{"report_id":"a7819e20-0562-42b7-bca0-8f13489e3c3e","version":6,"status":"done","tags":[],"date":"2025-11-29T10:39:29Z","url":{"schema":"http","addr":"7a2fe0a0-appresource-hihonor.tliveapp.com/","fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","domain":"tliveapp.com","tld":"com"},"ip":{"addr":"61.162.8.70","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"http","addr":"7a2fe0a0-appresource-hihonor.tliveapp.com/","fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","domain":"tliveapp.com","tld":"com"},"title":"7a2fe0a0-appresource-hihonor.tliveapp.com/","dom":{"size":407,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text","md5":"ec3c0209304f6b9003118470dd036428","sha1":"d5823ff5864233a05ec885b85181ed3c07064d87","sha256":"0387bc11c139743e41628ee3ae42744698e60bd8de29bdafb098f5b6002f6640","sha512":"54954e6f62e560026f79da583f69366f37cc6517988bbaa6166b172fbdca00e72d3537c1db416e5beb2edd043f1fe67b5dbdc9b7a3d420002cd743d2f9733b5b","ssdeep":"","tlshash":"d0e0f123b0dc6f04003426bbd85d1183aa080c388dc87578d20bb0c3fbd94625f70e08","dom_hash":"domhashd64aeed576ecdd83c42cce8160290885","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"7a2fe0a0-appresource-hihonor.tliveapp.com/","fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","domain":"tliveapp.com","tld":"com"},"ip":{"addr":"61.162.8.70","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-01-03T10:39:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","ip":{"addr":"36.249.91.98","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"domain_registered":"2022-10-18","domain_rank":0,"first_seen":"2025-11-15T15:04:00.416493Z","last_seen":"2025-11-15T15:04:00.416493Z","alert_count":9,"request_count":3,"received_data":3113,"sent_data":1343,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"7a2fe0a0-appresource-hihonor.tliveapp.com/","fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","domain":"tliveapp.com","tld":"com"},"ip":{"addr":"36.249.91.98","port":443,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-29T10:39:07.021Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.tliveapp.com","organization":"Tencent Technology (Shenzhen) Company Limited"},"issuer":{"commonName":"DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1","organization":"DigiCert, Inc."},"validity":{"start":"Thu, 26 Jun 2025 00:00:00 GMT","end":"Sat, 25 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"7A:4F:93:7A:A9:6D:0B:B4:FA:7C:33:A4:1E:D4:CB:E7:B7:9A:7C:74","sha256":"D3:1E:87:6E:41:23:4A:5B:30:7E:EA:B4:D1:FB:3E:45:1C:D4:BA:C9:73:1E:2A:D5:73:E8:FA:89:A9:BA:DB:B5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 7a2fe0a0-appresource-hihonor.tliveapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nContent-Type: application/xml\r\nDate: Sat, 29 Nov 2025 10:39:09 GMT\r\nx-cos-request-id: NjkyYWNkNGRfYzljMTQ1MWVfODJmNl8xNjFjMjQxMg==\r\nx-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTBjYzE2MjAxN2M1MzJiOTdkZjMxMDVlYTZjN2FiMmI0YzJiNWMwMjAyYWM3Yjc1NjRmNTRkNmEyYjY2ODcxZWU=\r\nContent-Length: 453\r\nX-NWS-LOG-UUID: 2243705422899291829\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\ndl-from: Bytexcdn\r\nServer: Byte-nginx\r\nX-Request-Id: 2243705422899291829\r\nX-Request-Ip: 91.90.42.154\r\nX-Response-Cinfo: 91.90.42.154\r\nX-Bdcdn-Cache-Status: TCP_MISS\r\nvia: 36.249.91.98\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":453,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"1cb9e5c0b76af84f5d84de4851a124db","sha1":"9d3be7be656a2c12c90cf57e55ed4b11eeb4163b","sha256":"2faa3035c2900a74bb7f32c54735ba7d2c734421ed88b837b1f0d9e7a7e0986b","sha512":"fb3d0387335ca65d014eec494663fa60339137ba7fea0d2b3fd65f1e5f44af0f1b26f20ca64c1908d95861bee2549485aa8770f4edd9e976a0408b5428e9ae95","ssdeep":"","tlshash":"0cf02323a0dcaf00202012b7d82c0157eb4c5c3c8ac535b8d747f8c32bd94554f74a0c","first_seen":"2025-11-29T10:39:31.970377Z","last_seen":"2025-11-29T10:39:31.970377Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4941,"timings":{"blocked":2123,"dns":1248,"connect":286,"send":0,"wait":694,"receive":0,"ssl":587},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"7a2fe0a0-appresource-hihonor.tliveapp.com/","fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","domain":"tliveapp.com","tld":"com"},"ip":{"addr":"36.249.91.98","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-29T10:39:09.942Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 7a2fe0a0-appresource-hihonor.tliveapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nContent-Type: application/xml\r\nDate: Sat, 29 Nov 2025 10:39:10 GMT\r\nx-cos-request-id: NjkyYWNkNGVfNDYyMDVkNjRfMmZkNl84ZGIyZjEx\r\nx-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OTBjYzE2MjAxN2M1MzJiOTdkZjMxMDVlYTZjN2FiMmI0YzJiNWMwMjAyYWM3Yjc1NjRmNTRkNmEyYjY2ODcxZWU=\r\nContent-Length: 449\r\nX-NWS-LOG-UUID: 11096809771830765326\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\ndl-from: Bytexcdn\r\nServer: Byte-nginx\r\nX-Request-Id: 11096809771830765326\r\nX-Request-Ip: 91.90.42.154\r\nX-Response-Cinfo: 91.90.42.154\r\nX-Bdcdn-Cache-Status: TCP_MISS\r\nvia: 36.249.91.98\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":449,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"a5b5781dd7eea871b259de4b8ccba8d6","sha1":"fa2401d71795f18bbd070d6454158040dde38282","sha256":"e1082a8ef75edc963e9861c20214a6db949a05655bfcaedb2b486c58a591a97d","sha512":"f742f0e39ec31a2ab3e4cf6b251c094b46b6b04eb44e7eb01696a4c10fe6bdd00763b7a941614f84584723d161b0068bccfd0f3d2c3294babcd4b20f2221461e","ssdeep":"","tlshash":"31f05c23a1dcaf0514641677d86d51466b082d3849c87568d60bb487bbd94555b74a08","first_seen":"2025-11-29T10:39:31.971328Z","last_seen":"2025-11-29T10:39:31.971328Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1131,"timings":{"blocked":298,"dns":1,"connect":297,"send":0,"wait":534,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"7a2fe0a0-appresource-hihonor.tliveapp.com/favicon.ico","fqdn":"7a2fe0a0-appresource-hihonor.tliveapp.com","domain":"tliveapp.com","tld":"com"},"ip":{"addr":"122.189.168.140","port":80,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://7a2fe0a0-appresource-hihonor.tliveapp.com/","date":"2025-11-29T10:39:10.882Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 7a2fe0a0-appresource-hihonor.tliveapp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://7a2fe0a0-appresource-hihonor.tliveapp.com/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nContent-Type: application/xml\r\nDate: Sat, 29 Nov 2025 10:39:11 GMT\r\nx-cos-request-id: NjkyYWNkNGZfOGYyODY1MDlfZTg2NF8xMjM2Mzg1Zg==\r\nContent-Length: 433\r\nX-NWS-LOG-UUID: 16849833372154937202\r\nConnection: keep-alive\r\nX-Cache-Lookup: Cache Miss, Cache Miss\r\ndl-from: Bytexcdn\r\nServer: Byte-nginx\r\nX-Request-Id: 16849833372154937202\r\nX-Request-Ip: 91.90.42.154\r\nX-Response-Cinfo: 91.90.42.154\r\nX-Bdcdn-Cache-Status: TCP_MISS\r\nvia: 122.189.168.140\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":433,"size_decoded":0,"mime_type":"application/xml","magic":"XML 1.0 document, ASCII text","md5":"0c014b1c6e911baeb1a2997da8520b55","sha1":"453f8d9f50d86cb17637a46d6bf699f6d38cf227","sha256":"2147414b3d03e87da3871a5d5b1934551c2b2fdc921443f47cea56a7de8c5d12","sha512":"adc47d8d01c65f71c04f79986712a55a94cc5e14bb1735dcc1a3cc03df99d916cff03d0672f5126c0a586e8bf3957724d3d59af4826b8a948a7220874a136e10","ssdeep":"","tlshash":"ace02b2a64cc0e059204236fe80ee384d3849a7086583638db4a688d6fef8b00ba5b48","first_seen":"2025-11-29T10:39:31.972506Z","last_seen":"2025-11-29T10:39:31.972506Z","times_seen":1,"resource_available":false,"data":null}},"time_used":652,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":652,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-29","alert":"Sinkholed","trigger":"7a2fe0a0-appresource-hihonor.tliveapp.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}