Report - city-mall.top/index/rot_order/index.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/

Report Overview

Visited public
2024-12-08 23:47:34
Tags
URL
city-mall.top/index/rot_order/index.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/
Finishing URL
city-mall.top/index/user/login.html
IP / ASN
103.246.245.91
#55933 Cloudie Limited
Title
เข้าสู่ระบบ

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
city-mall.top	unknown	2024-11-13	2024-12-08	2024-12-08	12 kB	1.3 MB	103.246.245.91
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2024-12-04	1.6 kB	168 kB	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2024-12-04	890 B	12 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed
2024-12-08	medium	city-mall.top	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	From	Size	First Seen	Last Seen
	city-mall.top/static_new/js/common.js	ScriptElement	2.1 kB	2023-03-07	2025-06-18
Pretty URL city-mall.top/static_new/js/common.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-06-18 11:32 Times Seen1261 Hash 406be4345cfb532036cad97a814bc41a 675d6a1546566c56cbfdd718373b19f26f79f3bc c086a692a01d650dccb602faf9fbea54f920546532821ad19cdefeb750eea586 Loading...

	city-mall.top/red/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-06-20
Pretty URL city-mall.top/red/popper.min.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-06-20 04:57 Times Seen10004 Hash 56456db9d72a4b380ed3cb63095e6022 6dbce88aee15b42f29083df7a07513cf3b486ba0 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2 Loading...

	city-mall.top/red/bootstrap/js/bootstrap.min.js	ScriptElement	64 kB	2023-03-07	2025-06-19
Pretty URL city-mall.top/red/bootstrap/js/bootstrap.min.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-06-19 19:51 Times Seen6227 Hash f0c2bcf5ef0c4476508d79ec9cdcce07 3beed68ed7d753c6bf4f61c26386ddd7929ba030 edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba Loading...

	city-mall.top/red/swiper/swiper-bundle.min.js	ScriptElement	140 kB	2023-03-07	2025-06-19
Pretty URL city-mall.top/red/swiper/swiper-bundle.min.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20 Last Seen2025-06-19 22:26 Times Seen3270 Hash c4358cb63a4b96c5d71a2fb630871f30 be3b7d9d5bbd680d035f768345778d84eb08fe23 c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229 Loading...

	city-mall.top/red/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-06-20
Pretty URL city-mall.top/red/jquery.cookie.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-06-20 04:00 Times Seen7615 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	city-mall.top/static_new/js/dialog.min.js	ScriptElement	28 kB	2023-04-07	2025-06-19
Pretty URL city-mall.top/static_new/js/dialog.min.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 00:16 Last Seen2025-06-19 15:33 Times Seen3339 Hash 5b00205ad1fe51bf8f61bcb3de292faa 4b12f988964d29bd82b14e71b86104a1a91b667b d1eef2b2ff683e089b9d124aa8090e174252e0894af20ae6d78fed7dc69744d5 Loading...

	city-mall.top/public/js/layer_mobile/layer.js	ScriptElement	3.3 kB	2023-03-07	2025-06-20
Pretty URL city-mall.top/public/js/layer_mobile/layer.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34 Last Seen2025-06-20 04:55 Times Seen3633 Hash 79b7829af0bbfea5760aa606bf1a02c7 54c27862e41ef815009fca7b54d9d463cfb015bc 2fc4428e63cd5bd982210576674877bd1ba3eb59b9f4686d3668fd94530fa4b7 Loading...

	city-mall.top/static_new/js/jquery.progressBarTimer.js	ScriptElement	1.9 kB	2023-03-07	2025-06-19
Pretty URL city-mall.top/static_new/js/jquery.progressBarTimer.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:05 Last Seen2025-06-19 19:51 Times Seen1203 Hash 1a401b07e6aa47e4f56ff8e7d2348630 326693fc17ae939593fae2b19ed7a8d7b37c5c82 9483950e2ce19786e44c4fd03b523e94537bf19da885693a9eb0756ab8c183ef Loading...

	city-mall.top/red/jquery-3.3.1.min.js	ScriptElement	87 kB	2023-03-07	2025-06-20
Pretty URL city-mall.top/red/jquery-3.3.1.min.js IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-20 05:40 Times Seen60736 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	city-mall.top/index/user/login.html	ScriptElement	0 B	0001-01-01	2025-06-20
Pretty URL city-mall.top/index/user/login.html IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-20 05:43 Times Seen5035962 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	city-mall.top/red/main.js?v=V1.24	ScriptElement	9.9 kB	2023-03-07	2025-06-19
Pretty URL city-mall.top/red/main.js?v=V1.24 IP 103.246.245.91 ASN #55933 Cloudie Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:05 Last Seen2025-06-19 15:33 Times Seen975 Hash 5459bfb3c913c348bc765e0046c99cdd 7d40e6df5997f7df0baaceb857546018dcd80520 ac222d136784de2fe2d4615e2ad86651b3310bbc7538a851d708d381b8443dc5 Loading...

HTTP Transactions (28)

URL IP Response Size

GET city-mall.top/red/new/logo.png

103.246.245.91

200 OK

154 kB

URL GET HTTP/2
city-mall.top/red/new/logo.png
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
gzip compressed data, from Unix
Size
154 kB (153735 bytes)
Hash
736aa97630c3c588ab6a17767fb289cd
8dc3d9f0e0c1aa6b7e0cf78f0bab2187c4cf5122
2fcb8aa307afd43d1620d24abd2ed4121f5856d51b93b32ad6cf817ecc73dfc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/new/logo.png HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: image/png
last-modified: Tue, 12 Nov 2024 06:41:23 GMT
vary: Accept-Encoding
etag: W/"6732f893-881c"
expires: Tue, 07 Jan 2025 23:46:57 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

200 OK

18 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint2A:56:7F:C1:73:8D:7A:48:D9:E7:52:83:15:27:9D:C3:C9:23:71:52
ValidityMon, 21 Oct 2024 08:37:59 GMT - Mon, 13 Jan 2025 08:37:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18536, version 1.0
Size
18 kB (18536 bytes)
Hash
8eff0b8045fd1959e117f85654ae7770
227fee13ceb7c410b5c0bb8000258b6643cb6255
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

HTTP Headers

GET /s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://city-mall.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18536
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 05 Dec 2024 11:37:11 GMT
expires: Fri, 05 Dec 2025 11:37:11 GMT
cache-control: public, max-age=31536000
age: 303000
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET city-mall.top/red/bootstrap/js/bootstrap.min.js

103.246.245.91

200 OK

37 kB

URL GET HTTP/2
city-mall.top/red/bootstrap/js/bootstrap.min.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
gzip compressed data, from Unix
Size
37 kB (36618 bytes)
Hash
0efcc1669639fbdf1174179bca06c9df
846d9945eeb5ae5db6073675834b8a97c9e3cce1
4618ced6a769cc77512c1092c0cbf5a96bb5f7e311e2f7a63198672c7de086bb

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Sat, 06 Mar 2021 02:08:34 GMT
vary: Accept-Encoding
etag: W/"6042e422-f7eb"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/static_new/js/dialog.min.js

103.246.245.91

200 OK

7.0 kB

URL GET HTTP/2
city-mall.top/static_new/js/dialog.min.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
gzip compressed data, from Unix
Size
7.0 kB (7013 bytes)
Hash
8bbb093b8c2b09dab6151da4db05f5ac
abef1291c3bad8e34d4dacc72c1c591236df713b
a8d46ce008cf6c6a0f4411f22c59853e71f5b47e03e8dd98bf99f1e4bc5225f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static_new/js/dialog.min.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2020 10:13:12 GMT
vary: Accept-Encoding
etag: W/"5e47c438-6cfa"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/favicon.ico

103.246.245.91

200 OK

179 kB

URL GET HTTP/2
city-mall.top/favicon.ico
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
PNG image data, 626 x 626, 8-bit/color RGB, non-interlaced
Size
179 kB (178864 bytes)
Hash
07c66d5db572f6433720633f826367f5
cbe1bf65bd9dc117ea15729a7f757c7f5a2eca80
fc39f0d3fa41a261afdecb09107271197266c6364cf835f0de5794a5c490c695

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:58 GMT
content-type: image/x-icon
content-length: 178864
last-modified: Mon, 17 Oct 2022 05:55:28 GMT
etag: "634cee50-2bab0"
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
accept-ranges: bytes
X-Firefox-Spdy: h2

GET city-mall.top/red/new/form-bg.png

103.246.245.91

200 OK

271 kB

URL GET HTTP/2
city-mall.top/red/new/form-bg.png
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
gzip compressed data, from Unix
Size
271 kB (271161 bytes)
Hash
a858222f3095392f259b5f147fab25b1
e49d86f8d6d23a4b3bd7754c49ba1b1360beff5f
3e1577e0ac375df70b87fea31565f9718766fd6e9a4c5eae73dba73a2228fbc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/new/form-bg.png HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:58 GMT
content-type: image/png
last-modified: Tue, 12 Nov 2024 14:17:33 GMT
vary: Accept-Encoding
etag: W/"6733637d-4040b"
expires: Tue, 07 Jan 2025 23:46:58 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/popper.min.js

103.246.245.91

200 OK

21 kB

URL GET HTTP/2
city-mall.top/red/popper.min.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, ASCII text, with very long lines (20831)
Size
21 kB (21004 bytes)
Hash
56456db9d72a4b380ed3cb63095e6022
6dbce88aee15b42f29083df7a07513cf3b486ba0
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/popper.min.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 15:34:56 GMT
vary: Accept-Encoding
etag: W/"60424fa0-520c"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/swiper/swiper-bundle.min.js

103.246.245.91

200 OK

140 kB

URL GET HTTP/2
city-mall.top/red/swiper/swiper-bundle.min.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65278)
Size
140 kB (139961 bytes)
Hash
c4358cb63a4b96c5d71a2fb630871f30
be3b7d9d5bbd680d035f768345778d84eb08fe23
c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/swiper/swiper-bundle.min.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 15:40:04 GMT
vary: Accept-Encoding
etag: W/"604250d4-222b9"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/main.js?v=V1.24

103.246.245.91

200 OK

9.9 kB

URL GET HTTP/2
city-mall.top/red/main.js?v=V1.24
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, ASCII text, with very long lines (10194), with no line terminators
Size
9.9 kB (9883 bytes)
Hash
064d0058166ab3b3b9849e822261e808
61bb23d45cb3d768c5216b2ba1f2f2e2ede51c17
f58bd812eb5aff67ce289c50f1c12d7c4de5b40123bbc5e92d980cf8bd4fe5d2

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/main.js?v=V1.24 HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Wed, 19 Jan 2022 04:58:46 GMT
vary: Accept-Encoding
etag: W/"61e79a86-269b"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/bootstrap/css/bootstrap.min.css

103.246.245.91

200 OK

161 kB

URL GET HTTP/2
city-mall.top/red/bootstrap/css/bootstrap.min.css
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
ASCII text, with very long lines (65326)
Size
161 kB (161409 bytes)
Hash
d432e4222814b62dd30c9513dcc29440
2cac4afc120983921411296bd4e8fd8a94ba237e
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/css
last-modified: Sat, 06 Mar 2021 02:08:24 GMT
vary: Accept-Encoding
etag: W/"6042e418-27681"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/jquery-3.3.1.min.js

103.246.245.91

200 OK

87 kB

URL GET HTTP/2
city-mall.top/red/jquery-3.3.1.min.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/jquery-3.3.1.min.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 15:34:38 GMT
vary: Accept-Encoding
etag: W/"60424f8e-1538f"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/public/js/layer_mobile/need/layer.css

103.246.245.91

200 OK

5.3 kB

URL GET HTTP/2
city-mall.top/public/js/layer_mobile/need/layer.css
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
ASCII text, with very long lines (5260), with no line terminators
Size
5.3 kB (5260 bytes)
Hash
633915e62d14a714594b95b974ee0836
e11ebb64a70272c4f35b92fea064f27c4b87efad
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/js/layer_mobile/need/layer.css HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/css
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-148c"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

142.250.74.131

200 OK

128 kB

URL GET HTTP/2
fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint2A:56:7F:C1:73:8D:7A:48:D9:E7:52:83:15:27:9D:C3:C9:23:71:52
ValidityMon, 21 Oct 2024 08:37:59 GMT - Mon, 13 Jan 2025 08:37:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 128352, version 1.0
Size
128 kB (128352 bytes)
Hash
53436aca8627a49f4deaaa44dc9e3c05
0bc0c675480d94ec7e8609dda6227f88c5d08d2c
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

HTTP Headers

GET /s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://city-mall.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 128352
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Dec 2024 18:20:39 GMT
expires: Sat, 06 Dec 2025 18:20:39 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 08 Apr 2024 19:04:47 GMT
content-type: font/woff2
age: 192392
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET city-mall.top/index/user/login.html

103.246.245.91

200 OK

8.3 kB

URL User Request GET HTTP/2
city-mall.top/index/user/login.html
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8474), with no line terminators
Size
8.3 kB (8293 bytes)
Hash
b74fb8e6cd72e232dd2d3336928366be
66081561dd947312db9946effab0ba3d227285d9
2efc3e6b139c4901bc5127d568808cd527ce3b965e95483572e91493c91ff549

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/user/login.html HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

200 OK

19 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint2A:56:7F:C1:73:8D:7A:48:D9:E7:52:83:15:27:9D:C3:C9:23:71:52
ValidityMon, 21 Oct 2024 08:37:59 GMT - Mon, 13 Jan 2025 08:37:58 GMT

File type
Web Open Font Format (Version 2), TrueType, length 18596, version 1.0
Size
19 kB (18596 bytes)
Hash
c83e4437a53d7f849f9d32df3d6b68f3
fabea5ad92ed3e2431659b02e7624df30d0c6bbc
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

HTTP Headers

GET /s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://city-mall.top
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18596
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 06 Dec 2024 08:44:50 GMT
expires: Sat, 06 Dec 2025 08:44:50 GMT
cache-control: public, max-age=31536000
age: 226941
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET city-mall.top/public/js/layer_mobile/layer.js

103.246.245.91

200 OK

3.3 kB

URL GET HTTP/2
city-mall.top/public/js/layer_mobile/layer.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (3435), with no line terminators
Size
3.3 kB (3304 bytes)
Hash
13fd3d5b0fb763160395abbad25d8e57
6bc56d44091c873f6b5496ef8be2ed9f36e5220b
f1757725deb30f2928f10e427b253f153b0466a60a1c399e9f6bb6cbf5908941

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/js/layer_mobile/layer.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-ce8"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/index/rot_order/index.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/

103.246.245.91

301 Moved Permanently

8.3 kB

URL User Request GET HTTP/2
city-mall.top/index/rot_order/index.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type

Size
8.3 kB (8293 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /index/rot_order/index.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/index/user/login.html/ HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
server: nginx
date: Sun, 08 Dec 2024 23:46:56 GMT
content-type: text/html; charset=utf-8
set-cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache,must-revalidate
location: /index/user/login.html
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
X-Firefox-Spdy: h2

GET fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintE8:18:86:79:89:2E:F0:7C:66:1F:C3:43:81:D2:6D:9E:0C:9C:AB:05
ValidityMon, 21 Oct 2024 08:38:00 GMT - Mon, 13 Jan 2025 08:37:59 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
959a533a3dc02649e0cc3f8f67d942af
34db49ff64aed8b51beaba5b9928ad504a4df335
24864ed3ee6fab66640980d4c24640e579e5583764a8ee8c4f09decf27977247

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 08 Dec 2024 23:47:10 GMT
date: Sun, 08 Dec 2024 23:47:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET city-mall.top/red/swiper/swiper-bundle.min.css

103.246.245.91

200 OK

14 kB

URL GET HTTP/2
city-mall.top/red/swiper/swiper-bundle.min.css
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
ASCII text, with very long lines (13663)
Size
14 kB (13921 bytes)
Hash
4d0619d7577a990881a0079718c5c92e
02553ae8ed1026ae5e1fe6cc5883fd42379e5e68
f9a55bcc80d6d8b2815299c5501cddaa8e5f3f697cdb8f5ce1e3e924097117ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/swiper/swiper-bundle.min.css HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/css
last-modified: Fri, 05 Mar 2021 15:40:04 GMT
vary: Accept-Encoding
etag: W/"604250d4-3661"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/statics/intl-tel-input-master/css/intlTelInput.css

103.246.245.91

404 Not Found

0 B

URL GET HTTP/2
city-mall.top/statics/intl-tel-input-master/css/intlTelInput.css
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /statics/intl-tel-input-master/css/intlTelInput.css HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache,must-revalidate
location: /index/user/login.html
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/statics/intl-tel-input-master/css/demo.css

103.246.245.91

404 Not Found

0 B

URL GET HTTP/2
city-mall.top/statics/intl-tel-input-master/css/demo.css
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /statics/intl-tel-input-master/css/demo.css HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache,must-revalidate
location: /index/user/login.html
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/style.css?v=V2.0

103.246.245.91

200 OK

160 kB

URL GET HTTP/2
city-mall.top/red/style.css?v=V2.0
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type

Size
160 kB (160179 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/style.css?v=V2.0 HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/css
last-modified: Tue, 12 Nov 2024 01:56:04 GMT
vary: Accept-Encoding
etag: W/"6732b5b4-271b3"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/static_new/css/public.css?v=V1.24

103.246.245.91

200 OK

16 kB

URL GET HTTP/2
city-mall.top/static_new/css/public.css?v=V1.24
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
ASCII text, with CRLF line terminators
Size
16 kB (16218 bytes)
Hash
8d9acb36e3f61379b86658df119cbe5f
4b40186551b53328baedb162e495dd276620c3fe
2509b72d37e08bbb3d3107b1cf2a5412c2cd17ca5b2949857b37557e192152d0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static_new/css/public.css?v=V1.24 HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/css
last-modified: Sat, 15 Feb 2020 10:13:12 GMT
vary: Accept-Encoding
etag: W/"5e47c438-3f5a"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/static_new/js/jquery.progressBarTimer.js

103.246.245.91

200 OK

1.9 kB

URL GET HTTP/2
city-mall.top/static_new/js/jquery.progressBarTimer.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, ASCII text, with very long lines (1964), with no line terminators
Size
1.9 kB (1924 bytes)
Hash
7ef8f542b5e02727508b108913d19dec
a65ad9d24c66408b2a4156a763dd56d7387f4f3f
55243594fcb2da2fa6915b028bbda68713f7a96b9530a3a92fd78e5b5c0e8e4a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static_new/js/jquery.progressBarTimer.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Sat, 03 Apr 2021 06:32:48 GMT
vary: Accept-Encoding
etag: W/"60680c10-784"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/static_new/js/common.js

103.246.245.91

200 OK

2.1 kB

URL GET HTTP/2
city-mall.top/static_new/js/common.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (2192), with no line terminators
Size
2.1 kB (2126 bytes)
Hash
1602305add4522cf987af4464aa97131
b6c0c2c23b29bde23f0142b6ce7a57315856285f
ebf9a4d2dc159edb856909b907d4b8d844f5197bee62df0b2f02e559c9c3739b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /static_new/js/common.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Sun, 29 Mar 2020 13:03:20 GMT
vary: Accept-Encoding
etag: W/"5e809c98-84e"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

142.250.74.106

200 OK

9.6 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintE8:18:86:79:89:2E:F0:7C:66:1F:C3:43:81:D2:6D:9E:0C:9C:AB:05
ValidityMon, 21 Oct 2024 08:38:00 GMT - Mon, 13 Jan 2025 08:37:59 GMT

File type
ASCII text, with very long lines (9828), with no line terminators
Size
9.6 kB (9576 bytes)
Hash
2868680b0ad7c149310bfb73fe8bae8e
444e92e0f1d6545f19f64066af94d6937949906a
604a43d34d4cb1dee0fde051fb3b16e30bc283e66ed7f9f6540ebe07ad2405c9

HTTP Headers

GET /css?family=Roboto:300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 08 Dec 2024 23:47:10 GMT
date: Sun, 08 Dec 2024 23:47:10 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET city-mall.top/public/js/layer_mobile/need/layer.css?2.0

103.246.245.91

200 OK

5.3 kB

URL GET HTTP/2
city-mall.top/public/js/layer_mobile/need/layer.css?2.0
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
ASCII text, with very long lines (5260), with no line terminators
Size
5.3 kB (5260 bytes)
Hash
633915e62d14a714594b95b974ee0836
e11ebb64a70272c4f35b92fea064f27c4b87efad
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /public/js/layer_mobile/need/layer.css?2.0 HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: text/css
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-148c"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

GET city-mall.top/red/jquery.cookie.js

103.246.245.91

200 OK

3.1 kB

URL GET HTTP/2
city-mall.top/red/jquery.cookie.js
IP
103.246.245.91:443
ASN
#55933 Cloudie Limited

Requested by
https://city-mall.top/index/user/login.html
Certificate
IssuerLet's Encrypt
Subjectcity-mall.top
FingerprintCC:F7:58:98:46:57:4A:F1:45:66:D5:62:25:79:34:9E:26:DA:2C:55
ValidityWed, 13 Nov 2024 01:30:13 GMT - Tue, 11 Feb 2025 01:30:12 GMT

File type
JavaScript source, ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
c70a657c6ff1764a238929b6e46fb8e4
e2a8eb96b388abf14690ea14fe4af3f600296235
466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /red/jquery.cookie.js HTTP/1.1
Host: city-mall.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://city-mall.top/index/user/login.html
Cookie: sa4ee0276=durnlkngn18m6p2j1m7ot2ehj3
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 08 Dec 2024 23:46:57 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 15:36:06 GMT
vary: Accept-Encoding
etag: W/"60424fe6-c31"
expires: Mon, 09 Dec 2024 11:46:57 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
alt-svc: quic=":443"; h3=":443"; h3-29=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML