{"report_id":"93ca010b-6d6b-464e-9a62-94f13ee2ae6d","version":6,"status":"done","tags":[],"date":"2024-07-07T21:15:25Z","url":{"schema":"http","addr":"github.com/DIDIRUS4/AstralRinth/releases/download/ARF-v0.7.2/AstralRinth.App_0.7.210_x64_en-US.msi","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T10:37:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-06 18:12:32","alert_count":0,"request_count":7,"received_data":6214,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"github.com","ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13 12:28:22","last_seen":"2024-07-06 18:37:49","alert_count":0,"request_count":1,"received_data":4050,"sent_data":552,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01 22:34:29","last_seen":"2024-07-06 23:36:11","alert_count":2,"request_count":1,"received_data":5567259,"sent_data":1018,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d83d14d3e5a14520d58978f6beec6643","sha1":"0393f9b2ed2c324a36623ffab7cd04f9fef9a0a7","sha256":"24888f0be56522ae58af081ca58437befdfef6190c5f06cccc70455eb1a11ac2","sha512":"4e6d86d69b93a51f58cd12a0953ffd8443aee24735ad4bf06cdedf932ff95ed1820376986bf61f9d80bab10cd0606444a93fb6fdc18da85692fa93f87edae815","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AstralRinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic and data required to install AstralRinth App., Template: x64;0, Revision Number: {DCA45372-BE22-4BD7-8DBF-94B4572A5E8F}, Create Time/Date: Tue Jul  2 20:06:22 2024, Last Saved Time/Date: Tue Jul  2 20:06:22 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2","size":5566464,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-07","alert":"Detect files is `SliverFox` malware","trigger":"objects.githubusercontent.com/github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-03","alert":"Scan result 2/64","trigger":"24888f0be56522ae58af081ca58437befdfef6190c5f06cccc70455eb1a11ac2","verdict":"suspicious","severity":"","comment":"suspicious - 2/64","link":"https://www.virustotal.com/gui/file/24888f0be56522ae58af081ca58437befdfef6190c5f06cccc70455eb1a11ac2","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-07","alert":"Detect files is `SliverFox` malware","trigger":"objects.githubusercontent.com/github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:14:59.426513516Z","timestamp":1720386899426,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"652EE033C72BC8EADCF29C25A5387BC303BF86E6C57F262C576117F659F15EAB\"\r\nLast-Modified: Fri, 05 Jul 2024 13:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19692\r\nExpires: Mon, 08 Jul 2024 02:43:11 GMT\r\nDate: Sun, 07 Jul 2024 21:14:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"f63e8d9e64abf0e5b2784ca051160e84","sha1":"d15d17504ed5c584ba42145060cf745fdb41c1d0","sha256":"652ee033c72bc8eadcf29c25a5387bc303bf86e6c57f262c576117f659f15eab","sha512":"95dcb525e807ccfc2ab52f6a0101175566fc8e587e04a39a7f18de971b0d5e4569779e04e98dabc2e593080276352cdc04fd49ad7817677c9f2cd96548b314f2","ssdeep":"","tlshash":"03f0056101d27f14563411129d76ea753e3095be28412ce3649055b1d8707fb4984049","first_seen":"2024-07-05T20:29:47Z","last_seen":"2024-08-19T17:56:53.123553Z","times_seen":40297,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:14:59.453439228Z","timestamp":1720386899453,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8E27309B919C0DCB3B0736DD99DAD8C7D3BC16B4816DD982E6AF6B79D7EAD9ED\"\r\nLast-Modified: Sun, 07 Jul 2024 03:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13648\r\nExpires: Mon, 08 Jul 2024 01:02:27 GMT\r\nDate: Sun, 07 Jul 2024 21:14:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"abec3934929082bd707108b7042796da","sha1":"4f200b04ad1c6fcac9833107c492a59ebf36dc6e","sha256":"8e27309b919c0dcb3b0736dd99dad8c7d3bc16b4816dd982e6af6b79d7ead9ed","sha512":"cab860d7ad427afe6f633e714c3c41da9055d0ff75b7366e2df1866a99077e350b7ac25f40c0675b0d830748b0725c07a4bdf934cb09f6085fb02f27c1a1610b","ssdeep":"","tlshash":"c4f00e82427c39147ae03e2b2bf9d12a1f34adf815611df5645013937453fed01c8e4b","first_seen":"2024-07-07T10:17:04Z","last_seen":"2024-08-19T17:44:50.422556Z","times_seen":23660,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:14:59.729839738Z","timestamp":1720386899729,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E38B3080A1752122F5A174604BD307C54BE31C02E0CDB8E2D9354E2A04E1B50F\"\r\nLast-Modified: Sun, 07 Jul 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5242\r\nExpires: Sun, 07 Jul 2024 22:42:21 GMT\r\nDate: Sun, 07 Jul 2024 21:14:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41036a4c62e61466443bce27a927e029","sha1":"39a2a8a258c5feaf020246696135700b0c30740d","sha256":"e38b3080a1752122f5a174604bd307c54be31c02e0cdb8e2d9354e2a04e1b50f","sha512":"50f9d880f413719b46b17c5f9633a79d3f2f4b41d3d415f05206c6c628277fe0acbc56cacdd931ec59b7a4fdcebb3b252b0bc80578bd35ee05112d2723a6fae3","ssdeep":"","tlshash":"2cf0c0aa29d5f88076711a24b864ea246b205e6a7810daf614d082fbf8057a6450844e","first_seen":"2024-07-07T14:27:09Z","last_seen":"2024-08-19T17:43:40.432277Z","times_seen":38887,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:14:59.870337654Z","timestamp":1720386899870,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"EA2BC04F18953A2D203B059F541BF8BFCD32C63D67B8E1113D927453D8CC9A58\"\r\nLast-Modified: Sun, 07 Jul 2024 04:21:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6474\r\nExpires: Sun, 07 Jul 2024 23:02:53 GMT\r\nDate: Sun, 07 Jul 2024 21:14:59 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e430ff7defba95ef2e40c2a2623032a3","sha1":"4df33994f03cf02626fdfe9c6a51a71f5fea6058","sha256":"ea2bc04f18953a2d203b059f541bf8bfcd32c63d67b8e1113d927453d8cc9a58","sha512":"b4c0698dfa6a01483a7fb635bb76961f491a47e064df3c79c1d519950e473d94c0c9e0f70cbe4e6bda5ca5cd9310b02cf15bf73773f680cce2ec0cecbb76a473","ssdeep":"","tlshash":"b8f00ee31bb4b1a51227065b3d9bc3186d269f686c480ae4a5a443c7b521ffa4b04488","first_seen":"2024-07-07T09:24:48Z","last_seen":"2024-08-19T17:45:02.840499Z","times_seen":17024,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"github.com/DIDIRUS4/AstralRinth/releases/download/ARF-v0.7.2/AstralRinth.App_0.7.210_x64_en-US.msi","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-07T21:14:59.932Z","timestamp":1720386899932,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /DIDIRUS4/AstralRinth/releases/download/ARF-v0.7.2/AstralRinth.App_0.7.210_x64_en-US.msi HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Sun, 07 Jul 2024 21:15:00 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: 0E41:384414:5E07AEC:6036AFE:668B0553\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-03T16:30:47.886967Z","times_seen":14589457,"resource_available":true,"data":null}},"time_used":382,"timings":{"blocked":103,"dns":1,"connect":20,"send":0,"wait":173,"receive":1,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-07T21:15:00.223Z","timestamp":1720386900223,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Tue, 02 Jul 2024 20:25:20 GMT\r\netag: \"0x8DC9AD5186E3607\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: ecf249b8-f01e-002e-40bf-ccb342000000\r\nx-ms-version: 2020-10-02\r\nx-ms-creation-time: Tue, 02 Jul 2024 20:25:20 GMT\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=AstralRinth.App_0.7.210_x64_en-US.msi\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Sun, 07 Jul 2024 21:15:00 GMT\r\nage: 0\r\nx-served-by: cache-iad-kcgs7200111-IAD, cache-hel1410027-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 114, 0\r\nx-timer: S1720386900.315144,VS0,VE501\r\ncontent-length: 5566464\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5566464,"size_decoded":5566464,"mime_type":"application/octet-stream","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AstralRinth App, Author: modrinth, Keywords: Installer, Comments: This installer database contains the logic and data required to install AstralRinth App., Template: x64;0, Revision Number: {DCA45372-BE22-4BD7-8DBF-94B4572A5E8F}, Create Time/Date: Tue Jul  2 20:06:22 2024, Last Saved Time/Date: Tue Jul  2 20:06:22 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2","md5":"d83d14d3e5a14520d58978f6beec6643","sha1":"0393f9b2ed2c324a36623ffab7cd04f9fef9a0a7","sha256":"24888f0be56522ae58af081ca58437befdfef6190c5f06cccc70455eb1a11ac2","sha512":"4e6d86d69b93a51f58cd12a0953ffd8443aee24735ad4bf06cdedf932ff95ed1820376986bf61f9d80bab10cd0606444a93fb6fdc18da85692fa93f87edae815","ssdeep":"98304:ur0pJeqGnujJO8taL3d3OTkdIpio02nM1O4xHBqWMSsUUr6EbEQgvv8m:shgOP3NOTkaKjvxHBqJFg","tlshash":"824612177e94aa7bea994cb41637cbb858a8dc20051db41547937caec8fdbc01a12df3","first_seen":"2024-08-19T17:41:08.427758Z","last_seen":"2024-08-19T17:41:08.427758Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1347,"timings":{"blocked":67,"dns":1,"connect":26,"send":0,"wait":527,"receive":686,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-07","alert":"Detect files is `SliverFox` malware","trigger":"objects.githubusercontent.com/github-production-release-asset-2e65be/714029615/4755d17b-a165-40e0-9e5c-d30574630594?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240707%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240707T211500Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=a7f24b9a2938713a618cc082a1dff746134f7934cea1fb068eb138255e4a86a5\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=714029615\u0026response-content-disposition=attachment%3B%20filename%3DAstralRinth.App_0.7.210_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-03","alert":"Scan result 2/64","trigger":"24888f0be56522ae58af081ca58437befdfef6190c5f06cccc70455eb1a11ac2","verdict":"suspicious","severity":"","comment":"suspicious - 2/64","link":"https://www.virustotal.com/gui/file/24888f0be56522ae58af081ca58437befdfef6190c5f06cccc70455eb1a11ac2","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:15:02.43059618Z","timestamp":1720386902430,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2\"\r\nLast-Modified: Fri, 05 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12993\r\nExpires: Mon, 08 Jul 2024 00:51:34 GMT\r\nDate: Sun, 07 Jul 2024 21:15:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"861cce1bf441610f1dfbb14264d55122","sha1":"1596b2c44fcdb5f7a49c73da766e4ab48b6bd064","sha256":"f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2","sha512":"c475b673ce5e7ae8a00ea2d8d2dfccf06484e9eb5454b212905534fcd83a35a459bc5e849eaca05824101d8434208506dea5bebfa4e61999e2f3419de5f77d1f","ssdeep":"","tlshash":"22f0059421f77e005bf116151da5d52db92cab6531014df2b49012b368f0b6a67418c6","first_seen":"2024-07-05T22:02:26Z","last_seen":"2024-08-19T17:56:38.421498Z","times_seen":44889,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:15:02.431706423Z","timestamp":1720386902431,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2\"\r\nLast-Modified: Fri, 05 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12993\r\nExpires: Mon, 08 Jul 2024 00:51:34 GMT\r\nDate: Sun, 07 Jul 2024 21:15:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"861cce1bf441610f1dfbb14264d55122","sha1":"1596b2c44fcdb5f7a49c73da766e4ab48b6bd064","sha256":"f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2","sha512":"c475b673ce5e7ae8a00ea2d8d2dfccf06484e9eb5454b212905534fcd83a35a459bc5e849eaca05824101d8434208506dea5bebfa4e61999e2f3419de5f77d1f","ssdeep":"","tlshash":"22f0059421f77e005bf116151da5d52db92cab6531014df2b49012b368f0b6a67418c6","first_seen":"2024-07-05T22:02:26Z","last_seen":"2024-08-19T17:56:38.421498Z","times_seen":44889,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-07T21:15:02.432700765Z","timestamp":1720386902432,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F67D59F3FDDBCAF61F9F1AA87ECA02A320F59402BB412687A4DB4D8AA81867D2\"\r\nLast-Modified: Fri, 05 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12993\r\nExpires: Mon, 08 Jul 2024 00:51:34 GMT\r\nDate: Sun, 07 Jul 2024 21:15:01 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"861cce1bf441610f1dfbb14264d55122","sha1":"1596b2c44fcdb5f7a49c73da766e4ab48b6bd064","sha256":"f67d59f3fddbcaf61f9f1aa87eca02a320f59402bb412687a4db4d8aa81867d2","sha512":"c475b673ce5e7ae8a00ea2d8d2dfccf06484e9eb5454b212905534fcd83a35a459bc5e849eaca05824101d8434208506dea5bebfa4e61999e2f3419de5f77d1f","ssdeep":"","tlshash":"22f0059421f77e005bf116151da5d52db92cab6531014df2b49012b368f0b6a67418c6","first_seen":"2024-07-05T22:02:26Z","last_seen":"2024-08-19T17:56:38.421498Z","times_seen":44889,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}