{"report_id":"82188f6c-0c73-47a1-827f-668b45097e69","version":6,"status":"done","tags":[],"date":"2024-11-29T21:07:19Z","url":{"schema":"http","addr":"www.d2rmodding.com/_files/archives/698f72_81f8744478b24e71848832af94062f30.zip?dn=D2RM_AFJSheetEdit_0.61b.zip","fqdn":"www.d2rmodding.com","domain":"d2rmodding.com","tld":"com"},"ip":{"addr":"34.149.87.45","port":0,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-02-07T21:07:19Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"www.d2rmodding.com","ip":{"addr":"34.149.87.45","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2021-06-12","domain_rank":0,"first_seen":"2021-10-13T04:12:38Z","last_seen":"2024-11-14T10:42:00.515239Z","alert_count":0,"request_count":1,"received_data":305061,"sent_data":563,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"31e1c0d5e3994c1bdc7d99b5e2210b68","sha1":"ae174ed7f9cfe2c6d267581b6d4cb9926dcc50d2","sha256":"265aa35c3e0418697b5b5261a066cfa4337731b23c38be81c476148f50cfc95a","sha512":"3d3ac05a9414a6e362f6291353c0d7c8d9f88bbd876c2934310441a56ca0a8b756397ee5e2cdcb26897dd839d66c54f89717ea5a56ace21f0bd4ff85d0e183fa","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":303650,"url":{"schema":"https","addr":"www.d2rmodding.com/_files/archives/698f72_81f8744478b24e71848832af94062f30.zip?dn=D2RM_AFJSheetEdit_0.61b.zip","fqdn":"www.d2rmodding.com","domain":"d2rmodding.com","tld":"com"},"ip":{"addr":"34.149.87.45","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"archive":[{"path":"AFJ Sheet Edit 0.61b/AFJ Sheet.exe","filename":"AFJ Sheet.exe","modified":"","Modified":"2004-10-11T01:01:07-07:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":610304,"md5":"64a09648e38323ea0131d250dd0ab04d","sha1":"c24242703a4429c843064f3ebea85314749507f3","sha256":"34e720ca6a3cc13002a2d9234dd25751ef0dd4bf91abe316ce393fb966d35882","sha512":"bb7c9ba341285db37a79634d493eab44c99a2bdb94ec016142334ef70593736a89c43ed1d7274f5715cf55877c0cdea325570fbfe7793991487670725b516b0d","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/example_ufl.dat","filename":"example_ufl.dat","modified":"","Modified":"2003-09-14T00:18:08-07:00","magic":"ASCII text, with CRLF line terminators","size":67,"md5":"7d0a2935dcdc210f61b987280ec3a803","sha1":"870236fd7790f124563e36b248c7bcf4a0ba7739","sha256":"320d4c5398c9f5e5c39b01eb3ced5c37536c08167a7b827bc3b55c4fed400f1f","sha512":"83fafb16b78794752de5ce41a32eafc5d3530093b3a779f41efc59c699cfdcdcd40d2a8cfa9849cb7555702d86e22ea1afaea5376cf3f621f10d76680044e94f","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/Extension/Disable.bat","filename":"Disable.bat","modified":"","Modified":"2004-03-04T14:18:57-07:00","magic":"ASCII text, with no line terminators","size":30,"md5":"3498b880bff9b0407697cef140effe15","sha1":"e6067b856122ebc57a292c2d7f311823bc0f4945","sha256":"a5c7eecaed8f43b4568545d54764ab42dbea00dfd33ee2ac3329d3a72d0da518","sha512":"10d26bff13ebe94adf1c339db217365ad5f9a89ebd5df8397cdf1e7c0dbcd15cb4f8b94752f62a14c741ab0a087548b88488ee83bbb55c7bb6810bbfb6cceadb","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/Extension/Enable.bat","filename":"Enable.bat","modified":"","Modified":"2004-03-04T14:18:39-07:00","magic":"ASCII text, with no line terminators","size":27,"md5":"42148ae4997e01fb37b31a819c24e45d","sha1":"5074d6e43ad28399e438e8b83f7e1702f6de64eb","sha256":"021d5ecf92fd78da1fab12a3d62c8fa0e615c2dfad88bc58876bf34eb60a318a","sha512":"4e2bd10c2ea15ac41057c689548ea9944f7907c294bf10673d4231d09cffef369f74194f729fa828ceaa338075af2f8852ff42e24ef8ad5f2f406382c75c096b","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/Extension/SheetShell.dll","filename":"SheetShell.dll","modified":"","Modified":"2004-08-07T19:40:42-07:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":23040,"md5":"19e5dab347c4485ce15f545dabed73b5","sha1":"7d3557f82172af3df368f89a6e7c671bacb3dff3","sha256":"9ba6eebe62ef322bd47258dffad8f8de08c4f48eb17fa98b754e9cf0b2241eef","sha512":"166b81e8f0dbd17ec69f664f8a4b3f1d7b2ac39fc947ded6922f95c18a7fd1c80131fcd41441b4378125be5d1f582bed25ee28949acd4840d711fe5c7ca8768c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-05-05","alert":"Scan result 1/67","trigger":"9ba6eebe62ef322bd47258dffad8f8de08c4f48eb17fa98b754e9cf0b2241eef","verdict":"suspicious","severity":"","comment":"suspicious - 1/67","link":"https://www.virustotal.com/gui/file/9ba6eebe62ef322bd47258dffad8f8de08c4f48eb17fa98b754e9cf0b2241eef","meta":null}]}},{"path":"AFJ Sheet Edit 0.61b/data/sfl.dat","filename":"sfl.dat","modified":"","Modified":"2003-09-22T01:50:27-07:00","magic":"ASCII text, with CRLF line terminators","size":93,"md5":"a975febbe14f39c78018dcff84b4e4f1","sha1":"0092b0e6f7dc9c602d997237163b38f08845b485","sha256":"98427dcec5bbbe1f883360aa5af45fa5cb8a0ac9347b9852105c4dc238be7af4","sha512":"30c853e0720311bf62c7993a759395de17a8fdb2e4063e09d99b67d3c455d7a78252921cb2200ae83411143b1d99324fb08d68bdaa1bf95f835d331b797ce61e","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/Readme.txt","filename":"Readme.txt","modified":"","Modified":"2004-10-11T01:12:50-07:00","magic":"ASCII text, with CRLF line terminators","size":13400,"md5":"26f8f3608454f08ccd3712a7ba8eaf9d","sha1":"984f69deb85c298b21113bbf10af75058d049b12","sha256":"a031811516f5cf98b9d31880dd3af0efc2c7ae92f53e752dd9f8afb2abb45ba5","sha512":"2c1c880bbfbb7f301e470c7a9881d4af13dbb01aed58bfb5a6e9dc3538468677e644dd010af43e5b33af2e9879b63eea5d89056058d86b328bd94560eb3483da","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"31e1c0d5e3994c1bdc7d99b5e2210b68","sha1":"ae174ed7f9cfe2c6d267581b6d4cb9926dcc50d2","sha256":"265aa35c3e0418697b5b5261a066cfa4337731b23c38be81c476148f50cfc95a","sha512":"3d3ac05a9414a6e362f6291353c0d7c8d9f88bbd876c2934310441a56ca0a8b756397ee5e2cdcb26897dd839d66c54f89717ea5a56ace21f0bd4ff85d0e183fa","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":303650,"url":{"schema":"https","addr":"www.d2rmodding.com/_files/archives/698f72_81f8744478b24e71848832af94062f30.zip?dn=D2RM_AFJSheetEdit_0.61b.zip","fqdn":"www.d2rmodding.com","domain":"d2rmodding.com","tld":"com"},"ip":{"addr":"34.149.87.45","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"archive":[{"path":"AFJ Sheet Edit 0.61b/AFJ Sheet.exe","filename":"AFJ Sheet.exe","modified":"","Modified":"2004-10-11T01:01:07-07:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":610304,"md5":"64a09648e38323ea0131d250dd0ab04d","sha1":"c24242703a4429c843064f3ebea85314749507f3","sha256":"34e720ca6a3cc13002a2d9234dd25751ef0dd4bf91abe316ce393fb966d35882","sha512":"bb7c9ba341285db37a79634d493eab44c99a2bdb94ec016142334ef70593736a89c43ed1d7274f5715cf55877c0cdea325570fbfe7793991487670725b516b0d","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/example_ufl.dat","filename":"example_ufl.dat","modified":"","Modified":"2003-09-14T00:18:08-07:00","magic":"ASCII text, with CRLF line terminators","size":67,"md5":"7d0a2935dcdc210f61b987280ec3a803","sha1":"870236fd7790f124563e36b248c7bcf4a0ba7739","sha256":"320d4c5398c9f5e5c39b01eb3ced5c37536c08167a7b827bc3b55c4fed400f1f","sha512":"83fafb16b78794752de5ce41a32eafc5d3530093b3a779f41efc59c699cfdcdcd40d2a8cfa9849cb7555702d86e22ea1afaea5376cf3f621f10d76680044e94f","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/Extension/Disable.bat","filename":"Disable.bat","modified":"","Modified":"2004-03-04T14:18:57-07:00","magic":"ASCII text, with no line terminators","size":30,"md5":"3498b880bff9b0407697cef140effe15","sha1":"e6067b856122ebc57a292c2d7f311823bc0f4945","sha256":"a5c7eecaed8f43b4568545d54764ab42dbea00dfd33ee2ac3329d3a72d0da518","sha512":"10d26bff13ebe94adf1c339db217365ad5f9a89ebd5df8397cdf1e7c0dbcd15cb4f8b94752f62a14c741ab0a087548b88488ee83bbb55c7bb6810bbfb6cceadb","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/Extension/Enable.bat","filename":"Enable.bat","modified":"","Modified":"2004-03-04T14:18:39-07:00","magic":"ASCII text, with no line terminators","size":27,"md5":"42148ae4997e01fb37b31a819c24e45d","sha1":"5074d6e43ad28399e438e8b83f7e1702f6de64eb","sha256":"021d5ecf92fd78da1fab12a3d62c8fa0e615c2dfad88bc58876bf34eb60a318a","sha512":"4e2bd10c2ea15ac41057c689548ea9944f7907c294bf10673d4231d09cffef369f74194f729fa828ceaa338075af2f8852ff42e24ef8ad5f2f406382c75c096b","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/data/Extension/SheetShell.dll","filename":"SheetShell.dll","modified":"","Modified":"2004-08-07T19:40:42-07:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":23040,"md5":"19e5dab347c4485ce15f545dabed73b5","sha1":"7d3557f82172af3df368f89a6e7c671bacb3dff3","sha256":"9ba6eebe62ef322bd47258dffad8f8de08c4f48eb17fa98b754e9cf0b2241eef","sha512":"166b81e8f0dbd17ec69f664f8a4b3f1d7b2ac39fc947ded6922f95c18a7fd1c80131fcd41441b4378125be5d1f582bed25ee28949acd4840d711fe5c7ca8768c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2022-05-05","alert":"Scan result 1/67","trigger":"9ba6eebe62ef322bd47258dffad8f8de08c4f48eb17fa98b754e9cf0b2241eef","verdict":"suspicious","severity":"","comment":"suspicious - 1/67","link":"https://www.virustotal.com/gui/file/9ba6eebe62ef322bd47258dffad8f8de08c4f48eb17fa98b754e9cf0b2241eef","meta":null}]}},{"path":"AFJ Sheet Edit 0.61b/data/sfl.dat","filename":"sfl.dat","modified":"","Modified":"2003-09-22T01:50:27-07:00","magic":"ASCII text, with CRLF line terminators","size":93,"md5":"a975febbe14f39c78018dcff84b4e4f1","sha1":"0092b0e6f7dc9c602d997237163b38f08845b485","sha256":"98427dcec5bbbe1f883360aa5af45fa5cb8a0ac9347b9852105c4dc238be7af4","sha512":"30c853e0720311bf62c7993a759395de17a8fdb2e4063e09d99b67d3c455d7a78252921cb2200ae83411143b1d99324fb08d68bdaa1bf95f835d331b797ce61e","alerts":{"urlquery":null,"analyzer":null}},{"path":"AFJ Sheet Edit 0.61b/Readme.txt","filename":"Readme.txt","modified":"","Modified":"2004-10-11T01:12:50-07:00","magic":"ASCII text, with CRLF line terminators","size":13400,"md5":"26f8f3608454f08ccd3712a7ba8eaf9d","sha1":"984f69deb85c298b21113bbf10af75058d049b12","sha256":"a031811516f5cf98b9d31880dd3af0efc2c7ae92f53e752dd9f8afb2abb45ba5","sha512":"2c1c880bbfbb7f301e470c7a9881d4af13dbb01aed58bfb5a6e9dc3538468677e644dd010af43e5b33af2e9879b63eea5d89056058d86b328bd94560eb3483da","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":null}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"Mnemonic Secure DNS","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.d2rmodding.com/_files/archives/698f72_81f8744478b24e71848832af94062f30.zip?dn=D2RM_AFJSheetEdit_0.61b.zip","fqdn":"www.d2rmodding.com","domain":"d2rmodding.com","tld":"com"},"ip":{"addr":"34.149.87.45","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-11-29T21:06:54.136Z","timestamp":1732914414136,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d2rmodding.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Fri, 04 Oct 2024 03:10:33 GMT","end":"Thu, 02 Jan 2025 03:10:32 GMT"},"fingerprint":{"sha1":"C9:53:65:18:1D:C5:FA:31:7E:7E:D3:A1:EB:71:F2:6E:FE:F2:56:08","sha256":"56:85:20:7E:F3:9E:AB:8D:AC:BE:20:B0:2E:78:2B:70:0B:2C:73:4E:E1:2E:BB:1C:E9:B3:84:BD:FC:F8:A4:BC"}}},"request":{"raw":"GET /_files/archives/698f72_81f8744478b24e71848832af94062f30.zip?dn=D2RM_AFJSheetEdit_0.61b.zip HTTP/1.1\r\nHost: www.d2rmodding.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 303650\r\ncontent-type: application/zip\r\nlast-modified: Mon, 11 Oct 2021 17:05:42 GMT\r\netag: \"31e1c0d5e3994c1bdc7d99b5e2210b68\"\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Content-Length\r\ntiming-allow-origin: *\r\nx-robots-tag: noindex, nofollow\r\nx-amz-cf-pop: DUB56-P2\r\nx-amz-cf-id: 47IXvfmoZoILC2bu5Ra3o6rZkSIHilomcAtU-zCSM9liG9aB3O9ftQ==\r\ncontent-disposition: attachment; filename=\"D2RM_AFJSheetEdit_0.61b.zip\"; filename*=UTF-8''D2RM_AFJSheetEdit_0.61b.zip\r\nstrict-transport-security: max-age=86400\r\nexpires: Sun, 03 Nov 2024 09:15:35 GMT\r\nx-wix-request-id: 1732914414.3673653525472102702\r\ncache-control: public,max-age=0,must-revalidate\r\nserver: Pepyaka\r\nx-content-type-options: nosniff\r\naccept-ranges: bytes\r\nage: 2292678\r\ndate: Fri, 29 Nov 2024 21:06:54 GMT\r\nx-served-by: cache-bma1659-BMA\r\nx-cache: Hit from cloudfront, MISS\r\nserver-timing: cache;desc=hit, varnish;desc=hit_miss, dc;desc=fastly_84_g\r\nx-seen-by: yvSunuo/8ld62ehjr5B7kA==,WD1HRWp6HtwVKpzxLkVT7rxkNjrXdwdgtu6E0yACibU=,m0j2EEknGIVUW/liY8BLLn3pJ6os+jMZl8eSiOUhV8zQYjEJxCMSl2Cb+N3EkeV+,2d58ifebGbosy5xc+FRalnI1Ic5MRGyC/ymUznTkeZBkazYJl6za989wWCF81mUft/XiKEyep5RKAjCBdgVTUw==,2UNV7KOq4oGjA5+PKsX47BpYCebNcJ/AbL6W1RKpEMC8ZDY613cHYLbuhNMgAom1\r\nvia: 1.1 google\r\nglb-x-seen-by: bS8wRlGzu0Hc+WrYuHB8QIg44yfcdCMJRkBoQ1h6Vjc=\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":303650,"size_decoded":303650,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"31e1c0d5e3994c1bdc7d99b5e2210b68","sha1":"ae174ed7f9cfe2c6d267581b6d4cb9926dcc50d2","sha256":"265aa35c3e0418697b5b5261a066cfa4337731b23c38be81c476148f50cfc95a","sha512":"3d3ac05a9414a6e362f6291353c0d7c8d9f88bbd876c2934310441a56ca0a8b756397ee5e2cdcb26897dd839d66c54f89717ea5a56ace21f0bd4ff85d0e183fa","ssdeep":"6144:MSDl8v6OQDwQz4VESmRN1Tu9GfGnwTxTBGCyiXbzDxVs4PXj9x2hW9H:tlIDOFz4sP1TukenixTBuirpVlPX3H","tlshash":"ed5423da3ac26320c96f8dbe1c11531f6351d147a135ee62782e61ff8363c6ca0faa51","first_seen":"2024-08-20T00:59:32.911223Z","last_seen":"2024-12-21T08:35:28.729835Z","times_seen":3,"resource_available":false,"data":null}},"time_used":533,"timings":{"blocked":173,"dns":41,"connect":21,"send":0,"wait":103,"receive":83,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}