{"report_id":"2aed2062-72f2-4b01-9f3a-824338fa9575","version":6,"status":"done","tags":[],"date":"2024-01-07T02:30:06Z","url":{"schema":"http","addr":"vencord.xyz/download/VencordInstaller.exe","fqdn":"vencord.xyz","domain":"vencord.xyz","tld":"xyz"},"ip":{"addr":"104.21.49.128","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T04:46:41Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"vencord.xyz","ip":{"addr":"172.67.163.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"domain_registered":"2023-11-30","domain_rank":0,"first_seen":"2023-11-30 11:23:05","last_seen":"2024-01-05 16:41:27","alert_count":1,"request_count":1,"received_data":17449714,"sent_data":507,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f35641adf27a9b24f453123f9f6fb4c6","sha1":"deb5ce3c9078cd6b848cec2867c7235b577d7d28","sha256":"f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9","sha512":"3df7aa97462d29d8270ccede9da214f2b352e23fca2e32755c2c667370ab5ad521224aad4fab016156baca9a35a9514632628b10430e20dc5c70a6dd8f4a2b17","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows","size":17448960,"url":{"schema":"https","addr":"vencord.xyz/download/VencordInstaller.exe","fqdn":"vencord.xyz","domain":"vencord.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-07","alert":"Scan result 11/69","trigger":"f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9","verdict":"malicious","severity":"","comment":"malicious - 11/69","link":"https://www.virustotal.com/gui/file/f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"vencord.xyz/download/VencordInstaller.exe","fqdn":"vencord.xyz","domain":"vencord.xyz","tld":"xyz"},"ip":{"addr":"172.67.163.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-01-07T02:29:38.850Z","timestamp":1704594578850,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vencord.xyz","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Thu, 04 Jan 2024 18:43:29 GMT","end":"Wed, 03 Apr 2024 18:43:28 GMT"},"fingerprint":{"sha1":"6F:2D:A1:7B:0A:71:CB:BF:8C:33:66:11:72:15:3D:0C:6D:E1:2E:ED","sha256":"84:BB:52:E8:8F:3B:B7:E1:32:9A:8C:BB:EC:84:44:13:A7:3C:B3:3B:1F:A7:C5:15:A7:00:94:D5:34:0C:07:AB"}}},"request":{"raw":"GET /download/VencordInstaller.exe HTTP/1.1\r\nHost: vencord.xyz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 07 Jan 2024 02:29:39 GMT\r\ncontent-type: application/x-msdos-program\r\ncontent-length: 17448960\r\ncontent-disposition: inline; filename=\"VencordInstaller.exe\"\r\netag: \"f5da5fbacb6ac79870f6c6f087a19f4755698f19\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=IdNmEiGkSq8UoNphnmTkyRYhQQoUGzTCHbp%2FI3N87wxuSPE6ku3K%2Bp6QoUFqDQxpBE2FzBphdluLkaeWyvrU8fAN%2Fic2SGJE4vZ4kxdnJ59kqSluJkdDHuZddKPbWA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8418c635ef8456cb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17448960,"size_decoded":17448960,"mime_type":"application/x-msdos-program","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows","md5":"f35641adf27a9b24f453123f9f6fb4c6","sha1":"deb5ce3c9078cd6b848cec2867c7235b577d7d28","sha256":"f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9","sha512":"3df7aa97462d29d8270ccede9da214f2b352e23fca2e32755c2c667370ab5ad521224aad4fab016156baca9a35a9514632628b10430e20dc5c70a6dd8f4a2b17","ssdeep":"196608:XCHH1uGZCICCWh8yA9pfd23u1Ojx8S1bKKGCOt:XCHVuuCZ85NM798S1ACOt","tlshash":"3b07122bace7119ce1985a31e7be44f863f5272f565197af244613f8ce5228f32024b7","first_seen":"2024-01-07T03:30:12Z","last_seen":"2024-08-20T12:59:53.578485Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1951,"timings":{"blocked":12,"dns":0,"connect":1,"send":0,"wait":289,"receive":1638,"ssl":9},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-07","alert":"Scan result 11/69","trigger":"f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9","verdict":"malicious","severity":"","comment":"malicious - 11/69","link":"https://www.virustotal.com/gui/file/f4c981438a224d6e37c984b07556a444c6f8677d76e566a1b54db33847f559c9","meta":null}],"urlquery":null}}]}