{"report_id":"f2670a64-a151-4a0d-bd9b-c824d7a4cd92","version":6,"status":"done","tags":[],"date":"2025-11-01T13:47:44Z","url":{"schema":"http","addr":"files.qxiangsoft.com/","fqdn":"files.qxiangsoft.com","domain":"qxiangsoft.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"final":{"url":{"schema":"https","addr":"files.qxiangsoft.com/","fqdn":"files.qxiangsoft.com","domain":"qxiangsoft.com","tld":"com"},"title":"files.qxiangsoft.com/","dom":{"size":47,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"61074a1cbd692aa41ee445f428f9ca8c","sha1":"ed9566620bf59218f8729461fbbb89050035a018","sha256":"e345ba77f6d17052dd385603c0e594bcae33ba784d3f46a26df43c50bbbb94c4","sha512":"77427cbbf6259b5321ac5e5f0ada8ed3cfdac06cd1e230d3d7a5619a4e8052391c82280a65a8e937203638bc401fe770cdc781f856b3a5d57d3c57fffc4127db","ssdeep":"","tlshash":"4e9002fa909100555c2075900dc152411854427426415990158069a5a48c219cc02284","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":"PGh0bWw+PGhlYWQ+PC9oZWFkPjxib2R5PlNVQ0NFU1MKPC9ib2R5PjwvaHRtbD4="}},"submit":{"url":{"schema":"http","addr":"files.qxiangsoft.com/","fqdn":"files.qxiangsoft.com","domain":"qxiangsoft.com","tld":"com"},"ip":{"addr":"221.204.209.225","port":0,"asn":4837,"as":"CHINA UNICOM China169 Backbone","country":"China","country_code":"CN"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-06T13:47:44Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":3}},"detection":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"files.qxiangsoft.com","ip":{"addr":"211.95.142.138","port":443,"asn":135061,"as":"China Unicom Guangdong IP network","country":"China","country_code":"CN"},"domain_registered":"2023-10-19","domain_rank":4196698,"first_seen":"2023-11-02T15:04:48Z","last_seen":"2025-04-15T07:14:34.760428Z","alert_count":6,"request_count":2,"received_data":623,"sent_data":936,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"files.qxiangsoft.com/","fqdn":"files.qxiangsoft.com","domain":"qxiangsoft.com","tld":"com"},"ip":{"addr":"211.95.142.138","port":443,"asn":135061,"as":"China Unicom Guangdong IP network","country":"China","country_code":"CN"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-01T13:47:21.875Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"files.qxiangsoft.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 07 Sep 2025 00:00:00 GMT","end":"Fri, 05 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AF:76:4F:67:CF:D0:C8:8A:8F:3C:32:4D:45:D7:78:73:3F:84:4D:DB","sha256":"62:A1:C0:59:60:97:1B:87:60:4E:D3:C3:43:72:6D:5B:52:92:26:B5:82:4B:87:24:3F:E2:9C:CB:18:55:76:32"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: files.qxiangsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Fri, 25 Apr 2025 14:47:19 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 8\r\naccept-ranges: bytes\r\nx-nws-log-uuid: 3273267210329406157\r\nx-cache-lookup: Cache Hit\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"ASCII text","md5":"e9b4c3b42cef0193b7fddb548d37e652","sha1":"bfa0a808c3539dff3556c456d9ac0c60e3e243d1","sha256":"1f513d4ecec4e91ddd48da1a59b6d96f1b76c374dc1da641980782a34f43b102","sha512":"2ada2c54b7ece31e535bdddd6a81e1ef9129f27d2123a33b24ca8221fc4cc41d29668f1beb630dad6b17a55f17640dc2d5ec3bfccdb497dbe9d4e015e36d58c9","ssdeep":"","tlshash":"295000c000c000c00c00c0000000c000000000300f0030c00000c30030c0300cc00000","first_seen":"2025-06-23T01:15:37.790364Z","last_seen":"2025-11-01T13:47:47.391303Z","times_seen":5,"resource_available":false,"data":null}},"time_used":5403,"timings":{"blocked":2552,"dns":1682,"connect":295,"send":0,"wait":299,"receive":0,"ssl":570},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"files.qxiangsoft.com/favicon.ico","fqdn":"files.qxiangsoft.com","domain":"qxiangsoft.com","tld":"com"},"ip":{"addr":"211.95.142.138","port":443,"asn":135061,"as":"China Unicom Guangdong IP network","country":"China","country_code":"CN"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://files.qxiangsoft.com/","date":"2025-11-01T13:47:24.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"files.qxiangsoft.com","organization":""},"issuer":{"commonName":"TrustAsia DV TLS RSA CA 2025","organization":"TrustAsia Technologies, Inc."},"validity":{"start":"Sun, 07 Sep 2025 00:00:00 GMT","end":"Fri, 05 Dec 2025 23:59:59 GMT"},"fingerprint":{"sha1":"AF:76:4F:67:CF:D0:C8:8A:8F:3C:32:4D:45:D7:78:73:3F:84:4D:DB","sha256":"62:A1:C0:59:60:97:1B:87:60:4E:D3:C3:43:72:6D:5B:52:92:26:B5:82:4B:87:24:3F:E2:9C:CB:18:55:76:32"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: files.qxiangsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://files.qxiangsoft.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx/1.20.1\r\ndate: Sat, 01 Nov 2025 13:47:25 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-nws-log-uuid: 17213650525113044559\r\nx-cache-lookup: Cache Miss, Cache Miss\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":153,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"932da5a430ff6db1bc48425b567d56fa","sha1":"e7e88023dbbc6346d354ffe9fb7db957888c2299","sha256":"10174434dbe479c08b32ce3b42b70e7c6336647d29e4393483158d590d35c325","sha512":"f30ad93d17d8ceb3ec2727a08a6ce7fc59da51a66ba7aeb2ab93efc84af4e16ea442769f9a5be140287e24d3e431218b0fec1e52e78ea70e5f8607b6569108e4","ssdeep":"","tlshash":"51c02b2d75137c4cc963327422c37180c0c6833764ba8112c480800331cf29a8ac3397","first_seen":"2023-04-05T05:55:13Z","last_seen":"2026-04-04T05:26:16.05086Z","times_seen":5435,"resource_available":true,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":316,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-01","alert":"Sinkholed","trigger":"files.qxiangsoft.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}