{"report_id":"be7081e7-d798-4745-903e-f9cc51d38613","version":6,"status":"done","tags":[],"date":"2025-04-05T04:04:41Z","url":{"schema":"http","addr":"releases.qt-project.org/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe","fqdn":"releases.qt-project.org","domain":"qt-project.org","tld":"org"},"ip":{"addr":"77.86.162.2","port":0,"asn":29422,"as":"Telia Cygate Oy","country":"Finland","country_code":"FI"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-14T04:04:41Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"releases.qt-project.org","ip":{"addr":"77.86.162.2","port":80,"asn":29422,"as":"Telia Cygate Oy","country":"Finland","country_code":"FI"},"domain_registered":"2011-06-24","domain_rank":0,"first_seen":"2012-06-03T05:31:08Z","last_seen":"2025-04-05T04:03:56.224599Z","alert_count":0,"request_count":2,"received_data":30260228,"sent_data":1060,"comment":"","tags":null,"fingerprints":null},{"fqdn":"download.qt.io","ip":{"addr":"77.86.162.2","port":443,"asn":29422,"as":"Telia Cygate Oy","country":"Finland","country_code":"FI"},"domain_registered":"2013-10-05","domain_rank":681032,"first_seen":"2017-02-02T06:16:49Z","last_seen":"2025-03-30T23:04:31.694786Z","alert_count":0,"request_count":1,"received_data":30261596,"sent_data":563,"comment":"","tags":null,"fingerprints":null},{"fqdn":"mirrors.dotsrc.org","ip":{"addr":"130.225.254.116","port":443,"asn":1835,"as":"FSKNET-DK Forskningsnettet - Danish network for Research and Education","country":"Denmark","country_code":"DK"},"domain_registered":"2003-04-15","domain_rank":411439,"first_seen":"2014-03-19T12:46:59Z","last_seen":"2025-03-30T23:04:31.72006Z","alert_count":1,"request_count":1,"received_data":30260230,"sent_data":570,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"95718eafc8555bf40dcf9573b75328c5","sha1":"6d77e050ab533c48a0e7e29b036bfa8f0bd112fd","sha256":"eb8b222a52c2ac9965575d5786d647725ff30b90674a18158ef273138471c7df","sha512":"5c8dfe816a5b80e2f4c763f02a35e760a058a6137698c40563db87fad59357679f87e8acdfeb00883addbecc7510f966ddcbf8680654d2e96c2b972a4065f547","magic":"PE32+ executable (console) Aarch64, for MS Windows, 7 sections","size":30259904,"url":{"schema":"https","addr":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","fqdn":"mirrors.dotsrc.org","domain":"dotsrc.org","tld":"org"},"ip":{"addr":"130.225.254.116","port":443,"asn":1835,"as":"FSKNET-DK Forskningsnettet - Danish network for Research and Education","country":"Denmark","country_code":"DK"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-05","alert":"Detect pe file that no import table","trigger":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"95718eafc8555bf40dcf9573b75328c5","sha1":"6d77e050ab533c48a0e7e29b036bfa8f0bd112fd","sha256":"eb8b222a52c2ac9965575d5786d647725ff30b90674a18158ef273138471c7df","sha512":"5c8dfe816a5b80e2f4c763f02a35e760a058a6137698c40563db87fad59357679f87e8acdfeb00883addbecc7510f966ddcbf8680654d2e96c2b972a4065f547","magic":"PE32+ executable (console) Aarch64, for MS Windows, 7 sections","size":30259904,"url":{"schema":"https","addr":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","fqdn":"mirrors.dotsrc.org","domain":"dotsrc.org","tld":"org"},"ip":{"addr":"130.225.254.116","port":443,"asn":1835,"as":"FSKNET-DK Forskningsnettet - Danish network for Research and Education","country":"Denmark","country_code":"DK"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-05","alert":"Detect pe file that no import table","trigger":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-05","alert":"Detect pe file that no import table","trigger":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"releases.qt-project.org/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe","fqdn":"releases.qt-project.org","domain":"qt-project.org","tld":"org"},"ip":{"addr":"77.86.162.2","port":80,"asn":29422,"as":"Telia Cygate Oy","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-05T04:04:19.345Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /official_releases/online_installers/qt-online-installer-windows-arm64-online.exe HTTP/1.1\r\nHost: releases.qt-project.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Sat, 05 Apr 2025 04:04:19 GMT\r\nServer: Apache\r\nLocation: https://download.qt.io/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe\r\nContent-Length: 311\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":30259904,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":5,"connect":15,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"download.qt.io/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe","fqdn":"download.qt.io","domain":"qt.io","tld":"io"},"ip":{"addr":"77.86.162.2","port":443,"asn":29422,"as":"Telia Cygate Oy","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-05T04:04:19.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.qt.io","organization":"The Qt Company Ltd"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Tue, 30 Jul 2024 00:00:00 GMT","end":"Wed, 20 Aug 2025 23:59:59 GMT"},"fingerprint":{"sha1":"8C:26:04:94:5E:5A:3E:7E:97:B2:B1:12:D6:5E:DF:00:0F:24:39:EE","sha256":"BB:05:F4:65:8B:6C:7A:03:26:BB:14:ED:DB:C3:C6:63:E6:96:A4:BB:76:5D:79:0C:6A:14:37:34:23:1C:01:E9"}}},"request":{"raw":"GET /official_releases/online_installers/qt-online-installer-windows-arm64-online.exe HTTP/1.1\r\nHost: download.qt.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\nDate: Sat, 05 Apr 2025 04:04:19 GMT\r\nServer: Apache\r\nX-Content-Type-Options: nosniff\r\nStrict-Transport-Security: max-age=63072000; includeSubdomains;\r\nX-Prefix: 91.90.40.0/21\r\nX-AS: 50304\r\nX-MirrorBrain-Mirror: dotsrc.org\r\nX-MirrorBrain-Realm: region\r\nLink: \u003chttps://download.qt.io/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe.meta4\u003e; rel=describedby; type=\"application/metalink4+xml\", \u003chttps://download.qt.io/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe.torrent\u003e; rel=describedby; type=\"application/x-bittorrent\", \u003chttps://mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe\u003e; rel=duplicate; pri=1; geo=dk, \u003chttps://qt-mirror.dannhauer.de/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe\u003e; rel=duplicate; pri=2; geo=de, \u003chttps://mirror.accum.se/mirror/qt.io/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe\u003e; rel=duplicate; pri=3; geo=se, \u003chttps://ftp.fau.de/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe\u003e; rel=duplicate; pri=4; geo=de, \u003chttps://mirrors.20i.com/pub/qt.io/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe\u003e; rel=duplicate; pri=5; geo=gb\r\nDigest: MD5=YFha+JUxPe5/rgsy1/WllQ==, SHA=gw4R4n8NQYTCoSyHX60Jf0Swo4s=, SHA-256=YFNj8JaRo0G8LxUFRwF140iduT1fFHfMOhz0hd4FuSY=\r\nLocation: https://mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe\r\nContent-Length: 294\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=iso-8859-1\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":30259904,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":862,"timings":{"blocked":417,"dns":10,"connect":14,"send":0,"wait":19,"receive":2,"ssl":392},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","fqdn":"mirrors.dotsrc.org","domain":"dotsrc.org","tld":"org"},"ip":{"addr":"130.225.254.116","port":443,"asn":1835,"as":"FSKNET-DK Forskningsnettet - Danish network for Research and Education","country":"Denmark","country_code":"DK"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-05T04:04:20.135Z","timestamp":0,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe HTTP/1.1\r\nHost: mirrors.dotsrc.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.18.0 (Ubuntu)\r\ndate: Sat, 05 Apr 2025 04:04:20 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 30259904\r\nlast-modified: Tue, 18 Mar 2025 08:28:55 GMT\r\netag: \"67d92ec7-1cdbac0\"\r\nx-frame-options: SAMEORIGIN\r\nreferrer-policy: strict-origin\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30259904,"size_decoded":0,"mime_type":"application/octet-stream","magic":"PE32+ executable (console) Aarch64, for MS Windows, 7 sections","md5":"95718eafc8555bf40dcf9573b75328c5","sha1":"6d77e050ab533c48a0e7e29b036bfa8f0bd112fd","sha256":"eb8b222a52c2ac9965575d5786d647725ff30b90674a18158ef273138471c7df","sha512":"5c8dfe816a5b80e2f4c763f02a35e760a058a6137698c40563db87fad59357679f87e8acdfeb00883addbecc7510f966ddcbf8680654d2e96c2b972a4065f547","ssdeep":"","tlshash":"610150c77ae8e9e5d408477c8d8196411335d9bc4399934765dc187fb9497083ed5a80","first_seen":"2025-03-19T02:59:10.949968Z","last_seen":"2025-04-29T19:24:40.666634Z","times_seen":3,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-05","alert":"Detect pe file that no import table","trigger":"mirrors.dotsrc.org/qtproject/archive/online_installers/4.9/qt-online-installer-windows-arm64-4.9.0.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}],"urlquery":null}},{"url":{"schema":"https","addr":"releases.qt-project.org/official_releases/online_installers/qt-online-installer-windows-arm64-online.exe","fqdn":"releases.qt-project.org","domain":"qt-project.org","tld":"org"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-05T04:04:18.380Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /official_releases/online_installers/qt-online-installer-windows-arm64-online.exe HTTP/1.1\r\nHost: releases.qt-project.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-25T16:55:28.234721Z","times_seen":14186033,"resource_available":true,"data":null}},"time_used":743,"timings":{"blocked":743,"dns":0,"connect":14,"send":0,"wait":0,"receive":0,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}