{"report_id":"ae3e7a5c-c6c3-44a2-83cb-16f6ae119533","version":6,"status":"done","tags":[],"date":"2026-01-06T14:46:55Z","url":{"schema":"http","addr":"tmall880.cyou","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":0,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"tmall880.cyou/#/index","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"title":"TK-SHOP","dom":{"size":89132,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (42816)","md5":"d027343a727e190ef965d84c6cdd4b7a","sha1":"c4249211afc7e92a4249e7b5173cb6f205b3afb8","sha256":"8990e59bc1e8ba16744f0b72466fcac30ef49bff6e4cf5134fb4807f8db20e3e","sha512":"9a69897058104354addc742b70baebff053b526a680b2a5d477cf1333024596e32b3ff16a520bff84f90eac486b025b034272f5b468a2d9dbc74a268d114a06a","ssdeep":"1536:P/SmaCKc7eNeMMzVIxpOMZMiO/7/NEWDxkQjuURDVVz1CXlNm:imapgMYVCFOiYNEWDxkEP/","tlshash":"4c937cb2c155249f10178f99e4646b2a7ecb421fc532c820abec7b5eebdddc8922d4c5","dom_hash":"domhashd705ba9afde7d055871854090ca36faa","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"tmall880.cyou","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":0,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-10T14:46:55Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"tmall880.cyou","ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"domain_registered":"2026-01-05","domain_rank":0,"first_seen":"2026-01-06T14:46:58.615397Z","last_seen":"2026-01-06T14:46:58.615397Z","alert_count":711,"request_count":119,"received_data":6703266,"sent_data":50862,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"imgtest1.s3.amazonaws.com","ip":{"addr":"54.231.137.145","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2005-08-18","domain_rank":0,"first_seen":"2019-08-25T08:51:32Z","last_seen":"2026-01-02T22:47:08.14938Z","alert_count":0,"request_count":3,"received_data":600073,"sent_data":1368,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"tmall880.cyou/js/app.a407259e.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"db1e23a239f8f86e20d093f1c15da10f","sha1":"e8151022672f2cacd69f64449176d762780b97a6","sha256":"1379475043629eed0d83634ab38608cc7dd68ccfa8df63a065504d5b64cc7635","sha512":"0cb2a3050a854f361655c27df0fb3f5fc72f098ff8bcb24995e61e9378b0403cc32803e6b4e4b84dbeee1f7ceda5ee3b631c3cde1e123d44fe5c9e346ff7c302","ssdeep":"24576:/WO7Tb8OVuhrWMU9JKPJttLz29HxNUCOE3Nkxp5R+4t69uE9s1B9Lfbzxg7BuiVH:+O7Tb8OVuhrWMU98PXtm9Hb59dWf+83w","tlshash":"a6658eef67da77fc08545646a04f397421981cbafb96f4e008edf61922e9e40c213f69","size":1449434,"data":"","first_seen":"2025-11-12T04:02:16.167779Z","last_seen":"2026-01-14T11:25:19.963413Z","times_seen":57,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/vendors~app.8e05cb39.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd7a4100a9bd34f7c747bd49f96abfd2","sha1":"bf459966c599ba941291bec11c00954c2beacd00","sha256":"da0723cce3cbb085e0b6194faa6f56d6b616763910717952e7d43baf6da1d0a1","sha512":"c891cd1df4c5bb994eaef7f06df2bfe9ccb0fc788d43085343e23f3b0dfa7be2947f5e4c1b8c1b4dba664d22e435d82b2cabb418535332f86951e6ead151fc20","ssdeep":"49152:wYdFtD3TKKTiIdSzkQGbJU1/8Ra2UsVENocQKDBWh9ZBqUt0U1kQxA:BdzzW8QGFU1P2rIojKg9GY0D4A","tlshash":"bef5b35c364af340915ad0e7e43b3c49d26ae189a40b10d07f7187f31eb574ae7aee26","size":3584489,"data":"","first_seen":"2024-03-15T18:45:44Z","last_seen":"2026-01-28T12:30:45.109444Z","times_seen":239,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-971b8156.f79c8552.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"23e303e1d457ded5c19fb3400a22b026","sha1":"252ee41d519536f951e581e385b134c44d17d148","sha256":"817dd349f3cd067b90ec0a1357b16f6485467350f8e4c3c77dee13591d00ff16","sha512":"95ebd0fe0352e0da1b21d23d54c3313ef8a1597a7b583484a7613b8091017f3aa4734bf841435d29decfbfcb8c521a7b62801ed47f9c945e0230a590cfba3ff0","ssdeep":"192:NzCjfAcMsHRpMu7mWKD12R+YEX+WzU9MuMOO0L5xq/cictjAfNeNF/BPsGCS:sfNMsHRp3Q19X+WzU9MKdmmvPJ","tlshash":"e45285e6c470a4bd495a82b22055f1e0fb643a1cd106554efa7cec9b72dd424332e77e","size":13663,"data":"","first_seen":"2025-08-19T13:02:14.744046Z","last_seen":"2026-01-14T11:25:19.931574Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-a19b6e94.079673fe.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"dcbb85b3450703136ce7785bf868c298","sha1":"b009c8a44c2dde5a7a93c9db4bc4f1a65aff1ef7","sha256":"b5f108e96a3b4d79d5b3fe20ccf76b40ad8bb5079465c1458cb47ac45afc9741","sha512":"a1003c66b3df5198bf2a70219ebd42d200a98ef7b7e746d9af7c4dac489256e9b22b9b4d6eac98fdf9ae00bc4caa4eda2996dbd38bfc629ce82fb2fb7ece5819","ssdeep":"384:GNsnfX898V8ftwCaMsH0NbdGoalA+QbHz/jvMsgWvzsyUqG8V:LM9zsHgbdGKT/AsEy/V","tlshash":"efe2f94ba4c26c7d899a6159241b1258f8323f86e042c8d6b63cfde4d1b9e34772f76c","size":33174,"data":"","first_seen":"2025-08-19T13:02:14.834267Z","last_seen":"2026-01-14T11:25:19.887905Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-3fd6aeb4.ba19ca45.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-3fd6aeb4.ba19ca45.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"922-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 922\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":922,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (922), with no line terminators","md5":"3701036a35bcea856e89f00d36781e8f","sha1":"b63d63b209ccc2d1402c31a15d1d83edfe17d7c9","sha256":"a1e235f84b6314672b83a7044c2002663ee3a911f57b6d40232c5a0677b4bc32","sha512":"704ff416fa3d339a2677f78c0648d1991b282fd126cf410e760f7268dcdcadd45e77cc9fddd37352fbd6bfec16b25b97fa60c12c3a07bff3d1bca84c13f91903","ssdeep":"","tlshash":"04119e73a125d932e9332d77674494def19188e2e6428739bee7690cc08eb539621304","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.321503Z","times_seen":2105,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-aa8d1574.3ecf88fe.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-aa8d1574.3ecf88fe.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"3338-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1004\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3338,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3338), with no line terminators","md5":"1bc5b8235f9e8d5bf3961279423cf630","sha1":"466627105df20f8e829d3db72a2617802b7b265a","sha256":"cc7c2d00d52891b7af0ae290785d54f087c4f61951893b7c7fd8c869f7a8047f","sha512":"a2c17506a8e46344978b7955c1c162a6fdb844d0ec51fce021c04aee33df5d44cae64f10a7a6bf5ec295a1210540e5b82c1f7e79b9d89aa14dc29e7531cd81ca","ssdeep":"","tlshash":"766110382130361c3b37922a25c8f54e2619a9e5f18995c9ba98c42f4edf769dcb0263","first_seen":"2024-02-11T04:26:48Z","last_seen":"2026-06-06T14:40:04.508224Z","times_seen":6672,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-a19b6e94.079673fe.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-a19b6e94.079673fe.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"33174-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33174,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33138), with no line terminators","md5":"dcbb85b3450703136ce7785bf868c298","sha1":"b009c8a44c2dde5a7a93c9db4bc4f1a65aff1ef7","sha256":"b5f108e96a3b4d79d5b3fe20ccf76b40ad8bb5079465c1458cb47ac45afc9741","sha512":"a1003c66b3df5198bf2a70219ebd42d200a98ef7b7e746d9af7c4dac489256e9b22b9b4d6eac98fdf9ae00bc4caa4eda2996dbd38bfc629ce82fb2fb7ece5819","ssdeep":"384:GNsnfX898V8ftwCaMsH0NbdGoalA+QbHz/jvMsgWvzsyUqG8V:LM9zsHgbdGKT/AsEy/V","tlshash":"efe2f94ba4c26c7d899a6159241b1258f8323f86e042c8d6b63cfde4d1b9e34772f76c","first_seen":"2025-08-19T13:02:14.834267Z","last_seen":"2026-01-14T11:25:19.887905Z","times_seen":59,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/matashop2.svg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:36.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /matashop2.svg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncontent-language: en\r\ncontent-type: text/html;charset=utf-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nx-cache: BYPASS, Status: 404\r\ncontent-length: 764\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":764,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (760), with no line terminators","md5":"69f9eeff8ff8c26a8602efe25136b391","sha1":"0e1a331738a6ce2fcbbe986377e29b4683f4a5c1","sha256":"51e65909d5d59a35b8e5d260ac636f7f405fdf4b146193057fc11aea164adf39","sha512":"e0ce38446201ee40cdf9f0cae8c07a682c42c071b7658a09ef75dee06df6b5ed5bdfd065bf649f3211ce0fd98510eb1c273325ce273de8db650b1e3b3e82a7f0","ssdeep":"","tlshash":"8901203ec20a1117fcb6487b36913ea8395d8c8392720734e8548af4d2865f8a76178d","first_seen":"2024-05-04T04:46:04Z","last_seen":"2026-06-13T13:28:08.537852Z","times_seen":2278,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":248,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/syspara!getSyspara.action?code=customer_service_url\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.669Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /wap/api/syspara!getSyspara.action?code=customer_service_url\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 103\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":94,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"5dac84769521ae7a9d32d588a4fd1eca","sha1":"c41ba191cc2d834fc7a5024fcce5ca06a3e6fdce","sha256":"f2d413133bd36d8ee7405a2a7dd29b0effd8d8eb877045c7709034c83c67c478","sha512":"0d84dfa2c5474a625c463b1b3d4d838b8c6d4d3bf24a9a66e9d8931e4072ec8349dfaa86f6ff733d9f326841733a8f462c0222a6286b2b44551278c05af8df4b","ssdeep":"","tlshash":"e9b01201004d981a0152108438bc3404cb0ef80358d09d345b486db140ea2e82004d14","first_seen":"2026-01-06T14:05:15.37964Z","last_seen":"2026-01-06T20:04:09.397606Z","times_seen":4,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":299,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/index!download-url.action?lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/index!download-url.action?lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 77\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":58,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"b37252614b5f5bdef892843c318b4485","sha1":"ac5f104553d20193c06e7fce2d9ac48646969cd3","sha256":"a89a72b8105e8895b59307a6d311ff2970f9bda7f022edc5e59ddb0f7062bfa3","sha512":"fa4250d1a3ba602f34424a1e7f6cae1c9078574731a97f7d5ff233b2f283df9b7b534e0b667276ca5267eb84892f4bfcf537139e83d6a58350f2f915cdd987ec","ssdeep":"","tlshash":"85a002921b8b2986860712cc648c3504609f527759c0db519d48eb708c7a2b52800520","first_seen":"2024-05-20T20:42:30Z","last_seen":"2026-06-13T13:28:08.558349Z","times_seen":2136,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":302,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-c6fa1bbc.badabe5f.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-c6fa1bbc.badabe5f.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"6412-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1576\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6412,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6412), with no line terminators","md5":"0633ee4661855b6bbe621c11916c84cc","sha1":"4c0a2a81e69522697b1cbaa7338158639c4aa12c","sha256":"fac6b26cf761221c13291fbb469530d8d6caecfc22f09faa1a9e562bf15ad127","sha512":"b2441da78e3cf4a5c847805eac6921d852bd2f17db15b012485357a438eb0d41d84c853e8ca0784803fefd8a7315d0426b19bc78f310cb23ca2a9818fa232830","ssdeep":"96:+jWBPlmQKmYqqxrnY1vfqQrFvniDypkpNhD93JlyIqdUPY8:+jGPlmQKd1b8vfqQZiepkpNhh+IqdUg8","tlshash":"90d161b2b5b5426a7d3fe3b822d4e4ac75049551e8629be6fed4d028cbc2ff35410b08","first_seen":"2024-02-11T04:26:50Z","last_seen":"2026-06-06T14:40:04.50503Z","times_seen":5236,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-2b19c21c.0e701f5c.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-2b19c21c.0e701f5c.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"2911-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 917\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2911,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2911), with no line terminators","md5":"ccea655bea4bc170e3aaa0f2f26510ee","sha1":"1259c05c03dfc98dc7f24d470689316ce0bd9141","sha256":"0417838141e75f770427672acfbbaf935e495175cc8431d1a95ff1853902dcf7","sha512":"861aaec4e19464a7f373e1627ff2e2e21060a291d64b39290946344f1ddd72d89cbfcec2245f553ff1933023db5dc0d95c6374859c8eb768c69e9a3220c8afff","ssdeep":"","tlshash":"e851d0523a4d7619913bf2a8f5c1bd8c32a0b1679353d2079ecf5c199cabfc2352da48","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-06T14:40:04.504296Z","times_seen":1032,"resource_available":false,"data":null}},"time_used":351,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":350,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2b19c21c.3cdbfe7a.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2b19c21c.3cdbfe7a.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"8037-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8037,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (8013), with no line terminators","md5":"5d6937ecb56d67abf9effeb465229820","sha1":"0e272ef2837d408fd02803dfa0f19c8f2536b2c8","sha256":"c87812af9378d38e37213223f01ab1a728c21607884ca97a7869995b31035b78","sha512":"46687dd5f6b081f050f98eae51e2b39491d16e254db3969118517d72c6ef5b9a65e85241aa0176bb6eec2a0a3977d8250f8e24d41bd2c0d527e6bd00c5501b3e","ssdeep":"96:rfx+E6Ee08/8dv73tO2y5/Ifv6EEIRbWVu0aAfHZsALbYiG++T2GZG0/McEaeUU3:1w//w73UlIfySAVraEGgr1b7","tlshash":"11f10a4a90036868cf5e508160297e34f4b53ed1b912d8caf7bcccf89199aa5334e67d","first_seen":"2025-02-23T06:52:24.634721Z","last_seen":"2026-01-28T12:30:44.94728Z","times_seen":134,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-356c00b0.a46b34bf.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.034Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-356c00b0.a46b34bf.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"6372-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2973\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6372,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6372), with no line terminators","md5":"786ae01301166ec66d3273a6534cdb39","sha1":"dfe9e880e9f2dd9e86d5afc9697cff84269a3985","sha256":"482be8cb87659ae3634a07f3873cd639b3e6fdb311344f984b53eaeebef035b7","sha512":"ba2f97d0615e004fc4835cab4a721227f698f0820a2e346c2f5408fdc1a9a88aa91f34a7f3e6063c307fd0e364c14dd969af1a96d6166a7308ccd25d831c35bf","ssdeep":"96:N6Mt/NsTVUWfrMSXH6ftqgIldI9OwnZrvVJBCpn2Vn4N/UJjlVsc3YC:NVsOGrMSXH61qgCI9pn5VWj43","tlshash":"3ed11a0bf05278bc895b6294311b2338b7702bd0a040486af73cddbc66d9d68232b77c","first_seen":"2024-07-21T11:22:37Z","last_seen":"2026-05-08T14:37:46.502572Z","times_seen":999,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-55a26a12.f331b865.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.549Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-55a26a12.f331b865.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"6609-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2998\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6609,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6581), with no line terminators","md5":"36408654b8775efe695ea96cb465716c","sha1":"f48885a05e1a21aba6c6165ac8869d5465aee7d1","sha256":"8210ec7e35330c5d107afeb0b11113fb6092bbc4f707bf75ecb50ceb0d81aa39","sha512":"3792a86671b27b9e206b575608b70d2a6366422d854c7a63e9bf070398115ffdaa5e0a9f61fbc6a8a98434bf2056bcbba69ffacef64cb4d3c789328a55bb1491","ssdeep":"96:BBljrEdlndrjYXkLIuGtdcskBIHKKFD7AkMTEWgvbVPLYsoqfZTx3:Brc5j45uGtmUbD7AkMAWspUsJfr3","tlshash":"32d1d89ea518f80d4e1b9152301d29b3f5a93ee4b024c9dab73dc8fd619cd102b2eb75","first_seen":"2025-02-23T06:52:24.649688Z","last_seen":"2026-01-28T12:30:45.036406Z","times_seen":151,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-597b172c.f72fbbe6.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-597b172c.f72fbbe6.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"10209-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3494\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10209,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (10057), with no line terminators","md5":"f47f8e343514e2dfc5259582c01a50cc","sha1":"97860e2ebeef68e9574d37f2c83cf797345d36eb","sha256":"4e7abdd2c5c718336ada13aa060d8783a72446bfe1a1d5877921627c0190a150","sha512":"a9b13d072fa9d3235f92d55eafc73c84e5e6a5216161801e9236e7916c0b62330fe86ab56a88778978a84b6866cd38b194d0085620dc33c725bbee4ff322bbf8","ssdeep":"192:OfqfNhehydUUd5b1DEOh4EOnItniEOwdBeMlBvYEOcvQDIPPrx0GXby+T+r:OfqfNheyus5bRtnPBeMlUDI+GXY","tlshash":"cb22f748779074655a8b61b2a16f204fb3b728c8270b58a0c378e9d4b87495db37bf5c","first_seen":"2025-04-07T11:52:05.490238Z","last_seen":"2026-01-28T12:30:44.937444Z","times_seen":153,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-6699a1ea.05fcf008.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-6699a1ea.05fcf008.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"3692-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1274\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3692,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (3688), with no line terminators","md5":"d9246805257caee7e56e58d586fde1ec","sha1":"7deab1aee796fdfb9f2c5036b31ea84ab59d6833","sha256":"d1bd04564b0c20c35f152289163336e5fd697a6cd7409c5ca56d5aadbf9ab480","sha512":"669eb7e4b821ad5992d5db949dacf9077608eda8917608a2f4d56e8374fcf7c26fa0f66b664ea013e340ac2ecc7c7773dca0af803cdb97b14d8ecb440ce7ebe8","ssdeep":"","tlshash":"f3715546412179ed8bb9115231a86024f1f109dc680dac92eebcecf963e487c6b6d3fd","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-06-03T23:39:34.6421Z","times_seen":2860,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-2849664a.b30d78dd.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-2849664a.b30d78dd.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"340-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: UPDATING\r\ncontent-length: 340\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":340,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (340), with no line terminators","md5":"7de78efe8bf09e10f280567a395d6b1b","sha1":"a84403256fb9c265c757c632def2bf3681d921e3","sha256":"3c64df4c1120ae8af09b2670ec78de64165c17cfe281e9fd19d9a55277f38b77","sha512":"575e2e01d3b715fc66a4de91cbe6cde658c2d3953445a92f711f396196fe921f1ff198fa691271c8670688cac8b445a52076248bc01382ffdd4b6956c1137eb5","ssdeep":"","tlshash":"f6e020708b561089952be1438b034cda2af9e663d16395855fa3d03dd46704f2e2a785","first_seen":"2024-02-11T04:26:48Z","last_seen":"2026-06-06T14:40:04.395716Z","times_seen":7633,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-2e9b19e4.8da1d826.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-2e9b19e4.8da1d826.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"11988-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11988,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (11988), with no line terminators","md5":"24239fc2953d2a22d7cd5c5632dcd4a6","sha1":"f33b1a460541a32ed04732f26cc49d070b656e2a","sha256":"d31737889dd96d092a914e02a996629ee1097ba471cf1b3bda901d48dcc6a855","sha512":"40de2fde9884d94a6d6196f6b6e39cba8f36a05f289451d7b20e1a6fc82b32cd8ca02c47207a67b77769ee3d72c59ed7250232661a7269b26a92006ec8f56b68","ssdeep":"192:Iz5sbKYxgCtCowY2duLGm7AtmIfOxoi7k2Xer4p412QRAelWklFbaiWsAXU:i5s8CkC2caIIWxoi7kGerMscKYtsIU","tlshash":"a1320a72a072a33da927f1a574a8a8e83440d526dd9383edf654713cccc62e32672f5d","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-05-30T03:35:54.792083Z","times_seen":829,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-1ab1e7a6.5c221ebf.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-1ab1e7a6.5c221ebf.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"17039-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17039,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16771), with no line terminators","md5":"7867436e142b9e16523bc2bd5932fd21","sha1":"55855daba4907abfaad310493502686e225d7b84","sha256":"5115a2b2b2a4bbf455b4fdd09b40865c845d1fa139590e302f7748ed1c59718c","sha512":"22d155eacf404633088d948e6e8c49be05ee73171c01fc24f5f43cdae32edfb87f104e07e1b4f6511f04d9a7989a55f818abffb6e7754708a7780081acf4823e","ssdeep":"192:Xyhib/QzOluFKrF7rJrPeNNEf2YHHZXbV5K4bxH+Mm15K4bxH+MmP14SNK7+Q4:ihdzOAkrFoNNyZzK4bUrK4bUThNKiQ4","tlshash":"2872b58a22b5385e4256218230f7258021722ba6640d45ebf17dedfbb7dcc147d17bbb","first_seen":"2025-11-12T04:02:16.017181Z","last_seen":"2026-01-14T11:25:19.954235Z","times_seen":57,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-080bb2e0.615f6bf6.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-080bb2e0.615f6bf6.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"1594-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 577\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1594,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1594), with no line terminators","md5":"7bb68d7264949b255c669843ea227988","sha1":"c37129a7f0dbda018bd10436c4812ca558ccca03","sha256":"e1e47844c3390d548f1cd51ea560bf6301ebc6163228d4bf728cfd0a10b5e70d","sha512":"af29987a4411e45d99202eed3f1ebb777ea971e2b4eb617f4232c504c4f83b247c6e6651bb83c7dd153a19306a521a1e4ff6e633c6faf12308f1eb631623f7eb","ssdeep":"","tlshash":"3b31761e3e491d18f833f71f21c24a5e3212a37385b6831a7c43e55afd470c67ab12a6","first_seen":"2024-02-11T04:26:50Z","last_seen":"2026-06-06T14:40:04.368662Z","times_seen":5573,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-24e95abb.e536fc83.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.699Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-24e95abb.e536fc83.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"830-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: UPDATING\r\ncontent-length: 830\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":830,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (830), with no line terminators","md5":"fe8a919ba710b88c27be2a80cb1fce74","sha1":"ef7bdc5ea44742d40a0b67d268b4d6d5f939eb20","sha256":"c90ecd0bc9ca74176159703f5a00b82bb0b3b8e9381baf84aa98aa1fc6362700","sha512":"dce714b3e6ddd878da269a4088b61fcefd33a6dd3eea3d91df380dada97c8b7313085fd0e0c57fc53ccdccf3505c034325f4719507c10599cfff76937b74122b","ssdeep":"","tlshash":"55016b5c79e1b44b0a4a78f5812f55d6616b24bd19eeb813eaf090d45f30cad113aecc","first_seen":"2024-02-11T04:26:47Z","last_seen":"2026-06-03T23:39:34.477324Z","times_seen":3897,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2d7a155f.8b138344.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2d7a155f.8b138344.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"27708-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":27708,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (27666), with no line terminators","md5":"d40d8898bb2f11a4b9cbc9030fd633ad","sha1":"0c64b1e894dd61e3c01b60855ca04a6a90425376","sha256":"a855b572b93268ca96659fcc51e21f15a54b5cee0d398f7144d536dafaefc3db","sha512":"ef1223d1c4042f33615e2a3de9ea37b6966a08bb722de7a8271aa943567dc93ff068203b02be4bc355f17dd98b28c4ed4f44fea34bc2db3c6b779677ef660e44","ssdeep":"384:PFJ1G5vSAJRx5WaveIA6WwQDPqtjcg5BNK6lRguvwwOO1hb2s:PFJ1G5vSaWieT5p7q1NK6lRguvhOO2s","tlshash":"0cc2f81a3286242849631fa453df4b09f33261d564264988f3ada1c76f7cd6e31bbb7c","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-01-28T12:30:45.020786Z","times_seen":165,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-83fd3762.4141f47f.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-83fd3762.4141f47f.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"3423-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1317\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3423,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3423), with no line terminators","md5":"2b207373c31b539d731413b20e6816dd","sha1":"f905a0a4ecf04ed721c3240776eb3ee88bc275ff","sha256":"9cea95bb9e08566cbd5dc0cb1228aa2eef1f312d4710ab8498bfb3e8f4c10383","sha512":"a29a43519df3089fe8f8d8e68682eb4568e3d1018f1dee74bf00702db220eabfa5058286cb32e1eb05d4a2045f81e039d47814ca0f4068ef9ae405abe5a5bacb","ssdeep":"","tlshash":"1561640e5453b47eac6e5102b11975a8a0722fd6c841c4e7fa3ccea993d0d74332ebe9","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-06-03T23:39:34.490511Z","times_seen":2427,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/app.a407259e.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:34.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/app.a407259e.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:34 GMT\r\netag: W/\"1449434-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1449434,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (63708), with NEL line terminators","md5":"dbe54daa7a7668014a931d8b59f51e71","sha1":"ad9464b3ca599062f1fef936f7757fc470d6add3","sha256":"0f43a7de9d5c134ac52cf9f7646be8f048114ed46a9f86ef40dc3bbf7440aeaf","sha512":"35f4a141afad762381b9fd5b1594f9261aeba4269f54fb224be4ba2b16373e3a16ae2bb56058670432a553b73868d1f9b9a09dee3be24402d706efded1323c1e","ssdeep":"24576:/WOJ8ux2UEHyZFR2chrWMU9/a99SHnsKPJttLz29HxNUCOE3Nkxp5RLXGuE9s1Br:+OJ8ux2UEHyZFR1hrWMU9JPXtm9Hb59w","tlshash":"af654a96d7d7d3a80fe472a1281737b123b844ebabfe60de0798e59420fed10511ea71","first_seen":"2026-01-06T14:47:15.198858Z","last_seen":"2026-01-06T14:47:15.198858Z","times_seen":1,"resource_available":false,"data":null}},"time_used":564,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":564,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-63e99590.702f00e6.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-63e99590.702f00e6.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"28208-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28208,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (28207), with no line terminators","md5":"c23b605637ce6bea71d84c52af1ab725","sha1":"6f8679b0c3e560d6fde90a3cd5f5e754fc87e11d","sha256":"5e2fb83cd78a00e0453089984c9e55c4e1ed1caadb39b375de761505cd092794","sha512":"75fa5ce222a972a0b4053229ccda15fa52307d1a2aa5654aed6b1558638ea6c6d985ca875119953032db8856eeaa4b3135adf1f8a2b5e645eb150f935e6f560f","ssdeep":"384:X+FRWYEE/RkdoyDs8GA+CxQBvCLTmAAYv60Lrd9oiX3l4qZHhI1/sr:ODhRSSDnrBKLn60L1XTBYW","tlshash":"8cc208dc34e1f0ad42e334e0009ba847b2775a2aa40c5c61e352d4d87876e9ed77bf69","first_seen":"2024-08-20T04:39:05.331754Z","last_seen":"2026-01-28T12:30:44.954239Z","times_seen":168,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/syspara!getSyspara.action?code=mall_max_goods_number_in_order\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/syspara!getSyspara.action?code=mall_max_goods_number_in_order\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 87\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":71,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"7c4654fa4ff81d11b3c8d322ec628880","sha1":"080c15bfaa6d03e4ccdd092630344aaf1f003c47","sha256":"1f9573c145cceac2e7ec7273293953edd53fd282aca6e50acd9334f59f34a5fa","sha512":"61d2d5a60435f554ef05dcb0e1b1c47875ac6610289e4d3ea66013244a25a7b1b720d3927649ce420575cc00929d9350f519524350066508593ad659aacb79ed","ssdeep":"","tlshash":"b9a012009c155c150c03c244a84d260641c8210246404e180d041928017d43c21000b0","first_seen":"2024-02-19T23:01:28Z","last_seen":"2026-06-13T13:28:08.56469Z","times_seen":5691,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":304,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-59b3c64c.e3d69890.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-59b3c64c.e3d69890.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"2934-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 885\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2934,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2934), with no line terminators","md5":"6c9c06504aeaa44eceb02b42501b4d05","sha1":"f44d6b5f35027749a0816164f09b9bed1890ddfa","sha256":"f00be6b0aedab8ac5e7de13774b195a7ea74e9ebb240a077a80f953ce6ee868e","sha512":"915e73c6db5b1607e430494b9064be658f02e64a04af9de8f3c615fc034bcd7fb8dd609a3df2f40ee8f652f430d94fe31e6ae3080ed2c7242c3bb72f6073c923","ssdeep":"","tlshash":"df511fa139392a7c4837e067b1d5d5af70a8f25bc0b786cd8ca1335e9cc32422d126ce","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.330347Z","times_seen":964,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2d216994.abfbf739.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.774Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2d216994.abfbf739.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"255-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: UPDATING\r\ncontent-length: 255\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":255,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with no line terminators","md5":"e7949dc2de0878e849cf3715ca6be5bc","sha1":"9421c37479babb994e0a9ee0c7f0056202ebadb5","sha256":"2f91706fa1cba12f83256093aea5c62de8712ceb61a05d8e559b0b54d1b7af39","sha512":"22895c7a4eea5fc7446053efdcd741cf6d762b1cf018c3b498d7c43baec63a91e79c504eb7ee0b95afde46b8393803ce02f02eb0a1d9eb956719559dcbdef49d","ssdeep":"","tlshash":"6dd02ba6b0627ca6c55b3081026ba363342e245a0edc106517f146d42275a1e81159a9","first_seen":"2024-02-11T18:17:18Z","last_seen":"2026-06-03T23:39:34.573208Z","times_seen":4036,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-3805cfd3.15791ca3.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-3805cfd3.15791ca3.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"11281-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11281,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11251), with no line terminators","md5":"b60ec4fb7b5bac2cb00f7288b31569b4","sha1":"f49310c061c82ede3cc721906b5a2e7d216a74ed","sha256":"9d7dc2e689ea7a7721ba0db98e81d56bd40503caaf01a5dd66cd4ab7e8431fef","sha512":"4eb09e0d36e433ccc883c85944cf078fcbda82e0030f25eef4aadbbda4ee904a936d5c0491050a304f7912f1efd0f6be0f10fd3b1723c497e29cb652b8100de7","ssdeep":"192:ulxthRrXBronDsE/VnwkvHEvPXwVs5qtwyO/3aQ5QQY3tO/sC4V/5sum5X6TisE9:udX6Ds8VweEv/lD/h5Qf3tO/sC4V/+hp","tlshash":"1032d68c3591bc890e27b0f5b0af7456b0558e91640d1942eff488ba3eb7c6e571332b","first_seen":"2025-02-23T06:52:24.641592Z","last_seen":"2026-01-28T12:30:44.985295Z","times_seen":140,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-aa8d1574.a82e5f3e.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-aa8d1574.a82e5f3e.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"18238-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18238,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (18206), with no line terminators","md5":"c7177ece148ca72df9af3ad03610cf29","sha1":"3f2ef295d2d6defcf1178ae41b9b1ebeb81cc8f7","sha256":"77cb1285c0228c8fea0fce794b09d82514ff9c2c8cf40a57fa2738b8db3b12aa","sha512":"6cd04b03bbeb15b2c279c7b7ef2244aa51aea0ce47e940da6466e6668e2606237539186672f0ff46e23be7d722da68871c1184530ac523ca4978f3ea65403cdc","ssdeep":"192:I/OwDwYwBvp9Xmj+YtcjE3Y7nrU95+M5/JaL97fGUlni+3I5qTRiA6sJH8z3Jn5z:IWU3wF/mipjWeIa5XioIYRiA6sJH811","tlshash":"9982b69ba651b45f0e6772a1309b2403a15862a43c0c9d56f27dc9f633bcc782b17b7e","first_seen":"2025-02-23T06:52:24.658545Z","last_seen":"2026-01-28T12:30:44.868328Z","times_seen":140,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-0492056c.0f4ddcd1.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-0492056c.0f4ddcd1.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"6113-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3696\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6113,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6113), with no line terminators","md5":"9788f5c1eb6e47bac79ab36acc495817","sha1":"32907ce10bd8edfa4ffb56ee347d853b9a5faf7e","sha256":"e2807614374572930715fe74e5222b8fd8193aa83529b9e7fd7477057b0223af","sha512":"c1b35b2041203f68190891e96b7e6d4e95b817976b8c327208c713336d95abb284895bd5d912cbe45de3a373337e216fd071b1b11e789f5745e2939a34b79227","ssdeep":"96:VTdRiowyLNQRLCQz4UsG8OOOOOOOOOOOONaHYUt0bgCusCoG5YNDwTsoQiEbLGV1:VTdoJaQwQz5sbKYxgCtCowY2duLGm7Aj","tlshash":"44c11c763414a83996fef56998763acbf006f813d00991edb740a76cc8e3bc62db4359","first_seen":"2024-03-24T18:07:06Z","last_seen":"2026-05-30T03:35:54.900478Z","times_seen":999,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-91f4e7e8.054674a3.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-91f4e7e8.054674a3.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"4173-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1077\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4173,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4173), with no line terminators","md5":"d26838e6fc6c5713d841649b06a47e9c","sha1":"7681e0887d8b3957920c84e07fe95a1f8a22bca7","sha256":"5d0e36aa6715f146ee4979217b130ba8e86c334c02758895220835a2366d5a01","sha512":"d01fe57c48c7685b7f14f29a50d61418040c66ed4c756276c25108e74dde577d4c79841b9d3690f94799cb30a1ea691dba49e71870b97018d2d57291026f90d3","ssdeep":"48:jMxKHcoeYHjMBgquTy/ra6oYkAryBxzYpUfRmua+IzvtTm5rx2/6iYrxXfZsfZyK:CKHco56gNTwm+yNfZsfZyZZK+8p5","tlshash":"cd81ee91712c94266c73e07b309e455e6e54ef63c012a3589c56bf3e8c932e32e707c9","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-05T08:23:29.931375Z","times_seen":5300,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-4f3cc811.d5541481.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.475Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-4f3cc811.d5541481.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"9704-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3653\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9704,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9670), with no line terminators","md5":"5872c13341ea2ef0daf1917c394db1d0","sha1":"d401a26aad594eb3496b26fc66fb91b862a10f1c","sha256":"a7444f9ca8b37f63a53e7ff38345c1d8e804af4fd6e9ab75dc4350b75165dd2d","sha512":"704db7d8eefab2f1087dfa87dec257defefc8e0355b57c6d4b57c1d1c74cb34c17769d5adaf3e089d4ed54ee33bebd4ecde0ad1fa8c533b305378e576dcd7d6a","ssdeep":"192:bE6pgpvwC6acMPcaJ6VHPqSSC5gVkf5XdI6k:bbpgpvgqsHyzW5k","tlshash":"2c12d9c9bb92f89d8b6721d4706fb457f19626207c0d12e2e278c8f63a68c1d6353736","first_seen":"2025-02-23T06:52:24.648426Z","last_seen":"2026-01-28T12:30:45.07672Z","times_seen":141,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-59b3c64c.54f26a2f.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-59b3c64c.54f26a2f.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"15254-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15254,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (15224), with no line terminators","md5":"f8f61ca869ccc43a2f1158ba25a25b4f","sha1":"a8d280a3322060e0be4d9902c87a1185335fe138","sha256":"008a0329fd38f787c6a7f5c3bebd2c27e590d641caad9bce03e77902ec03cc1e","sha512":"31c5b1e2dc779fb03a03dbb97127d27006ad517e827c0c32a342c2f043c7accc781c1efffc37fbb86bc5792143d41699f6b7f44f3294328a697519d5b78cf560","ssdeep":"384:bXG2CRkgwJ3INfAKA5kzqXbFk56MoswFR4:bXG2CReIOk5sR4","tlshash":"866219126185b44e9b7641b2316621a171653ac6d40df0abb378edfe32d9c18372fb2f","first_seen":"2025-08-19T13:02:14.827097Z","last_seen":"2026-01-14T03:40:42.912039Z","times_seen":58,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-597b172c.b488a9b3.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-597b172c.b488a9b3.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"455-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 455\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":455,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (455), with no line terminators","md5":"349139296c5738f2fbacd031343b6bff","sha1":"db2e6346f94985d180c7081db376465748e60841","sha256":"d7ce0fa60daadd138b9d842897feceaba382258f85832df2680ce83f43f0cf4d","sha512":"066cef44f8abb789338e33e9adfa7983344be69f276be860abeac2f458d3993eb3e6180547d19487e037f186631c9477d0cbe3c907371d9facfea31cbbf86fd0","ssdeep":"","tlshash":"ddf05c562b1a61baf8f3c02f20420aeb7117cb4f531bc07957a2e631c947a8b6f71460","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.480411Z","times_seen":2110,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-6699a1ea.cd704402.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.951Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-6699a1ea.cd704402.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"1252-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 494\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1252,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1252), with no line terminators","md5":"b50aad23d365ccde72e78b8313b4e7c2","sha1":"82e1ed3080ed69d8b4384e17044cdcf837769a03","sha256":"e36128c4817614792876d24a43ab454dd8cdd52f66965bb00f14406da9011f3c","sha512":"3929980e42defe71e881ffa97bf69c5d70251a4adf0eaabc203dc87188f3d9da61887ecf8f793b9c6a2861a6b24484417bd3adc1cd46a41cf2a0f14082f92dd7","ssdeep":"","tlshash":"3f21ee67b51163ada3bb689413b29c8c7414c840f5ebebfae906411dc7c72973691388","first_seen":"2024-02-11T04:26:49Z","last_seen":"2026-06-06T14:40:04.522312Z","times_seen":7301,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/TK-SHOPlogo.cbfdb625.svg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.375Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/TK-SHOPlogo.cbfdb625.svg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Tue, 06 Jan 2026 14:09:30 GMT\r\netag: W/\"6046-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:30 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6046,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cbfdb6254c537c65ec00c79065184ead","sha1":"0799761ba27668d1240f736692e90becf8b284fa","sha256":"08849f150b00d457a0cb3df3a18b75b2c3d4d727c597cd8b39baf874b62501f8","sha512":"39cfe7e2399b4438490384f2ad62ba9d456e72c71820f5e4d77d793ed613393fb620f665ea4e8de70241ded33a05e0e8464c40f2a69884ca10f6d174b31de16a","ssdeep":"96:1KfV2oLT9QTPsoQ+8oRpsAYXBUG7jygYc5VnN3Rr7CykUV6qa3zIYkcLRo1tA:1oXLsRt8ZAKjP15xN3Rrm4w3zIbnbA","tlshash":"f0c17d7d4070bedcf1f4856a7b26f6d3ed15227fd20a5189a96834833810863b9763b0","first_seen":"2025-08-19T13:02:14.824105Z","last_seen":"2026-01-14T11:25:19.898519Z","times_seen":59,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-1ab1e7a6.0f966556.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.793Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-1ab1e7a6.0f966556.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"1224-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 470\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1224,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1224), with no line terminators","md5":"ce2f9f210240017dfa234a5c59e03ab9","sha1":"20e39b73d6088fb949dea4896683b9e44363e61f","sha256":"f6c3f2dbbc0a4d14f0ec0e41b832cd006df8a3ee6ad314f73eef5bd92d735ef2","sha512":"511ae298fc32284c3d5a451ac0fabdc0d4fd01404e81f5442945e8879a617cc90d4d03855859a311ecc38bb28c36bd016f2d419e03bce34fd79885f2a58d1ae0","ssdeep":"","tlshash":"35219d81731a1227247bf5abd4b015beb07073eb641a4352e99ba3204fcba663803796","first_seen":"2025-10-06T03:51:01.440512Z","last_seen":"2026-01-14T11:25:19.835094Z","times_seen":61,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-3fd6aeb4.9bd37778.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-3fd6aeb4.9bd37778.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"1970-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 917\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1970,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1970), with no line terminators","md5":"762b84b872d67e253b3472fedba3ec2a","sha1":"10c609e9039392cf2201877e19d57f62c6de5f0e","sha256":"ba9f8ca53fb511a5d0324da5cc31f4ba729ae362514c75fa3883400078b175cf","sha512":"1cd7c350f7d4e058aa61ba61ba48afa5a2647149dde30c9b490f9c9dcb4f00304ecd4a2394f957a6686643f4f6342decfa4e3eae991372638ab13f12f36c7969","ssdeep":"","tlshash":"bc4185df54a7fcad9adbb002112a103570623ec244468ca57bf4ce6085d0d545f2e68f","first_seen":"2025-02-23T06:52:24.64518Z","last_seen":"2026-03-07T04:45:22.07928Z","times_seen":183,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-c6fa1bbc.db83b6c6.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-c6fa1bbc.db83b6c6.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"32709-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32709,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (32698), with no line terminators","md5":"cac0dc3757d4b6da5144ed6c1e895d5d","sha1":"056a734d4362ab2be50b8e2711e9b1f45af6bbb1","sha256":"93736dc68b832f6d78debdee33a1e5d845816f7d0fdc0d798335e28cc3876053","sha512":"7243486c6784df02da8bbc4efc030835f7892af2c6dd612b3fea54da1948e7cd3dc395471fd9ccfa27431e605b4abd73ad9cd588614bde47acf093a0b26f0beb","ssdeep":"384:prAXzwWQeAU0RNYpFIecsq2b6nekyrpRLAgy6KRiqZM/9G11:/7D/nE4gy6Z4j1","tlshash":"aee21b539129f41a5ebb6153315a1492a2681ae868089c57f2fccdf633ecc342b1fb7d","first_seen":"2025-02-23T06:52:24.659294Z","last_seen":"2026-01-28T12:30:44.986974Z","times_seen":153,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-ce9a332e.9e98bc33.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-ce9a332e.9e98bc33.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"21116-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":21116,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (21058), with no line terminators","md5":"762d6c835647341eb09e725b671f6fb7","sha1":"9056a983b4b8a1466510967934f5bab66ce84ff1","sha256":"406e926494ce59530d7c5ab98577488252afaef1e9bed0969a2e3e5ba31ab059","sha512":"d28a846a98fe6a864de4ada90eebd3bd90410c24a3840c86053cb8c5b3bd3dba068a4f41fd4662ee10a5cec75a6c48006c5df7a4ef3275fb0f5b88dd1c7b709a","ssdeep":"384:oPSsASXLk8mMDXbyuetIAwXs3iX775b/2MnnAbk7wK6Ec:O7kXMD3eOrdb/2MnAbk7wKo","tlshash":"e092ea86e072a8ac895b6250351eb3b4b6712b94a040c45afa3cddbc21d9d64333ff7c","first_seen":"2025-11-12T04:02:16.112227Z","last_seen":"2026-01-14T03:40:42.895163Z","times_seen":56,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-4ad33d1e.e67f7f3e.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-4ad33d1e.e67f7f3e.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"3807-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 921\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3807,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3807), with no line terminators","md5":"d5c5cf21c0ac8cf32937fd5577eba50b","sha1":"49b8872bf19a1f9c7f9e78b19497e8b89ca2ccfb","sha256":"4531f24949afa7812c1f59876406ea88233df11ccaa72f9a7f559e55416dcc6d","sha512":"bd7965d44b3c3d8fe1e112a9097b029319ea0eb7bd67e9a52912b44344edf8f28493123a0ac5bfdca0181a551d03990a1ce84044abd3abace820f386e04ba5f8","ssdeep":"","tlshash":"04710e60ba22231f6a72f6fa55c0a1dc370aa21be19345dfdd49c40ec6df3a79174b60","first_seen":"2024-02-19T23:01:30Z","last_seen":"2026-06-06T14:40:04.519006Z","times_seen":1117,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-ec5b203e.45f75ffc.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-ec5b203e.45f75ffc.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"4759-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1123\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4759,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4759), with no line terminators","md5":"50b67c1e36297b1843f24dadece451cb","sha1":"aab4395d6d74d3e50d7016a544f7709a601343a2","sha256":"6310619d584f66c72ad89a3e491fcd0100f459bbb6c9d49d92843f464fcf51d5","sha512":"4dfc42a95a7a19d045ca233519f6f1c6fbd5446b344a059b1a5f691e916a5191b0121a7ba61619722cb7989a175982917bdf4e6359cfa4920d9f1e4b3ae2f29b","ssdeep":"96:2oxsUQOwXVcjglPJiA8J+eCkGCaCR4CRjpClCucCOCTpCHC9C3C9CtACbCUCtCcJ:2oxsUQOwXVcjQPJiA80eCkGCaCqCTClX","tlshash":"35a11297311f133d68b7e1571981a86d7878efc2c1322211fc27aa18c8db6977a3724d","first_seen":"2024-02-11T04:26:49Z","last_seen":"2026-06-06T14:40:04.336196Z","times_seen":5412,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-68f12e90.11e869e8.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-68f12e90.11e869e8.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"17489-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17489,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (17481), with no line terminators","md5":"86d04b389f413c1a3e43ead5810f90dc","sha1":"b473930891d00833490d2a6cff841669a050147d","sha256":"858b18630373ed8c26a1ca18b097f8506d0de5faefad52b1d53d16b9940ad4ec","sha512":"e73dc3aa2712d643deb855bb15bcde835f14d0b059efc12c83d89646b09958737fc3384198640c76ec717ec3861af0190a2ec2df1f0b3003dc0346989b0e4449","ssdeep":"192:AMkdDwLDPOAetuzhJgFjz9Y7zcqv0Q5zd0z4uzUhHYk8GHzYDckx30GUglxgl+/I:kq2QhJgFCcqvPo4uL+zwNHgyI","tlshash":"ad723b93760de44d4e3b65c5363e3966a2871924b008689bf37e9cfe128cc24355bb7a","first_seen":"2024-07-21T11:22:38Z","last_seen":"2026-05-08T14:37:46.624707Z","times_seen":1131,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-fe46833a.000e763e.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-fe46833a.000e763e.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"4387-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2406\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4387,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4387), with no line terminators","md5":"fd7b06dacc8ccbe4430d63ca341d373c","sha1":"c248ffbe4f994ed4955f10bd69d39322a2311d1c","sha256":"0d7bced3f7f766d55a6def9e8a42042284e449b247b753e759f5e93f2504e8aa","sha512":"38eea48ef4bc382bb57c7ff72ed672407308a9309001d8784f246010cb76bc2c6cae32bb8f9c6a462538fef2a87fcca68f5e03f91b63e4080f6e4d8371e1324b","ssdeep":"96:J3nACr3IIIIIIIIIIIIIIIpG2Q1Vum9Ix4tvyE7mtNoXE6DEsCtK:+WIIIIIIIIIIIIIIItW9IxOhmtaXvDF","tlshash":"fe918806e9f2d371fa2b1a3f684572102d304fc893aac4456be57efb218447e077b684","first_seen":"2024-07-21T11:22:39Z","last_seen":"2026-05-17T06:37:32.726206Z","times_seen":1249,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/app.ec0f329e.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:34.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/app.ec0f329e.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:34 GMT\r\netag: W/\"236420-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":236420,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"eed6f41ca324fd3d5df5d5f6e6f8492d","sha1":"c4b308b2e8a443f8af4ca5800a782cb654f7f065","sha256":"f732fc03af0c9cbc7675c820381b77bd2180b10d9fd8a2022d8920ddb0b0eefc","sha512":"324bb1c57bd5932b16d86fea43f60381e84f7465b4181d2e861ab0816fc9ef6ad69aebf8f21b544a4adcb4bd1768ec827fee04daeafdd4958cea6ecce472f66c","ssdeep":"1536:7gXC6l3028Y7SrW3YeWXA1u9w4HCe/l4RdgW9cMEcWAp7KO6iZkJgYu8e0r8kvXc:kdFJWTPL4Q+05q2pe","tlshash":"ab34b610db17217b222be66d75c0ba886f28c323d9725b7bfd95741ccae64891163e0f","first_seen":"2025-08-19T13:02:14.806513Z","last_seen":"2026-01-14T11:25:19.930815Z","times_seen":64,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":261,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/shoplogo.7611aec5.svg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.450Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/shoplogo.7611aec5.svg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Tue, 06 Jan 2026 14:09:30 GMT\r\netag: W/\"6216-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:30 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6216,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7611aec583fe148049dd07eb9aa3efde","sha1":"718358f4667ba56d9fc8d5a4978fb94e3b8b8096","sha256":"5c6ffaeddadc82819405bdb24c0e0099754bb3c972a05bfbea1927cef86165ae","sha512":"27691eda900aed6bb8ba4b3cfd042bbcdd706aec8f2fdeb3045a62d472c6aab440011d48141057fbe22d356ca7208693684296d03a29908d19a7773321805b22","ssdeep":"96:1KfV2oVMWKfsow7nZlPC12dxU6OjYP8+mEQunTJ0oPFoVODwhkIh8BbKw99P09Oh:1oXVJTTP3P0WBDwOzBbf0Mh","tlshash":"31d17eb1d6109e44f3a488adb2bfe5d39f123d8e81195828b6a8238cd7cc7653a4d13c","first_seen":"2025-08-19T13:02:14.891923Z","last_seen":"2026-01-14T11:25:19.888667Z","times_seen":60,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2849664a.990ac09b.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2849664a.990ac09b.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"1167-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 525\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1167,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (1159), with no line terminators","md5":"b15da3341464c474461de10ba86ff2ae","sha1":"059c1f2029f11758cbb041b8f5b4809e0bf5f7ef","sha256":"6b7a9cc33b19530c25417c00df2ede3cb7ba2bc2bb8ab9f561294340d20e3afd","sha512":"7e477932397b6b90c07d566f908e14f1d66b57f6281e3bfea429e8880693ee9ab64e9567098002b3ebbdf9518493723dd1397eed218a0627fbbf36d925b61e35","ssdeep":"","tlshash":"cd21211360a2784d586e6040210e2034f4f09ce64c0bece1a3b8c8f6d2b2d9a3a6f27d","first_seen":"2025-08-19T13:02:14.848686Z","last_seen":"2026-01-14T11:25:19.882672Z","times_seen":59,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2d216070.e19266b9.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2d216070.e19266b9.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"371-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: UPDATING\r\ncontent-length: 371\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":371,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (371), with no line terminators","md5":"ce40f2a4193b5a30d49a76661a6d491c","sha1":"f5e483725aa903c2bf3fe7e985998b406958f839","sha256":"ecd84f0f9a121543ac8a9c2f6aa7d4b3c31b885f21bb43632635321634c792cb","sha512":"526f58b1ea3a88bec71d67882310989b8f4e6534b2018c8fc699239a2da7ccccd94c14b79e136e85e9f0b8118b542b4d00a8cc1cf969ef5c3e552a80048b72dd","ssdeep":"","tlshash":"10e0c0782063bebd536c30cf237f5993c45b1c090ed754e51ed0d49a623651f4224b99","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-06-03T23:39:34.646954Z","times_seen":3778,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-3581ccc6.9c655566.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.037Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-3581ccc6.9c655566.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"8118-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 2435\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8118,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (8118), with no line terminators","md5":"5ca19bc48618123c240ac22047e734d9","sha1":"569e684aaa39467c575015306934d286b61ded44","sha256":"e16328152b72df4c64f34891df3bc922535596e5f27b26e7fffc375e358c687a","sha512":"f25ab7a8332b635176c44bffbbaf71860a63052ba85b9e790c959c83b14800fc992624d2285dccbd91a2646d8c05950530e415662b6e46b18f88a6d833fccb98","ssdeep":"192:z/AYIgJfN6wJ7HxEHUmQP2Rp62AkQB5L6b:BIgJfN6i7HTZ6","tlshash":"7cf18541700ba59dc89ed01271299a31f0b51fa49811d4cfe77dccb8a5c8c64bb5fbb9","first_seen":"2025-02-23T06:52:24.640835Z","last_seen":"2026-03-07T04:45:22.205642Z","times_seen":155,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-91f4e7e8.3b3d8f80.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-91f4e7e8.3b3d8f80.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"12297-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 3778\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12297,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (12265), with no line terminators","md5":"62ecc99cebd7658d11b5c1766aa2c424","sha1":"0908ade7326f569e2c39704f42a4a0ecf08e274f","sha256":"a5c240a1488a39d90fd96148382135bcd2b1deb36dbd61acf0d8f1f0780c7f6d","sha512":"f4a2e543c6a2bddf9b2d5b2fc94fa6fadaa160826aa88db7ca5ae7d4bb2a0e37892b4dd3d0d925db0bc138d02d78ba82d98aa9e9d54acc694836a5676f1a1347","ssdeep":"192:5Bo3gsx9fnS9gHJJhDJzfNcj1iXcFW32I5eAW0Tu8M5hHBaSLob:g3x9Bp9zfNcjVWgc05hq","tlshash":"9742950a7153b12e5d6b81a1300a7420b6743fe94805d08ab6b8ddf977d8c79732efa9","first_seen":"2024-09-25T10:54:55Z","last_seen":"2026-05-06T08:37:36.260683Z","times_seen":841,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-971b8156.c3acef98.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-971b8156.c3acef98.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"6834-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1736\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6834,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6834), with no line terminators","md5":"f7b1de25905c81c373dba149d03c31f9","sha1":"862e37406535632dfb53a15f6a89c16efb3c94df","sha256":"e75dbd8d3fa49fec96c2b893018aed78a616974cb812b015636553d832881751","sha512":"5a2f0034e39196a38ce44b9d9cc46301069bf252b4f092c46db65bcd45a55ed05a6b53bc8241f14a5f5390b530394bcfb0ffea60b21c9262d0b669e07fd1707d","ssdeep":"96:Zsivfdy8lOFD1vq80WV/LPxDmvo6SOwUu50NJj9MC2:Zz33lSD1v30I/LPxDWrhxuuz+","tlshash":"56e10ff2f231112f7426953be18389e8bc86b10dd3ffc656ff84b514daa9182063518e","first_seen":"2024-03-24T18:07:06Z","last_seen":"2026-06-13T09:45:16.96686Z","times_seen":1978,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-a19b6e94.079673fe.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.101Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-a19b6e94.079673fe.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"33174-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33174,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33138), with no line terminators","md5":"dcbb85b3450703136ce7785bf868c298","sha1":"b009c8a44c2dde5a7a93c9db4bc4f1a65aff1ef7","sha256":"b5f108e96a3b4d79d5b3fe20ccf76b40ad8bb5079465c1458cb47ac45afc9741","sha512":"a1003c66b3df5198bf2a70219ebd42d200a98ef7b7e746d9af7c4dac489256e9b22b9b4d6eac98fdf9ae00bc4caa4eda2996dbd38bfc629ce82fb2fb7ece5819","ssdeep":"384:GNsnfX898V8ftwCaMsH0NbdGoalA+QbHz/jvMsgWvzsyUqG8V:LM9zsHgbdGKT/AsEy/V","tlshash":"efe2f94ba4c26c7d899a6159241b1258f8323f86e042c8d6b63cfde4d1b9e34772f76c","first_seen":"2025-08-19T13:02:14.834267Z","last_seen":"2026-01-14T11:25:19.887905Z","times_seen":59,"resource_available":true,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-356c00b0.3a3fd33a.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-356c00b0.3a3fd33a.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"5717-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3818\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5717,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5717), with no line terminators","md5":"e79c00cb7ca8983a851123ba2995282b","sha1":"d6439cbac31440161232b30bde84f72dace6f3f3","sha256":"1f395dbf216fac976c28ad9a5d7310f5fa0a4a58d6465be836fe493c7d9cda06","sha512":"96f881d710f575d2d4f87a2610d16c2b87fb5874dc4afda800ba5f175e57498e791ff40889a3e3bb4998df8738bab4f65f3f790ba6fe077954a434d181ee9d17","ssdeep":"96:GXz4UsG8OOOOOOOOOOOONaHYUt0bgCusCoG5YNDwTsoQiEbLGVk7AtWA2WyUfsXR:Iz5sbKYxgCtCowY2duLGm7AtmIfsXR","tlshash":"3ac14c7be839f03eb52615b9317819ceb814d806e1cd8775f748772cc4c30932b2925a","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-05T08:23:29.909974Z","times_seen":3235,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":245,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right2.23d3e322.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.213Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right2.23d3e322.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"6978-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6978,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x154, components 3","md5":"23d3e322bf2a163abb5e4331580d3d7c","sha1":"dc9cc27e86b9ab385f24a1ebcacc102b8fee6d12","sha256":"e71173feb88bfac5f997753ceac015ca23f31f9f2234a8083be8a5a4d4e6bc20","sha512":"072c55f9d2a58fab3e13393b1f401d1302aa3269b405f85fdf99a86e9e8860bbc4182db36bf5acbfc6aaa9cf492dd69d194e70513d0f28b4fa287cf6b8b1d0d3","ssdeep":"192:E87ECyhHACQc4X2g7B0WiYHgv+YLX8RrI9GMftmR:fECKHACQcBg7BUYHgv/Qt","tlshash":"9ce19d5cef89ba61df29a13b062535093b23560a7fd297ff754c6c10e956c3056d8051","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-13T13:27:58.521385Z","times_seen":4661,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-68f12e90.27a370f9.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-68f12e90.27a370f9.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"4695-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1009\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4695,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (4695), with no line terminators","md5":"2abfc31d2a6752d6d66f5fa21c7fa262","sha1":"63116607f3b72d74be9d1bdd5050ac15859f7243","sha256":"9159959031e6a701bd2e9e5baaa03c4f14d6c2530977a9e013c8af24c4838a37","sha512":"ec6bd33bd4a69b9e93485dfa272e08170ac3c17b0aec5f291b716c1e370435f6bf26fd7b2139aa75790defcf2223f4deeec07818a549334ba069f8a307201127","ssdeep":"96:VQrF215xix1yXSl6nS65EaOYIj8MRSLRsR7S6m0Z8u/j/20RO5sR5WFs5E:VQKM8F9","tlshash":"77a1b050b15e162b687bfad9187cdd4cb0d6fe2ac1324b76ed9f24148882e733622235","first_seen":"2024-02-11T04:26:48Z","last_seen":"2026-06-06T14:40:04.500613Z","times_seen":5224,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2e9b19e4.6cf1885b.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2e9b19e4.6cf1885b.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"31879-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31879,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (31879), with no line terminators","md5":"5f5853e0a371f0aced8b1f8e9afddb99","sha1":"da096e0f422eb98c12b217aa5c05affabb56d4bb","sha256":"1b4f83895b19a2bb52d96c508faa799061c39e4b3d11fd72354aaa05c99b3dce","sha512":"2acf5427d125d9e5f416054581a9a02105c279ccd432362c849814efcf7d89e2dc97dc38dd8b2b6b035dafe8a738a09c938b23b97aa4bbceef4188182471b390","ssdeep":"768:QuoD5rMaR8Hkzhc0IxQWt0SXuqe4EjeZ2VE2+5z:QukCXQWtFXejeIn+5z","tlshash":"61e22a4f60b5adb8888e2051701962797475ab95f00588d8bbbcceac449cfb4732f77d","first_seen":"2025-08-19T13:02:14.900873Z","last_seen":"2026-01-14T03:40:42.857585Z","times_seen":58,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":254,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-4ad33d1e.83c1a826.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-4ad33d1e.83c1a826.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"22755-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22755,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22685), with no line terminators","md5":"26e3a7ca6aa2e8ae4df9692c2a162330","sha1":"21efb436c2615f9b1b7569ac1005ef0bf071b4b6","sha256":"99d6bb3ecb594c5bad2c2b9627473550b6116edb5d0d8f1b1d7a99288df51275","sha512":"da52db00610da91b65dd15625958b7325ae2baabb48e874db7fb3c0f07c9234c931433820eecb3cff2561613ffc2cbcf22e7b2a083aa337874818a71a6872b8e","ssdeep":"192:6xthRrXBriBcE1UxZB73GKU6QQBNgtTkzsuQ4y1wTYDLihd15pj0L9IeuuyWwQme:UXIB/8D72LXJlUkAH9GPrs69rZqJRmq2","tlshash":"50a2a30ea146fc9b0fa272e5701f301160528054680a9e66f778cdf9b6ffd596623b3b","first_seen":"2025-11-12T04:02:15.963437Z","last_seen":"2026-01-14T03:40:42.869725Z","times_seen":56,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-ec5b203e.2bdc9aa9.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.305Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-ec5b203e.2bdc9aa9.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"5317-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (5315), with no line terminators","md5":"e467108151a0178efb3f1559b3b3d89a","sha1":"b24c5b324d0df9ff9122d55d374a36c2ba001347","sha256":"a698238692edf2dd0fdde9588a354d21a1282480e83276b1c4ed66f9035291b0","sha512":"46477ad6e85904d656b5d8e15be0b0040b54416affb71ec445ce3108ae4f656628d782ff3098b5a43af5765bc786167199ee413fad3d67d0faa864ec9670acaf","ssdeep":"48:lD58YPTP0B0j+WWWgSu0+u4jQAF2GB2N5YDWVET/KtLS1gRSpDzwZSkVxUiFN7Yt:VX+WGsSBkLSoLVYIZ3mmJwQPit8F4aM","tlshash":"7db1d889b043a06cc55bb422310e7a75f4a62fb4f401989ef33ddce49994d14772ebb9","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-06-03T23:39:34.556186Z","times_seen":2516,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/fonts/iconfont.0080bb9b.woff2","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /fonts/iconfont.0080bb9b.woff2 HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tmall880.cyou/css/app.ec0f329e.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff2\r\ndate: Tue, 06 Jan 2026 14:09:30 GMT\r\netag: W/\"5212-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:30 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 5212\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5212,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 5212, version 1.0","md5":"0080bb9b021fc0823608910adc2e5fdb","sha1":"b03c86fc4fb5e0542122925d2eb2468cdc842dd3","sha256":"a72e9b48fd851011d2e52a77ae7f72b6de42e4647182c7bae3ca49edf3347af4","sha512":"aa68b80986d5ebce07a92a36839e2b7f4365932ac12c992864ebb4a4e49ab9964e39464d9da1b79a0f963947a669176c3f65b23ef4e4203e520a790bfe6b0756","ssdeep":"96:vSvxwJyBbfhD1WrBqAFtlzkqV4tQWGRGQX/rZHhxm9Sy4kUf6:vS5H1p4FtlwqV4tOGQXtBxm9SpkUi","tlshash":"94b18f888c661528cf387a353840367dc9a3130db636e49acae41f1b57ab78a0159761","first_seen":"2024-02-11T04:26:44Z","last_seen":"2026-06-13T13:28:08.597785Z","times_seen":8069,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/seller!list.action?isRec=1\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/seller!list.action?isRec=1\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 168\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":252,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"ef9aae75c4e8a326c1dc02c7fc2e74e9","sha1":"cf4455c27dba05025e4a1d849b1321d82f651457","sha256":"a24f761a38b06c9bf85f54a3bbd41ce3af2ed99b850dd9bc0a59c409803b7828","sha512":"1ddd22f27d53dfbcad7f335ef1f6d95671090fe3f4860c8a4814f03762ba03b9b7f2caa15db44a608c48ca70299fdedbba5a93942fa32dbf3b45682e8d2f1087","ssdeep":"","tlshash":"08d05e803c381b65db8dc06a3807760b26a831828a0547bd47fcc7604227f962981511","first_seen":"2025-05-01T12:42:16.906471Z","last_seen":"2026-03-25T12:27:54.216808Z","times_seen":70,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/vendors~app.8e05cb39.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:34.592Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/vendors~app.8e05cb39.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:34 GMT\r\netag: W/\"3584489-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3584489,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14507)","md5":"1755742dc6c51466c1638c324fc826b8","sha1":"d508e81696b4699e59f852e6c76e46563dd38ddd","sha256":"a584d3e3d46add18297a901accdf8bfb53a3fa139c0ce8b1693b4f0a539fd003","sha512":"707db22734890e1cf48763598baa42c2f1d0237e6a991997e40fd492abb74601ae95462d691c70c4898143b3ac91c8d8ae1b3146de88167def4b3b1658f22b8d","ssdeep":"12288:wYdFcGiB1v4ph3AoKIAZdYTornId5rQpauLhrt7kD5ovz1Jy:wYdFtGv+3TKVYTorId5sfbkD5WK","tlshash":"df3519cd7285b42253a371b4407f250bb33a2959680e8458f665e8da7c7da4e633bf3c","first_seen":"2025-07-28T05:37:43.67378Z","last_seen":"2026-01-28T12:30:44.968033Z","times_seen":96,"resource_available":false,"data":null}},"time_used":922,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":922,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-ce9a332e.ff6f7da2.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-ce9a332e.ff6f7da2.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"16198-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16198,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16198), with no line terminators","md5":"75983192dce0b51dec90da3b3fa32d0d","sha1":"3af0ef3661a45772a908035cb9ba9993fe802bea","sha256":"5f7232798bb2b19d1a1f24809955f50507a9e26f87e4de4d0af6babe518e3a65","sha512":"447e300d3c34082f8a828824acbeb6dbd53a9f4464832a6fbe41bcf95b34b6cd358f4a5fc983c65a1e69043c8e77d72e74fdb0041a83409fb54aea6323fa5cde","ssdeep":"384:Ox25s8CkC2caIMX5s8CkC2caIIsncjUdG:Ox25sVGU25sVGUIsncv","tlshash":"86720bf1f530a13eb897647931849ecf7844f909e1f696a6ee84b62dd0c65a3273834c","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-05T08:23:29.891509Z","times_seen":3235,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-3805cfd3.85ee17e2.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-3805cfd3.85ee17e2.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"410-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 410\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":410,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (410), with no line terminators","md5":"fc805b781c89c799b666c4fbc4aeb200","sha1":"fd06224fae1c2c2bde5a18ae89ad003e03d5fef3","sha256":"a69b97003c8dfe86e112829516ab7dd637a12b08508d6cb9049741ea93868576","sha512":"2c06b84040f5df4f5486d754fa36dc5acfd67741c94e929f9c94994c1e7e71898c1fb336dc6be4e8568c2bd0c449b0e34e8f392cee6452d08874382a90856bf6","ssdeep":"","tlshash":"09e0a942010a1e2b2563f42ad0820707b665fb37eb42d2409ee00a080f9b30a38383e6","first_seen":"2024-02-11T04:26:47Z","last_seen":"2026-06-06T14:40:04.364867Z","times_seen":6986,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-971b8156.c3acef98.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-971b8156.c3acef98.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"6834-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 1736\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6834,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6834), with no line terminators","md5":"f7b1de25905c81c373dba149d03c31f9","sha1":"862e37406535632dfb53a15f6a89c16efb3c94df","sha256":"e75dbd8d3fa49fec96c2b893018aed78a616974cb812b015636553d832881751","sha512":"5a2f0034e39196a38ce44b9d9cc46301069bf252b4f092c46db65bcd45a55ed05a6b53bc8241f14a5f5390b530394bcfb0ffea60b21c9262d0b669e07fd1707d","ssdeep":"96:Zsivfdy8lOFD1vq80WV/LPxDmvo6SOwUu50NJj9MC2:Zz33lSD1v30I/LPxDWrhxuuz+","tlshash":"56e10ff2f231112f7426953be18389e8bc86b10dd3ffc656ff84b514daa9182063518e","first_seen":"2024-03-24T18:07:06Z","last_seen":"2026-06-13T09:45:16.96686Z","times_seen":1978,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-971b8156.f79c8552.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-971b8156.f79c8552.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"13663-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":13663,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13655), with no line terminators","md5":"23e303e1d457ded5c19fb3400a22b026","sha1":"252ee41d519536f951e581e385b134c44d17d148","sha256":"817dd349f3cd067b90ec0a1357b16f6485467350f8e4c3c77dee13591d00ff16","sha512":"95ebd0fe0352e0da1b21d23d54c3313ef8a1597a7b583484a7613b8091017f3aa4734bf841435d29decfbfcb8c521a7b62801ed47f9c945e0230a590cfba3ff0","ssdeep":"192:NzCjfAcMsHRpMu7mWKD12R+YEX+WzU9MuMOO0L5xq/cictjAfNeNF/BPsGCS:sfNMsHRp3Q19X+WzU9MKdmmvPJ","tlshash":"e45285e6c470a4bd495a82b22055f1e0fb643a1cd106554efa7cec9b72dd424332e77e","first_seen":"2025-08-19T13:02:14.744046Z","last_seen":"2026-01-14T11:25:19.931574Z","times_seen":60,"resource_available":true,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/fonts/element-icons.535877f5.woff","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.509Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /fonts/element-icons.535877f5.woff HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://tmall880.cyou/css/app.ec0f329e.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: font/woff\r\ndate: Tue, 06 Jan 2026 14:09:30 GMT\r\netag: W/\"28200-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:30 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 28200\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28200,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 28200, version 1.0","md5":"535877f50039c0cb49a6196a5b7517cd","sha1":"0000c4e27d38f9f8bbe4e58b5ce2477e589507a7","sha256":"ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17","sha512":"da269b20f13fb5b0bb4628b75ec29e69bb2d36999e94b61a846cb58db679287a13d0aa38cdf64b2893558d183c4cc5df8da770e5a5b2a3288622cd4bd0e1c87b","ssdeep":"768:gOvv6ExpCVxUtrT6w8ClFd80EjPVerMKBaGXjAlEm:Hvv6xVWewtlFdGjPlkFjAlEm","tlshash":"b9c2e13197213ae9d9824ef876e498fef1651402290f390e8696adb3a98d5c73e16831","first_seen":"2023-04-05T15:22:49Z","last_seen":"2026-06-13T16:48:15.383842Z","times_seen":26134,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right6.b8bac159.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right6.b8bac159.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"5087-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5087,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x152, components 3","md5":"b8bac1593a48bc443848bb3a683a551d","sha1":"308b1b03b09b9865605a8210d0829847ae0d27e0","sha256":"10a746b60bfa7ffee5b3cb5d7b628ef08774e826d869a9418ae618da09219b61","sha512":"b4728b8792aab88c835d7058e7ae673c20e2d421d0e23d57b7b3b5fc69b00dde745ba47586721c3f5d05fa36f914aca9b483570011e03ed6e90b9772de3cbdce","ssdeep":"96:WhxxYqBhBnFMEKYhu/hCbjftpvzaHZx+RxXP+1VHaWccmRAi5Hx:EPdn2E2+nba5uZ+1VHatNl","tlshash":"6ca15c81f553fa1bdb8293b099a43f100f217c332be267bea602581c1847ef21479b96","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-13T13:27:58.544444Z","times_seen":4714,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-78328792.1a94a034.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-78328792.1a94a034.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"428-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: UPDATING\r\ncontent-length: 428\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":428,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (428), with no line terminators","md5":"839113b3a06297a1185b208299520527","sha1":"df67e42e507fdf888b4f0b1706a0bd54e09763ff","sha256":"ae7439473b984cf35ac3a8199ea3a3ccd8c794d239d0e36fec25cd4a3f0222ac","sha512":"da16c62f7431636915bdfa092d4468b66770272aca96b2e4c27d1bf9cd36b044dc03acb199486e709a3a82c272c9ab6ffe79305e116376d596ec30e3523dbf6b","ssdeep":"","tlshash":"2de0a0a051072a3b2563f0b6a8c20427b655f7abe91291107be305092e7b38a68373e8","first_seen":"2024-02-11T04:26:49Z","last_seen":"2026-06-06T14:40:04.363745Z","times_seen":6807,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-a9f88638.585206f9.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-a9f88638.585206f9.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"7108-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7108,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7108), with no line terminators","md5":"a92df02183518f1335484a856a1bc3df","sha1":"86ecce3175020b4bc9dc98eaa7126ba5ad9e2e5b","sha256":"80bd4f236b99085bb88c4c1fb2767dc81df964cddb44e30ad9ee96038dc5f9cb","sha512":"052562933ff5a39c23cf2fbc2ead1c6b3c1b24b787ed4488f6ad1582e74996e56deb666c0ac4c7bd4db9562284ad4606ced305e8a3de936d414015d4b2954b20","ssdeep":"96:GXz4UsG8OOOOOOOOOOOONaHYUt0bgCusCoG5YNDwTsoQiEbLGVk7AtWA2WyUfSWd:Iz5sbKYxgCtCowY2duLGm7AtmIfSt5Xe","tlshash":"ebe11af6a036e129b67bd2b971b065e97410d912ecc783e9b644762cccc3293275274d","first_seen":"2024-03-15T18:45:48Z","last_seen":"2026-05-30T03:35:54.819696Z","times_seen":1201,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-78328792.2dae36a6.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-78328792.2dae36a6.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"11740-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11740,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11710), with no line terminators","md5":"3bb65c23bdba556ec7f3cf02f0689a7b","sha1":"acf5340a2972c3e20c1df242df2cbb43f508d541","sha256":"58ae85245f0317b9821df88fdc5d75839e2f739f9fad996c1d321021574c145a","sha512":"0c59548f3790ae7214c05fbf6a1dd828c277fed5e4a94b5cd1dce5f7a62cee36b5cdc67aeb1d8e051c2cd09803d841a78108c7a52eac7ee66b04ffe0d9eb019e","ssdeep":"192:6lxthRrXBronDsE/VnwkJ3i2gv419Ii15QtwyO/3a3O56QY3tO/sC4X/5dum5X6w:6dX6Ds8Vwcgvg9Iat/156f3tO/sC4X/f","tlshash":"8532e78c3591bcd90a23b0f5b0ab7456b0968e96540d0542ebf488fa3dbbc6e570372b","first_seen":"2025-02-23T06:52:24.655015Z","last_seen":"2026-01-28T12:30:44.958275Z","times_seen":140,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/activity/lottery!getCurrentActivity.action?lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /wap/api/activity/lottery!getCurrentActivity.action?lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 53\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"5b85c39fb769eb183b6e5b8519ec3a00","sha1":"ae8be787b4c0500a7125bd129f660d18541d9da9","sha256":"ba3dc3cf6e634921eb9eed57e39334b4517b5b8b09327a935ff0d5546802c12f","sha512":"68d10a3cc895858d8bfabcd41db64466b2ce4907d7844dd0f69c6a4b83344aa7b3cda0ba2accbd5e81a925652b4a7dd2580316c1d0b30379f80a10ff687fd176","ssdeep":"","tlshash":"d2800000280e2c8b0803a088a88c3a0080ac22a308c0cb200e8cab3880ae2b22000830","first_seen":"2024-02-19T23:01:27Z","last_seen":"2026-06-13T09:45:16.945028Z","times_seen":3093,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":290,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-2ef5db62.c782d047.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.067Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-2ef5db62.c782d047.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"3290-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 896\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3290,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3290), with no line terminators","md5":"2f06748ac3f1235c97a4cb396a1e7a1b","sha1":"4823ff6c0a91a3656eedf994b38bc678ca1b1343","sha256":"7e82833d28b3db83afa9c628fa630038a05c4abcc4f9aff9ce93c2d1e6550f26","sha512":"9a67e6934ef4a0b1f1745f24cb28648c8cc3e7afa73e59a0542aa7dda86a65e4bf320e3ed8ec5494eeff62c4d11fa7adac854c5bd451394374ffa48a841c61da","ssdeep":"","tlshash":"1c61337122295a2e65b7f0ae61c015dc760ca336e792cbffdea1810a8dc93f35130b55","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.318125Z","times_seen":987,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/banner_01.183cb7e4.png","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/banner_01.183cb7e4.png HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/png\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"91050-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":91050,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 352, 8-bit colormap, non-interlaced","md5":"183cb7e4e9c1e8e3a5a24e5979f2ea5b","sha1":"5496ab511a333e267732b6fefbb6013565b649fa","sha256":"45d681c6d681a965afd9f35944f61954983d9680514839acdc8311121971ecfe","sha512":"9792d41e1c6dc0b7dfa37263e77b860dd0d3834f5d7655499960c133454edc065e6349719c691507ceb7eb27c2ba5cc5d6291b2dcf5ce53bf703b2d1c19d86e7","ssdeep":"1536:rcn3lhNDAuFKUkblgDG8W+A2iIMbvUPi3qwQZbJPwinyW:rc/aHpbtmMbMPivO1winyW","tlshash":"53930280b679e85b98347db00f9daed77ea512593612e1e7c6f2986c704c0dca9083ca","first_seen":"2024-03-15T18:45:44Z","last_seen":"2026-06-13T13:27:58.571937Z","times_seen":3580,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-b4023030.b4f6766c.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-b4023030.b4f6766c.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"6183-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1911\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6183,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (6183), with no line terminators","md5":"46cb2b9940c77d775cb0305a0fdcb373","sha1":"97473a667cd34ab33b5378c02df05091f0c5ea4f","sha256":"369fa1811e220d2e03fdacfb9edbfcb14cfb31b1ced51cf483eaf5e4d50a17ce","sha512":"adb6f0e0eb49a9113e5e92aad710d69a4c485e2afd4695304bf19aa7753f374b5daeef0f01a7808425ffed1716f384b5d9870f54bf41a1359fe23adde9b500c2","ssdeep":"96:V735Bnp0eZAhzD/wFmwxM3Q7BkyJtFoJUx9Bfiea2dFyq:Vzaw+0Bfiea2dFR","tlshash":"74d141132a676560fcbae01e7a547b8e3e5cf643d08606bcf89a7e35c4c7873b518141","first_seen":"2024-06-01T14:29:20Z","last_seen":"2026-06-05T08:23:29.892204Z","times_seen":1846,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-0492056c.fa9a1961.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-0492056c.fa9a1961.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"3902-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1620\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3902,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3902), with no line terminators","md5":"e5107f6c3a7437c7043e59fe22c67629","sha1":"e9bdd01859b7364fd5fb9a02dd4b5a2731286bad","sha256":"4a6153b088af1f459ccf33a4b30defd53b087f7c1187f10aa17e57d9d902066f","sha512":"62b34efab176c7802ad132e426dcc2be9bfb8f9c7298f494039100c983bcdfc26ab142b03974ef18171b736562f605fb0fc237c290b1150365306bb098563379","ssdeep":"","tlshash":"4681612da056e4bccd9ad052710e7231e1722fd6944089aab73cdfb49294da5332f37d","first_seen":"2025-02-23T06:52:24.632517Z","last_seen":"2026-03-07T04:45:22.077644Z","times_seen":167,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-24e95abb.b2e5197a.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-24e95abb.b2e5197a.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"447-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 447\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":447,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (447), with no line terminators","md5":"921bce4f483b1f08e93b4216d27b47de","sha1":"b4a29f334d7440c5b2f40841216224b72c6fcde9","sha256":"66b6628c502e0ea0445dc0ae31e229f358bd8a58aaf06e4eb525757fea64d439","sha512":"44e70871a7b43d640237f9f6f070c10a7bed3b3256e548f42488214ac6cd1421ae2209822abbb46e4940081e816f71e92ba2e6a658d1118cf5e3a9f8e7537240","ssdeep":"","tlshash":"f6f0ec012cbd95a15837c53df1c233b42e20369f0206c7a2ac44ac54c68ba613a14201","first_seen":"2024-02-11T04:26:47Z","last_seen":"2026-06-06T14:40:04.334237Z","times_seen":7244,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imgtest1.s3.amazonaws.com/type/2023-09-27/4ccad6d7-1ac4-4b71-91a2-7f303bae5eb3.png","fqdn":"imgtest1.s3.amazonaws.com","domain":"imgtest1.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"54.231.137.145","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Fri, 19 Sep 2025 00:00:00 GMT","end":"Sun, 23 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:FD:CD:50:85:6A:51:E7:71:E4:CB:E0:03:81:E1:EC:4E:AD:9E:C7","sha256":"D7:11:81:F4:91:03:0D:C6:A5:DE:8A:EF:AA:58:14:BA:AD:33:B5:11:8B:D5:F0:33:53:8B:AF:49:82:E9:4B:A4"}}},"request":{"raw":"GET /type/2023-09-27/4ccad6d7-1ac4-4b71-91a2-7f303bae5eb3.png HTTP/1.1\r\nHost: imgtest1.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: PaLDAC4DakrPhyjtDqf6BIWklGGa/P/uyY7DnivzoAbiB3ivuNpDU2dl8+tYO50nxY0mglBJR/E=\r\nx-amz-request-id: QFVRXEZ12HWNDG5R\r\nDate: Tue, 06 Jan 2026 14:46:39 GMT\r\nLast-Modified: Thu, 23 May 2024 01:50:35 GMT\r\nETag: \"5a8141a1e3f9ae20e358558f847715f5\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nContent-Type: image/png\r\nContent-Length: 204466\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":204466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 704 x 314, 8-bit/color RGBA, non-interlaced","md5":"5a8141a1e3f9ae20e358558f847715f5","sha1":"f7be50d3868c793818255a6094e78053690db2e9","sha256":"620a101a1e114bcc50bddbec1e1bbc157276a7d86918c943589c479e1f824d24","sha512":"bebc62defc949b0295bbc48717a43e974dab98b90383e568eea78e58a503791c8c87473af26443e43eaf9154bdf4e4fa0ab7ec18b37b6d289ea454b3ece93a54","ssdeep":"6144:6n2eIy8lDUjZw6TiGDMkl8T4Ax0DSOyYl:6n2CjZnRi4AxeXy2","tlshash":"b61423bdb2efcc1a21695ad1d4719b7ce7b85db0d448343803714296cdca53a6ff0928","first_seen":"2024-02-11T04:26:45Z","last_seen":"2026-06-13T13:28:08.518745Z","times_seen":5018,"resource_available":false,"data":null}},"time_used":1362,"timings":{"blocked":481,"dns":22,"connect":93,"send":0,"wait":120,"receive":284,"ssl":360},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right4.6d5f23ff.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.221Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right4.6d5f23ff.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"4704-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4704,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x152, components 3","md5":"6d5f23ff9ecb9724c07b2cd1541269f9","sha1":"5e750c426346b1fc8fb169ce8539ac98a13614b1","sha256":"52e08b3d2f52fb6b3ae31c2df98abd68fcc703e02f2fc21b68743f5f0f254d1c","sha512":"4a3cdf202ec25973c245ca77c96782ec1b6b9402dd6fe9d654dd3696b2929a1f0d2d3ad76d63a40998685fe0debf4ac2b66c742307b7f8a8040e386e64c72eb2","ssdeep":"96:Wh+tAiYHAua4Aqt9u4F3DRBfO18AB/x0qaZIPdwR3ODcpOfxukRbnCRTVMfn:E+tEgBvEwgRyHSIPmR3OD485hn66","tlshash":"43a16e9acffa688fff121f7ab124246975810e026a01aaf344014d7a7927c318743596","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-13T13:27:58.522183Z","times_seen":4713,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-3bb28e34.c6474aa1.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-3bb28e34.c6474aa1.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"242-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 242\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":242,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"207b8b759b262464712f92d1ae1e37eb","sha1":"7029c92363ea630f095754daf11add091fcb57dd","sha256":"83e8578a1c454c2177dc7c70879f3a2e5e917cb457b060909784e71ddaec84cb","sha512":"7ec9d45d68a15b191ab0ec850c159b6a09cdedeecaa33c45bec5870115ae5717ee8cbdd1c020cdec12987d0705e88b487287e93e72bb2ced89b80fb446516a1b","ssdeep":"","tlshash":"45d0a731b39c5824b527c0dbe6c568c5b6043bb2984974b6edd31f68c887453716834a","first_seen":"2024-02-19T23:01:30Z","last_seen":"2026-06-06T14:40:04.482686Z","times_seen":1462,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-3bb28e34.fde28ff8.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-3bb28e34.fde28ff8.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"9694-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 3866\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9694,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9544), with no line terminators","md5":"24da600d80d56e3e5ac601248f03cd7a","sha1":"f953011137ca530838a5a35cd2f3050628e7e34f","sha256":"a5c3267a0bbc542dac027e493405b16c2d8d2f7e210ce046c0eb8cd3386f327a","sha512":"a4256fadd411d0a95fca97acd0ec161b7dbf9d1389532fae6365cd73f22190407cbfab7b88385f76b36b3a8acc4362a861353614cf97efb51320ca5011afbc71","ssdeep":"192:PqpEERr5tC55V5kFGZFScdvr7MZE7CnbLn:PquER0DtZQctroOC/","tlshash":"2a12e949ba51f8de0b6360da706fb056f29112257c0d15e2f2b5c8f739a9d1d232372a","first_seen":"2025-02-23T06:52:24.644497Z","last_seen":"2026-01-28T12:30:44.9251Z","times_seen":158,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-4a688b54.a6224730.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-4a688b54.a6224730.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"11653-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 4050\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11653,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (11611), with no line terminators","md5":"cac1eb346548aba113dda9997e672fcf","sha1":"1b770c7b7ed8fddc38a3699128908b8c2ed5fb81","sha256":"898742034b21cd7dd80ae2625308976a3b5fbc45e036c74e5e8952b82cceb774","sha512":"08a4f98e665fee47e24e2090c25bf672599eebe9f9c17c940176416e848308b343ed5af7083c1999e8900ffee29fa85fc214e6bf7b8409afd79f53ed040cf3ec","ssdeep":"192:CBo3gweyB73GmgA4Whyd7BaSLZ7HfmkBv6vDSs:n5eo72xWoTNs","tlshash":"7932d6487293f89d09a350b0605fb907f1a92a51380d9696f3b4caf539bcd0e6326f3d","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-01-28T12:30:44.890021Z","times_seen":160,"resource_available":false,"data":null}},"time_used":245,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/newOnlinechat!unread.action?lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.673Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /wap/api/newOnlinechat!unread.action?lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 52\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"472e9a7530675f76d965067fcba6278d","sha1":"e1fdae764ba06c37792e7b2a2549c88cf3350b09","sha256":"26de7e215697f7b90d77581633fd7fe0b379ba230d1a9c1a0b502ed862b3f5bd","sha512":"7f765b18a1b6f5818daf3905ed24ae9f4283248ac7a41bfcca65dd1be696c9a741d510629b6134940784b3cb832fe3be7fa76881cb2d01f226e1246a70039e7a","ssdeep":"","tlshash":"47800000280e2c0b08032088a88c3a0080ae22a308c0cb308e8cab3080ae2b22000830","first_seen":"2024-02-19T23:01:28Z","last_seen":"2026-06-13T13:28:08.572646Z","times_seen":8685,"resource_available":false,"data":null}},"time_used":317,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":317,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/sellerGoods!recommend_new.action?type=2\u0026pageSize=24\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.966Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/sellerGoods!recommend_new.action?type=2\u0026pageSize=24\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 64\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f2982955040e03da061e625bb0bf375c","sha1":"20181528c67d8f347372b93f90d96e7d6c3cfd0b","sha256":"aa16d955b045de5c2728a37653d3f51d5f24f6e43879c0214e7b015079356608","sha512":"503575abcbe6db127825c8225d96bc0142d885aa83f74e8b5558ede44b0668ea953ffe7d3087c4d55b98b8550f776ebce4c989e93d571590ed8aa03789e88bb0","ssdeep":"","tlshash":"b49004403c0d1c17040fd545f44c3540455c315307d4c7300d4c5730415f1753d04570","first_seen":"2024-02-19T23:01:28Z","last_seen":"2026-06-13T13:28:08.539304Z","times_seen":7307,"resource_available":false,"data":null}},"time_used":379,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":379,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-376ad29c.cf3ef494.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-376ad29c.cf3ef494.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"21435-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21435,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (21435), with no line terminators","md5":"347e7471c06e54b272c94be9c1ad23c2","sha1":"c861e89f40823ab23cd3f71a14bb2146b4848c63","sha256":"274d806042475f7c8c017e971f32194339ac1c74bcea70a23a2743af61b3b43f","sha512":"88b410b900b577eaa4f8c0b87fcd9408c26e9234b360c484a2fc205fe3438adb714a0b4a9a12a4af442be36799d6484a98e47a2ae41662c85bfa07730bbca22c","ssdeep":"384:3ZMkIQyEkkeX/pZ25ZC85s8CkC2caIdR2iW4YGrSLjhh+P5/e7R0N:jIZEheX/poF5sVGUqtLr+P5/eVy","tlshash":"e1a208b1b22d223cb937f2691a8156cdb460f263e4568396bedc7325c8c36e36d34265","first_seen":"2024-03-15T18:45:48Z","last_seen":"2026-05-30T03:35:54.799409Z","times_seen":900,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-a19b6e94.618d092a.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-a19b6e94.618d092a.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"15265-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15265,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (15265), with no line terminators","md5":"e25d809f9de11c7d85495343aa166b4a","sha1":"a953f732d5923295924398ad4bda8f7e2b5f8d18","sha256":"5bc2df253d04ba86acc28bc740dc5e2817b723139ad3ccaa236debd4116accb1","sha512":"46d7b7949fc30f3e1d4ef5d11b98efa99ef5af2e20b43bfe27798c1e10894572ed03ec9ec0628174c0a85090c8f030e2de6f130a3120de5b8fc0369e74833d63","ssdeep":"384:i5s8CkC2caII41+qFkV0vD5rw/CVFcjLU:i5sVGUI4EFaDm0FcHU","tlshash":"2662c47a7034a539b5bb966d3098a4ce7053e943c15782bdfe59b12cc4c72e3663138e","first_seen":"2025-08-19T13:02:14.721463Z","last_seen":"2026-01-14T11:25:19.804873Z","times_seen":63,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-4a688b54.8fe95911.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-4a688b54.8fe95911.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"1118-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 490\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1118,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1118), with no line terminators","md5":"51469bb71eb3ad53d091813383d59f9f","sha1":"2dc9da09668fefdab35ccfe6c6a3ec5485ceea3d","sha256":"d9daa1e1faf153cb40d02fe3294adfbf28aeb622797e00cf94c101ccfcf0e073","sha512":"aba105e77a63de395ba92e7d7557d7b7ae209f72dfd735132a2b4d234f8ac75e09d4acbeee7b2cd6e25307285d4d3a4988e9b8b8758761b595c96d20994bfffa","ssdeep":"","tlshash":"d221cef1906510385aabe6b430f0a9b9705df145ea63199c5d6533ad49d378f02e02ce","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.435641Z","times_seen":5604,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-376ad29c.aa3ac6c5.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-376ad29c.aa3ac6c5.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"50699-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":50699,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (50623), with no line terminators","md5":"49e972a2e64eff6adc0861e762ef062a","sha1":"7a16c115394f807135c947be094c4b39a3612657","sha256":"97b7802e56e78ab889d4900256bac0039884633a7a67d401572df1132c7eed7d","sha512":"5c2555a4800cff27b385789ec62a77cee2779a060eb8b3efdab1f2288d260a41994f1fc25b0e1fc1a35512710698946ff8fcecbf366cfe18626d8ac605a6f17a","ssdeep":"768:wX4uI37KNbqUxeV4GQ2jD+OJhBnCV9Pnyw1R3JHmWSqBPi:aJikvMvXIRyG3JGyB6","tlshash":"f03318576128b46d5e6656a2305b30a0a2a43be45408849ff67ccdf963dcc243b0ff7e","first_seen":"2025-11-12T04:02:15.989158Z","last_seen":"2026-01-14T03:40:42.890604Z","times_seen":56,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/banner!bannerList.action?pageNum=1\u0026pageSize=8\u0026type=pc\u0026imgType=1\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/banner!bannerList.action?pageNum=1\u0026pageSize=8\u0026type=pc\u0026imgType=1\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 345\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":865,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"c07fd72af1d0908a3b2c004e6739a811","sha1":"0a9865f6f4288d96c44bd456e7061cce4691c88f","sha256":"62b7ab3a9e1d0a68c6a71f88c472f58d08ccb60038ae86a7f678026473bda5d0","sha512":"49d2dbc2446f3020f2f3d7d9a8abd76b4123b9ce16b7ce382dfa6d665e1e2d9aa75cf8b1d98db531befebc354c1ddabaf79d7b8eaf96b9b3dfebb4df2e0315e5","ssdeep":"","tlshash":"9f11cc031f9cd45409987b828cdeb584d27ca61b5de58e0ad89ede0c6a24f7c242d352","first_seen":"2024-09-28T07:38:00.800666Z","last_seen":"2026-05-16T01:41:49.233217Z","times_seen":919,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":260,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-4f3cc811.c70dd4a7.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.703Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-4f3cc811.c70dd4a7.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"111-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 111\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":111,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with no line terminators","md5":"6fa0ecf4147c8ce0222c50c699e3807a","sha1":"a77f07547a33f9b6ec67e6eed37629f508f97a6b","sha256":"6943a6d74dcebdb81ed9b48152a94e537946bd452b87590c4179c966722f5719","sha512":"8cc93fbb80c2bbce59ed5c2bf12fbe7ca0c49da27fa32ef1bbaafbf84aace700d4e60931ad95010ae4f7a5405b3e6f475e9ebf8431beb768ddf5d95ac4efb1ef","ssdeep":"","tlshash":"66b0123a734b04fc8c2ff0203f5988b87ec13322e11924035f9c8024451e7027c30210","first_seen":"2024-02-11T04:26:49Z","last_seen":"2026-06-06T14:40:04.445601Z","times_seen":8474,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-43f51806.0daa9b11.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-43f51806.0daa9b11.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"1374-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 522\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1374,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1374), with no line terminators","md5":"7a0ea81bab09a5e259ac1884d3f72012","sha1":"d87441160241af9deea25169e8fb52a8537929e3","sha256":"b2217a779e1c0810181c9c1cc122bbd3ff1ce69d94164bf7b1e308cceb93e2c6","sha512":"a0d4c2bd68e73bc95ebe419ae4fa1a9210de9ff9e75bb7c3694bffa92fffb77dd7373bc7c3585ba1a9a67b9a3d0207afd87e34d630ba821177a70512c061bb98","ssdeep":"","tlshash":"e3215b00355e673edd37e67e64805abd6900e26bc453e227b9889405cecaa572813ed3","first_seen":"2024-02-19T23:01:30Z","last_seen":"2026-06-06T14:40:04.393299Z","times_seen":5043,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-83fd3762.bbf1f88d.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-83fd3762.bbf1f88d.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"2267-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 790\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2267,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2267), with no line terminators","md5":"8c6c2e32d246f43938c015ddcdeb69c0","sha1":"b6c0900796b2f918e95196d1deec6b6bb23de45c","sha256":"2286584045d499c3f6d7e0178051e8cee89b1e36412f7e91b095f677e1b46c73","sha512":"9bb9bf502e8cfe654b271eaa74dfbc90f633cc0ffc25cd2811f89643b603d79584fc1396ad80f23b84cf54beffa20f21ab81a34c3f799d0b7b6cda721418feab","ssdeep":"","tlshash":"5241c0737065617ad9b3e36972419ccc7a81f243e3b352f8fe95e43c89c2aa2193019d","first_seen":"2024-02-11T04:26:49Z","last_seen":"2026-06-06T14:40:04.440992Z","times_seen":6380,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/syspara!getSyspara.action?code=customer_service_url\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.667Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /wap/api/syspara!getSyspara.action?code=customer_service_url\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 103\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":94,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"5dac84769521ae7a9d32d588a4fd1eca","sha1":"c41ba191cc2d834fc7a5024fcce5ca06a3e6fdce","sha256":"f2d413133bd36d8ee7405a2a7dd29b0effd8d8eb877045c7709034c83c67c478","sha512":"0d84dfa2c5474a625c463b1b3d4d838b8c6d4d3bf24a9a66e9d8931e4072ec8349dfaa86f6ff733d9f326841733a8f462c0222a6286b2b44551278c05af8df4b","ssdeep":"","tlshash":"e9b01201004d981a0152108438bc3404cb0ef80358d09d345b486db140ea2e82004d14","first_seen":"2026-01-06T14:05:15.37964Z","last_seen":"2026-01-06T20:04:09.397606Z","times_seen":4,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":301,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-50d79b30.0f594967.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-50d79b30.0f594967.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"2488-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 648\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2488,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2488), with no line terminators","md5":"4890366680b9e8d4c468a8489db5d4ac","sha1":"d23b2634a28b365388c81e06d4489149c75500a7","sha256":"0b9eaa9bf0012af1f82493c9cf550761f87f87c3a793be2c3c5484aa44cab4ba","sha512":"98d5ae88c2f3052aab4a1139d61329c29395cb24e33e9cb8313ecf136874191df1c32ee68db83dc7d28029a49c8a0c25cd49f02e27e4c6fdb368628d782af404","ssdeep":"","tlshash":"235158712490297457fefa2a9c8676ab3103fd93e61150cd7847871e8cdafd228e1768","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.501354Z","times_seen":2074,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-574f8736.062468f8.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-574f8736.062468f8.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"6662-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 2407\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6662,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (6560), with no line terminators","md5":"6827f8cbcee001e0b5387c9acd526284","sha1":"dff077126ee70906ddfc2eb89b479d0daacb9c0f","sha256":"04607b26777138d40de946359b4d4cb887950f6bf623de5230d697194637e1d2","sha512":"fa8f3dcf3984c613461c8d0748a1a381ae3c01b8b7955c6e149c56d2b75b3235e56f28dbef8ac6d8ccd7601e6cab0bcc8d9c4bdbe94683a4d06885bf3335c23a","ssdeep":"96:toVtr/FXo3c1tx+9eXygLnWpcqkIGm6ZriCvWRZr/JGbmA:KBo3go9otWj5KOHGf","tlshash":"3cd1c8156247f55d0d6786a0304a3520b0683f98640da49abbb4dff976e4c18337efbe","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-06-03T23:39:34.517282Z","times_seen":3400,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-b4023030.d99d2f55.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-b4023030.d99d2f55.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"59838-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59838,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (59838), with no line terminators","md5":"4cb34d20ad72452e9f6a485688fc546a","sha1":"a5c3f1112f9f28159e04e2001a1f458c99e7b226","sha256":"597c5e71f669472d6c6853ac0b08cfea5395c05f90a308fe7dff3bd0d10d0559","sha512":"2e846b48b35e9e03ac2bc365dd8eeb3ac3f41d16b57028efd730d8518c703d98e03a969d6d6031af0ff14bf883d506d3eb966017e9224381ca89130e2f1bd3d1","ssdeep":"1536:fDaeK86yPWHJtxEa+BZtYnzYcXbKc7rfqtCZG6v1f+yOgv14:fDLlWHKBZtYzxrKc7syG6ss4","tlshash":"c643d03720d3a4d31f2ac161324ba84d8d769badd182d5c3f278b889ec5fe74635e098","first_seen":"2025-08-19T13:02:14.731088Z","last_seen":"2026-01-14T03:40:42.808577Z","times_seen":54,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":260,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/sellerGoods!recommend_new.action?type=0\u0026pageSize=24\u0026pageNum=1\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/sellerGoods!recommend_new.action?type=0\u0026pageSize=24\u0026pageNum=1\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 64\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f2982955040e03da061e625bb0bf375c","sha1":"20181528c67d8f347372b93f90d96e7d6c3cfd0b","sha256":"aa16d955b045de5c2728a37653d3f51d5f24f6e43879c0214e7b015079356608","sha512":"503575abcbe6db127825c8225d96bc0142d885aa83f74e8b5558ede44b0668ea953ffe7d3087c4d55b98b8550f776ebce4c989e93d571590ed8aa03789e88bb0","ssdeep":"","tlshash":"b49004403c0d1c17040fd545f44c3540455c315307d4c7300d4c5730415f1753d04570","first_seen":"2024-02-19T23:01:28Z","last_seen":"2026-06-13T13:28:08.539304Z","times_seen":7307,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":397,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2ef5db62.b80aa325.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.031Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2ef5db62.b80aa325.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"17017-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":17017,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16971), with no line terminators","md5":"67b92cfc754be57bdc6f4cd19eaddde0","sha1":"ff1be038beb446f655351a6b38dd5b6898e51300","sha256":"3afe2072d25313e434d48e990a3d9fcdac2fc4245bd1801a7d45f6065558f012","sha512":"008bbb1d8cf35a7b81feaa618d4669ad4a36a59c02c0e52c5c464a667280c72d5fabb9d94694f4e47784b2a8cb4ac642b8263cae6c02fc38582909c8ef5b486d","ssdeep":"192:glxthRrXBrUFGaEERrSr8yS7cAfo8KwRHfnQMsfN8qAV5rQzpV7ocKwRHfnyMs4/:gdX+M1ERE+7HnhqIU7HndqIRlRt","tlshash":"0372f92a50047c9c0e61a0ed702b3464a05a95105919df5bffb8ceedbaced2d261737f","first_seen":"2025-11-12T04:02:16.025986Z","last_seen":"2026-01-14T03:40:42.784139Z","times_seen":56,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-a9f88638.ed8f2f80.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.063Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-a9f88638.ed8f2f80.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:41 GMT\r\netag: W/\"10859-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10859,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10859), with no line terminators","md5":"4576ba94cb5bb372bde2a8d3805ab577","sha1":"b8ebee11661c562a71aed4b8e13af4de80d96711","sha256":"e86e616a75a0aa6fa76e336e26f657e2448108344358cbdcefb8c8bdb798dc1e","sha512":"0038585406aa7067006baeff76d9d4137c883f1fe31ed43871a592b25c39a5beb9e490b3491fc5dea2603540a763a59a358313d8fc8ffac5de1b178e34ee1bc5","ssdeep":"192:8/sOYPMSXr6HqgCI9pn5VsseOyVj+4ceGyEufSau:Ks7NX2k8Xez5+4ceGafY","tlshash":"8b22e70ab066e9b88d9b41123116a27471765fd1f44444eef7bccca85689e78332b37e","first_seen":"2025-08-19T13:02:14.851561Z","last_seen":"2026-01-14T03:40:42.820717Z","times_seen":58,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/logo.df085cbc.svg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:41.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/logo.df085cbc.svg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/svg+xml\r\ndate: Tue, 06 Jan 2026 14:09:30 GMT\r\netag: W/\"5721-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:30 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5721,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"df085cbc4038cf578fd93c40d41e16c7","sha1":"e454a7f317a0bd270c3f81a098ee2dad67448206","sha256":"c371d47546e457eabce34de3085eaa81dc7d30fa355ca5446aa73fa86016f551","sha512":"75b5cdae3619691502b4f6329862fd0a6d3c126a7a27a7f76d10b51a24f53c915cbef2fa33c741caada5cf8b431a75300c4b16f605fd6008986b839df7af52b4","ssdeep":"96:1KfeEztIF8TjMXTO+HyY9UE/mCH+/87pU8+V6Y9fcIkfcuGF1vVKnlU1dQU7jVgH:1oTi+RMCCe0O8K9CIk0ZwnlU1C2jUR","tlshash":"f8c18f3b4e4f097d8fb59ea9127ce0231dd062daed42465c6dd638f0c85c4879ea2a4c","first_seen":"2025-08-19T13:02:14.882206Z","last_seen":"2026-01-14T11:25:19.95549Z","times_seen":59,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right5.1ea7fcc6.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right5.1ea7fcc6.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"5524-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5524,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x154, components 3","md5":"1ea7fcc6e9b3100bffbe6b7f028ff17f","sha1":"61c58566bbc59e3f7eee8fd0ca827c00da52a17c","sha256":"a3b706331a70ffa493547d558a58857bfa2dcbe54f11b19745a8c0ec4692e045","sha512":"7c129d8b0f97c5c3645a966ea129cf352e53997c2caeb88d975a6774bb157808dec36999b766942663622fce8ce7ea387d4a2a5f4385cb68481e554b4dee4d05","ssdeep":"96:WhJUFeNHgld/rdM2oX1pfs1BBfcVq3CxmaiVFMbo9qJC1dwH2J34Rm1cum8lwoRY:E5NH+BqBl1kBBfc1xmnQ7U1dwH64AyuA","tlshash":"d6b17e19e62eb807cb2aadfb2d5c259661011ab47f1c0bf245b121ddbd42cb1af15314","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-13T13:27:58.456154Z","times_seen":4690,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-74926972.0bd1ca12.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-74926972.0bd1ca12.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"89105-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":89105,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (54759)","md5":"17b98542d286b81ac2ed796cb35f9c64","sha1":"4bdf5ffeee53be6c7a1e720138fd63b562ee2cc1","sha256":"43bb879cef41b63008f6eda1e44865f5320444038e19772a9538c7bd5c8d8499","sha512":"a6c1dfe2dd9cd75150ea9ed78f22c84dc2d5a011f6af57f050b72018ccc0d4ec5f90e87831019aa2008b33710de9d614bad1ad56ee76c01ca6d52143f46aadf7","ssdeep":"1536:XVpb5uz9we4EPsStPHXannPzQY2Y2eN8ce9PNoZAlE2f:XJ3qHrY2g+ce9PNo2lx","tlshash":"df931a88f2d5b17603a355e0442f140bf176a929a84988a8f734d4e1bdf4ecea47bf74","first_seen":"2024-03-20T05:26:53Z","last_seen":"2026-06-03T23:39:34.631042Z","times_seen":2832,"resource_available":false,"data":null}},"time_used":263,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/vendors~app.35d8944c.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:34.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/vendors~app.35d8944c.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:34 GMT\r\netag: W/\"248173-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":248173,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"7739722848fc1803f8afea0e50e3ceba","sha1":"4d679fb1a6e8e4295873b410b2fd6fe85dc5b58f","sha256":"f31c2497c2dedb833ed17ff0ddb9fc3242dc5fcb25b429c81065a76e33e742a6","sha512":"888372c798f45cb52382017e9ffb4ef30f371819f4b6799003e50b7ab70367ca6cb01b12b3a53c449e28005789db84404ee7e917f81e0f8d404198b6e400ce11","ssdeep":"1536:t28Y7SrW3YeWXA1u9w4HCe/l4JrgW9cMERw4B78O6iZkJgYu8e210kSDDvIc/ehG:WtKw/27eDLL6ob6v7f65WCXkb","tlshash":"8b34b6109b17203bb22bda6d74d0ba892f25c313d8334b7afe95790cc6d64991263e5f","first_seen":"2024-03-15T18:45:47Z","last_seen":"2026-06-13T13:27:58.557118Z","times_seen":2436,"resource_available":false,"data":null}},"time_used":666,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":666,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/category!recommend.action?\u0026pageSize=50\u0026pageNum=1\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/category!recommend.action?\u0026pageSize=50\u0026pageNum=1\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 166\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":248,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"af774e50a151863cb10243afd179da43","sha1":"54c698e2a12180741dd8327cf5ba5437ea19114d","sha256":"0487f086d474261178aa276f5a5c9ab2752996360f639c4eff071e274e1b72ba","sha512":"978242b9e70e6bd5a10597bdd4c93ff192912ce2dcdb7f114a24f149847c8d5b8493996e061e6b88dcbfde37f124d6ae5ed8e3dc2b30e40a8a43ec2ce6a4a410","ssdeep":"","tlshash":"9cd0c7403c381b65cb8d402e7807391b66ad31d78f04477857fc8760533bfea2a85555","first_seen":"2026-01-06T14:05:15.39375Z","last_seen":"2026-01-06T20:04:09.357418Z","times_seen":4,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-2d3b15cc.1065e47b.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-2d3b15cc.1065e47b.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"8220-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8220,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8220), with no line terminators","md5":"15af1d3c26e82f554e22d4b92989e50c","sha1":"21febdbf6c09940131326c18d6c6b5881074b618","sha256":"330f77708473892fcf35599941ab374c7dc73f4e2d71923161330537dfbb637f","sha512":"2752f6891792617b5a6e0e7aef54d792861597683c59ffa9a44525ae90d438a03e2bbe7c31a106dcebdf686e409edc822af50910d2aa3f54004a8ba1f929bd69","ssdeep":"192:Iz5sbKYxgCtCowY2duLGm7AtmIfP5iFxWXo:i5s8CkC2caIIsFko","tlshash":"ab02d5b7a0b2e029666bf0a9757495f87444da12ecd783e5f6847238ccc32e31666b0d","first_seen":"2024-03-24T18:07:05Z","last_seen":"2026-05-30T03:35:54.884855Z","times_seen":1196,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-39fb98b5.c41e129c.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-39fb98b5.c41e129c.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"11736-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":11736,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (11736), with no line terminators","md5":"328f2de1d42497418d4a0d7343dcfc0f","sha1":"5a985e5624c51fc2fdad07ee3d745bfccf805dc6","sha256":"2cec2a17088a01df5e574e2b2155f7197080c85cf663e8bb49fc5e8740a16d90","sha512":"b94f35313cb7efc1b67ebf8be4a0e208b206d30d5e2b99c8d523b445b035bdb264eff5d5ba4ac803ee915b57e2fa3582c51c40588fbff27b9bc101821034a4a6","ssdeep":"192:j33sODCMSXc6xJ6gCA95PR90HXEWFs5d24uU/EGuSVj+4ceHm:jnsAKXjxOMkUOEBcGT5+4ceG","tlshash":"ca32e74eb0aae6bc889b00213106637475767bd5f00849d9b7fcdce85949ea4272b73e","first_seen":"2025-08-19T13:02:14.764237Z","last_seen":"2026-01-14T03:40:42.771452Z","times_seen":58,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-50d79b30.2b487c91.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.536Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-50d79b30.2b487c91.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:40 GMT\r\netag: W/\"2983-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 1260\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2983,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (2979), with no line terminators","md5":"a90cfd8894378845b7588c0a51e5a3b0","sha1":"30e4d08a17be82186fcf3e3d831953c6b3febfa4","sha256":"a7d904eb3bb068b4a0391f212665fe91b34850a4c2117db499f42365e09ee092","sha512":"2a36fcd7da4d71c29e13f0d950c2d92248b11bfded147b37bbc2d18690f28907d8a71f6a41451604326ae717a767b8191b3be7c1b4d7412ce8f3c7038937cd09","ssdeep":"","tlshash":"1051524c5462f47d898e502a311db734a0713fe34484a4bebb78ce9592a8e61370f7b9","first_seen":"2025-02-23T06:52:24.649014Z","last_seen":"2026-03-07T04:45:22.165523Z","times_seen":165,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-971b8156.f79c8552.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.095Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-971b8156.f79c8552.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"13663-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13663,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (13655), with no line terminators","md5":"23e303e1d457ded5c19fb3400a22b026","sha1":"252ee41d519536f951e581e385b134c44d17d148","sha256":"817dd349f3cd067b90ec0a1357b16f6485467350f8e4c3c77dee13591d00ff16","sha512":"95ebd0fe0352e0da1b21d23d54c3313ef8a1597a7b583484a7613b8091017f3aa4734bf841435d29decfbfcb8c521a7b62801ed47f9c945e0230a590cfba3ff0","ssdeep":"192:NzCjfAcMsHRpMu7mWKD12R+YEX+WzU9MuMOO0L5xq/cictjAfNeNF/BPsGCS:sfNMsHRp3Q19X+WzU9MKdmmvPJ","tlshash":"e45285e6c470a4bd495a82b22055f1e0fb643a1cd106554efa7cec9b72dd424332e77e","first_seen":"2025-08-19T13:02:14.744046Z","last_seen":"2026-01-14T11:25:19.931574Z","times_seen":60,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imgtest1.s3.amazonaws.com/type/2023-09-27/de5825e3-c72f-4186-9503-2b6b89af399a.png","fqdn":"imgtest1.s3.amazonaws.com","domain":"imgtest1.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"54.231.137.145","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Fri, 19 Sep 2025 00:00:00 GMT","end":"Sun, 23 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:FD:CD:50:85:6A:51:E7:71:E4:CB:E0:03:81:E1:EC:4E:AD:9E:C7","sha256":"D7:11:81:F4:91:03:0D:C6:A5:DE:8A:EF:AA:58:14:BA:AD:33:B5:11:8B:D5:F0:33:53:8B:AF:49:82:E9:4B:A4"}}},"request":{"raw":"GET /type/2023-09-27/de5825e3-c72f-4186-9503-2b6b89af399a.png HTTP/1.1\r\nHost: imgtest1.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: m5yUULkk80fyUPQiJ8xi4tq6XoAYc34pVCY/bCtUuefGs/x2m8MGV6RsKDrI8rhwEtzh+FSxrUc=\r\nx-amz-request-id: QFVWZAQCXZ999S0E\r\nDate: Tue, 06 Jan 2026 14:46:39 GMT\r\nLast-Modified: Thu, 23 May 2024 01:50:35 GMT\r\nETag: \"fe338c9b5d010848cb21a1db76fadf7e\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nContent-Type: image/png\r\nContent-Length: 227074\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":227074,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 704 x 314, 8-bit/color RGBA, non-interlaced","md5":"fe338c9b5d010848cb21a1db76fadf7e","sha1":"45eb4551bb82a4993dbc63c4bbc236b89b52fe61","sha256":"eac06e949524de896c14555b703c2a7c6e63c573083b7544a336f8c027fdde81","sha512":"e12280cde3ef9eb88c6ce4af8447dd342bfda378d30776541085a725f5624aef98c048e18e724f704b821de16afd3ff424fc4ad6649908c6885410f616111936","ssdeep":"6144:vIwTgSDMGq8hLz6R+CxH/SNXquhJbgcqnHNo3mznP8:gfSQGq8hO5/EDhZa23mD8","tlshash":"582422ae161261137fd59cb23cd193ac335797989d8dc1deeec305603eb802794eb886","first_seen":"2024-02-11T04:26:46Z","last_seen":"2026-06-13T13:28:08.565385Z","times_seen":5121,"resource_available":false,"data":null}},"time_used":899,"timings":{"blocked":244,"dns":26,"connect":93,"send":0,"wait":121,"receive":284,"ssl":124},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right3.9c862538.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right3.9c862538.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"5499-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5499,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x154, components 3","md5":"9c86253815081c0c34036ff07d755cb5","sha1":"c76c8077affbb0a17ef370150dfb718db290a455","sha256":"29f7b8a55109e9ad235762ef2edf7523357ac563202f2ef931aa3099685c9e8a","sha512":"cd0ee09be0e8c939646c3e72e32a70a37017bb27f5bf23e3167776e8aaf81c0ff3868ecc1eb12df37341088e1aeba54cc1605c88aaf44a89000a8eb5b53b65a5","ssdeep":"96:Wh4J1bDl2qrFHk8A3CrwfOIngvJlMde582vqxe2CjEploBUs3:ESxPFHk8A39QhDQVoBX","tlshash":"04b18e9fb6cb7d90f776043be0c61d5522d67b0615e0a7fc8098aa4f98bbc714d10879","first_seen":"2024-03-15T18:45:46Z","last_seen":"2026-06-13T13:27:58.566137Z","times_seen":4691,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-55a26a12.7840c12a.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-55a26a12.7840c12a.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"1392-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\ncontent-length: 402\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1392,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1392), with no line terminators","md5":"eddc635fcf3cb8f345a6c8bbcc9b6036","sha1":"7a3f2d798cb53dffe7cf6c52e071c865d5523bf9","sha256":"e77e73c25992fab28ae631f7d15520056b9106d43b95f0e07d73c49f5b89d984","sha512":"43c604de6411e0e4f6bc49e2bbd34338ebbb33d4b57be4b8f6707e35c5f31ec387c53308175d54075b64d61c6f10261c1b2ed4b4bda60af37255c2887cd02fdf","ssdeep":"","tlshash":"dc21f4f86136523660f3b437286142e67aa8faef51e1a10d6e8a504c9467f025f33c46","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.483586Z","times_seen":1365,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-06T14:46:32.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/html\r\ndate: Tue, 06 Jan 2026 14:46:34 GMT\r\netag: W/\"7289-1756837222000\"\r\nlast-modified: Tue, 02 Sep 2025 18:20:22 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: BYPASS\r\ncontent-length: 2008\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7289,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (5351)","md5":"434440d362422d131075f669fad3fe6c","sha1":"d4003daaed02ddcc6e35106e40d49576640689c4","sha256":"c4629785104d6f2a58d9b9f149421f5e34f2f0ddd5b5c9c6a89e14a6b3235d89","sha512":"bfaebfd5bd65769bb08c002448a9d046daa164fb16613cc982a5b1a29adc60b87043a0d0a1f68ae364dd2fe04d4bc2087508a1e36d81b17c058d34cbfd488e79","ssdeep":"96:dCckG7+f82tAHhvDYEp2NVNtpAU2PQuO/eBJQUf7ox:dCcufJt2vDYbNVNtpAU2PQuuebDox","tlshash":"dbe1ddb9de40608ff9f0de879d29eb2ae9cb8c771130e050e219944fc968fd4516b947","first_seen":"2025-10-06T03:51:01.373998Z","last_seen":"2026-01-14T14:41:34.097515Z","times_seen":62,"resource_available":false,"data":null}},"time_used":4022,"timings":{"blocked":1880,"dns":353,"connect":1270,"send":0,"wait":262,"receive":0,"ssl":254},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/banner!bannerList.action?pageNum=1\u0026pageSize=8\u0026type=pc\u0026imgType=0\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.942Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/banner!bannerList.action?pageNum=1\u0026pageSize=8\u0026type=pc\u0026imgType=0\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 64\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":44,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f2982955040e03da061e625bb0bf375c","sha1":"20181528c67d8f347372b93f90d96e7d6c3cfd0b","sha256":"aa16d955b045de5c2728a37653d3f51d5f24f6e43879c0214e7b015079356608","sha512":"503575abcbe6db127825c8225d96bc0142d885aa83f74e8b5558ede44b0668ea953ffe7d3087c4d55b98b8550f776ebce4c989e93d571590ed8aa03789e88bb0","ssdeep":"","tlshash":"b49004403c0d1c17040fd545f44c3540455c315307d4c7300d4c5730415f1753d04570","first_seen":"2024-02-19T23:01:28Z","last_seen":"2026-06-13T13:28:08.539304Z","times_seen":7307,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":256,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right8.b1412bc5.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right8.b1412bc5.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"4948-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4948,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x152, components 3","md5":"b1412bc5ba0e763ff23aa08e3edfaedd","sha1":"d47b7b57f0147304de91e48497863d4bc90f2582","sha256":"a787935def85b5205fd886da2128855c877ab64a61755efee88d38c3f53d8b26","sha512":"d008c03d079a300f48904ce78873596b45e8d763f410e1707961ffdcd8786c57d2c78e9b191f42d50fba60009c78b843cdd0fd8cf4d3faac2c3d913c9cba0c5b","ssdeep":"96:Whjfa1ZcZcf9nqATAMmrGxCMpAdWWxzq/SVbFNXJakuuHcPL8z1UlmXexHgvMjH:Ej8Zbf9nXTYMpfWZbFNJuu8PYz1LOxHv","tlshash":"a4a17fcc3a345e7bff2491b3768b17391718092524bcc37921aa2e2c3e0ed704869d67","first_seen":"2024-03-15T18:45:45Z","last_seen":"2026-06-13T13:27:58.555842Z","times_seen":4717,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-574f8736.7da50378.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-574f8736.7da50378.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"971-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nx-cache: HIT, policy, disk\r\ncontent-length: 971\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":971,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (971), with no line terminators","md5":"364b94b45eaf72b8e38bf5dc4b2348f9","sha1":"869691808bc786803fba4730ffaecb8c2c95a975","sha256":"2da93f714bc866a0e4f302d78c7e5d14d291c27551b29d27969cb57089a191d4","sha512":"a33a5504a3284c5c20c32c7385f61833fada6b1d13e575231c0153a9fdf87d61b7a62caf829e6a22187ec6c8699b87ed13dec945c814e12be7034015716509a0","ssdeep":"","tlshash":"ca119bf151081435b867f26475d055fe316ef343a233446daea4b3a6ce93a9b12212ce","first_seen":"2024-02-11T04:26:47Z","last_seen":"2026-06-06T14:40:04.434707Z","times_seen":7560,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-a19b6e94.618d092a.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-a19b6e94.618d092a.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\netag: W/\"15265-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15265,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (15265), with no line terminators","md5":"e25d809f9de11c7d85495343aa166b4a","sha1":"a953f732d5923295924398ad4bda8f7e2b5f8d18","sha256":"5bc2df253d04ba86acc28bc740dc5e2817b723139ad3ccaa236debd4116accb1","sha512":"46d7b7949fc30f3e1d4ef5d11b98efa99ef5af2e20b43bfe27798c1e10894572ed03ec9ec0628174c0a85090c8f030e2de6f130a3120de5b8fc0369e74833d63","ssdeep":"384:i5s8CkC2caII41+qFkV0vD5rw/CVFcjLU:i5sVGUI4EFaDm0FcHU","tlshash":"2662c47a7034a539b5bb966d3098a4ce7053e943c15782bdfe59b12cc4c72e3663138e","first_seen":"2025-08-19T13:02:14.721463Z","last_seen":"2026-01-14T11:25:19.804873Z","times_seen":63,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-2d3b15cc.f13885bd.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-2d3b15cc.f13885bd.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"14187-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14187,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (14187), with no line terminators","md5":"b49264e1dda6ced4e73ee5afc57a3043","sha1":"04ef80897f98f47e247fcce0690919efe6d5a239","sha256":"511a9b1937dbed400e7e8b317fa089b4c6ce764a2084beec95f5331fb8fd8342","sha512":"140f07eb8615e3fc59b4fcdebfa4d593d1f57dd26fe80c53fbd73731084636225c51f612a1b0f4de5fbd6894f6ea989dac147b41a51af9cfeff64938c6196fe0","ssdeep":"192:ZTgC5cnE518R/LIT4JvVsODCMSXc61qgCI9pn5VV2OEj1+4ceTr:nIjLIT09sAKXj68F25R+4ce/","tlshash":"5352e74e70bdedf889aa6052301622b871751bd1f4054cd8b3bccde84489ea8632f77d","first_seen":"2025-08-19T13:02:14.812139Z","last_seen":"2026-01-14T11:25:19.928521Z","times_seen":59,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":248,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-43f51806.c5826dc0.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:40.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-43f51806.c5826dc0.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:09:28 GMT\r\netag: W/\"28948-1756837077000\"\r\nlast-modified: Tue, 06 Jan 2026 14:09:28 GMT\r\nserver: nginx\r\nvary: Accept-Encoding\r\nx-cache: HIT, policy, disk\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":28948,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (28498), with no line terminators","md5":"28e89d2a90a144b018c9a51690383c53","sha1":"d36a9463c956c179abf10f23f9d29603fbdf213a","sha256":"74250cc23bb98dfacf2b446610147edd521d306d0a2020522032c8f1fd89c853","sha512":"99cfc55756a2d1ddef7c41d4c87537ff8bef8ba96d435c2bca0d802ff90a3e3217114bf3aeb29b2a085153fca97024338a3921c06eaad4929b873765c9d349f5","ssdeep":"192:6hjymzEERrGqMCdglAy5j2h1OyIvP4eR1X2mKNASDnyHB3VbXgPnD3TpLmV4b4LI:65ym4ERslT52uRvFR1GNw3VrgPnk4LFR","tlshash":"efd2d84e71a17c8e030b4261745f2651a21a6129740ea0dbb7bdccfdfa9cd241832ffa","first_seen":"2025-11-12T04:02:15.990132Z","last_seen":"2026-01-14T03:40:42.860395Z","times_seen":56,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":244,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/js/chunk-080bb2e0.3542e009.js","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /js/chunk-080bb2e0.3542e009.js HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: application/javascript\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"17001-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17001,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (16997), with no line terminators","md5":"e0e10a9f01c9a3f1e2cfa4bb1f5a8a46","sha1":"71637aa88775f131cea1aedd9aea6ef486065d77","sha256":"ca05e32d8086171f169787dffa6035fc152319723db7b5ec49712408fba78f62","sha512":"07ca4785198937a92a1ffa26aacef9495ae2a1ed66320b8795af3bbf349b088e3b53f38d5dd542e84199b6f3374a47bdfbbc03b567b9dea04db21704ba31922b","ssdeep":"384:ng9hQXOAjyDfpQ0RyCw6IJGzg0E5EQyqUUhDBusDJB7WmjX:nwhQXOz20RyCwPJGzg0wEQyqUUhDBusR","tlshash":"6e72094b9094bc4dab2797e6308f30e1b101a669381559ebf2adcdf7634cd203a1b779","first_seen":"2025-11-12T04:02:16.107432Z","last_seen":"2026-01-14T11:25:19.849048Z","times_seen":57,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/wap/api/sellerGoods!recommend_new.action?type=1\u0026pageSize=24\u0026pageNum=1\u0026lang=en","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"POST /wap/api/sellerGoods!recommend_new.action?type=1\u0026pageSize=24\u0026pageNum=1\u0026lang=en HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nOrigin: https://tmall880.cyou\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ncontent-type: application/json;charset=UTF-8\r\ndate: Tue, 06 Jan 2026 14:46:37 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nx-cache: BYPASS\r\ncontent-length: 64\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":44,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f2982955040e03da061e625bb0bf375c","sha1":"20181528c67d8f347372b93f90d96e7d6c3cfd0b","sha256":"aa16d955b045de5c2728a37653d3f51d5f24f6e43879c0214e7b015079356608","sha512":"503575abcbe6db127825c8225d96bc0142d885aa83f74e8b5558ede44b0668ea953ffe7d3087c4d55b98b8550f776ebce4c989e93d571590ed8aa03789e88bb0","ssdeep":"","tlshash":"b49004403c0d1c17040fd545f44c3540455c315307d4c7300d4c5730415f1753d04570","first_seen":"2024-02-19T23:01:28Z","last_seen":"2026-06-13T13:28:08.539304Z","times_seen":7307,"resource_available":false,"data":null}},"time_used":417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":416,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"imgtest1.s3.amazonaws.com/type/2023-09-27/fec070f0-ebcb-41bb-9d4e-b383ced7bf87.png","fqdn":"imgtest1.s3.amazonaws.com","domain":"imgtest1.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"54.231.137.145","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:37.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Fri, 19 Sep 2025 00:00:00 GMT","end":"Sun, 23 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"48:FD:CD:50:85:6A:51:E7:71:E4:CB:E0:03:81:E1:EC:4E:AD:9E:C7","sha256":"D7:11:81:F4:91:03:0D:C6:A5:DE:8A:EF:AA:58:14:BA:AD:33:B5:11:8B:D5:F0:33:53:8B:AF:49:82:E9:4B:A4"}}},"request":{"raw":"GET /type/2023-09-27/fec070f0-ebcb-41bb-9d4e-b383ced7bf87.png HTTP/1.1\r\nHost: imgtest1.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: tqsd5aIWk4UGK8rilEDjacksIiRpMssROG16NhKSeouVUglTl6ttgq0g//dPxm9xc9mlI/vf2tw=\r\nx-amz-request-id: QFVTCM05SKXYWE88\r\nDate: Tue, 06 Jan 2026 14:46:39 GMT\r\nLast-Modified: Thu, 23 May 2024 01:50:35 GMT\r\nETag: \"9f38d77d904f502b512c9ec5b8ea5906\"\r\nx-amz-server-side-encryption: AES256\r\nAccept-Ranges: bytes\r\nContent-Type: image/png\r\nContent-Length: 167342\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":167342,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 704 x 314, 8-bit/color RGBA, non-interlaced","md5":"9f38d77d904f502b512c9ec5b8ea5906","sha1":"1bebdca8e525a4c016780265cf05ba2e0621f652","sha256":"7be1f4180d586218d352c2e46603c046fbacdf908313b987becca84e09bbcc2d","sha512":"cbbae2f0cee0235b23fdf99e7e006101c9a6d7001a5c43cd2aec059fe207ceb0b17a6f51754406e006a7d3b78221ac572aa3db6e2efa58c36a7f1baa466d305b","ssdeep":"3072:2zHXQyGpimL+GdP+1wNE2AneMrUhkhYEHuxS2Sd4EbgdNSoDejQT8:2zHgzc4+Cm2AeMXZ2SdFCmjD","tlshash":"92f323e5cb37e0a3826f6a210d5da645e507a04727113fea532a8f53c38d3d75687ec8","first_seen":"2024-02-11T04:26:46Z","last_seen":"2026-06-13T13:28:08.559872Z","times_seen":5388,"resource_available":false,"data":null}},"time_used":914,"timings":{"blocked":251,"dns":27,"connect":93,"send":0,"wait":123,"receive":284,"ssl":125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/img/right1.57c427fc.jpeg","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /img/right1.57c427fc.jpeg HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: image/jpeg\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"4805-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4805,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 242x154, components 3","md5":"57c427fca0d84bc0a092d9034deed77f","sha1":"e47ba5c89f052526d7eda2aad1a86336b3319aa8","sha256":"913d611036152ecabefb26e4ef79c198a2779ea1e5fca384f6a6b159d0babca6","sha512":"df3edf66df0741f19114843d93cea243ad98efb17a75f4a9d07f7ad80b006b110010eb0feb96f84f6ae57d9e5408096812fc528468f6a7b42c1ead3e8595d171","ssdeep":"96:WhC4SzAFMLFwDLyk6KPTLPwrAO824idlifhcL1qYIwEfRHNRXb9z:EJFMJiOklLLGvG83ELRXF","tlshash":"e3a18e4f67b66c5febba8bbc04184f942512dc1159321f7905a05c195d2fcfad9603d1","first_seen":"2024-03-15T18:45:45Z","last_seen":"2026-06-13T13:27:58.56952Z","times_seen":4639,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-39fb98b5.8dbf3dd6.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.445Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-39fb98b5.8dbf3dd6.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"7084-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7084,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7084), with no line terminators","md5":"0471f7d4229c51672e63f05b4fbb3f36","sha1":"89cc6f253e24fc1efd45b16c235212e5fb0ba72e","sha256":"d22f36a5f8ab1cac5caa44af2382d69262d5d5cf4d4b206eec8ddfa5184b8623","sha512":"b5090770f539ce82b9cd2bca9010611789c973b42ada52663797e7e268c2cd565d10adb5f242f3d802637caef6fb0dca0469f8c3269e38771e80644678ce9982","ssdeep":"96:cWUXz4UsG8OOOOOOOOOOOONaHYUt0bgCusCoG5YNDwTsoQiEbLGVk7AtWA2WyUfk:cXz5sbKYxgCtCowY2duLGm7AtmIfkXH","tlshash":"9fe119f7a036e129ba7ba2b930b065e97410e902ecd787e9b244762cc8c35931b5674d","first_seen":"2024-03-24T18:07:06Z","last_seen":"2026-05-30T03:35:54.954321Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":251,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-fe46833a.f2bd8913.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:39.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-fe46833a.f2bd8913.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:39 GMT\r\netag: W/\"731-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nx-cache: UPDATING\r\ncontent-length: 731\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":731,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (731), with no line terminators","md5":"04fddaebcf220f89065a61a8972e9ff6","sha1":"a72aaad63f69552c1bfc2ce529d0934877a151a5","sha256":"fde628e3bf1d28a032a27b15fb82ee652f593c2de925664d244ef73294ca3002","sha512":"91283184ba4be03fc8613a4cb7476f38560ea9ce179e380e14c783b1dbd2a7b001596670057aca7a28aa80f63ff390a69ddada5e8730d7ec4ab353382952985b","ssdeep":"","tlshash":"b30128f3d1100422c1f7e617e1826898ff95ccb2e753c0afad92551d82caad70ba7b15","first_seen":"2024-02-11T04:26:47Z","last_seen":"2026-06-06T14:40:04.35256Z","times_seen":8466,"resource_available":false,"data":null}},"time_used":249,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":249,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"tmall880.cyou/css/chunk-3581ccc6.f09689d1.css","fqdn":"tmall880.cyou","domain":"tmall880.cyou","tld":"cyou"},"ip":{"addr":"192.229.112.7","port":443,"asn":395954,"as":"LEASEWEB-USA-LAX","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://tmall880.cyou/","date":"2026-01-06T14:46:38.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tmall880.cyou","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 05 Jan 2026 10:33:33 GMT","end":"Sun, 05 Apr 2026 10:33:32 GMT"},"fingerprint":{"sha1":"EC:CF:43:87:F9:E5:4F:CB:3C:00:E3:5A:B4:F8:11:5F:98:C3:2F:B7","sha256":"78:6A:4C:A8:C5:A3:92:2C:7F:20:8F:11:3C:6C:E1:D3:55:9A:82:72:2B:2A:B6:0D:96:3D:E8:37:E2:91:1D:9C"}}},"request":{"raw":"GET /css/chunk-3581ccc6.f09689d1.css HTTP/1.1\r\nHost: tmall880.cyou\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-encoding: gzip\r\ncontent-type: text/css\r\ndate: Tue, 06 Jan 2026 14:46:38 GMT\r\netag: W/\"3625-1756837077000\"\r\nlast-modified: Tue, 02 Sep 2025 18:17:57 GMT\r\nserver: nginx\r\nstrict-transport-security: max-age=31536000\r\nvary: Accept-Encoding\r\nx-cache: UPDATING\r\ncontent-length: 873\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3625,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (3625), with no line terminators","md5":"f1780f9d45f7658d040c38d25eb705a1","sha1":"b819f324b3d0a8530037bb5474799ad57939ea91","sha256":"67041091f6905c2a4d162ea27c32382a85a0519e0b6c9dd7e3fe9e3a2393597c","sha512":"a7f6365c1ed56e22baa5c02f6e0d5336e10db1e34ebf13d65c0b62ef517c8a7b81498c8e2f5a8be34d1df3a8119fa643a2c8b569d04233da739edad49bdea906","ssdeep":"","tlshash":"d4718a117b2922f8e867805e2b56944d3710f10ba26ec8f7eea0d435cee29123b7459a","first_seen":"2024-02-19T23:01:29Z","last_seen":"2026-06-06T14:40:04.365877Z","times_seen":1778,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":253,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-01-06","alert":"Phishing Block","trigger":"tmall880.cyou","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-06","alert":"Sinkholed","trigger":"tmall880.cyou","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}