4fe9214fcfe4dbc95671b50ddb438a69bd28144767351ad9fac6a5e3be171417fe8694d7769952eb37da74d25af57e997","ssdeep":"384:DzdycsDmxm7PX9OWOUtpefXrdZ5BKm4gmZtxR0Ywe7W5EjU7Fh5yk0:DRy7MIVuIpeiBZDt+50","tlshash":"4692fac9b9a0f07547a321f4806f590bf3775529a44d84a0fb50e8e62cb890e873bf6d","size":19792,"data":"","first_seen":"2024-09-28T07:23:58.465686Z","last_seen":"2026-04-03T20:29:52.875785Z","times_seen":569,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/460.6e84f8f9.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"836efd88de242ffbc27638611da04205","sha1":"9142336339d9535b8187997cb85433bc7c8eb8fc","sha256":"04f7e43a9925ee4f07f5d8263e91868c7d03dd0cd1f67ad011a7b266f1ff6005","sha512":"610521f3a077e3dced7bff918f3a2b1ab78aaa4d5ae2be8b7469e84593b1cb46886d2957d10aa54560b7cd627690ffa7baf7bddd8eb84647d2a1cc38e7d7c787","ssdeep":"768:DEucduAqko/ShcDEo/ShcD1IhMLSrKCgucNnN:DEako/ShcDEo/ShcD1IhMLSrKCgucNN","tlshash":"d9b292e0b50aa0b5527f606a80bf160db325761cbc35ad91f253e4ea21d4fc3d116bfa","size":25238,"data":"","first_seen":"2025-01-28T12:57:32.295733Z","last_seen":"2026-04-03T20:29:52.871904Z","times_seen":449,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/page.b98cfe07.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"556172faab67882f868c136a19b1d1be","sha1":"68c7fa1df42814f7e785ec7952514493c826b8f4","sha256":"664e0b0fa581291f2eb5b29930da01e2524b943bc43a676a81e27a62fb32325e","sha512":"e53ddc5760d997822dddb7d35d495bbe8d20e3cc175b101345db98cfd905add2a44b9bc0f72fff1c1e8b840cc572374155e7f6b82949e9ef23cb40b419c99ed1","ssdeep":"1536:yo+ucihfhcvq3ZdrY/sw+/SAx79ZR3y7i2k9:t+KTrEswq/Z5ym2k9","tlshash":"e4630a52f461ada8f67749c4913f880ce61a3a0bd64484a8fdbc7d091649293f13bfde","size":68238,"data":"","first_seen":"2025-01-28T12:57:32.2988Z","last_seen":"2026-04-03T20:29:52.891994Z","times_seen":433,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":true,"md5":"9f70bfeb53a96fd3f329021707fabb6f","sha1":"59863e1211f02701da6bc09712b26dddc9cd8a98","sha256":"5183e4cfa7fdd91059e5f6141e83a50a6ce6f64a8cb160cf13b22dcfedb3296c","sha512":"09b46680d9986b068b81fb9bee42007fc9dec52871330451d5dca18838811dfbdd70cb81c2540971bf193dc4a01c1259eca12d4c4d20f4b1083218b6aab9efc1","ssdeep":"192:tk3V0jBrfZfPN9nuY8oLyqFwYQvDuJDe4FiKE8tBJuHH2NJF7MnPoSDXK+2u5Uqo:zPUaqHYPH21hUj","tlshash":"44923faa86753881a50102602cbbaf647628e8dfefa5fda77e1d41641f0d01ec9f735c","size":21193,"data":"","first_seen":"2025-01-28T12:59:16.227771Z","last_seen":"2026-04-03T20:29:52.939474Z","times_seen":380,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-arco.afd3802c.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"66296ae08db9dce0b0ec23e84f1cfa82","sha1":"bbfb60f99fc2b9d2cd418c0ef49790688f83d47b","sha256":"4167eb82e602d4d57bf9d4c41cfd52696be67c0e53cf870b1a48ddbe76847cb5","sha512":"78f0bb30c14c0471032453920e4dce8674bad7f260839843e3892e659e9bf04528767e6eeb6d506535cee8af6595546886318bb95369f8787ad21512749cd373","ssdeep":"3072:IgXb9MtoaJJAtDW6Wu8HI83tcWJpaWJA9H2LvVbEmpNkcsQREkjFNdIw0XhJsBk:e337JpaWJA9H2LvVbn9sQREkuw8ek","tlshash":"13542dd87254b0a593fb41b6803f180ef33b361cb8398d50e2b5e8d474a5649a52bfbd","size":295368,"data":"","first_seen":"2024-09-28T07:23:58.35934Z","last_seen":"2026-04-03T20:29:52.864471Z","times_seen":569,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-react.235b4836.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c194b12793a2436efb1f3ce1c674b69","sha1":"2bc65388297613de6cc4622a771e5e001f2d95bc","sha256":"181d18351e54581117e789445bcaa5d7477257c510189767d4d3e04c56bed549","sha512":"da45dc947f923d79a04277c08f915f575fe3a573a8dd4a1c92caf693c74110db65ca697c9af4722412691ed7659732ca9d34fcf2771d378cc2391a7dfe507ca4","ssdeep":"1536:Wv4kq5k79fohxQlV0vMYbAJnfMhnia9Toy7U6SLdl8eIUZQeY:WVX0OnEboy7U6S72eY","tlshash":"79d306e83996f5516ab7126700ef1807733c1a1b280c89a0a615fd8e75f842eb17bfdd","size":140018,"data":"","first_seen":"2024-09-28T07:23:58.462117Z","last_seen":"2026-04-03T20:29:52.924927Z","times_seen":568,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-router.706221fa.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"33e7cf1528a483f0c3d9da77a9935747","sha1":"162b9616fa767dd4ec7b64c157e859099782a87f","sha256":"7ee5d4c6a5b6b9013b91f3a7b74dfde9c03b70859bc5e64506984bc75276e990","sha512":"bc7d36a6232b763e6d808690bc07b3a4c9e87caa203a191675e996d560c355575b98b175cfdeea606c9f232c7573680bef1793e6c44c19f33b63d13710ff3103","ssdeep":"768:OK3cu7mmtBYfQoN0C3N3X6gL58s97iG3hfQKfg7g:XcuPC0CNqgL5CKoM","tlshash":"a733f9fab641b0665bfb03e6c0bb0125e3796dda206a4415b298ec4e3074d4da377f39","size":54278,"data":"","first_seen":"2024-09-28T07:23:58.450437Z","last_seen":"2026-04-03T20:29:52.900634Z","times_seen":567,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/158.ed83d71c.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e659875b1b11ac2eb38539dbfdfe8e5","sha1":"d5424a68c8cfd432484b361f91a6586ff4bf2fbe","sha256":"c6097538c3f16b90e7f27d61bb447edbf1bc610ffd160bb9da46e45267d08ff0","sha512":"c5f226480f43b4f9252410ffe6c2dc5f32e90a9ee81cfc02decea79299fbb675ee090ce9cc8267ed48617c19b916edc74b05d6e1d24142303ebe55e995e6cb63","ssdeep":"6144:Hc7LZPfGrpsOeGndoo9m90hr7Ds2t9vMUi:87Lh+rmO3do+hw2b5i","tlshash":"52946cc9b255b03243a725b5902f150eb33a251cb45cc468f675eae52cbe94fa327f38","size":443345,"data":"","first_seen":"2025-01-28T12:57:32.294212Z","last_seen":"2026-04-03T20:29:52.890795Z","times_seen":430,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/main.a0906336.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"34c65ea5f113504cce2d321b961ecdb9","sha1":"08452295b557781bdb2c040bfd8af380f3d0382e","sha256":"bf5826fc56e122bba36429ed692b35c5ca3502f1946adb91901a7eb86becbab4","sha512":"ce29cfa7520bd62e82f7ae4af90ecf259ecc2df46ff3a2378b1e76ad5b8061d9cb271c0cc70e0d193768aa7d914e7e5e9c533bfd83dd00b1e83a3213bd0ab781","ssdeep":"384:5Llw/fc/7T6EsqjFx7TsvirLWtY8x0r8X2iw+fq3coaQXgpJhA:5LO3c/7TsqBe68x0r8X2iwMq3cJi","tlshash":"76520cb6c04138bf2e8e0a84500e3ebaacad5ecf916d7570955c68ddb144af7bc0dac4","size":13686,"data":"","first_seen":"2024-09-28T07:23:58.371454Z","last_seen":"2026-04-03T20:29:52.888936Z","times_seen":564,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/838.a10936a8.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"introduction_type":"scriptElement","is_inline":false,"md5":"bc4d89c9a2c17a8ae31eb040c70ed5a7","sha1":"6bf5da7743761a2376406e7fabb77bb11c9612f0","sha256":"c54953f443c4ea82c58f6ce421ccd7d38da866ed91ca7cf3462fe225135882cd","sha512":"812b6ccffbb6c1f3ce6fd484179cdac69e4ed7d673ac11de1fe7e14049ebbe9ce5a5bbcbdd6a9695d29513076429ce8cc8230f9ba1e2c830c9661ecedbc358f3","ssdeep":"768:mMeUGnwMod+y5Y5RtepS8DoMpl2OiBH86gJB/lp:3eUGn9TqXdptGg7Np","tlshash":"45f24ac0f155f538535a98a942af41087329710cec6cdc84f35ac8953be4ed5e263bfa","size":36427,"data":"","first_seen":"2025-01-28T12:57:32.297156Z","last_seen":"2026-04-03T20:29:52.91448Z","times_seen":448,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-react.235b4836.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/lib-react.235b4836.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-222f2\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":140018,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65460)","md5":"6c194b12793a2436efb1f3ce1c674b69","sha1":"2bc65388297613de6cc4622a771e5e001f2d95bc","sha256":"181d18351e54581117e789445bcaa5d7477257c510189767d4d3e04c56bed549","sha512":"da45dc947f923d79a04277c08f915f575fe3a573a8dd4a1c92caf693c74110db65ca697c9af4722412691ed7659732ca9d34fcf2771d378cc2391a7dfe507ca4","ssdeep":"1536:Wv4kq5k79fohxQlV0vMYbAJnfMhnia9Toy7U6SLdl8eIUZQeY:WVX0OnEboy7U6S72eY","tlshash":"79d306e83996f5516ab7126700ef1807733c1a1b280c89a0a615fd8e75f842eb17bfdd","first_seen":"2024-09-28T07:23:58.462117Z","last_seen":"2026-04-03T20:29:52.924927Z","times_seen":568,"resource_available":true,"data":null}},"time_used":828,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":828,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/css/158.de89f206.css","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.705Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/css/158.de89f206.css HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 09 Oct 2025 08:35:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dc-6c81\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27777,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (27777), with no line terminators","md5":"028f6c971d8c330abd4d40ffca8247f0","sha1":"c945dba56dd55ce068aa7f04f23c2b2ef8c63ed8","sha256":"ba0a867534eb6437d65de4211f9a42fd4ae800d3283247ed40c403d26cf6fbe8","sha512":"f17c32e8e3bf49aa32a94b7408c836a7c6e176241e7a6aa95c9170d161f615340a3927ae58ac2d87e82f62a57192cb59c9b8ca86b5deaa811d43c3d0fc7f5ea7","ssdeep":"192:A3KnonO0E746qRET6ZO9ZRLqYPq/9GfvOvXH8pZf3SiA2lUqQx5DoOcdVhbbDMSz:eKoJRErQnuAbzs4yFwcubWRu0ey/","tlshash":"d8c25261b434222f257e4113b683958e3b4ab582bf633b7ef517d0cd8eca9125b61f12","first_seen":"2024-09-28T07:23:58.360439Z","last_seen":"2026-04-03T20:29:52.894257Z","times_seen":443,"resource_available":false,"data":null}},"time_used":821,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":821,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/f9de5c284df74f4e82273530670802fd~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/f9de5c284df74f4e82273530670802fd~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-e6f\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3695,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 193 x 192, 8-bit/color RGBA, non-interlaced","md5":"33e2a0f08c8953e1b848c1cce59a97cd","sha1":"d74aee59026b7f8fa4da441ca2ddcf9cb478f4d2","sha256":"e2cb4cd6376a8df609b1ef54e0305548bac38b0b432c2bf6da1177024bffa906","sha512":"ba09dadcb25209aabcbc67b07e3a742b287e335d475eefd63a4972a132941ab108109b31a2edebb9b2a64fa0141ace99ad5f204b3befcc4d7bbce48df9d794e3","ssdeep":"","tlshash":"c7716cc4b26bb2cfe8009b3bd1db8420444776b519251d88f4a4873b58fcfd99a65297","first_seen":"2024-11-19T07:54:21.356719Z","last_seen":"2026-04-03T20:29:52.866327Z","times_seen":540,"resource_available":false,"data":null}},"time_used":815,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":815,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-polyfill.144bde91.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/lib-polyfill.144bde91.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-3c567\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":247143,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"4d409a82f1fd1ccdb4146719442dc76f","sha1":"513830bb776dc7f35be3c4259dabcac2b5c3aab8","sha256":"c5425790d0cba801d53c4e17a27acb6897f5b3908397ef6f803140dfb408b003","sha512":"806134eebc7ff56dfaf3e8d0ba7089aba86c57599e490edcb5b87221b7598aa2a35587a5b12443b2ed14acd0c66d9ba8c6e0ab1c787a984e9e8ab49a02774e78","ssdeep":"3072:la0q8CJLo4Mhy7a2O+MqOTkhMaJt+iFjvGW:m8YwhycmjjvGW","tlshash":"dd34b988b292f0e64bf264d4407f8407f1771a64a44da851ffa1d884687bd4fb07babd","first_seen":"2024-09-28T07:23:58.455437Z","last_seen":"2026-04-03T20:29:52.879697Z","times_seen":567,"resource_available":true,"data":null}},"time_used":839,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":839,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-axios.de405cb7.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/lib-axios.de405cb7.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-4d50\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19792,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19792), with no line terminators","md5":"44cbfad9b61a51d2124298a49b29c009","sha1":"7443225d2d6bbd323ba0ba811cc2de7f2230d3a3","sha256":"55a2f4274446416598c3b4cee096005842f8529f232507aea4336b04ca1d22a1","sha512":"a0c4762905258d7f6f12285601e915d4fe9214fcfe4dbc95671b50ddb438a69bd28144767351ad9fac6a5e3be171417fe8694d7769952eb37da74d25af57e997","ssdeep":"384:DzdycsDmxm7PX9OWOUtpefXrdZ5BKm4gmZtxR0Ywe7W5EjU7Fh5yk0:DRy7MIVuIpeiBZDt+50","tlshash":"4692fac9b9a0f07547a321f4806f590bf3775529a44d84a0fb50e8e62cb890e873bf6d","first_seen":"2024-09-28T07:23:58.465686Z","last_seen":"2026-04-03T20:29:52.875785Z","times_seen":569,"resource_available":true,"data":null}},"time_used":830,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":830,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/83.97401b30.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/83.97401b30.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-81856\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":530518,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65467)","md5":"9645b1f5ab1bf07083a13d39627de505","sha1":"74262c4077855e038042a7b30a61515811f247dd","sha256":"b442a68ba589101ee961131f60e5ff500213799774f9b510e892726a7c83ccea","sha512":"c6d68587d9ea87d2a2cb51eb0d7a1ee26c13ad30a6d35df9a05ef5ec1e33efdc088e6c4ca362f9084e099841b35d15492011a137134551fb9fe877d4960fcdc9","ssdeep":"6144:DRHbIYnZo0nf6lg9bPmEOuOcxOkuKoE+oZS:D1UY60Ci9bPpOWTYEtg","tlshash":"86b43acdb299702503e364b9903f110ab33a2a58744dc028f575e9e56cb994ea33bf7c","first_seen":"2025-01-28T12:57:32.280556Z","last_seen":"2026-04-03T20:29:52.925756Z","times_seen":523,"resource_available":true,"data":null}},"time_used":825,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":825,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/matashop2.svg","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:39.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /matashop2.svg HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:39 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-04-04T04:46:03.513018Z","times_seen":477496,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-router.706221fa.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.691Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/lib-router.706221fa.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-d406\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":54278,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (54201)","md5":"33e7cf1528a483f0c3d9da77a9935747","sha1":"162b9616fa767dd4ec7b64c157e859099782a87f","sha256":"7ee5d4c6a5b6b9013b91f3a7b74dfde9c03b70859bc5e64506984bc75276e990","sha512":"bc7d36a6232b763e6d808690bc07b3a4c9e87caa203a191675e996d560c355575b98b175cfdeea606c9f232c7573680bef1793e6c44c19f33b63d13710ff3103","ssdeep":"768:OK3cu7mmtBYfQoN0C3N3X6gL58s97iG3hfQKfg7g:XcuPC0CNqgL5CKoM","tlshash":"a733f9fab641b0665bfb03e6c0bb0125e3796dda206a4415b298ec4e3074d4da377f39","first_seen":"2024-09-28T07:23:58.450437Z","last_seen":"2026-04-03T20:29:52.900634Z","times_seen":567,"resource_available":true,"data":null}},"time_used":826,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":826,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"p16-oec-sg.ibyteimg.com/tos-alisg-i-aphluv4xwc-sg/12e0b5c375bd4824a5b6cd6dbaf76735~tplv-aphluv4xwc-origin-image.image","fqdn":"p16-oec-sg.ibyteimg.com","domain":"ibyteimg.com","tld":"com"},"ip":{"addr":"23.36.77.107","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ibyteimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS ECC CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Jun 2025 00:00:00 GMT","end":"Mon, 15 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:68:99:F7:11:99:E1:26:F3:58:F7:0B:38:2A:AB:E3:3F:B4:0D:35","sha256":"D3:AF:19:C8:00:FA:B8:E5:1E:07:1A:6F:74:F5:09:8A:4E:E6:B2:B7:A7:F8:D8:4F:93:13:86:CC:93:89:0F:AF"}}},"request":{"raw":"GET /tos-alisg-i-aphluv4xwc-sg/12e0b5c375bd4824a5b6cd6dbaf76735~tplv-aphluv4xwc-origin-image.image HTTP/1.1\r\nHost: p16-oec-sg.ibyteimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 3433\r\nimagex-fmt: png2png\r\nlast-modified: Thu, 02 Oct 2025 14:25:11 GMT\r\nnw-session-id: 20251002222511CC9E1F0708206AA12B56vtn6x13df\r\nnw-session-trace: 2025-10-02T14:25:11.17035889Z 92\r\nx-bdcdn-cache-status: TCP_MISS\r\nx-length: 3433\r\nx-powered-by: ImageX\r\nx-response-date: Thu, 02 Oct 2025 14:25:11 GMT\r\nx-tt-logid: 20251002222511CC9E1F0708206AA12B56\r\nx-request-ip: fdbd:dc51:5000:217::34\r\nx-response-cinfo: fdbd:dc51:5000:217::34\r\nx-response-cache: miss\r\nx-tt-trace-host: 014209e60b692982813febd58f46cdcd9989324375f2455ae3c7d6e3a1d95c048e809b4e581ce59cf8288025aa60340dc8d9c72cf6d6b5e2c88d197fcb46df94598b38c70459f616b37196709df65758953dfbda792f733461a0435ba7844b134f\r\nx-tt-trace-id: 00-251002222511CC9E1F0708206AA12B56-5B3D8233608D4DFB-00\r\nserver: TLB\r\ncache-control: max-age=30199355\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_MEM_HIT from a23-36-77-44.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=97\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: a47ad6b\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3433,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 440 x 440, 8-bit colormap, non-interlaced","md5":"698f72a21509608268eff77c2a950582","sha1":"bc5cd1ef9da74522d6db5cdd7ae0df1dba166ba8","sha256":"5110f20c2f5ec6003f7d1073e529e5a2d3fee741f29368e396a945cd5486614e","sha512":"7f07e92f9d02f1a89857c1da0b6a3c7c6ad71645150152b84090e66cabc15574a65bf744d0fde5b99a828736bf75930a24557590211866a2196a429c55c0956c","ssdeep":"","tlshash":"1b6119a348d1de6cc90da334c8daa84f951e4f0cdb66a60ce951d70025a0b5816f615e","first_seen":"2025-01-28T12:57:32.254402Z","last_seen":"2026-04-03T20:29:52.921545Z","times_seen":568,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":-1,"dns":80,"connect":3,"send":0,"wait":19,"receive":0,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"p16-oec-sg.ibyteimg.com/tos-alisg-i-aphluv4xwc-sg/e89eefbaf7c0405197425abe8202fdd1~tplv-aphluv4xwc-origin-image.image","fqdn":"p16-oec-sg.ibyteimg.com","domain":"ibyteimg.com","tld":"com"},"ip":{"addr":"23.36.77.107","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ibyteimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS ECC CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Jun 2025 00:00:00 GMT","end":"Mon, 15 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:68:99:F7:11:99:E1:26:F3:58:F7:0B:38:2A:AB:E3:3F:B4:0D:35","sha256":"D3:AF:19:C8:00:FA:B8:E5:1E:07:1A:6F:74:F5:09:8A:4E:E6:B2:B7:A7:F8:D8:4F:93:13:86:CC:93:89:0F:AF"}}},"request":{"raw":"GET /tos-alisg-i-aphluv4xwc-sg/e89eefbaf7c0405197425abe8202fdd1~tplv-aphluv4xwc-origin-image.image HTTP/1.1\r\nHost: p16-oec-sg.ibyteimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 6245\r\nimagex-fmt: png2png\r\nlast-modified: Thu, 27 Feb 2025 17:32:57 GMT\r\nnw-session-id: 20250227173256BCAF3DD6C46A5452895F28p9n13df\r\nnw-session-trace: 2025-02-27T17:32:57.700121746Z 99\r\nx-bdcdn-cache-status: TCP_MISS\r\nx-length: 6245\r\nx-powered-by: ImageX\r\nx-response-date: Thu, 27 Feb 2025 17:32:57 GMT\r\nx-tt-logid: 20250227173256BCAF3DD6C46A5452895F\r\nx-request-ip: fdbd:dc51:ff:a001:1:251:69:95\r\nx-response-cinfo: fdbd:dc51:ff:a001:1:251:69:95\r\nx-response-cache: miss\r\nx-tt-trace-host: 01317db02541a52b4cd25fac1b822af8ebff5a5659d2b112e9288538b341554c4c5d0b0a5edb69788fe753c86b957a660dead3690c82b8b1db82e21b75b3afa508608cc8c8f10aa80d25d8631a3838a75927d8b9e51228171ddf696b1891e603096530ce62ff41380beda2e96b6482b68b\r\nx-tt-trace-id: 00-250227173256BCAF3DD6C46A5452895F-17E0B2CB3EA9443F-00\r\nserver: TLB\r\ncache-control: max-age=29098726\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_MEM_HIT from a23-36-77-44.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=104\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: a47ad73\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6245,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 440 x 440, 8-bit colormap, non-interlaced","md5":"166e5dbcf4fd1b0973a11e2dd55658d8","sha1":"322e4c155a803cbb3e3d5edfef36d9624f120ef8","sha256":"d80e8ca6a1419dc51e12e27cf58bbdec04aa6a687c773f50d1c4d0f9c8d6c71f","sha512":"bfd15afad02dd3fc5fbce14d90f486fec074518423d829cc1b07ceaa134e617262ef46bf3e1bc85c064d6b85be0a521228e6fea9ef431a52e5adc3195a9c99ff","ssdeep":"192:m1L8ISdQ/0UxBShe/e7VOIoJdW0+PCwKvmjMPCZ:m1HDV/eBO7JIPCwKqx","tlshash":"f4d19eefc7730af8d352997fc75e72a8551f692416ca231a60c6dd543e0ae1d8204e29","first_seen":"2025-01-28T12:57:32.267502Z","last_seen":"2026-04-03T20:29:52.860008Z","times_seen":568,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":78,"connect":7,"send":0,"wait":3,"receive":0,"ssl":96},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/2810c667aa7a4361ba319623e0c4e6ee~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/2810c667aa7a4361ba319623e0c4e6ee~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-603ca\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":394186,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1884 x 669, 8-bit/color RGBA, non-interlaced","md5":"c25df39eca5068a7ac3702dc0edc9025","sha1":"960719ec5b46702a3b8607b7ef9c95199b3cafc1","sha256":"6a6eb90c39497f5df7022b1fcd26ef8794f6793d15e1f9b06846c3c2106a1610","sha512":"43f082e14246b5c7bfbb803420a3747e0da26992143c607a0c273dbb86a6878791d7eb4cf07b484c61cf3bf3707446dfd7f4c5381651bbd7bcdb1d5dacd206d7","ssdeep":"12288:JoWJvmUrWVHzJkHA0PRDzYnYx+i6H/ngNqa:SgeUrW8HAiJz8YxrC/n/a","tlshash":"cd84120a21d74f26de2ef4fe2dc2286b0111ced59c7f6a2dff254d81850dd299a0689f","first_seen":"2023-10-13T14:12:36Z","last_seen":"2026-04-03T20:29:52.928731Z","times_seen":399,"resource_available":false,"data":null}},"time_used":788,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":788,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/font/TikTokDisplayFont-Bold.woff2","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/font/TikTokDisplayFont-Bold.woff2 HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/main.27b52715.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 58828\r\nlast-modified: Thu, 09 Oct 2025 08:35:41 GMT\r\netag: \"68e773dd-e5cc\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":58828,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 58828, version 1.0","md5":"26a1891f272dc17f5ac69a8cfde2991d","sha1":"097239d7cb11b964bd6a745f24e5f82267fcaf0f","sha256":"e4dd3bb15ae6492d5ddff59e08075a6023463b82cfe6c284470fec0d86fe52ae","sha512":"2b78bc3b2e57aeaacdbce5315b117c8900f9cfb99e331704c80f871882b1f0ad88ef7d6808fea6a8e93e1e65a239beaff9c3d61a07191b96bc21c0fac759d783","ssdeep":"768:eEWSWa7VSQrI9kNTF9HFrfpjBooNuDFjy3zW5/7lo6Ks2zQ5oF+mK8UMrrbFHpLY:ElQ8UTJrhjKC6jyT6/8Q2dVxJphFSy2","tlshash":"4d430167125e0eeb16a860ea197b4fee86dbc57c733c75a700e39630f6354540e178a3","first_seen":"2023-06-27T16:48:29Z","last_seen":"2026-04-03T21:00:00.717973Z","times_seen":5262,"resource_available":false,"data":null}},"time_used":452,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":431,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/158.ed83d71c.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/158.ed83d71c.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-6c3d1\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":443345,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65466)","md5":"1e659875b1b11ac2eb38539dbfdfe8e5","sha1":"d5424a68c8cfd432484b361f91a6586ff4bf2fbe","sha256":"c6097538c3f16b90e7f27d61bb447edbf1bc610ffd160bb9da46e45267d08ff0","sha512":"c5f226480f43b4f9252410ffe6c2dc5f32e90a9ee81cfc02decea79299fbb675ee090ce9cc8267ed48617c19b916edc74b05d6e1d24142303ebe55e995e6cb63","ssdeep":"6144:Hc7LZPfGrpsOeGndoo9m90hr7Ds2t9vMUi:87Lh+rmO3do+hw2b5i","tlshash":"52946cc9b255b03243a725b5902f150eb33a251cb45cc468f675eae52cbe94fa327f38","first_seen":"2025-01-28T12:57:32.294212Z","last_seen":"2026-04-03T20:29:52.890795Z","times_seen":430,"resource_available":true,"data":null}},"time_used":780,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":780,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/463.1d0eeca0.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/463.1d0eeca0.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-1cbe0\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":117728,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65466)","md5":"57c75c145966a9b3876015314e58c6cf","sha1":"587f7c1ceb37ccf305198586d16a2f12cd37e127","sha256":"5a204106103fa388c30ee10c5b601ece0295f6d235d841e0c00b566310bd8e06","sha512":"b6877bd4a897bcff4450b0f3a045f94b451ed6f6abe3f5fb0d6cbde22205210e8283bd9bdcb4493067ebc95bdaa344addcbbdcddb1add020ddb052a9ff8a943b","ssdeep":"1536:cDk6atQ8eLahR1gDk6atQ84LahRDFRTq7/631:cDk6adeLahRGDk6ad4LahR67/631","tlshash":"d2b3a4c9f6c6b0610397b470913f550af33b2d54789e80a4e266d5d26cb968ea237f3c","first_seen":"2024-09-28T07:23:58.369894Z","last_seen":"2026-04-03T20:29:52.924118Z","times_seen":449,"resource_available":true,"data":null}},"time_used":776,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":776,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/right.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/right.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-27041\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":159809,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 856, 8-bit colormap, non-interlaced","md5":"8d20adbac9e57d69b5176d6f1f2712a0","sha1":"fad8823cc30c7992af981a8ff8a989da3c3a9582","sha256":"da2acc95916ee3c297a16e39bbd72cc593d1da394c57cbe19450034867ca25e8","sha512":"4501e258f3fa38a7d05845572e2b8a426b3e8c2e984dd78eb01b5ab72176cad30ba5f74751e53a450f017fad90605b14a7bc986e4a9c092110409925a916469f","ssdeep":"3072:glI3NvkqTnGnaqlv7PyMkAQBlZEzzCiDAIzXCEL5FtMqc14:B3NsqTnGnJvIlZEzzC0rN5FtDR","tlshash":"75f313665d1d1ed36c55bbc7ce43a562062c7c45f4c8d25a84b3508bba2b2bbf4f48c4","first_seen":"2024-11-19T07:54:21.378091Z","last_seen":"2026-04-03T20:29:52.854647Z","times_seen":485,"resource_available":false,"data":null}},"time_used":818,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":818,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/left.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/left.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-2375e\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":145246,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 480 x 857, 8-bit colormap, non-interlaced","md5":"5c66fb7a1859ee23fda3294f6b14b618","sha1":"2cb5600288ddaaaa457d90b3ad103361ce0b7ba0","sha256":"4874b02eaf38eca66078cad985de493f7f14872d42317c46a50145ec74ebc897","sha512":"13891e91d4447fcd7dc1c06c8578c7df1c993b8483b8d4ab3e408e9c009af5e3a3ce7d7c2a92acda2fbc975f6b92ae8fb41eed1bba49ea80e1a5b9bd402ba834","ssdeep":"3072:ziEtf/vcSa6jREJVDqdk2OUPAZtZafGsIz6P47Ed8LSO0t9p:mEtPXFWjqXOftZMUmSE+Sdt9p","tlshash":"b9e313c0e112151ec29efde11eed4c77986a350ef6198ac6dc054b278df3f4289d1a7a","first_seen":"2024-11-19T07:54:21.395524Z","last_seen":"2026-04-03T20:29:52.857636Z","times_seen":479,"resource_available":false,"data":null}},"time_used":817,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":817,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/4d5d4b724db84f0cb906c728ab7ea3c0~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/4d5d4b724db84f0cb906c728ab7ea3c0~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-74cdd\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":478429,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 1196, 8-bit colormap, non-interlaced","md5":"30aa97c1e36015f017016ff4a8c7989f","sha1":"7cbbdba28cefc8133a3c347415ce34da09518603","sha256":"4bd5eae5a0c343511df6ad86d927aee4b897560d5a9cbcd89e57391dfeaab90a","sha512":"e98994d3afe11679f9e0a64a533cb81551cf126a6757613f33d555ebf7f15f28a7a9d9ee8afa983c243654e62a7b863fbef77f1266d328ca3a00226f6fe558d1","ssdeep":"6144:nzK9Xy0nuh3I6UTx2xp5AW2jD1Kj550Nl2pVQDgxUtycl9myAoN0ZN7abt+BzZxb:nWR3uXUYGDM95KlQQDGKyw9mugV0GF","tlshash":"82a4237887346fcd111591ebeaa85d862d5a8f15ba0d9ae300e7fdda530814b31eec33","first_seen":"2025-01-28T12:57:32.35738Z","last_seen":"2026-04-03T20:29:52.874434Z","times_seen":521,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/1685248853e349b3802a3726304dbdad~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/1685248853e349b3802a3726304dbdad~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-64b81\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":412545,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 1196, 8-bit colormap, non-interlaced","md5":"6f1760ee975c827e3eba71684bd81906","sha1":"91a2e2cdc26b7b753d697c16c72f087040398be4","sha256":"5ac414e9254420b7784fe71590ef0bb93fae29d27562997e4732ad5fa220cf70","sha512":"25cf50b164da477b2ea53a2005caeb1cbd74c9737c4beaf5c6fa32e09cd34afe79775d3ac7eadadd5eb90278ea5d02d3ed61759200c7d68ddf889889040418ae","ssdeep":"12288:z+H6regtDhBazAzFXcjm3KjEwSqiMov+NxqcSE:trei9BgAzeM6SqiMooqE","tlshash":"8894231e2a6a5b933c8338aad8f2d5b8dd675d03c1384e8a27051438fb7d5a5d078f26","first_seen":"2025-01-28T12:59:16.216655Z","last_seen":"2026-04-03T20:29:52.875139Z","times_seen":404,"resource_available":false,"data":null}},"time_used":479,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":479,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/a5541bc32521444297734d1941980fb1~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/a5541bc32521444297734d1941980fb1~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 692\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-2b4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":692,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit colormap, non-interlaced","md5":"ff07113820ad52c6e5c0f75c21428f3b","sha1":"271ed7252f4d39d46d2ef4e48edf2b04c27b67ec","sha256":"976c68a350447bfd3796db2baae82188c022cf70d5c409e0879a2e6008e5fc7f","sha512":"6fef03bb55bf09f188ac672f38143bfc9c3dd605c09b2a9ca96f638b944ff76ad64c1efe46b6c635b456fbc8521a645253e15287a5570ac8a9108ee558e19851","ssdeep":"","tlshash":"210144c7c9913476f9d2fc7142bda801cc18df3a4e228113491884f66165b43b95e7bf","first_seen":"2025-01-28T12:57:32.307069Z","last_seen":"2026-04-03T20:29:52.910303Z","times_seen":546,"resource_available":false,"data":null}},"time_used":1645,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":805,"receive":840,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/890aca3a505f4e5c9ec9ad0c0a0baf41~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/890aca3a505f4e5c9ec9ad0c0a0baf41~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-9f229\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":651817,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1884 x 669, 8-bit/color RGBA, non-interlaced","md5":"4b4bf83180b429e8a0374d7013e72bb9","sha1":"721684394b5b4af55bbf0fb340c44d26cbab16a9","sha256":"e7ab796134bb9696ff46e6d1fe125bb3edcdff11ba77796ec36494c4b91bde5a","sha512":"03c28373d906b13e4a7ff4d7ee1f8fc1e25ef4f75702c9f7d9b47245fc4f0e12f8b2e0af658ec23f7612f72fa039d2877df111816bfe3482f1528041015031b4","ssdeep":"12288:DzG11R0OBam3zUltuP7IOVW1qU61Vqs/R6in6rfleHGhFk:fG1ZasWg7rEUUIVZ/efPhC","tlshash":"40d4234c2092ae3c08f4bc9b595bc86cb65540b571334de482bfdbe5aeb23e5853a7d0","first_seen":"2023-10-13T14:12:36Z","last_seen":"2026-04-03T20:29:52.882895Z","times_seen":395,"resource_available":false,"data":null}},"time_used":788,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":788,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/Store_page_new.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/Store_page_new.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: y+8FYN5lA1fzC27aNOnFxQ==\r\netag: \"cbef0560de650357f30b6eda34e9c5c5\"\r\nlast-modified: Tue, 27 May 2025 06:41:37 GMT\r\nx-bdcdn-cache-status: TCP_MISS\r\nx-tos-request-id: e1e21eccd615d67768ccd615-ad915a1\r\nx-tos-response-time: Fri, 19 Sep 2025 04:03:36 GMT\r\nx-request-ip: fdbd:dc61:5:177::147\r\nx-response-cinfo: fdbd:dc61:5:177::147\r\nx-response-cache: miss\r\nx-tt-trace-host: 011178e9b77d460721070efca990c529cac3d7c1852c3d66327df3faa3c70854777fc27e803b1affac9c7bc1bdae276d0f4c6ca8bf7b5c1939eec587876ec5256c2f1cb0bfb2a3ce3d7aa045f77a9268c773e07ed18b6cd069b14f974bf6a510be1a7b20f895bc1d57171ac60b789584bf\r\nx-tt-trace-id: 00-250919120333DE0F5119C2BCDA1BBD85-2E0BC1154FE6645F-00\r\nserver: TLB\r\nx-tt-logid: 20250919120333DE0F5119C2BCDA1BBD85\r\nx-parent-response-time: 15,23.61.206.11\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-831553/831554\r\ncontent-length: 831554\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=2892\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b73b\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":831554,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"cbef0560de650357f30b6eda34e9c5c5","sha1":"b5dc34a50e3dc3ef09f9afa17ba4a66228d0d95b","sha256":"1b9b48ce8bab227e7242cc829fe535f64ced5f9e876786c498e3c32692c5ed1b","sha512":"f8cf6586b04b8dec7d7ffd4c7616969495fb1a52688ee4805b4e5aeba060307a7acdc566e019b79b7b57a074af1d37b0c2bfba366c32076751bb03ff3513722b","ssdeep":"12288:3+zHu5RNG6tShn3XHMhl+aUvg8Lz9GcctZI4bsak/WmkPpRCs/FxnSkTcxLhv:gO5WISBHI4vJ9Gcc9prFxnSD1","tlshash":"3a0523dbb2df6d9dcebd3732ac720643967bf945019483e7a66040f4a9f50692e180f8","first_seen":"2025-01-28T12:57:32.27221Z","last_seen":"2026-04-03T20:29:52.873154Z","times_seen":561,"resource_available":false,"data":null}},"time_used":180,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":163,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-18T01:42:35.286Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 09 Oct 2025 08:35:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dc-19657\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"React","description":"React is an open-source JavaScript library for building user interfaces or UI components.","website":"https://reactjs.org","common_platform_enumeration":"cpe:2.3:a:facebook:react:*:*:*:*:*:*:*:*","icon":"React.svg","categories":["JavaScript frameworks"]},{"name":"Lodash","description":"Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm.","website":"https://www.lodash.com","common_platform_enumeration":"cpe:2.3:a:lodash:lodash:*:*:*:*:*:*:*:*","icon":"Lodash.svg","categories":["JavaScript libraries"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104023,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (4474)","md5":"f78d57901e7b36605d0f67429d039765","sha1":"968461e6dfce74f62b4cada693776585ab1ce8ad","sha256":"6b2295d3b76d2c2f60b00f6d2fa3069375be6c4c46af0282e8911c84d39f6b83","sha512":"2452a365bfd8abdb9a1c6bd102784522059725342c043b6b2aec2d38649a749f65dbea7129455556a8b91fe1699a671958fb7a5ff9d50b70caa8ca5f6b994e5f","ssdeep":"384:pPyeYZ6B4+DL7X1935u7pRmk0GI60AmnAqRALjGvh5qzcIyD8BfwhTc7sb8PUaqL:pPyec7gl935+/BI6I3gy6nPUaqHcO","tlshash":"31a3d67285f120d2508a86e03e366f2a7f40e85bde669a4976bc23d81f47c42dcb771d","first_seen":"2025-04-23T12:16:17.957909Z","last_seen":"2026-03-27T00:52:28.450771Z","times_seen":236,"resource_available":true,"data":null}},"time_used":1434,"timings":{"blocked":576,"dns":10,"connect":279,"send":0,"wait":282,"receive":0,"ssl":284},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/Banner/placeholder.png","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/Banner/placeholder.png HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 542833\r\naccept-ranges: bytes\r\ncontent-md5: VHW+LO0S7pyvGVDRJKpEUQ==\r\netag: \"5475be2ced12ee9caf1950d124aa4451\"\r\nlast-modified: Tue, 27 May 2025 06:41:37 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: b0155f49ca791ed76849ca79-a364697\r\nx-tos-response-time: Wed, 11 Jun 2025 18:27:05 GMT\r\nx-request-ip: fdbd:dc61:a:53::42\r\nx-response-cinfo: fdbd:dc61:a:53::42\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 01c4ec7fbc0b9f41cfb847c95fc8dbbe67052435415a0f09013cf9da976a030a3199d2f2ef77675e4ce2a1789670c6833eabbb347f0bfeb367c83614b921dc3d2bfad27951d00de97cafea264648743100a2d0700cbd317866fa48537b2b72017b20bf6fc93d369a40c5e2edc5978fe51ea1efa36c4d11af9dd40e7b174d4bf7f4\r\nx-tt-trace-id: 00-25061204181008B839C717AFFBDF4EA0-53770562F0A11731-00\r\nserver: TLB\r\nx-tt-logid: 2025061204181008B839C717AFFBDF4EA0\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=2\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b723\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":542833,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1125 x 2004, 8-bit colormap, non-interlaced","md5":"5475be2ced12ee9caf1950d124aa4451","sha1":"ff32f262c7234de0cc215b39524b3def7dcec9bb","sha256":"5e751a93469021b2873cadfc59404378bae57a81fddc4ecb1234939292fd12ed","sha512":"3989a2a6d0e67674ea802d4fd5600831cfa7714bbdb0117a3dbc343101104daaa4a3c97972951827f27a21b8add741af11e6f35d08314072b497c993a9653878","ssdeep":"12288:Y456Edfo2e3kKm/LV5pueHXD/9GKNhHVGaS+yl6M:Y4kYfTe3kKcV5cAXDZOhrx","tlshash":"c1b423621980ceb0a863f57cf69ec8e2f8ac790f241fdb0971b27606bcc45d67697641","first_seen":"2025-01-28T12:57:32.244558Z","last_seen":"2026-04-03T20:29:52.917265Z","times_seen":488,"resource_available":false,"data":null}},"time_used":192,"timings":{"blocked":39,"dns":48,"connect":7,"send":0,"wait":10,"receive":55,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/7ee7c29f6d524e03ac48cc32eed4b912~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/7ee7c29f6d524e03ac48cc32eed4b912~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 371\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-173\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":371,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 4-bit colormap, non-interlaced","md5":"1ab6d013a3f43915b8ea2fbd0b74dbe7","sha1":"df52c03c337bbd74a2b976575a693eed41b0e117","sha256":"851cf8b809ff8f67253ac16dc1eb9c74d07055716963188f26a66a6af385d370","sha512":"105ff7044b320e6d00bf9a3fc83342a7bd22ec025939807de8671d1acad7a94f850a8d4f3bb8a484a62b982b978628fbb090570c33e0e61033aa9b215d9ff456","ssdeep":"","tlshash":"b5e0c0e3afa35dacda676abb412cdd9881931828511a1d07c44b22727b3214d73a5f47","first_seen":"2025-01-28T12:57:32.304252Z","last_seen":"2026-04-03T20:29:52.918821Z","times_seen":546,"resource_available":false,"data":null}},"time_used":1644,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":804,"receive":840,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/join-today-02.d89159f9.jpg","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/join-today-02.d89159f9.jpg HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-cfd4\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53204,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 438x321, components 3","md5":"44d0a833e839bf8a04e7e9ca60e644d8","sha1":"f9c2ec623bc2924434bccaffe676afbc73522efd","sha256":"9ed33b3ef60ab652478e565c2c735c969c73c24b04b0b2da353c5c63d658d8d4","sha512":"9259088f1d5fae0cf0e5132c2753e5afd39b0cccf0ceab3dfd53fc65abe111dbebee3943e8384a16f91a3342302a0715b32a05c89218ced70b3ccc829244b833","ssdeep":"768:hAt60Szo76Fayur1sBD7YcnBxqsPFTClceYj9CKlEFHhyWa7jr2zm0z0U+HNFj6:+Mdzo2Er1svqUFTC9Y8iwKPrYm80XV6","tlshash":"7d33020c97d2b5435fc26f3a0289200e4e294736e0799abfc6d4563773eb9ca5b601a1","first_seen":"2024-09-28T07:23:58.421889Z","last_seen":"2026-04-03T20:29:52.89896Z","times_seen":432,"resource_available":false,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":785,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/mp4/middle1.mp4","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.859Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/mp4/middle1.mp4 HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 874835\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-d5953\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-range: bytes 0-874834/874835\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":874835,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"63f2aebfc6f4517ad435265dd79b4b96","sha1":"3b73daf67ed25d09906751b89ee1ccd7e82c2fac","sha256":"097ad3de9287bd12b9784bf853e8a5dd3044131a0787963e25a5708680764bf6","sha512":"e35d2ab4068a2c16a2350dd8aad9e36c205e971b67438bdb232f4018669311bb8369ea23b8f0c56f720d6df672ccf3a72481de068a80597386222a81a79c227b","ssdeep":"12288:dFpmeRihpggIu+zcw1BlBVEB+uwxLDs2GReQAyVxyx4ICKzJtfg63jvCAEGlcY5g:pxR2pggmzcIGB+LLDK09Oxyx4K7ZzaGi","tlshash":"1e15335113cd2fdef71f11ba5a1af6a3e562832c9e7ac398cb17548bec14a709c048e4","first_seen":"2025-01-28T12:57:32.326427Z","last_seen":"2026-04-03T20:29:52.877002Z","times_seen":448,"resource_available":false,"data":null}},"time_used":1968,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":664,"receive":1304,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/css/m4b-theme-next.css","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:37.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/css/m4b-theme-next.css HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/page.ba41593c.css\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 09 Oct 2025 08:35:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dc-a21a4\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":663972,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e817edf4bad066d527f51b74ded62f62","sha1":"926b56b042dc8940d5d6616d8e8838295f2acd3d","sha256":"9e84a93103073af1b3ecccb7d47e4a89b7d021d9d49f76020ff4de05af0fc43a","sha512":"1280b8bc2aebe8096c8db48e04d783ee306417c769c065c270f7108f1c46b9787f309e4bb244258b7f9f7d3beef0874f199852ceae9dd38258093072445b993b","ssdeep":"3072:+atahXmpVD0f23RDe/TO1VHYPYjZX/J0BGKS+9CAmSBjjKdN/Yfo7p/uPDmNFvIN:+aAv7RZ3+7Dt4tOJ78","tlshash":"1be41015a679103a2537812bb883facd23177601dd23bb7efa471dc54e88d9a4723f26","first_seen":"2023-10-13T14:12:35Z","last_seen":"2026-04-03T20:29:52.893548Z","times_seen":438,"resource_available":false,"data":null}},"time_used":818,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":818,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/font/TikTokDisplayFont-Semibold.woff2","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/font/TikTokDisplayFont-Semibold.woff2 HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/main.27b52715.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 58168\r\nlast-modified: Thu, 09 Oct 2025 08:35:41 GMT\r\netag: \"68e773dd-e338\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":58168,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 58168, version 1.0","md5":"55f2c9805182923c1a5edae252e5cae8","sha1":"120cda3dcad468684c73d66542cb8ba3468d00c7","sha256":"7bb86babddfad0c41562c6776e3f695b0dc8590e27e28429a9b895d1383bf82a","sha512":"c7e99000959b5021413ed1935d78ce2da51f7df02f6e86c1950e7463a71e9d2f01fde9df208fc60ca5598c1e41c1b928ce8ee5e429c7983030e84e9aa308d09b","ssdeep":"1536:dW84J4LNbBr/XXp+ORHoMXAIuSw7MNl2WjUcE/P2d8:pY4LN1pNRH9XdWMCiUcEX3","tlshash":"28430245a794400875ebd47f2fd3af877fd5322b4a821d1fe682c60f494ad5248ba4e2","first_seen":"2023-06-28T16:11:31Z","last_seen":"2026-04-03T20:29:52.907637Z","times_seen":2953,"resource_available":false,"data":null}},"time_used":454,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":431,"receive":16,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/shopHolder.png","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/shopHolder.png HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 197265\r\naccept-ranges: bytes\r\ncontent-md5: wlhsASDBfawYQKzg1MOXpQ==\r\netag: \"c2586c0120c17dac1840ace0d4c397a5\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_MISS\r\nx-tos-request-id: 564ea0ca5608ca5f68ca5608-ade5a95\r\nx-tos-response-time: Wed, 17 Sep 2025 06:32:40 GMT\r\nx-request-ip: fdbd:dc61:b:277::12\r\nx-response-cinfo: fdbd:dc61:b:277::12\r\nx-response-cache: miss\r\nx-tt-trace-host: 0196ba2b50e2ceb1fe2146f024ed5efe38bf0bd1503e20f57744d7eeff73444882bcc2e41f9029061791c66cee3446a771a76ab4c7b3f79319ad37881b3e57add5a034029f3e980731afce7a4c956aa384edc98fa19137017a087977850b22bfc15837627791a1875bfcea635fc6d9cc25\r\nx-tt-trace-id: 00-25091714324042E217F66C90429C4DE5-04452DC805339CAA-00\r\nserver: TLB\r\nx-tt-logid: 2025091714324042E217F66C90429C4DE5\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=109\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b730\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":197265,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 564 x 999, 8-bit colormap, non-interlaced","md5":"c2586c0120c17dac1840ace0d4c397a5","sha1":"bd0383f9f1176b9d005b22d0cb793d5b76b096d8","sha256":"4cf9c584174b0ee786aad0e4dd112f3c1c9cbea6415255fa65646bf343d12ed6","sha512":"f8e64f99775f9091f6ca35adb5c8eff42e0bb53b8afdf05dc31ceae5c68492cea6a74d1fc4b367c4e0d903ea6c3db8d29df29fa2fbeed8280d416550a21a8ca3","ssdeep":"3072:/0i7Ob1hznckX4bgdA9qKF/I511lPbc/nDGiBGyTcXCEBm+pd9B5dEynoW5y:X7ORP/dA1Fg51LPbc/nJUrBl9B5W","tlshash":"e1141211f632e558db2226cbedc6d84430676a0343577ea0d790d8fe259847e14caf6e","first_seen":"2025-01-28T12:57:32.242925Z","last_seen":"2026-04-03T20:29:52.905645Z","times_seen":561,"resource_available":false,"data":null}},"time_used":225,"timings":{"blocked":73,"dns":41,"connect":22,"send":0,"wait":21,"receive":5,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/bebdcec3159f43b7ab2f4d3f309ec517~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/bebdcec3159f43b7ab2f4d3f309ec517~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 946\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-3b2\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":946,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 4-bit colormap, non-interlaced","md5":"9b5a17c67cbc1549d6bdf73e2bdaa365","sha1":"ffa95311b78f38654ad36c9e8a3f9a4509b8a9f8","sha256":"f59595016494e5ae8575a4cb710acb88f000355de381a1d7b0df5a3449c041bb","sha512":"42b55b8293c33a9c4126f470ada83ec6fc4a61e8d8bba8e633559e82513f6b893c0da7cfb492745ca204b74325a97cfa8016fa49a116c4a4b7b643ed1a652573","ssdeep":"","tlshash":"c31194b77c002e645f5e6abac049907cd41871a97ec652168227d42276b4b809542b2a","first_seen":"2025-01-28T12:57:32.302913Z","last_seen":"2026-04-03T20:29:52.911007Z","times_seen":546,"resource_available":false,"data":null}},"time_used":1643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":803,"receive":840,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/visit-02.d211abb5.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/visit-02.d211abb5.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-4e807\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":321543,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 610 x 321, 8-bit/color RGBA, non-interlaced","md5":"202f946af20d883eaaffe1c7f47e2ac2","sha1":"d23a5455b76352a335107aaecc9ec5559641134a","sha256":"fde027f551a7f7687afc3d1df0dafb1d5b9e3bb9d2666668c6f1ba86dc547044","sha512":"4a361afd46128d5e5e60836365178e7dce05e52bb21a2a4c2f50e7572c281beb65b11b60998a28b54313ccec93748d36ba5ac4dcae5078155e620674282d2693","ssdeep":"6144:ACmuWIEF1dpTiIYW6d0cGi4EW+rc9AjSZl6IKEi96IxcZNFGHglQh/4sy:NmKxIf6d0WQF9A2ZcFEw6BYglmy","tlshash":"3c6423f86bebcf825d91c52ac9c5bea86d4f477c8c36256c7d616d60cde1980288cdd0","first_seen":"2025-01-28T12:57:32.346892Z","last_seen":"2026-04-03T20:29:52.868935Z","times_seen":408,"resource_available":false,"data":null}},"time_used":781,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":781,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/StatisticNumber/2.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/StatisticNumber/2.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: erv9UDZ3asmee91Z8Ocz0A==\r\netag: \"7abbfd5036776ac99e7bdd59f0e733d0\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: be5b91398f40b01568398f40-fdbdgdc61g18g177gg17\r\nx-tos-response-time: Fri, 30 May 2025 10:58:09 GMT\r\nx-request-ip: fdbd:dc61:7:149::23\r\nx-response-cinfo: fdbd:dc61:7:149::23\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 01c777f8d00428c0ef263014377b7f8cc5a03e85aa560c0186e34e9b0a37725fc42e016db07016bace0f99cd3a0f53a1b49b895efb2c77c471d1bb7b652daa0ace129283222dbb42e4fac9f45d51db0c8b20ce9885edd506b763998773fb51caf112dff34f205ef4fce76fe8de6fc9c598cb4ce309af22a6d241ec5f2c90b645a3\r\nx-tt-trace-id: 00-2505310901053A5FF392F057ECB6CA17-282640AFED608DCD-00\r\nserver: TLB\r\nx-tt-logid: 202505310901053A5FF392F057ECB6CA17\r\nx-parent-response-time: 4,23.61.206.68\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-127233/127234\r\ncontent-length: 127234\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=2\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b740\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":127234,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"7abbfd5036776ac99e7bdd59f0e733d0","sha1":"a7d1d7fd53c0c4b915629b030457df1bc95b2089","sha256":"2967fb76be6f7294c8e8f2967b389baa6778ba2cb7f6141dadcf996c92c6edff","sha512":"44ace5efe320457849c3551a7673218747545029462f06137417c9fa4100107f4d72f29413b8a264b24cd8547478fc85e1409a69a6efecfac14aa9c61460d3f7","ssdeep":"3072:SSV3L96dIRQMlSBNNMuuM6OGDK0dAzenBZwafQ:SSV3BlcVuM6rKcAzeYafQ","tlshash":"12c3f172a6c02937ec74733320ea62436745a064a0796bd77c9e8135cfb92eb5f92c94","first_seen":"2025-01-28T12:57:32.249392Z","last_seen":"2026-04-03T20:29:52.878249Z","times_seen":566,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/main.a0906336.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/main.a0906336.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-3576\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13686,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (13686), with no line terminators","md5":"34c65ea5f113504cce2d321b961ecdb9","sha1":"08452295b557781bdb2c040bfd8af380f3d0382e","sha256":"bf5826fc56e122bba36429ed692b35c5ca3502f1946adb91901a7eb86becbab4","sha512":"ce29cfa7520bd62e82f7ae4af90ecf259ecc2df46ff3a2378b1e76ad5b8061d9cb271c0cc70e0d193768aa7d914e7e5e9c533bfd83dd00b1e83a3213bd0ab781","ssdeep":"384:5Llw/fc/7T6EsqjFx7TsvirLWtY8x0r8X2iw+fq3coaQXgpJhA:5LO3c/7TsqBe68x0r8X2iwMq3cJi","tlshash":"76520cb6c04138bf2e8e0a84500e3ebaacad5ecf916d7570955c68ddb144af7bc0dac4","first_seen":"2024-09-28T07:23:58.371454Z","last_seen":"2026-04-03T20:29:52.888936Z","times_seen":564,"resource_available":true,"data":null}},"time_used":824,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":824,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/shoptab.png","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/shoptab.png HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 171745\r\naccept-ranges: bytes\r\ncontent-md5: NSGUpPbKJ+LOAt0oOQE7zg==\r\netag: \"352194a4f6ca27e2ce02dd2839013bce\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_MISS\r\nx-tos-request-id: 71da9db80d04ef6a68b80d04-fdbdgdc61g19g69gg12\r\nx-tos-response-time: Wed, 03 Sep 2025 09:40:24 GMT\r\nx-request-ip: fdbd:dc61:a:320::232\r\nx-response-cinfo: fdbd:dc61:a:320::232\r\nx-response-cache: miss\r\nx-tt-trace-host: 01d7e76d7235ee2fa37a45ad713c0bd42a5565469c0927e1d6284293341ec5ea91270817b64875288a5ca40a8e3da1e783efa8efde16e750ff32e9adc2304aa055d6639d32510bfa703f7a0f373fdffa72b8e34e95b43381ffbb47b0d0c8679f99c6105259e3ed4679e9c5972c928d7fb78030161b7500805ced709a503a91ef33\r\nx-tt-trace-id: 00-25090317402094E88467AC09C274AD17-21FF37E22F11EFDD-00\r\nserver: TLB\r\nx-tt-logid: 2025090317402094E88467AC09C274AD17\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=4397\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b737\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":171745,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 542 x 962, 8-bit colormap, non-interlaced","md5":"352194a4f6ca27e2ce02dd2839013bce","sha1":"d0eba6e3b449d805b79022de363dd0fc9c0f4bcd","sha256":"ecf350ce1e8df5d2827513c7969c3939af605da252e20179af6d3a9549700ea1","sha512":"46cc8929bf766ce1f320fbe5bac76830c1aefaed05e12a1296f1b3dfd1b050a5a5adf2fe5193b246a582047dea5ea947bcbd7b1241dae1b8164f09264c4147a1","ssdeep":"3072:vQ4SRDBViICeRHScdN4ufv1cc/bJJhOU3iqo+7kcU808upjQYG56mcNSAMRF9aa:vzSRD7/Cex9z4yOobPY8iqockn8lu9QF","tlshash":"0cf313a0e6c3b58675933eda4ece1e0b294674d1ad33ac61253b7a11054ce39b93ff02","first_seen":"2025-01-28T12:57:32.24007Z","last_seen":"2026-04-03T20:29:52.909616Z","times_seen":561,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":92,"dns":54,"connect":25,"send":0,"wait":16,"receive":4,"ssl":60},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/353.b3bb0bfa.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/353.b3bb0bfa.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-10d4e\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68942,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65466)","md5":"40ca993782cf703c4565c62dbb358437","sha1":"9388e191ad5335b498edf6570f6e8f9ab5fe4e51","sha256":"57fbb4da17f365666d1a6f3ef530e3cad7b3d5595d89e535d2ea496b5eae4220","sha512":"c60f0565f8d3deec75fb59da88a8c7e36cd9c0ef19e31843f32c4658bd10b0520fb9c552abdb24450198e08bf6621a4adaef28f0f3ec1da5c2884cfe6eea1cea","ssdeep":"768:nMKFAF4f+zJoh6lmNARMdJoJwayF2VjcWzEQL5ah0dFabqh8:MKFcRKJ8wzF2ha2j8","tlshash":"2e633ba8b2d1706187c312a1c22f830633375499554a8424f637d8ea2db5d2f76bbfbd","first_seen":"2024-09-28T07:23:58.368094Z","last_seen":"2026-04-03T20:29:52.870758Z","times_seen":450,"resource_available":true,"data":null}},"time_used":775,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":775,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-lodash.bf84b211.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/lib-lodash.bf84b211.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-17377\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":95095,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65459)","md5":"6be4803af01cf9e16ddf93fb04a1db72","sha1":"0487ddef043cdb2e15e9bf5c599134f35a166ce1","sha256":"853623d58dedcd9a5e536bef349e9ff83dded42d4b1dd2fbab7fe601bb28626e","sha512":"ca190dab6ce3f636419cb5d23cb65d4948126e212756d9f05e6dd2702b09689488b5059277b32ff31d7b1497205804278f77f2f996c4608544322aa3686f71a6","ssdeep":"1536:52fmxNB/M6lzihdLUVnCsmdaKWsq5l1frkn9c/pn4QJn9pyHX:vPadIVlKWHDeCpL9pM","tlshash":"f09393c9bad3f05943a77860402f040bf23e6e54a88e9594d262e4dcbcbc55ee177f1a","first_seen":"2024-09-28T07:23:58.446746Z","last_seen":"2026-04-03T20:29:52.93395Z","times_seen":570,"resource_available":true,"data":null}},"time_used":839,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":839,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/6faccd0453f640bb869575f3d7ed4aec~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/6faccd0453f640bb869575f3d7ed4aec~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-d14\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3348,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 193 x 192, 8-bit/color RGBA, non-interlaced","md5":"e5618045243b8fbb796589911deeb9dc","sha1":"751680b6488cb9b804721fee0e2492d1af3b05ab","sha256":"a8fef6e8fcbddd163928d82c0e34691964176f185da2dbf303f55d4d04d7a553","sha512":"a045f53472f124741386d773530810e4a6b0f408e87162ecb3b4a0ddb9114d8d234329e914a072968d7f5b74bbb9b0249cdb74fc035612b2015ea464f1a2eba8","ssdeep":"","tlshash":"11615ce30c23c152e9940db61d303988b5fd1ca95015352629152da66e7fe447eeea0f","first_seen":"2024-11-19T07:54:21.363854Z","last_seen":"2026-04-03T20:29:52.904933Z","times_seen":569,"resource_available":false,"data":null}},"time_used":814,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":814,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/mp4/TikTokShop_ZIP.mp4","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.089Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/mp4/TikTokShop_ZIP.mp4 HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=16678912-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 69943\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-ff9137\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-range: bytes 16678912-16748854/16748855\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":69943,"size_decoded":0,"mime_type":"video/mp4","magic":"data","md5":"4c21ad4bc599e3158818429abaf502de","sha1":"7f3e01f591b10cfb2b777cf4fccb80b7fc5b37dd","sha256":"6dcfb4038fc88528d285a286c9433ede75e30f51cad3788bb09ba560eec330f7","sha512":"5b695d6d3afffaf6ab8dc7f9c6f14f9fbea9759f96123ee8ed9a29e2c64c12787baa961f737ff02862aa67a2d2c26da8af57689bb7acce6ae18f910f32117705","ssdeep":"1536:3KuntZPiYJAqdCTDIq7VMSVGBwYuA17sNYJ9bc3:3NtEeaUyV+BTWNYJK3","tlshash":"6e63566c73af664be9262b34b9d243483b31d89ecb8b078f025643d7ad453d528cd6d8","first_seen":"2025-01-28T12:57:32.328008Z","last_seen":"2026-04-02T18:10:29.344232Z","times_seen":495,"resource_available":false,"data":null}},"time_used":868,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":818,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/css/460.c5f45fd5.css","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.708Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/css/460.c5f45fd5.css HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 09 Oct 2025 08:35:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dc-5a26\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":23078,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (23078), with no line terminators","md5":"665f97ccf3eae288c641d5f28496e67c","sha1":"207e6018d29bbb6f1d0f933f8962d0cc8c4d4959","sha256":"52155d7d6383239464eb3677e5dc3c995c39e5604eaa03fe11e7f0171a72d944","sha512":"4f5339cd35a310a8a7c44e3c58a509998cfcd9acf25b422c91ce40c5603f8255cf646c66736ab3b0c75e3344b35c5ecfc962ad52e0c11c207ce05f6d1c3919e0","ssdeep":"192:UT4czxWAeTJ/R2GEsiHYsf9GfvOvXHHVXJ/apgZf3SiA2lSUqQx5DoOcdVhbbDMH:UsrSrqyhN","tlshash":"54a29ba57571312b19be4b27b147e5cd2f8a7042ef93377ef84ac1c44a8a811d726f22","first_seen":"2024-09-28T07:23:58.361748Z","last_seen":"2026-04-03T20:29:52.901396Z","times_seen":457,"resource_available":false,"data":null}},"time_used":820,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":820,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/css/page.ba41593c.css","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/css/page.ba41593c.css HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 09 Oct 2025 08:35:41 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dd-e059\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57433,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (57433), with no line terminators","md5":"489c884f50c9d4b117510ff07c16e64e","sha1":"7be46ae246221e44865e61671f48625dde32b3e1","sha256":"e3a3c7849b47be876be1b719454f61bbc1badc58c7c3aac034cd475bcfafa384","sha512":"4b5f2cbe37905e0ac4bc5ad97580405d597033e1256d3bbc69f7b97482dd4d98ef744c7f14db4e580526f3fb4eb04c0eaa7aa64b01f50dccb23a08dd8dd166f0","ssdeep":"384:dWbBhAGvF1npV/3A9moLo/7ny7yPGRplfUVORCZmscE/B0iedMRtcwgCz9LYOdsv:mXYVsyliedMRtcw/zVPXFYE+v50jN05","tlshash":"ad43b4231b205038fe7b98bfa5916e5c7204e883f317dbfdd510956ec9ca29316b2b49","first_seen":"2025-01-28T12:59:16.223513Z","last_seen":"2026-04-03T20:29:52.865125Z","times_seen":437,"resource_available":false,"data":null}},"time_used":819,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":819,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/17b8bf40be3c44b0bcd3380b199e00ad~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.733Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/17b8bf40be3c44b0bcd3380b199e00ad~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 559\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-22f\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":559,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 4-bit colormap, non-interlaced","md5":"ad413d184d2d837f3de3f231eb738a17","sha1":"2ce2bb20c12b80be65eb4a929a957b1804bdf683","sha256":"ef5aff34c4eb288eba1456bd8e63a602575cdab9852624f6589e51c04cc47152","sha512":"1393f700c04e16e365193fe11d72f8ac8049ef38714a30c6436465977d28aec10b171a8bff2ee1a799a32a00c7fe863712723d6e46a98bb4f7dea4e591c97450","ssdeep":"","tlshash":"87f0e1c399a45db1ce86d42e62536c42ad057d192229fa4da98451be0d00b507941612","first_seen":"2025-01-28T12:57:32.333175Z","last_seen":"2026-04-03T20:29:52.880249Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1642,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":802,"receive":840,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/0c5502edac234b618ed6e62b05b5f10f~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/0c5502edac234b618ed6e62b05b5f10f~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 612\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-264\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":612,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 73, 8-bit colormap, non-interlaced","md5":"787cdadce91e400d58d06fdf40160cd1","sha1":"e18711ca5c640f76b4fe795c7834cad949c97807","sha256":"c9416ab2a8148313996a4f260967f3fbf4dbd1a9a014f34800e12dbf20fcc15f","sha512":"d19d1c89f5c00d54804582d2a3f46ef4bebee0d4b6055cad736badc61cb2e26ee0784c1296856d69c5160a6b44a36fdaafe97f2f236043afe5f94573421d003c","ssdeep":"","tlshash":"8df062a0539d4c94ead6ff63993ed842db202ed8473291d9897803274933198ea44080","first_seen":"2025-01-28T12:57:32.344055Z","last_seen":"2026-04-03T20:29:52.927401Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":798,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/722b4f46c714450d82e448284e9d69ba~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.739Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/722b4f46c714450d82e448284e9d69ba~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-6b4a1\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":439457,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 1196, 8-bit colormap, non-interlaced","md5":"1cb7dd76c6dfc09109b9e00f76cc3a03","sha1":"d9b0c28bfff070106318974c63fdc1ee0313e904","sha256":"a116611841af34cbb4daf8bb4111a43856ac09a3fcbd5c38402b0478d3d686cb","sha512":"d6c8de4e46162847edd03879827248de84302bb8963a61425a8045a67a1e80bbcd59f50e9bab99b8282c0101aced755df350e167e03f1af9f8d6a48e6e8b3505","ssdeep":"12288:RKWk1FCn0K6zzgBUID5S42iStRuCkMoKc5/ua0z77:RKH1e0K6zz/Z42iS7u750aa7","tlshash":"dd94232de656ad5709bd6a01cbf83d3562c0b9cc79f377d07867143a8630286889ef1e","first_seen":"2025-01-28T12:59:16.214175Z","last_seen":"2026-04-03T20:29:52.906352Z","times_seen":404,"resource_available":false,"data":null}},"time_used":483,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":483,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/StoreHolder.png","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/StoreHolder.png HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 102773\r\naccept-ranges: bytes\r\ncontent-md5: I4MjopdhVv/6tvrEVI3PeQ==\r\netag: \"238323a2976156fffab6fac4548dcf79\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: e8a7b0b9f036d13a68b9f036-ad9155c\r\nx-tos-response-time: Thu, 04 Sep 2025 20:02:03 GMT\r\nx-request-ip: fdbd:dc61:14:355::159\r\nx-response-cinfo: fdbd:dc61:14:355::159\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 010150c077f5839320538e627f782587e33ccb486068edadecf6a5c5831fcd53eba027ce51f73e2cb33f95b995b0d546557ba4622b9af6eed8a15a976c756291c8f95f87a87630375c15bed8a515ead3e5fa612f4f1a4424955b2b21acc00418438d01962e8f48e112e5c5bde1f1ba22b781877485706a7de2b80f9d515c6d1d88\r\nx-tt-trace-id: 00-250905131516AA3B8DE2D65654F2EB35-23545931852873F9-00\r\nserver: TLB\r\nx-tt-logid: 20250905131516AA3B8DE2D65654F2EB35\r\nx-parent-response-time: 16,184.27.176.60\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b736\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":102773,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 565 x 999, 8-bit colormap, non-interlaced","md5":"238323a2976156fffab6fac4548dcf79","sha1":"665f5fd40ba423b018fb111f043f400854547e57","sha256":"d10436c67c7206ef5e2db1dfddeb770e74cd2a722e6be5eced08d5ad0a18627b","sha512":"133a1892e6290f6c5b8674267abdfab8a85dd450c8c789c76fc3a066b84a063945d76468afc8016605c4a34658b3c2c47787213bc0cc15fd4983cb8606fc9c1e","ssdeep":"3072:HJoNQIYvYo5CbDG+tEmgGUs9m3fx9XTjZL:HJcpeYo5CG+6mgGUvfx1N","tlshash":"8ea312add503c87284f616e5dede1df6e87487ae0ca50178ce652909cf05bafd122a0c","first_seen":"2025-01-28T12:57:32.241453Z","last_seen":"2026-04-03T20:29:52.894943Z","times_seen":561,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":92,"dns":41,"connect":22,"send":0,"wait":12,"receive":4,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/visit-01.32224451.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/visit-01.32224451.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-4f31b\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":324379,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 610 x 320, 8-bit/color RGBA, non-interlaced","md5":"98b6cd8b9eadc53c791fa64788c006d2","sha1":"bb6540a644702a1fc998ca5d2a464c5283f2a3c5","sha256":"dd4426eb22228e901ffda60361ee621617f03591bc3f7b039ab34b916de79c63","sha512":"72c84adc30f16becc4d2cc5b2a0d35412afa3c8c1f5188e94e321816d2440eaf8404ca58f13543fb000f3ecf5179437ed14cd6109b0dbb07a8534b0823d1868c","ssdeep":"6144:4zAfIbI0LB9yXvNedALFd88o7axQSZ//4XrPpFU33fbyDb/Kqp5nv:4zAfet2vkwVHqSZ//EFo3DyDuCnv","tlshash":"336423c12756d126bf65ec4685ae02e4dbc07f5e8c973a243b6eed451862bc6313c3b8","first_seen":"2025-01-28T12:57:32.345347Z","last_seen":"2026-04-03T20:29:52.936064Z","times_seen":405,"resource_available":false,"data":null}},"time_used":782,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":782,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/left.bc194b75.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.749Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/left.bc194b75.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/page.ba41593c.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-410a\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16650,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 525 x 1917, 8-bit/color RGBA, non-interlaced","md5":"fac8a0b06e1d83854e096bc4444a7760","sha1":"62ca959aeff46d3a794302735680e5e97158a57a","sha256":"f54c7e25582877b67d0c8d56d6b570f0f4cac13189658ee794f350a9d42ee6f5","sha512":"f6d06524f7d7e0619a92c9d714f24fc6d9069cdd57e83f048b0ddb78939c664705b9f868190eb4195897dfc65f9029f134f8a4da00b9971d8d9243e8622bd41e","ssdeep":"384:OrCqcDGElkDMubY8KIoqLT3s4opTCeP2xQFZf:aCdKvTKW30p+AFN","tlshash":"2a729f51cdcfba9e481759e04a030041f49e07ccda8b49f578bf95ed929cf3592aaa23","first_seen":"2024-09-28T07:23:58.471372Z","last_seen":"2026-04-03T20:29:52.856958Z","times_seen":416,"resource_available":false,"data":null}},"time_used":470,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":470,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/lib-arco.afd3802c.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/lib-arco.afd3802c.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-481c8\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":295368,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"66296ae08db9dce0b0ec23e84f1cfa82","sha1":"bbfb60f99fc2b9d2cd418c0ef49790688f83d47b","sha256":"4167eb82e602d4d57bf9d4c41cfd52696be67c0e53cf870b1a48ddbe76847cb5","sha512":"78f0bb30c14c0471032453920e4dce8674bad7f260839843e3892e659e9bf04528767e6eeb6d506535cee8af6595546886318bb95369f8787ad21512749cd373","ssdeep":"3072:IgXb9MtoaJJAtDW6Wu8HI83tcWJpaWJA9H2LvVbEmpNkcsQREkjFNdIw0XhJsBk:e337JpaWJA9H2LvVbn9sQREkuw8ek","tlshash":"13542dd87254b0a593fb41b6803f180ef33b361cb8398d50e2b5e8d474a5649a52bfbd","first_seen":"2024-09-28T07:23:58.35934Z","last_seen":"2026-04-03T20:29:52.864471Z","times_seen":569,"resource_available":true,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/8c632fa730e34f81bb4a908ee6807cd5~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/8c632fa730e34f81bb4a908ee6807cd5~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 406\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-196\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":406,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit colormap, non-interlaced","md5":"b2f9cbb07b90d07586627181be3756b9","sha1":"d43dba33f975d7d95fa59a78a0a6588eb7c84dd7","sha256":"df70ec6b935ff6bd0b90d340f5426231b18f4889dd6790843f343f1b12c2f469","sha512":"ef67be28c2d660ec6f0eb6212eeb8fff6b0e5eb266ef0ac1e302ce6de7008c7fa5245c9623785c484c4ffe9f3536cac1a83ac52b1da43da71a7d0adba2b76e78","ssdeep":"","tlshash":"42e0f1805d3d38b8e150f2559122a051ced184055333500670a1c73b977031fc7f2b43","first_seen":"2025-01-28T12:57:32.335956Z","last_seen":"2026-04-03T20:29:52.880913Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1640,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":801,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/9c79b779702f4e96af8f1d2bbb1c47c6~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/9c79b779702f4e96af8f1d2bbb1c47c6~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 598\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-256\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":598,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit colormap, non-interlaced","md5":"2f0d684c1acfea1c6e380765cab8bb9b","sha1":"27e0a5b5fbefcaf7064d4f8996eb997febdbec1f","sha256":"3c0d5ea156d6af6153a61ed19dd4c915517f564ecae39f0f3cfb53c3d6390cc0","sha512":"bc730f289fe15835772da55528cd537ff64ec967a1805d4589585a3b5329c955b857a9467ee824c45b51b78a0ad8a9f4151d7a81cd6616a18ce27993a3ceb670","ssdeep":"","tlshash":"f4f002e702ea3739ecd1c66291026e05d9914015418abc52e9528e348b4b6015cc8a17","first_seen":"2025-01-28T12:57:32.337223Z","last_seen":"2026-04-03T20:29:52.911677Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":800,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/9d3d3c5a288247cf900aac88d12baf2c~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.742Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/9d3d3c5a288247cf900aac88d12baf2c~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 594\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-252\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":594,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit colormap, non-interlaced","md5":"84a334e88a8beb0ded80a27b89bfc7af","sha1":"22319e9f4c9dc4c46a58368f3f0bc8154b8bcba4","sha256":"50aa1db69c11e45c55dfb2af7121195dbb1e0b6d9fa17bb554a196926964ade9","sha512":"909dace141521b9ec91aceb893809c48b53465107c203df3fc53a45ef349bba5c5a56114cb04217c09811487197dc9980876a56ad7a97a2ba1021991fd849e6f","ssdeep":"","tlshash":"8df04786c30879bbd94b4cd6641f7452481d792d1b07bb071066c03ad6535244afc85b","first_seen":"2025-01-28T12:57:32.338301Z","last_seen":"2026-04-03T20:29:52.91288Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1638,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":799,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/56d69359ef89467b8be62549da916564~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.745Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/56d69359ef89467b8be62549da916564~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 569\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-239\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":569,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 73, 4-bit colormap, non-interlaced","md5":"ae1bb7c7eb0b2982d7dedea83c110ec9","sha1":"9f87b2550f1fc205d9a845b0d64ac86aa2fc1c16","sha256":"e2555dc887ee8df98c0aaef6c32c70a9bd2a16837bf88fd0386c35ce9429d3ef","sha512":"80e0bee64bf6d5ad902f4eee408658ebf86a5782b99519ce0cbe4dc19b66418c4bcd8f9021298dbd37336a38c2a2413fbe54a390bbd6606780e2028a78a25397","ssdeep":"","tlshash":"44f020cbad5c3924ccae269802cf4d2adcaf6d48560c106e24575a3d5951302f1f79f7","first_seen":"2025-01-28T12:57:32.342766Z","last_seen":"2026-04-03T20:29:52.88762Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":798,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"p16-oec-sg.ibyteimg.com/tos-alisg-i-aphluv4xwc-sg/876feebbbebd4e1290264d966eac158e~tplv-aphluv4xwc-origin-image.image","fqdn":"p16-oec-sg.ibyteimg.com","domain":"ibyteimg.com","tld":"com"},"ip":{"addr":"23.36.77.107","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.747Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.ibyteimg.com","organization":""},"issuer":{"commonName":"RapidSSL TLS ECC CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 16 Jun 2025 00:00:00 GMT","end":"Mon, 15 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:68:99:F7:11:99:E1:26:F3:58:F7:0B:38:2A:AB:E3:3F:B4:0D:35","sha256":"D3:AF:19:C8:00:FA:B8:E5:1E:07:1A:6F:74:F5:09:8A:4E:E6:B2:B7:A7:F8:D8:4F:93:13:86:CC:93:89:0F:AF"}}},"request":{"raw":"GET /tos-alisg-i-aphluv4xwc-sg/876feebbbebd4e1290264d966eac158e~tplv-aphluv4xwc-origin-image.image HTTP/1.1\r\nHost: p16-oec-sg.ibyteimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 4171\r\nimagex-fmt: png2png\r\nlast-modified: Wed, 26 Feb 2025 12:56:34 GMT\r\nnw-session-id: 20250226125632EF066CC299E3131103E0dw6m713df\r\nnw-session-trace: 2025-02-26T12:56:34.043817638Z 95\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-length: 4171\r\nx-powered-by: ImageX\r\nx-response-date: Wed, 26 Feb 2025 12:56:34 GMT\r\nx-tt-logid: 20250226125632EF066CC299E3131103E0\r\nx-request-ip: fdbd:dc53:3:771::15\r\nx-response-cinfo: fdbd:dc53:3:771::15\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 01ac25ae6d475fbf6414a8751bb8e73313a01127db7ab67dda32d60e2b9e9e0a8fe5dd2e1fa112e38555c07e8de7f672ec76ac40e07bdebf8a36c4f89e4d34cc00869b60e4ae98d62090a721128bc8a1a75356734e000863fd7050c376afc6ddccf994211c40b5da33819ce6ad55bd6524\r\nx-tt-trace-id: 00-2502261326123E15EE17E010DF04FD53-2340F90046B8D5DD-00\r\nserver: TLB\r\nx-origin-response-time: 75,23.205.82.22\r\ncache-control: max-age=30714933\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_MEM_HIT from a23-36-77-44.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=1\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: a47ad74\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4171,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 440 x 440, 8-bit colormap, non-interlaced","md5":"abe0088d07fc512411dba1d0bf7e2ee5","sha1":"5872102d04cc79112f0675bd5408fc617c5a69df","sha256":"a357c0909db08ce5e90199620704c113ec5d2ad2907d9dafe54753736694558f","sha512":"b7e753c422c99cfe765e2cac85976539e94d52cff60239be3c2eeb33dafafd7ca547a63bd6e3fc3b1b58ae72d96a083498e6af285e04b39fed944b39c8ba5178","ssdeep":"96:a5TZxwxQ+AY1DDKnLVbyqyUHAM54CusQsen+ce/8w9YLTyie2ZePS6ZB:a5dxw3ObIUBKSenjeEw9UyTxL","tlshash":"c781a0b3414a9711fe31bb7d2276089ea1e0d774e8067a47b0a0d51f39efc146800911","first_seen":"2025-01-28T12:57:32.261729Z","last_seen":"2026-04-03T20:29:52.89786Z","times_seen":560,"resource_available":false,"data":null}},"time_used":346,"timings":{"blocked":140,"dns":81,"connect":4,"send":0,"wait":2,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/00d8a2c4d1184e4eb8ec84d0a48002d4~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/00d8a2c4d1184e4eb8ec84d0a48002d4~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-aaceb\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":699627,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1884 x 669, 8-bit/color RGBA, non-interlaced","md5":"8fe0196baa410746184c815006ff3209","sha1":"fe76276aea1b239a8fc25b6d2c84e53bb188f8f7","sha256":"bcb6470dc2547ca2f687a63d7b4a031309860803faa8d9d08988b5ea0e34faf1","sha512":"01020cd816242d689a0e63d04f2fa3e547bf1890068620200f9f83bf32eb4a41ee4b2049f289b88bbe86b3ba1331a34e56e9cc41f5e42566b8b2570cf23142e9","ssdeep":"12288:YZSFNPxl8fo0xbHLRIGCLUNpDF0t61XtJAa2M1WLAV3VOSABA6IRo5aYwvoPz0:IVdHLRIGv3Fj1rPKLkOSABMUaYwv00","tlshash":"15e4238cda1fdd0b39e0a6e408f304eb159958265c2e4ce43705b29a3473fa727ee59d","first_seen":"2025-01-28T12:57:32.354136Z","last_seen":"2026-04-03T20:29:52.903445Z","times_seen":387,"resource_available":false,"data":null}},"time_used":789,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":789,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/join-today-01.68be19e6.jpg","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/join-today-01.68be19e6.jpg HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-1054f\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":66895,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 438x321, components 3","md5":"8e8ec4f270c8812c24cbbd2dde8cd200","sha1":"52d98dbf4e3b89af65c26c8785fe4d0783d7d6d8","sha256":"d6f9464e1df31547f233635b429b5e16b082da50175447c3a17f69aff5a57831","sha512":"09a6b936f7bf936eae91d3a28fa85a4175fc337a0b3c05fa8bddcfd0c2a16b807d567fa3490fa873ea118d36479f9ade36af0a25c326a0123bd73222302cebf9","ssdeep":"1536:mCUc1Iy/Jb+uHxgyX76gl2/Ai4wGQ9oTJxnWjE4JKcJ1QUyv8:mdc1h+uRggo/Adw0POE4/aU","tlshash":"92631240cb04a7e40d91ed79c01ecfd426e4d80b27fa5aa95b227aee0f612f495b07f5","first_seen":"2024-09-28T07:23:58.415942Z","last_seen":"2026-04-03T20:29:52.92326Z","times_seen":422,"resource_available":false,"data":null}},"time_used":786,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":786,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/css/lib-arco.a6d75600.css","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/css/lib-arco.a6d75600.css HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 09 Oct 2025 08:35:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dc-12b429\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1225769,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65480)","md5":"f26fe4514a67ea9dba1b2bbca58944cd","sha1":"2e9f92da2f22267cc0fcdb8ab0f479d29e8aa373","sha256":"2a2df513b8f079699862bfbecc4505ad1bb80539c7a730f1ccab06a380017059","sha512":"b76b33a1e7d2d1117b6e1a476949a9f5a1ff1833a1eaadc8cc52a208adf60ade8e43b4f88c80b9972a2b31e7df12b3b1f283f8eada88fa9ccd64e3c979189d93","ssdeep":"12288:q1NO9E/f/p4h8CuCGZNT0OPTvM6TwCOB3s:q1IE/f/p4h8CuCGZNT0OPTv7wCOa","tlshash":"8a2530156e75102a2537812bb886e9cd23027671dd23af7ef6431d848e88ff64772f26","first_seen":"2025-07-26T16:59:32.407472Z","last_seen":"2026-04-03T20:29:52.934798Z","times_seen":252,"resource_available":false,"data":null}},"time_used":823,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":823,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/liveHolder.png","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/liveHolder.png HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 219736\r\naccept-ranges: bytes\r\ncontent-md5: aFOxPncKLdEWqCLCJ6fDuw==\r\netag: \"6853b13e770a2dd116a822c227a7c3bb\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: a1187f3a1f2cef02683a1f2c-abf38c5\r\nx-tos-response-time: Fri, 30 May 2025 21:12:12 GMT\r\nx-request-ip: fdbd:dc61:10:253::21\r\nx-response-cinfo: fdbd:dc61:10:253::21\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 01dff37b3e340e71996c157643bb6bf7a179ed39413394888ed760d098bfb84bbeef1e2ab64c2a644de0602f40e01902720854da5c330a43b05c57adee85304abc52e888c9ff77080aab75d20e9dd14c73a9be76a91174dd413ac4d880b9738f76dfe3202ee6c85da21162d662c81094be\r\nx-tt-trace-id: 00-250531023441CE2AE30A67E4FDA58594-523D34AA9794281B-00\r\nserver: TLB\r\nx-tt-logid: 20250531023441CE2AE30A67E4FDA58594\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=2\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b724\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":219736,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 565 x 999, 8-bit colormap, non-interlaced","md5":"6853b13e770a2dd116a822c227a7c3bb","sha1":"a9d56bb607687e8649f3b35cea83420f191bf809","sha256":"97a8f62035393e92e48c8a2fb0c5e2891cdef960c530f07521c7f9ba2692d328","sha512":"09fe5a048dc9b3bc7c51af2cd30b62a3227871cc93d5e80352b6a6241ca3c89ecc975c0875aa7c5e5db299092d828b54c0acd22799c1cdb0676520e122870b56","ssdeep":"3072:2Z6Q9AkPO76gJiKAmgPaTsWfoAOQNkDel6BP4i1sqKMwcwYJAoBgBnWN3vVCAxEi:fQPGbPgPaTtxN8OesqaYeBWNN/Ocf","tlshash":"e924226688cb9ef9e57356f3944eb63de53f0f2710a5d170a6820091ced3b19ba6074c","first_seen":"2025-01-28T12:57:32.246085Z","last_seen":"2026-04-03T20:29:52.908916Z","times_seen":561,"resource_available":false,"data":null}},"time_used":172,"timings":{"blocked":33,"dns":44,"connect":7,"send":0,"wait":36,"receive":18,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/419284e9cb3b4a49a0a8282c9f8a1653~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.741Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/419284e9cb3b4a49a0a8282c9f8a1653~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 705\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-2c1\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":705,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit colormap, non-interlaced","md5":"380844e00913d50eabeb7fd934f9d04c","sha1":"b9c2ebdcc308d53f86c3d1e029c1efa3c34f6719","sha256":"8c744b1a722552f953214e1568234c53c795aee80ef5f906778b238cb1eea1eb","sha512":"09a2a9c36bf58fe63cd2c09be2595a3a73b1079bba3ce10a9f83c75c17c5f5354418cd2f1c9307367baf465d2e3113ca63c87db6f93a07442b6a37d601309037","ssdeep":"","tlshash":"d701949ad67290b5eaf2b02e404480b18622f70e20606163c02bc77b327918781c0d0c","first_seen":"2025-01-28T12:57:32.339976Z","last_seen":"2026-04-03T20:29:52.859289Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1639,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":800,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/4148bf8dfe814b0d88cf4cb24db9c2b9~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/4148bf8dfe814b0d88cf4cb24db9c2b9~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-a0685\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":657029,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1884 x 669, 8-bit/color RGBA, non-interlaced","md5":"05ec86713138a60c819b2e276ee9a775","sha1":"0300aca3c738e8c863b92f00fb898dcc9d675411","sha256":"c5d53db5a9ee1078e847c85ecc88f8c9b769a055e80cb248cbc3a1e7d9623b73","sha512":"75bbbeded1368ecc37e5ff1444e535a2352fde1d8ef564d5cd0c9c68de9cc028dde6a45f7b8d709c8eb71904e6b00c57f36fd210919846708f763142a55ebbf1","ssdeep":"12288:cC0xbcPb8AmmOAloSGy3QuMi78ixS9jugH+YEC+q8uJN1O1E1:3pP1FOAoSGy3JVnU9jugVx8gQ0","tlshash":"6ed4230213fe49f8761974b58e793ccf57aac2d16f67c935e326ea342818ad1181ccad","first_seen":"2023-10-13T14:12:36Z","last_seen":"2026-04-03T20:29:52.922412Z","times_seen":406,"resource_available":false,"data":null}},"time_used":793,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":793,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/page.b98cfe07.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.766Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/page.b98cfe07.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-10a8e\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":68238,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"556172faab67882f868c136a19b1d1be","sha1":"68c7fa1df42814f7e785ec7952514493c826b8f4","sha256":"664e0b0fa581291f2eb5b29930da01e2524b943bc43a676a81e27a62fb32325e","sha512":"e53ddc5760d997822dddb7d35d495bbe8d20e3cc175b101345db98cfd905add2a44b9bc0f72fff1c1e8b840cc572374155e7f6b82949e9ef23cb40b419c99ed1","ssdeep":"1536:yo+ucihfhcvq3ZdrY/sw+/SAx79ZR3y7i2k9:t+KTrEswq/Z5ym2k9","tlshash":"e4630a52f461ada8f67749c4913f880ce61a3a0bd64484a8fdbc7d091649293f13bfde","first_seen":"2025-01-28T12:57:32.2988Z","last_seen":"2026-04-03T20:29:52.891994Z","times_seen":433,"resource_available":true,"data":null}},"time_used":772,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":772,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/StatisticNumber/3.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/StatisticNumber/3.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: 4H1t79Mq04BMA1tgc3uvQw==\r\netag: \"e07d6defd32ad3804c035b60737baf43\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: 625d203908ec209a683908ec-a362d28\r\nx-tos-response-time: Fri, 30 May 2025 01:25:05 GMT\r\nx-request-ip: fdbd:dc61:5:308::66\r\nx-response-cinfo: fdbd:dc61:5:308::66\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 019c3d20f855fa773934976d96ab061657313d5acc0e2835840844ec69567424e8fea77e4dd42edc9d55013c664c912c63ac28999e3abfbebc7bc0586b403474f207e1f3759e29575636aa67a54831eaee1e77405b149afae7505423dd2b3d4a859ada79a3b20f3f411f4357c3709dcd98\r\nx-tt-trace-id: 00-250530060004E5078BEFAA71F13BEFE7-6D0765830273E575-00\r\nserver: TLB\r\nx-tt-logid: 20250530060004E5078BEFAA71F13BEFE7\r\nx-parent-response-time: 13,184.27.176.7\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-186491/186492\r\ncontent-length: 186492\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=1\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b743\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":186492,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"e07d6defd32ad3804c035b60737baf43","sha1":"250d3a10c49077d62f168b0ce1d7b0d3f2653205","sha256":"077f3502a396fadd98a2daf1500b6d4a0788ed88d82cd0e3f3f503c078408590","sha512":"4f974d0324951f687a5ca7998033da50b70096220e7e809934149c103685843104163173e9b7551ad405e1515c03ce5b1cdafdea54ed8b3d183a3dc26b957772","ssdeep":"3072:t6qvF+fdgX2GwFo3X9oxNrEduhECunrw2c1MjH7a8R95TMlLfoYNAnVw+:gqNrf+xNr+w2coH7Fn7","tlshash":"6604f1f663e5297efd79bfb349f050832a07daa192b80bc7bd9d24404fa16950f01d98","first_seen":"2025-01-28T12:57:32.252897Z","last_seen":"2026-04-03T20:29:52.936825Z","times_seen":566,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/new_us_uk.98539e94.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/new_us_uk.98539e94.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/page.ba41593c.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-3a75\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14965,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2880 x 1440, 8-bit colormap, non-interlaced","md5":"09c951a9a3ee0b02ca1bf96e5c30a42b","sha1":"6366185edd5e1333e5317e35af33210ebb86d44c","sha256":"448aa3ce157df2a60586592f519776c981234ca87459d7b5f0a5ad8e4cc850f8","sha512":"06532941b8ece80a40a33b53488191f2cadbc8d4bee39fee0df6a2be092395ed25bd82e5f22e3d4e48bd73634dd3b7204aac5da98cb0131881174e51be780c70","ssdeep":"384:Pt6ssDaxp1yn+kVKcDR0zFiSayM98iRJnMJ/aFrHkuMe9MG:c5Gp1jyVoiSaydibglG","tlshash":"55628d3e045529378ce86f8f29f872f47cbc46bba495910588861b7768fbcd93235807","first_seen":"2025-01-28T12:57:32.308851Z","last_seen":"2026-04-03T20:29:52.937554Z","times_seen":428,"resource_available":false,"data":null}},"time_used":490,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":490,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/c66126ce696f4672af7d698e0f3d61cb~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/c66126ce696f4672af7d698e0f3d61cb~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-114e\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4430,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 193 x 192, 8-bit/color RGBA, non-interlaced","md5":"6acc5ea63480977112e33d4e21c4cbef","sha1":"692bbadde81ff9b82b0343fa4c05dc82ad076cdd","sha256":"ea7e56e5af17e18a1e12e514e32a3ef40928d522aeb031f1388c2d9d7796f515","sha512":"2fc39f0266ca57bec9808ca8e074c3fe6e823422ad950d896e4b66df066ca5dc80ed991796bee82acd0388a206fc470404c4068a82776f6406872bb3e1878ea2","ssdeep":"96:17vXZylQIxi/7YSvkYjYBQi1E3z5Opfgqgz3q85dze:1LXolQIxizsYp9+fgqR8DC","tlshash":"2c919ebc27ed8f93c30cc2fa4a17a722c4a06437e20ba190c6fd9340ebb6166416538c","first_seen":"2024-08-19T16:11:10.099083Z","last_seen":"2026-04-03T20:29:52.926595Z","times_seen":575,"resource_available":false,"data":null}},"time_used":816,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":816,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/8ea836f9a8c44e2693e28007382e504a~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/8ea836f9a8c44e2693e28007382e504a~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-124f\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4687,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 193 x 192, 8-bit/color RGBA, non-interlaced","md5":"3cfe19ee2948dc3d801afc4b6c25339f","sha1":"1e908d24b3bb21908191a504c74ee0be3e3a4d2c","sha256":"e71399ca790a567d6f46af5c957a8a4fbd3631a19f9d7c527cc82e57a4048cfe","sha512":"5632e7dff15dfc0b4f46526316d8ae3c432186f1d93c09ca3705c119eee3403fff465bd928c4858de2c8df0ab25588ba8072ca07f91b54b7d5c373292676d2b3","ssdeep":"96:BGTOMOPApcEyL+sCKjU1gjfe/2dYwZveG9evGEHK1:wT2YpcVdbc2dYwZveKetq1","tlshash":"aba18ef8b661c7fdb42d39b13a922c4bf51914c709e88f0eda4e4d5c908bd08d537682","first_seen":"2024-08-19T16:11:10.100895Z","last_seen":"2026-04-03T20:29:52.88963Z","times_seen":577,"resource_available":false,"data":null}},"time_used":816,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":816,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/4202b536750c4d449cce93685d24f50d~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/4202b536750c4d449cce93685d24f50d~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 591\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-24f\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":591,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 4-bit colormap, non-interlaced","md5":"f29ec15e3d82a755e8bde79c5e6d1b43","sha1":"634f499e156acf22a7615fe4267bc6a5fb9d128c","sha256":"3db1a67ad8b7d0fd12aa7c089be930cb96d2fd23cb37a253f0364dd4bbd0b811","sha512":"d798d4e9a1376c91f6897bea78fbe0fe872c1c3b84589b7e99d390d21124112bb4c7994814d812b7de7e3d4e9786987dfccbdce16739abce9d7c043b66acb7e8","ssdeep":"","tlshash":"24f0b1c782203c3a0b82d5638d92460397323e381baa603284d1a6713a033e88e180bf","first_seen":"2025-01-28T12:57:32.331714Z","last_seen":"2026-04-03T20:29:52.867004Z","times_seen":545,"resource_available":false,"data":null}},"time_used":1643,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":803,"receive":840,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/5015a0b7ebfc42ce87eb2f189e4d9ca9~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/5015a0b7ebfc42ce87eb2f189e4d9ca9~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 680\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-2a8\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":680,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 8-bit colormap, non-interlaced","md5":"07619c70d1cc395c9308efaf97131cc4","sha1":"0bc95ec9f7be60fcb8878a7fd138c9fe688329c7","sha256":"02ddeec521c5522f7afc3ead8d544dda9a5aa9245b99602cca97019e46ba1f57","sha512":"c01a78edbac9f3d2d648cf04374645bef0a392dfa72402de5575616b2d74b122d46cf98f4587ddff358c5f509ad46f527620bb0b55ee4427ab46b5b208576c20","ssdeep":"","tlshash":"c20183d13e703ef1ab7a598b973a01239b328e0c770e768c0664a8296526c249660082","first_seen":"2025-01-28T12:57:32.334763Z","last_seen":"2026-04-03T20:29:52.920101Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1641,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":802,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/mp4/TikTokShop_ZIP.mp4","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/mp4/TikTokShop_ZIP.mp4 HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: video/mp4\r\ncontent-length: 16748855\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-ff9137\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-range: bytes 0-16748854/16748855\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65536,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"b8a5db4ca62dfc247058b2efce3ab563","sha1":"43c1f8e1d9e25e7d65cd72e5140801a0e3a43d7d","sha256":"46354abd19e6d9a7b1390863ae3cbd407e4699a3200cde9721b52c81baffee77","sha512":"69efdaa82ce3e817f80ae8c38673c988c680a7487d351bea78748a817474ee0018629d0f78220cd4363d49912e6b191d08e6387a52fa6e8890ff6bb049a2004c","ssdeep":"1536:OCOHSH2WSYnocTj7/Mjncm06MCKa1s0xHfJ9aIOg+KcgD/06fp5Z:KHZWVnooy06f7HBs/Ccuft","tlshash":"0c5302a2eec52f4cee30437287514c79e9c9e20fd9f50bdb2d250e5c491eaa159b8b11","first_seen":"2025-01-28T12:59:16.199833Z","last_seen":"2026-04-01T17:01:18.780462Z","times_seen":188,"resource_available":false,"data":null}},"time_used":1261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":659,"receive":602,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/4a1ca5fc91544ce097a2dfa3a7e11a86~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/4a1ca5fc91544ce097a2dfa3a7e11a86~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-556b7\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":349879,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 960 x 1196, 8-bit colormap, non-interlaced","md5":"ca79c3432017dff3b7795f31d41d4b9f","sha1":"7a86357defd9b4f732c7e1f75fabf6d78d41b856","sha256":"60f05f78f0c91da1906ac43d74473c4ae41b1b3397323a730c1f8a1dc89a6452","sha512":"9cea4cfe5fe61d8edeeeb966ba81d68b41fd19649321fd56a2c5e71d893ea9a7bef665e89795ad213f30bab8950b4ebf105d035564fc097b0b6cc98960ed0f7c","ssdeep":"6144:3aQkWh2sqd2LCzXTbvde8NJvynSYwKEJPDhtWjd3pkgn7u1m5stGoJLBBapt4n:KQnh2ACDfvdWSYWJPDhtWl7u1m5sGotX","tlshash":"f374232de5ebeabcacd1ca4a80c760efebd59316d053ef6dd73317812969116103c886","first_seen":"2025-01-28T12:59:16.209095Z","last_seen":"2026-04-03T20:29:52.933137Z","times_seen":408,"resource_available":false,"data":null}},"time_used":484,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/font/TikTokDisplayFont-Regular.woff2","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/font/TikTokDisplayFont-Regular.woff2 HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/main.27b52715.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 57228\r\nlast-modified: Thu, 09 Oct 2025 08:35:41 GMT\r\netag: \"68e773dd-df8c\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":57228,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 57228, version 1.0","md5":"96665baf16cd7bc94117325ec3e2296d","sha1":"2c3aa9af686c8ad70d51d934fce7bc4a76014c3d","sha256":"57d0e5e2c1e641a6100ae61fbd956e311acc35dd4d524b1a8ed89362b6966b5d","sha512":"ce3342f6b76005ced293f32d67c2869df2a2e1a941bf3a6e3e538c4718e2c5987b89925e1f274235c42ae9bacc0400d6fe43ac81a285bb2d0b2d23dfe2a2439a","ssdeep":"1536:SAv1dBXdnQXT2eEsJsZAzJfqA/oYDdMjcKwWHlD:SUzdAfJlX/Kjc5WHlD","tlshash":"cb43022ffc64cb78bbf6b8a06baef2401e352b70dad7c16f2ab688ad54751345443414","first_seen":"2023-11-11T22:36:02Z","last_seen":"2026-04-03T20:29:52.904233Z","times_seen":486,"resource_available":false,"data":null}},"time_used":453,"timings":{"blocked":12,"dns":0,"connect":0,"send":0,"wait":431,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/css/main.27b52715.css","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.701Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/css/main.27b52715.css HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 09 Oct 2025 08:35:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773dc-4220\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16928,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (12032)","md5":"627fca2cf3aebaa58a65a05ea7bf383d","sha1":"9472604196cfb348da2b7e0d3f98ab490c368706","sha256":"aa55864ec6642cd7330cd0d3fd9133fbb9926b6aec799b676153ee06c2ade3ab","sha512":"623783e0da7d2533aec3d16bdd57472994b6e93cd427ee760eb2cd9d7c54f973b6cd8780108352c643fca884255d5d9488f5add3682c72202512748420ed28de","ssdeep":"192:176U+aXnZgrCRIlt9O27JXY+7JXYY7JXYtcJFhbpQsfK2yrL4V6RK4Up:N6Hai9vv5Fzhbpu2t6K4Up","tlshash":"6a72b714a220143aee33c9f7f6d1fa483215b2c2de3ad7f6f9055510eada9aa1593b04","first_seen":"2025-04-17T16:39:50.277901Z","last_seen":"2026-04-03T20:29:52.886714Z","times_seen":390,"resource_available":false,"data":null}},"time_used":822,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":822,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/370cd42a67c3424c85fc5395158eec06~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/370cd42a67c3424c85fc5395158eec06~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-1073\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4211,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 193 x 192, 8-bit/color RGBA, non-interlaced","md5":"d4f8979b3d4018df19969be9034516f9","sha1":"cd6ed110c7796e771450e27e820b11f7940d9db6","sha256":"636491d3bb271b7114c8cc3a8b05577949318e025acbd978f644fa1dd449cc76","sha512":"5eb075dab8c90cf6592176262d7e57350575022e4a30301766231aa51bc316b768d7a8dce2098b3012f75e27196978d849ab72eca032641e8a5eda5432b778be","ssdeep":"96:ZEHnswxASzLSucX8QAu1V3H80aqpuT3ktzXPFmEtvaXyHcSxBEchT:ZQn3WSMyu1Vs0bUIXtpIdSxBEQT","tlshash":"bf915dd3d557f081e311e27e0d3410e85519a6edc731a448eee7ec1e7a2ba99426d170","first_seen":"2024-08-19T16:11:10.099878Z","last_seen":"2026-04-03T20:29:52.918014Z","times_seen":575,"resource_available":false,"data":null}},"time_used":815,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":815,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/7ced44be5b1c47bbb2915d59a1adaf09~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/7ced44be5b1c47bbb2915d59a1adaf09~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\ncontent-length: 723\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\netag: \"68e773df-2d3\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":723,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 73, 8-bit colormap, non-interlaced","md5":"00144f9312cbefa8e8b7026be590cb01","sha1":"82464921e9178a96faba9d9f7f252e6cdb10bb90","sha256":"f48677e8a5b95b771b8f7190d54e02eaa63f76a7172698b4bed5338fb84480cb","sha512":"5a566f3feb134df285e729c6f6a9ce2fb5720b3aa19423e34a240c58e88f071798fbaae2e57ca9f9205da8fc347cb26bc7b63b27fa0e03e162d9206d2b6cc567","ssdeep":"","tlshash":"d70199ca62c31cbea2d67d7ec16705938020ca158b02d443749175b22c52067e3d0f7e","first_seen":"2025-01-28T12:57:32.341121Z","last_seen":"2026-04-03T20:29:52.855409Z","times_seen":432,"resource_available":false,"data":null}},"time_used":1638,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":799,"receive":839,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/c666799076d342bcbe271ae1ac94144f~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/c666799076d342bcbe271ae1ac94144f~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-95806\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":612358,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1884 x 669, 8-bit/color RGBA, non-interlaced","md5":"e7cbba359170d1303ad7224b2b3f7e30","sha1":"d45cdc9e57ed797588cf6abcb0632e099c5d13f7","sha256":"8830b3758c3a2224eb84c7648ffb5a7c29bac6660e812c0b43144fab8fa8f2c7","sha512":"5123d5e83b9c1c581520190b5c70549d6992c4a4f005518e9b951c1c97cafa3cf1cf5cbd249b42756d014a7a8720dd76d46d8253da3624e2e8dcca2a8aea1220","ssdeep":"12288:xFffi0IHHWzjBLcj+ov/P3q5RowBerk2Ax0MkRo6kShhAva6FD+m:jGHHWNg+oHPyRowBn0AqhhIhkm","tlshash":"71d4234d42765b69ba90e87400739c0c59792ee98432ce9d477f796f3a7d2e80bc842f","first_seen":"2025-01-28T12:57:32.352068Z","last_seen":"2026-04-03T20:29:52.882203Z","times_seen":388,"resource_available":false,"data":null}},"time_used":791,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":791,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/join-today-03.334e8315.jpg","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/join-today-03.334e8315.jpg HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-d8ee\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55534,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 438x321, components 3","md5":"3dab329dea1f447eb9283915b98bc92a","sha1":"8998bbd576daec4698ca77339d39c45fe33680e0","sha256":"de166303d02c05e2c48972d3eb02c50b28de72261ac545ccb4404af8526fb299","sha512":"83c4cb2cda6ee8a274c201c06966b65b986076ea76c8c4903f1d64dd3444ecae560f353431411c1e11f33557080ecc8515b208400b32a52da0c33b14bd649b58","ssdeep":"1536:3nmzulcjs2BSUDDOrMKBD8hsKs/H6uO9OUDUEkB3dfAx3:XmYc0UDDW8c/an9OUAEkBNf43","tlshash":"5f430112cb923a1483fc4273b2ec17863ac65a23d095c7f65638f05adf74a52ebcd50a","first_seen":"2024-09-28T07:23:58.443631Z","last_seen":"2026-04-03T20:29:52.868309Z","times_seen":429,"resource_available":false,"data":null}},"time_used":785,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":785,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/LIVE_Shopping.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/LIVE_Shopping.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: V3Gmdrs/dOcI4l6hFKwuUw==\r\netag: \"5771a676bb3f74e708e25ea114ac2e53\"\r\nlast-modified: Tue, 27 May 2025 06:41:37 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: d8feee7da092dc22687da092-ad93eaa\r\nx-tos-response-time: Mon, 21 Jul 2025 02:06:10 GMT\r\nx-request-ip: fdbd:dc61:a:318::77\r\nx-response-cinfo: fdbd:dc61:a:318::77\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 0166392d8568339b965dda28ef1d50fa25fd07f292572fb2067c4a5b8dc6b5c8ce16df8ebcfa564f37e21fcaf090f7ee19b1bc70b13fa9fe636f7715d48b66f4bc823df5e755bc70dc8eef5911f1d3b266f413211a2b52fbf59bda418d6610847f584802b33d8ce5ceed9388d6dc5024772a2f08aea196cf369e15598bc8312012\r\nx-tt-trace-id: 00-250721110056687DAC19030F8C04BF58-08AC61E792F52EB7-00\r\nserver: TLB\r\nx-tt-logid: 20250721110056687DAC19030F8C04BF58\r\nx-parent-response-time: 401,96.16.52.54\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-873047/873048\r\ncontent-length: 873048\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=3\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b739\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":873048,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"5771a676bb3f74e708e25ea114ac2e53","sha1":"e702e99eb079a4376b2919bad8a2351fb2bdb7bf","sha256":"2a7d7561479f5bcf35eb657be79e20464c1852ec40fa411edc280e4e71cbd2be","sha512":"137f05a0f5331cfc955a543b76965e025746f29976ff23eeec3825538cacdeab4af746acccc9ed4bcd353ba51a6c60ac8269bacf80c38a0d258245ad900e1329","ssdeep":"12288:qChmB2caCHktyXVAmChWJcbx/+RpEjotDgmpjbSQngpFyiDtCFN6Pfvq8mq/aDMW:K2clHkOVAxfx/+Runmp9ngpFygYFWaYw","tlshash":"bc05336721c73356c808913f3347016bfe71ee9ba12f83fb1a566ac88d631ec6895476","first_seen":"2025-01-28T12:57:32.263448Z","last_seen":"2026-04-03T20:29:52.931798Z","times_seen":553,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":187,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/StatisticNumber/1.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.892Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/StatisticNumber/1.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: lTGR0M43RtYieryITRyRiA==\r\netag: \"953191d0ce3746d6227abc884d1c9188\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: 13297f7bf6fb0fe0687bf6fb-abc342c\r\nx-tos-response-time: Sat, 19 Jul 2025 19:50:19 GMT\r\nx-request-ip: fdbd:dc61:10:369::40\r\nx-response-cinfo: fdbd:dc61:10:369::40\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 01895d39766630045944354878b2d440d8dfd333d9d6dbcd8b8ebf594ef0c46abf9cdbbc8082db44ab8fa9aa05c9bb06f0eae45ffe449a8f6e62ddfea17e7f5f24889a813131baec1c19802135275c26c301f351272d909fe94bd72cc719ef144437b20760f1cc843b941ddeacb037e0dc\r\nx-tt-trace-id: 00-2507201245591DF6A0FD035FDB05954B-00582F6D995F251B-00\r\nserver: TLB\r\nx-tt-logid: 202507201245591DF6A0FD035FDB05954B\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-344042/344043\r\ncontent-length: 344043\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=1\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b73d\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":344043,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"953191d0ce3746d6227abc884d1c9188","sha1":"4d815bdd8ae1c8f366ea18b3712dc3f815c3c566","sha256":"8d14f425615fd88d6c58df03c6ec521ad18d3ad4c845f931ae3eecbcab4b8c4e","sha512":"fbc4b3461abee4ba3948ff432cecfa60b3894d68f1c682bde85a64cfa42a777ffd924652f2eaa6503d402136f18e662ac583abc49728e75ed1160340e8f1bed1","ssdeep":"6144:lJQid6qp2NOJTkHI4Q3FSW6za9X1hSAxFWHe96IMnZCaTuQYwFrfkDrry:lr5229jead1LxFWHtTuFw9Mvry","tlshash":"84741263e3c7593afeb4ae7640d080968d49009802fe4bcb7c8d9d164fd4ba91f64de9","first_seen":"2025-01-28T12:57:32.24802Z","last_seen":"2026-04-03T20:29:52.915695Z","times_seen":545,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/image/right.c4267fe0.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:38.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/image/right.c4267fe0.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/static/css/page.ba41593c.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:38 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:42 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773de-4156\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16726,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 525 x 1851, 8-bit/color RGBA, non-interlaced","md5":"579d1cfd16a2644dc9c0846ce09c25ca","sha1":"9c9e12092eb01008bc57862c4714cbd95a82d101","sha256":"af2dbbeb782e256776d7dff5dd49436eac94abba300016473f1576cffc06c187","sha512":"2a0a75504407a2e58c1f17cec91a2236d8478a35d5eece6ee9686454e8b2c518c7b0060f8a82c2ee03201f605bfa818509ea755a6d5681022d123090956976af","ssdeep":"384:SQRVffcyQ1N8SCph8m9dk5dYahDecJs2Eed9diaOTQy:TBnphBk5dYED7NXty","tlshash":"5c72afe9dd56970e0d318c349a8cb6f0c9a8bb8941078dd7d6cf0a89a704f4ef66b711","first_seen":"2024-09-28T07:23:58.468601Z","last_seen":"2026-04-03T20:29:52.895645Z","times_seen":416,"resource_available":false,"data":null}},"time_used":471,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":471,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/15f9faceaf49471f8ec2a0cf3c94f6e2~tplv-aphluv4xwc-origin-image.png","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/15f9faceaf49471f8ec2a0cf3c94f6e2~tplv-aphluv4xwc-origin-image.png HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/png\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-dcab8\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":903864,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1884 x 669, 8-bit/color RGBA, non-interlaced","md5":"20117c5d34fcdfaee758f4db4b60b043","sha1":"173ccd681698c33ec21cc8cef964c333f4bc5dc5","sha256":"5ceef6d4ad5dde790541cb0472665dc936b16c413a03d843f7956ee9af1abb58","sha512":"eb8d55a069d0181680cc50bc15eb85052490644c9aab1c23605905f8e704f3889b41cedfcd53de70d3fcc2b2e50c0942c80b7e3f5715c6fe1b89a4c1c7de3426","ssdeep":"24576:vN7WPERD3b5B53v50o45lilu79CyQalGqbW+aCj:v4PERD3FB53Rt+liA9ZQyWtw","tlshash":"9f15234c44606c7b727e6dc7213b85a2a78830736e65469009c7e4f6b84c3ef1e67bb9","first_seen":"2025-01-28T12:57:32.355724Z","last_seen":"2026-04-03T20:29:52.86763Z","times_seen":389,"resource_available":false,"data":null}},"time_used":792,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":792,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/picture/join-today-04-new.a81810fd.jpg","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/picture/join-today-04-new.a81810fd.jpg HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: image/jpeg\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-1924a\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":102986,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 292x215, components 3","md5":"89d8e3348837e3a985f355f8f8cca357","sha1":"84da9dde012559ace13080de3d09bcd7a97c5b2b","sha256":"10832fcd66b07c3ffc81980cda95520eb11f485eb17fa9f077397735d20342f2","sha512":"b4f30d8a5c1d123dfb7f982f78f41f2964b36e76b7bea6f54d9686c3b2a9653753d5c0065c2214ebe332821fdd675a7e1d845f8bd6d40323fca0ef61949e28d4","ssdeep":"3072:I9UZTc/3FzwL9+XZ7gttFQzG8YDWCqcXSjgNoRv2Xh:Iy9cvFzTZ7iDwXYDfSOol2x","tlshash":"67a322ac3fe454fecf0d15cc764e906cc0f3a3633a4862e5b5d2058bd2d560b2aa169b","first_seen":"2025-01-28T12:57:32.330541Z","last_seen":"2026-04-03T20:29:52.869604Z","times_seen":421,"resource_available":false,"data":null}},"time_used":783,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":783,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/460.6e84f8f9.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.764Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/460.6e84f8f9.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-6296\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25238,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (25238), with no line terminators","md5":"836efd88de242ffbc27638611da04205","sha1":"9142336339d9535b8187997cb85433bc7c8eb8fc","sha256":"04f7e43a9925ee4f07f5d8263e91868c7d03dd0cd1f67ad011a7b266f1ff6005","sha512":"610521f3a077e3dced7bff918f3a2b1ab78aaa4d5ae2be8b7469e84593b1cb46886d2957d10aa54560b7cd627690ffa7baf7bddd8eb84647d2a1cc38e7d7c787","ssdeep":"768:DEucduAqko/ShcDEo/ShcD1IhMLSrKCgucNnN:DEako/ShcDEo/ShcD1IhMLSrKCgucNN","tlshash":"d9b292e0b50aa0b5527f606a80bf160db325761cbc35ad91f253e4ea21d4fc3d116bfa","first_seen":"2025-01-28T12:57:32.295733Z","last_seen":"2026-04-03T20:29:52.871904Z","times_seen":449,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tkmall58.vip/static/js/838.a10936a8.js","fqdn":"tkmall58.vip","domain":"tkmall58.vip","tld":"vip"},"ip":{"addr":"134.122.166.179","port":443,"asn":152194,"as":"CTG Server Limited","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"loswojks.shop","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 09 Oct 2025 08:02:17 GMT","end":"Wed, 07 Jan 2026 08:02:16 GMT"},"fingerprint":{"sha1":"69:53:1E:D7:70:25:6F:E9:66:67:9A:4E:10:A7:7D:27:AF:D1:0E:F1","sha256":"C5:2A:30:E5:C5:7B:13:57:CC:72:23:84:37:E9:C2:76:4D:76:6A:FF:93:5C:53:98:F0:57:B1:AA:A1:0B:BB:0A"}}},"request":{"raw":"GET /static/js/838.a10936a8.js HTTP/1.1\r\nHost: tkmall58.vip\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 18 Oct 2025 01:42:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 09 Oct 2025 08:35:43 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68e773df-8e4b\"\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":36427,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (21933)","md5":"bc4d89c9a2c17a8ae31eb040c70ed5a7","sha1":"6bf5da7743761a2376406e7fabb77bb11c9612f0","sha256":"c54953f443c4ea82c58f6ce421ccd7d38da866ed91ca7cf3462fe225135882cd","sha512":"812b6ccffbb6c1f3ce6fd484179cdac69e4ed7d673ac11de1fe7e14049ebbe9ce5a5bbcbdd6a9695d29513076429ce8cc8230f9ba1e2c830c9661ecedbc358f3","ssdeep":"768:mMeUGnwMod+y5Y5RtepS8DoMpl2OiBH86gJB/lp:3eUGn9TqXdptGg7Np","tlshash":"45f24ac0f155f538535a98a942af41087329710cec6cdc84f35ac8953be4ed5e263bfa","first_seen":"2025-01-28T12:57:32.297156Z","last_seen":"2026-04-03T20:29:52.91448Z","times_seen":448,"resource_available":true,"data":null}},"time_used":773,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":773,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-18","alert":"Sinkholed","trigger":"tkmall58.vip","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/Shoppable_video.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/CommerceSolution/Shoppable_video.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: /HGrKb5Yc5aqaisvFTjb4g==\r\netag: \"fc71ab29be587396aa6a2b2f1538dbe2\"\r\nlast-modified: Tue, 27 May 2025 06:41:37 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: f6b6eb4fe9ae01b68b4fe9a-fdbdgdc61g18g175gg44\r\nx-tos-response-time: Mon, 01 Sep 2025 02:02:05 GMT\r\nx-request-ip: fdbd:dc61:b:277::12\r\nx-response-cinfo: fdbd:dc61:b:277::12\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 019bec24e0f4734386ebc9df61a8c5bfe81d038dfa96e0527d9f6eecc8304137a29d8d2b13fa9060c6ec0bc0554061a3692ee362e9618d51911a1182e0c9d998c9629c1d016716f8fce8091b522806d90af8ac7f128b40d6555d5c8c7c7ecdfc6751581cf9715bb906c2bfe8434a463e28\r\nx-tt-trace-id: 00-2509011004287F114B5379BEF3994D53-4A6A130BD0E0F61F-00\r\nserver: TLB\r\nx-tt-logid: 202509011004287F114B5379BEF3994D53\r\nx-parent-response-time: 4,184.27.176.33\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-821478/821479\r\ncontent-length: 821479\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=2, origin; dur=0, inner; dur=2\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b73a\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":821479,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 v2 [ISO 14496-14]","md5":"fc71ab29be587396aa6a2b2f1538dbe2","sha1":"d30907106a682672b511fff75e36844ca2bc8a0d","sha256":"d94a55d407f073a7b80e7e6d8218964d116bd45588d056da5576ec0090c6c96d","sha512":"0a5599a7d0caee04a24abf74a460bd0ee2b3d22b7d4282046176db83a2143a024aebbe34305c2e7930100228090e4a126152eff6d096c5e18534b968a1e65741","ssdeep":"12288:saLsdllXzVGJIgxwBoF2Cy5B3Y3BfU8q6+kIBhFJ1dgkgX2XtxSgPK5QNvlRmUB5:xsdvVGJ3wyFALhy+vxJ1n8aNK5imi","tlshash":"4c0523a693c10a6fc2636533e91307297e94eded6ace87d3422792cb5daf0893d153c4","first_seen":"2025-01-28T12:57:32.270595Z","last_seen":"2026-04-03T20:29:52.861324Z","times_seen":555,"resource_available":false,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":207,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sf16-va.tiktokcdn.com/obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/shoptab.mp4","fqdn":"sf16-va.tiktokcdn.com","domain":"tiktokcdn.com","tld":"com"},"ip":{"addr":"2.17.251.116","port":443,"asn":20940,"as":"Akamai International B.V.","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://tkmall58.vip/","date":"2025-10-18T01:42:36.866Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tiktokcdn.com","organization":""},"issuer":{"commonName":"GlobalSign GCC R3 DV TLS CA 2020","organization":"GlobalSign nv-sa"},"validity":{"start":"Fri, 07 Mar 2025 05:26:04 GMT","end":"Wed, 08 Apr 2026 05:26:03 GMT"},"fingerprint":{"sha1":"AB:A5:D2:DF:CE:6C:6D:AE:DD:36:C7:0F:CC:E1:32:1D:76:C7:35:C0","sha256":"75:76:14:5C:F5:BB:65:0D:C6:06:2B:2A:07:FA:50:AF:47:D8:3D:E9:63:80:10:B1:BA:42:B3:0B:51:AE:A7:9B"}}},"request":{"raw":"GET /obj/eden-va2/shayvW_Z[[/ljhwZthlaukjlkulzlp/shoptab.mp4 HTTP/1.1\r\nHost: sf16-va.tiktokcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tkmall58.vip/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\ncontent-type: video/mp4\r\naccept-ranges: bytes\r\ncontent-md5: tZEIsBAj1beG6z5aizUw8Q==\r\netag: \"b59108b01023d5b786eb3e5a8b3530f1\"\r\nlast-modified: Tue, 27 May 2025 06:41:38 GMT\r\nx-bdcdn-cache-status: TCP_HIT\r\nx-tos-request-id: 6f15525f5516a297685f5516-a364698\r\nx-tos-response-time: Sat, 28 Jun 2025 02:36:06 GMT\r\nx-request-ip: fdbd:dc61:5:314::210\r\nx-response-cinfo: fdbd:dc61:5:314::210\r\nx-response-cache: edge_hit\r\nx-tt-trace-host: 01e21d16cfc1b32daad76cc2f7d92e5e6c8170291f0962fdd0be2b329555307ab1b95e574df352bdcbc1e43aae1d52026d523757ba33d0aecc9ab59e18da6ff116de52440c27c68a76b24aafb42961ce12a69a1a8752cd0758374a061177b781c74be10fadfcf71c65beb74e5515fef76f8647d71e43819a99351d2926be0a661c\r\nx-tt-trace-id: 00-250628234123A84FD1321ED7C675975F-0246E34A74C7E67C-00\r\nserver: TLB\r\nx-tt-logid: 20250628234123A84FD1321ED7C675975F\r\nx-parent-response-time: 37,184.27.176.31\r\ncache-control: max-age=2592000\r\nexpires: Mon, 17 Nov 2025 01:42:36 GMT\r\ndate: Sat, 18 Oct 2025 01:42:36 GMT\r\ncontent-range: bytes 0-1104895/1104896\r\ncontent-length: 1104896\r\nx-cache: TCP_HIT from a92-123-134-118.deploy.akamaitechnologies.com (AkamaiGHost/22.3.0-fcd174d50fb223c8364cec3c4b3f29c6) (-)\r\nx-tt-trace-tag: id=16;cdn-cache=hit;type=static\r\nserver-timing: cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=2\r\ncross-origin-resource-policy: cross-origin\r\naccess-control-allow-origin: *\r\nx-check-cacheable: YES\r\nx-akamai-request-id: ca4b73c\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":null,"data":{"size":1104896,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"2acdd6b1d469e23e5633e558ab29e2d3","sha1":"352929ffe5f32eb0aa9d071032d457b40fc2b8d2","sha256":"c16175227ab495ac2272bc2472e1d470fca3935983c5908abe5dd6113a7c030f","sha512":"0466f354e4ac9656b8c0f5aa887a8cec2c0c2c434b252e722f30ca4aaa980e429a6d260ad814ddbe1e08da18eb7add194cb31ca85b16c0ae946a76581fd68a86","ssdeep":"24576:+tFerzd/+CBXQnQMwa1Qpno2PG7JarFJs1+ltwqK7:+tF+d/+NnQMwa1Q68GVoFJsIltq","tlshash":"bd25334887ce7497ffb542f0235a5fa4962bdc44249c13f3065b807e27ab62524f4abd","first_seen":"2025-07-26T16:59:32.404364Z","last_seen":"2026-04-03T20:29:52.899858Z","times_seen":351,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":150,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}