{"report_id":"0797a5b7-2987-4ca8-935a-28b7bc98dda1","version":6,"status":"done","tags":[],"date":"2024-06-23T17:03:21Z","url":{"schema":"http","addr":"github.com/melonkowymelonek/test/releases/download/v0/Ogulniega.Minecraft_0.0.6_x64_en-US.msi","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T12:19:16Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-06-22 18:19:57","alert_count":0,"request_count":8,"received_data":7097,"sent_data":2616,"comment":"","tags":null,"fingerprints":null},{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13 12:28:22","last_seen":"2024-06-21 20:12:09","alert_count":0,"request_count":1,"received_data":4052,"sent_data":547,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01 22:34:29","last_seen":"2024-06-22 08:00:35","alert_count":1,"request_count":1,"received_data":4285252,"sent_data":1020,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"7e2791062acd309c2c2001db9632aa13","sha1":"e9fe7eebd11ba058b80fb9a82a1def34acde1984","sha256":"4faee8e393e17e7ff599e8a56968ca4dae7487c4ac43123ba3c93b48a0ceb59d","sha512":"46003d393929d45a83266c530164dc1ae0a50223b091cbdb4b7d8fd451ec83cf650791c6cf391ac449897f431a69bceb09c062e12c3946692c61c9a9f75e8597","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Ogulniega Minecraft, Author: xMelonekMaX, Keywords: Installer, Comments: This installer database contains the logic and data required to install Ogulniega Minecraft., Template: x64;0, Revision Number: {9CF9A0B6-6E0F-4815-985C-E38693C33D0D}, Create Time/Date: Fri Mar  8 21:51:08 2024, Last Saved Time/Date: Fri Mar  8 21:51:08 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2","size":4284416,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-23","alert":"Detect files is `SliverFox` malware","trigger":"objects.githubusercontent.com/github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-23","alert":"Detect files is `SliverFox` malware","trigger":"objects.githubusercontent.com/github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}]},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:55.764840394Z","timestamp":1719162175764,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"F661A4C5B81EDB82EC095D2D50B655E19536630577352B6ABBFC3962ADF3454C\"\r\nLast-Modified: Sun, 23 Jun 2024 01:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19532\r\nExpires: Sun, 23 Jun 2024 22:28:27 GMT\r\nDate: Sun, 23 Jun 2024 17:02:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"116d4d1edb43ea3783c92812f245f108","sha1":"02c09fc6450c50f5d2f7f6162fed01cf2c4bf6b8","sha256":"f661a4c5b81edb82ec095d2d50b655e19536630577352b6abbfc3962adf3454c","sha512":"f0a634e57794959630347a12281aea2ee67104b5287a3c468e491da7421b1deb933a82170f98525872fe67647b70b9536ed0249204107c19e10188bbdf38a37f","ssdeep":"","tlshash":"79f0057d017a7751f224151529e8d6645e40de953d0517a1b56010d3b026ffd4190089","first_seen":"2024-06-23T05:49:43Z","last_seen":"2024-08-19T19:08:18.438208Z","times_seen":25208,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:56.151762221Z","timestamp":1719162176151,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"6E8DE7454DF9B981F3C2BD8746558F3EB5C48599C66FC0F5301169C0ED42C8FE\"\r\nLast-Modified: Sat, 22 Jun 2024 11:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3465\r\nExpires: Sun, 23 Jun 2024 18:00:41 GMT\r\nDate: Sun, 23 Jun 2024 17:02:56 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"31c219b3ac9b4615f1a78cd882995e6c","sha1":"1bb1aedb59500ceabd4f44ae9b7317c544084afd","sha256":"6e8de7454df9b981f3c2bd8746558f3eb5c48599c66fc0f5301169c0ed42c8fe","sha512":"1ee09ddd8d0e35c822038657fb1d3f3de92a41ef658502fc0f4125e1f77504b72d487c41b51cbe9dea2cff2e07226ca4a96baa6be0a37c924038384d74f6052b","ssdeep":"","tlshash":"acf0c06636a57251a73029126afbe7085cad7efd3195b5f624e480e0e861bf45384084","first_seen":"2024-06-22T18:01:34Z","last_seen":"2024-08-19T19:11:24.979839Z","times_seen":34747,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:56.411398392Z","timestamp":1719162176411,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"47B785DC0588F89F6A0BD23143E340C2FA04F194C59853F63E8B937964655373\"\r\nLast-Modified: Sat, 22 Jun 2024 04:21:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4100\r\nExpires: Sun, 23 Jun 2024 18:11:16 GMT\r\nDate: Sun, 23 Jun 2024 17:02:56 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"f0269d61bdfd971c035a90020cb9f629","sha1":"06631fd5df5a9bd3b9673361601cc37a34e64f69","sha256":"47b785dc0588f89f6a0bd23143e340c2fa04f194c59853f63e8b937964655373","sha512":"006a3ae4bc8dbe515777330bf2b550c02c24defb519a3a91eb1beeddc4a0be7c0c0d0898a6343d4b7c3de69f74916bc1efd5df12bac13f7d045cc346fdb21732","ssdeep":"","tlshash":"32f0c99616e8bb6449b21a0a088cdc282e14cfcc38048ee0a0d922c66861ea52e880a9","first_seen":"2024-06-22T11:41:14Z","last_seen":"2024-08-19T19:13:17.318644Z","times_seen":16044,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"github.com/melonkowymelonek/test/releases/download/v0/Ogulniega.Minecraft_0.0.6_x64_en-US.msi","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-06-23T17:02:56.298Z","timestamp":1719162176298,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /melonkowymelonek/test/releases/download/v0/Ogulniega.Minecraft_0.0.6_x64_en-US.msi HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Sun, 23 Jun 2024 17:02:56 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: B469:14ABF0:785E71D:7B55AC6:66785540\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-15T01:33:43.424583Z","times_seen":16429506,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":89,"dns":0,"connect":21,"send":0,"wait":147,"receive":1,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:57.99950245Z","timestamp":1719162177999,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7723\r\nExpires: Sun, 23 Jun 2024 19:11:40 GMT\r\nDate: Sun, 23 Jun 2024 17:02:57 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:58.001390429Z","timestamp":1719162178001,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7723\r\nExpires: Sun, 23 Jun 2024 19:11:40 GMT\r\nDate: Sun, 23 Jun 2024 17:02:57 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:58.003016062Z","timestamp":1719162178003,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7723\r\nExpires: Sun, 23 Jun 2024 19:11:40 GMT\r\nDate: Sun, 23 Jun 2024 17:02:57 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:58.004127416Z","timestamp":1719162178004,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7723\r\nExpires: Sun, 23 Jun 2024 19:11:40 GMT\r\nDate: Sun, 23 Jun 2024 17:02:57 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-06-23T17:02:58.005306588Z","timestamp":1719162178005,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BD791E8F44B990A0091FEBC3CC3B24799EB26B87FE5AA381AD98AE4662F7F802\"\r\nLast-Modified: Sun, 23 Jun 2024 05:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7723\r\nExpires: Sun, 23 Jun 2024 19:11:40 GMT\r\nDate: Sun, 23 Jun 2024 17:02:57 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe36e270c1ecfa3891cc7b505e7894b6","sha1":"ce43401e7146eb139a1e3caf7db957e6b9531dc3","sha256":"bd791e8f44b990a0091febc3cc3b24799eb26b87fe5aa381ad98ae4662f7f802","sha512":"5bb88dae1dd0ff26edac7aa9a96c18bed64736dc1f2b635f7148df70940faee6f770cdb67519169140253bebe537e8f0b361cbc7eaa5495477ca3cbbf34aabf5","ssdeep":"","tlshash":"ebf07e2a61fa7e62b6f024262e48a9334e210e7d34000d82307052d2b863fdc1bc404c","first_seen":"2024-06-23T11:25:10Z","last_seen":"2024-08-19T19:07:05.736639Z","times_seen":25848,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-06-23T17:02:56.543Z","timestamp":1719162176543,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\ncontent-md5: fieRBirNMJwsIAHbljKqEw==\r\nlast-modified: Sat, 09 Mar 2024 12:14:31 GMT\r\netag: \"0x8DC403279E0AD1D\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: 97f0bf05-601e-004e-4db2-b8cfdd000000\r\nx-ms-version: 2020-10-02\r\nx-ms-creation-time: Sat, 09 Mar 2024 12:14:31 GMT\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=Ogulniega.Minecraft_0.0.6_x64_en-US.msi\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Sun, 23 Jun 2024 17:02:57 GMT\r\nx-served-by: cache-iad-kiad7000060-IAD, cache-hel1410023-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 269, 0\r\nx-timer: S1719162177.614613,VS0,VE515\r\ncontent-length: 4284416\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4284416,"size_decoded":4284416,"mime_type":"application/octet-stream","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Ogulniega Minecraft, Author: xMelonekMaX, Keywords: Installer, Comments: This installer database contains the logic and data required to install Ogulniega Minecraft., Template: x64;0, Revision Number: {9CF9A0B6-6E0F-4815-985C-E38693C33D0D}, Create Time/Date: Fri Mar  8 21:51:08 2024, Last Saved Time/Date: Fri Mar  8 21:51:08 2024, Number of Pages: 450, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2","md5":"7e2791062acd309c2c2001db9632aa13","sha1":"e9fe7eebd11ba058b80fb9a82a1def34acde1984","sha256":"4faee8e393e17e7ff599e8a56968ca4dae7487c4ac43123ba3c93b48a0ceb59d","sha512":"46003d393929d45a83266c530164dc1ae0a50223b091cbdb4b7d8fd451ec83cf650791c6cf391ac449897f431a69bceb09c062e12c3946692c61c9a9f75e8597","ssdeep":"98304:F55oWf1tEGRala9f8xX2sHcq2zoZNNRCHb6fNmKWke7r2+:hoY1t9/f8cKJA6C0NzWkeu","tlshash":"1416232174c08137e6bb0639597a9721af7d7c342b51ca8f4380765e1eb42c06bbaf67","first_seen":"2024-06-23T19:03:23Z","last_seen":"2025-03-02T13:58:08.466286Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2201,"timings":{"blocked":65,"dns":1,"connect":26,"send":0,"wait":542,"receive":1529,"ssl":33},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-06-23","alert":"Detect files is `SliverFox` malware","trigger":"objects.githubusercontent.com/github-production-release-asset-2e65be/706264992/bba19c79-77e0-476f-8444-c6aa91ffc799?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240623%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240623T170256Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=d554ccf7b24e1981464690354b5fc9f7af9f9aaee065812676bb506fc79bfddb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=706264992\u0026response-content-disposition=attachment%3B%20filename%3DOgulniega.Minecraft_0.0.6_x64_en-US.msi\u0026response-content-type=application%2Foctet-stream","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"huoji","date":"2023-12-25","description":"Detect files is `SliverFox` malware","rule":"Detect_SliverFox_String","yarahub_license":"CC0 1.0","yarahub_reference_md5":"CDD9564A48975F25E846BD3DD3B958EF","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"e4cc5dd0-c314-41c0-8bcf-abb5b6b228fa"}}],"urlquery":null}}]}