{"report_id":"0d943348-b1e4-4611-878d-ec6932a973fd","version":6,"status":"done","tags":[],"date":"2025-05-19T06:37:54Z","url":{"schema":"http","addr":"qnlive.dgshwhcb.top/arm64-v8a.zip","fqdn":"qnlive.dgshwhcb.top","domain":"dgshwhcb.top","tld":"top"},"ip":{"addr":"154.85.69.102","port":0,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-28T06:37:52Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"qnlive.dgshwhcb.top","ip":{"addr":"154.85.69.98","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"domain_registered":"2024-05-08","domain_rank":0,"first_seen":"2024-11-09T01:32:32.282372Z","last_seen":"2025-04-30T19:43:56.992451Z","alert_count":1,"request_count":1,"received_data":7856941,"sent_data":501,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"4221ae2586871ca4e2e7ec8ea7df9506","sha1":"4095dbd74a4da92c0ec8333a4230b963125090d3","sha256":"a8d52058ad3d16a471fa5cd9a449edcd676684548104a8e12363ff663d69f078","sha512":"3027b439d6c40136f0648efb90975b5213ec12581d6947fdf9741f9a4a904d61899c6b652d4bb821e7dc59c8937c4b46131771e6b3992ce21c1352874efad699","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":7856130,"url":{"schema":"https","addr":"qnlive.dgshwhcb.top/arm64-v8a.zip","fqdn":"qnlive.dgshwhcb.top","domain":"dgshwhcb.top","tld":"top"},"ip":{"addr":"154.85.69.98","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"archive":[{"path":"arm64-v8a/libdownloadproxy.so","filename":"libdownloadproxy.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":2580408,"md5":"7b35e8b80b6d8d91aaa255bc3a738988","sha1":"cc17aeba560ae771b10b3cb94624f2900cb36dee","sha256":"92e18246bfd8ecf319ee1bcf0713d7ea2e8a6171c3282591f081c7fd2f2fb34e","sha512":"f63021666d4d6bf4c339a18364fae58675aeab4ea2a436c881b919820db36320f051ae7faf361dd9fb9719c8421d32afbe548e478090b965bbc51336c1e99a69","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libliteavsdk.so","filename":"libliteavsdk.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":11185912,"md5":"40c3deb71caa5c50121ea0a58d1ef643","sha1":"6b72729260d633dd092de388ac0bd558214e4633","sha256":"59e5d6b79ce3917edd8db48c4133bf999eb853a65a4d04b891d296c813e31353","sha512":"4e92f989495c3ba444210d194fdeafe6a0e9d7eb5e6811157b2e8bbd5a7bbd79dff8a24582f14a095beb2a0a8c53300dbb862af72fbd52f9940354a87d51ee8a","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtpcore-master.so","filename":"libtpcore-master.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":2568976,"md5":"df897c12d549f733dc2901e2a625f59a","sha1":"1b22971d9141df338425f3d92dedb1fb78f3c027","sha256":"3fc7a72e5ca95ed40a085a583e00658db9e080e1bceeb26ba5fa63605cf878e7","sha512":"73dd76fe814a7a3313f370c368aa89a29884dbbc6c1ffc37e0ed0f1510a47e94043b2613ef2094a7d072364b7616293f890de1d35ec7cc981eb5b65725f9b3eb","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtpthirdparties-master.so","filename":"libtpthirdparties-master.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":329808,"md5":"a5d7fbe7ef647eae5ccb658a8feaf4d6","sha1":"f5e4ab2d928e000bdc7081b0f003c1a099a535ae","sha256":"77db68ef65879168054d813d5ccfde5cd9d8478ec586a4e9d5b6ef61922075cc","sha512":"893507168dc793c0e6ca207e1bb40dcb3a85178902a305e949185f39ff31673f684530c18e1c8e66794431fa3c97674c66f0f13da6df5718156da5e9b1e6df6b","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtxffmpeg.so","filename":"libtxffmpeg.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":2620592,"md5":"db7df8479aea243ea906dbe1159378d1","sha1":"6f841d7aa500f80a4aedaf6a6eadaf090b0c284e","sha256":"f2a0f5b258ab3344d0eebd48fa3104d54c1a09066d94dfc45b60b1006c6820be","sha512":"9bd094b0c19f7eacc9ab161b40c9492b0355ff281148cdc15200e39d89e7f4e8233a64e38bf938837ad0862514900a50056bfa86caa7f3e9b34566bcc1a2e2d7","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtxsoundtouch.so","filename":"libtxsoundtouch.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":233824,"md5":"a5dc651cc3e751e685d29c09d6e17aab","sha1":"429dc9c34c9cdc4f46f4d4f4184e3d6c1c19f69f","sha256":"f82bc12b61d767458a4e005a158b82261a2f552c5a33ddc48105de69223eb495","sha512":"b3d49be617e1f14fa23bde6a5117f4c5592e92a299878270019bf1fe18395ef56faa75cc35eadb51430477aa0df5451f3a0fc0bc6e05ce698d0934cf28b3d908","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"4221ae2586871ca4e2e7ec8ea7df9506","sha1":"4095dbd74a4da92c0ec8333a4230b963125090d3","sha256":"a8d52058ad3d16a471fa5cd9a449edcd676684548104a8e12363ff663d69f078","sha512":"3027b439d6c40136f0648efb90975b5213ec12581d6947fdf9741f9a4a904d61899c6b652d4bb821e7dc59c8937c4b46131771e6b3992ce21c1352874efad699","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":7856130,"url":{"schema":"https","addr":"qnlive.dgshwhcb.top/arm64-v8a.zip","fqdn":"qnlive.dgshwhcb.top","domain":"dgshwhcb.top","tld":"top"},"ip":{"addr":"154.85.69.98","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"archive":[{"path":"arm64-v8a/libdownloadproxy.so","filename":"libdownloadproxy.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":2580408,"md5":"7b35e8b80b6d8d91aaa255bc3a738988","sha1":"cc17aeba560ae771b10b3cb94624f2900cb36dee","sha256":"92e18246bfd8ecf319ee1bcf0713d7ea2e8a6171c3282591f081c7fd2f2fb34e","sha512":"f63021666d4d6bf4c339a18364fae58675aeab4ea2a436c881b919820db36320f051ae7faf361dd9fb9719c8421d32afbe548e478090b965bbc51336c1e99a69","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libliteavsdk.so","filename":"libliteavsdk.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":11185912,"md5":"40c3deb71caa5c50121ea0a58d1ef643","sha1":"6b72729260d633dd092de388ac0bd558214e4633","sha256":"59e5d6b79ce3917edd8db48c4133bf999eb853a65a4d04b891d296c813e31353","sha512":"4e92f989495c3ba444210d194fdeafe6a0e9d7eb5e6811157b2e8bbd5a7bbd79dff8a24582f14a095beb2a0a8c53300dbb862af72fbd52f9940354a87d51ee8a","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtpcore-master.so","filename":"libtpcore-master.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":2568976,"md5":"df897c12d549f733dc2901e2a625f59a","sha1":"1b22971d9141df338425f3d92dedb1fb78f3c027","sha256":"3fc7a72e5ca95ed40a085a583e00658db9e080e1bceeb26ba5fa63605cf878e7","sha512":"73dd76fe814a7a3313f370c368aa89a29884dbbc6c1ffc37e0ed0f1510a47e94043b2613ef2094a7d072364b7616293f890de1d35ec7cc981eb5b65725f9b3eb","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtpthirdparties-master.so","filename":"libtpthirdparties-master.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":329808,"md5":"a5d7fbe7ef647eae5ccb658a8feaf4d6","sha1":"f5e4ab2d928e000bdc7081b0f003c1a099a535ae","sha256":"77db68ef65879168054d813d5ccfde5cd9d8478ec586a4e9d5b6ef61922075cc","sha512":"893507168dc793c0e6ca207e1bb40dcb3a85178902a305e949185f39ff31673f684530c18e1c8e66794431fa3c97674c66f0f13da6df5718156da5e9b1e6df6b","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtxffmpeg.so","filename":"libtxffmpeg.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":2620592,"md5":"db7df8479aea243ea906dbe1159378d1","sha1":"6f841d7aa500f80a4aedaf6a6eadaf090b0c284e","sha256":"f2a0f5b258ab3344d0eebd48fa3104d54c1a09066d94dfc45b60b1006c6820be","sha512":"9bd094b0c19f7eacc9ab161b40c9492b0355ff281148cdc15200e39d89e7f4e8233a64e38bf938837ad0862514900a50056bfa86caa7f3e9b34566bcc1a2e2d7","alerts":{"urlquery":null,"analyzer":null}},{"path":"arm64-v8a/libtxsoundtouch.so","filename":"libtxsoundtouch.so","modified":"2024-05-31T14:14:46+08:00","Modified":"","magic":"ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV)","size":233824,"md5":"a5dc651cc3e751e685d29c09d6e17aab","sha1":"429dc9c34c9cdc4f46f4d4f4184e3d6c1c19f69f","sha256":"f82bc12b61d767458a4e005a158b82261a2f552c5a33ddc48105de69223eb495","sha512":"b3d49be617e1f14fa23bde6a5117f4c5592e92a299878270019bf1fe18395ef56faa75cc35eadb51430477aa0df5451f3a0fc0bc6e05ce698d0934cf28b3d908","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-19","alert":"Sinkholed","trigger":"dgshwhcb.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"qnlive.dgshwhcb.top/arm64-v8a.zip","fqdn":"qnlive.dgshwhcb.top","domain":"dgshwhcb.top","tld":"top"},"ip":{"addr":"154.85.69.98","port":443,"asn":139057,"as":"LEGEND DYNASTY PTE. LTD.","country":"Singapore","country_code":"SG"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-19T06:37:19.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"qnlive.dgshwhcb.top","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Thu, 27 Feb 2025 00:00:00 GMT","end":"Wed, 28 May 2025 23:59:59 GMT"},"fingerprint":{"sha1":"3F:58:A1:70:7A:1C:9B:1A:4C:7B:63:BE:C6:35:53:9A:9F:E0:C0:C7","sha256":"AC:2F:91:06:21:2F:49:68:06:CE:16:1A:8B:95:9E:94:55:E0:B5:42:9B:EC:32:95:18:31:98:86:27:D0:B1:68"}}},"request":{"raw":"GET /arm64-v8a.zip HTTP/1.1\r\nHost: qnlive.dgshwhcb.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 19 May 2025 06:37:20 GMT\r\ncontent-type: application/zip\r\ncontent-length: 7856130\r\nserver: openresty\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: X-Log, X-Reqid\r\naccess-control-max-age: 2592000\r\ncache-control: public, max-age=31536000\r\ncontent-disposition: inline; filename=\"arm64-v8a.zip\"; filename*=utf-8''arm64-v8a.zip\r\ncontent-md5: QiGuJYaHHKTi5+yOp9+VBg==\r\ncontent-transfer-encoding: binary\r\netag: \"lgiz3JzLhKATLibAgsVxBi8unIeC\"\r\nlast-modified: Mon, 12 Aug 2024 16:14:56 GMT\r\nx-log: X-Log\r\nx-m-log: QNM:jf40;QNM3:22\r\nx-m-reqid: S_sAAKvA5cAdHR4Y\r\nx-qiniu-zone: 2\r\nx-qnm-cache: Hit\r\nx-reqid: FO8AAAD13V0oGx4Y\r\nx-svr: IO\r\nx-ser: i28361_c15259, i58866_c11118, i1935867_c22797\r\nx-cache: HIT from i1935867_c22797(cloudsvr)\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7856130,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"4221ae2586871ca4e2e7ec8ea7df9506","sha1":"4095dbd74a4da92c0ec8333a4230b963125090d3","sha256":"a8d52058ad3d16a471fa5cd9a449edcd676684548104a8e12363ff663d69f078","sha512":"3027b439d6c40136f0648efb90975b5213ec12581d6947fdf9741f9a4a904d61899c6b652d4bb821e7dc59c8937c4b46131771e6b3992ce21c1352874efad699","ssdeep":"196608:1La4PBq96/isUJ2PhXO+qvVwW6PbioHj7rYZh:44PHisUwheBiW4bioih","tlshash":"c1863325ca0f4d33df2b572fa3d6bc9cbe588e51b0a28a83c0079e335a3d359d658165","first_seen":"2024-09-05T19:46:55Z","last_seen":"2025-05-19T06:37:56.323906Z","times_seen":9,"resource_available":false,"data":null}},"time_used":3217,"timings":{"blocked":1179,"dns":939,"connect":24,"send":0,"wait":26,"receive":833,"ssl":211},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-05-19","alert":"Sinkholed","trigger":"dgshwhcb.top","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}