{"report_id":"b71eff8c-dc4e-4037-ae9c-bfc544819e93","version":6,"status":"done","tags":[],"date":"2024-09-22T18:49:10Z","url":{"schema":"http","addr":"valyseexecutor.org/kiddions/kdmmv1.0.1.zip","fqdn":"valyseexecutor.org","domain":"valyseexecutor.org","tld":"org"},"ip":{"addr":"184.94.213.93","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-07T08:29:19Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"valyseexecutor.org","ip":{"addr":"184.94.213.93","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2023-09-25","domain_rank":0,"first_seen":"2023-10-01 09:03:51","last_seen":"2024-09-22 04:29:13","alert_count":1,"request_count":1,"received_data":17290407,"sent_data":496,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-09-22 10:06:29","alert_count":0,"request_count":4,"received_data":3550,"sent_data":1308,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-09-22 01:59:51","alert_count":0,"request_count":3,"received_data":2664,"sent_data":981,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"556e97e1cde3e21214811a875b30db0f","sha1":"30f819df34ce50164f5f2926ef612058fe8d1961","sha256":"2141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7","sha512":"183998652e18e1baf0c757a1e0580268d987360522f9b67a00910e684ebfb08eb3a496892c6173202003c92239b2f8736c3a012b482314fda3a324885f22eedd","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":17290160,"url":{"schema":"https","addr":"valyseexecutor.org/kiddions/kdmmv1.0.1.zip","fqdn":"valyseexecutor.org","domain":"valyseexecutor.org","tld":"org"},"ip":{"addr":"184.94.213.93","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"archive":[{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/config.json","filename":"config.json","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"JSON text data","size":3571,"md5":"3bea77ef233e2e32636ba889ceb489e3","sha1":"6a0a6be2e24cd5497fbf0298e244234716f5419a","sha256":"a8732f591cbed2b2ab923236d22948f10cb7c4011d6a1018be2fe3c8e8fbf5f2","sha512":"c924567c6c683b90b6dd31af7e976a8222d164c99137b38149ef79d4a1222b35c8bdfef155ee071e66c38b1601f3868c22c30d477fbc5f2dcd7599cd7f4be707","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/modest-menu.exe","filename":"modest-menu.exe","modified":"","Modified":"2024-08-14T03:29:56Z","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 9 sections","size":17354752,"md5":"8734cb11cf7a85b52ad4febf9e7599e9","sha1":"305c6a73d8e8690f84a1c3da01f64cf745b15af0","sha256":"46e9fc89c3dac162635794c54300f77b661a870562aec4fdf2ea56a0c86f42c6","sha512":"c8205874bced0c4f4de1870ac928d8138d5051307b69dab1edca539b3574ded7b267eb70bfecc50656b41a8abb6f8306fbca64f0d350832fa8ea7b47aedf25a4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-21","alert":"Scan result 23/71","trigger":"46e9fc89c3dac162635794c54300f77b661a870562aec4fdf2ea56a0c86f42c6","verdict":"malicious","severity":"","comment":"malicious - 23/71","link":"https://www.virustotal.com/gui/file/46e9fc89c3dac162635794c54300f77b661a870562aec4fdf2ea56a0c86f42c6","meta":null}]}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/scripts/demo.lua","filename":"demo.lua","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"ASCII text, with CRLF line terminators","size":429,"md5":"a0cdff1f4eaf5af121513b9885295341","sha1":"e40fc44c5b82a8c02e7248c8b104c0f8abdc4f97","sha256":"f2b354df9b4d661f6227132c39937b8f706626886cdcf65540ebc5b78f55f6ea","sha512":"1bf19f211a11c6b88ca9583ff20c1c8ed3e14f8f7ff68622a37c5c151ef2473e41bfd2b503bcc99f6e6e3f79b6845678cecfd3e23406353f35883fbf9b2beecd","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/scripts/menu.lua","filename":"menu.lua","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"ASCII text, with CRLF line terminators","size":1704,"md5":"9596bef3ecd38e99364eb58e56cd49be","sha1":"676b733db5bb30bdb7824024a1c2fc045a27b4f1","sha256":"4a7d7886622501f6b6728a0e9860fe81a1c90fd0e5f2fbe7ff94524e05e0b6b8","sha512":"f2d1b11964181b3017f12f381bc241688f18efb3901acd6697ce0ba462693ac947e1d576d88de08b8e8798680cc4e640c5ec1aa4b2a0f4ad6739904f48ce7665","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/scripts/Readme.api","filename":"Readme.api","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"ASCII text, with CRLF line terminators","size":25024,"md5":"6223c7d85c530e22e365b30fba4aec33","sha1":"d137d947a8871d77ff9fdd4a5aa7239cab14e3e9","sha256":"17d4d815a61beddb8df978ee460b67c6bb8822f1c1c91772feca8612214922bd","sha512":"616cbd6aa1c76fc75e57685ac9cc183d91e3a1b0443aa375a0f91433c52a434e4f24016d0e3b41ca53be55fd7afe49b0a3515ee316c850f0105f30207f665792","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/scripts/sirius.lua.example","filename":"sirius.lua.example","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"ASCII text, with CRLF line terminators","size":468,"md5":"1fdd7bce4f24c51ec8267d7fe65b265e","sha1":"4f247776830fb30cf816f227f13d3645b8d3aa6d","sha256":"d331a1344d7354019fdeb564a21f95f85f26458f91aa93d7af58affa9728cb1d","sha512":"4bf9c85600dcab2ff532ef5f459c270d3197ea5a9d46677b4f7f1e0d2e3b3454bc5ba1f64bcb732448cbe37a71a2112511f46166ec4ba0f3db1ca14d4f685bb4","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/scripts/vehicle.lua","filename":"vehicle.lua","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"ASCII text, with CRLF line terminators","size":306,"md5":"1eceb52600b875b85a169687fb62ed1e","sha1":"2d13ed39f1d757af9a5d07790065cc8c00c4984b","sha256":"0cddccf554633f15fbc453cd0080469c3806d7bd13824f68e3a1ee0cfb2da20b","sha512":"23baa825d5c3dfb66d1582ce6332bee8272f345742ba50977c0622c7be4fb6b9b921b473a424a2453df3cbc0ff0b473cf7897955fe09a4fd7a10d0df2ef2188b","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/scripts/weapon.lua","filename":"weapon.lua","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"ASCII text, with CRLF line terminators","size":277,"md5":"402a9279c76afb2c5977cf97d270c3d1","sha1":"4cd6474f3cbf9c3ca26277d5691460e8744aae59","sha256":"20d2e8d52504c96dcb846b08da138418048ed3b58128b05ddf1bde09694c5c14","sha512":"7357aff15e11de58da79a4eaa603c5ad7fb16ec426e71358e87dd14862d19c44b80896c0e66766479978bb0ba88704457b5356f9f86f6f4af41a39c52ffa45db","alerts":{"urlquery":null,"analyzer":null}},{"path":"modest-menu_v1.0.1_[unknowncheats.me]_/themes.json","filename":"themes.json","modified":"","Modified":"2024-08-14T02:55:08Z","magic":"JSON text data","size":2296,"md5":"ecc97a512f2bee4c4344a7a4126b5a5b","sha1":"73cd4d3e586b17d307decebd1ba8bea105977e29","sha256":"b5eeb2b5d8656f0399220039f15e50c2566bf13124681f67c65f8b042d8fdc4c","sha512":"4d411ea0b3c67f2b38034fc9c1491dca070801e6521cc7cd8cdf91e2343a7caa7861313445e3d53cbe8dc8f64a0ce8169b191a054536c186dc2d1dcfba25bd18","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-22","alert":"Scan result 15/70","trigger":"2141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7","verdict":"malicious","severity":"","comment":"malicious - 15/70","link":"https://www.virustotal.com/gui/file/2141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:40.883665379Z","timestamp":1727030920883,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"A4DFB633C3D6C80962FE436220800F7F6FAC707A55806BFC1757D4FA49AF8CDC\"\r\nLast-Modified: Fri, 20 Sep 2024 21:19:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6452\r\nExpires: Sun, 22 Sep 2024 20:36:12 GMT\r\nDate: Sun, 22 Sep 2024 18:48:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"d53da2de4fc4634a067495f858d15c81","sha1":"be0d08371e49c3ff6bb6eb6760b0142bb5e49181","sha256":"a4dfb633c3d6c80962fe436220800f7f6fac707a55806bfc1757d4fa49af8cdc","sha512":"36fb5e34eaac7cdb0c6176f32af647962bc35b21052b5877e4f9300d32db6ac1fd228b23a6d1673ea8a0e3e0d788dd3d296911534f1582831cf2c04a8bb9bcca","ssdeep":"","tlshash":"faf0c9bd09907ae5aa34980239bfc03d6b358dec3158eac0a89200d6ab26bf855c0408","first_seen":"2024-09-21T02:08:03Z","last_seen":"2024-09-28T08:49:28.524549Z","times_seen":32142,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:40.884817821Z","timestamp":1727030920884,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"4209062AA50A6C3396D23003127F86806950EF8C9D33117C74ED26D0876B60B6\"\r\nLast-Modified: Sun, 22 Sep 2024 12:20:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=12155\r\nExpires: Sun, 22 Sep 2024 22:11:15 GMT\r\nDate: Sun, 22 Sep 2024 18:48:40 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a756e3de6f1bc9f4fd807c7ac4ab13c0","sha1":"72c189c05a79d4baf34e880c851183cf764cd5cc","sha256":"4209062aa50a6c3396d23003127f86806950ef8c9d33117c74ed26d0876b60b6","sha512":"545e1a6ac284d3a2dce3ed1e3334880645c4d56b57fd92f073b5c24167ba85a7f55f438ec4075d8df197f0bc646241ce7a1d6f6ac008e7ed86f9a6f352ed52ea","ssdeep":"","tlshash":"80f0c0e523f9bc12b658051639d0c3001e143cad6d1405ef35524bd2ad11fd9538065c","first_seen":"2024-09-22T15:56:41Z","last_seen":"2024-09-28T08:32:45.767488Z","times_seen":16698,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:41.400488809Z","timestamp":1727030921400,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D498F9EFC3307515C07F69FE4E630319E60C13D37700B7F35297C9B8D442B690\"\r\nLast-Modified: Sun, 22 Sep 2024 14:37:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=11457\r\nExpires: Sun, 22 Sep 2024 21:59:38 GMT\r\nDate: Sun, 22 Sep 2024 18:48:41 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"c6c7d535128f9eb2ec6dcd3d7d62919a","sha1":"5aaa50926b462ccfc32d84db180a9af68e4d6b46","sha256":"d498f9efc3307515c07f69fe4e630319e60c13d37700b7f35297c9b8d442b690","sha512":"ae7374193c5acf0b2a5b862d3cea928aae55867b0a1361bb1cb0217d4f2206a94fe0021a2b6729e1cf6bd4e831445518efc31f876cfe254e304efb1f6a2f7011","ssdeep":"","tlshash":"04f005f416dab904efe40e173bb0d5341d1329fc393594e792a4c0dd251439503e404d","first_seen":"2024-09-22T20:47:43Z","last_seen":"2024-09-28T08:29:23.83778Z","times_seen":20173,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:41.573416265Z","timestamp":1727030921573,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"E8D786BFE63E0DB6078C37A721DCD2C244CA27D70E5ECC8D99CCEA1755073729\"\r\nLast-Modified: Sun, 22 Sep 2024 14:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6651\r\nExpires: Sun, 22 Sep 2024 20:39:32 GMT\r\nDate: Sun, 22 Sep 2024 18:48:41 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"8ab80371465a057b549a046eb6f97853","sha1":"0ccf179fc8a2f02fc91bdb73161837daf6f5c08a","sha256":"e8d786bfe63e0db6078c37a721dcd2c244ca27d70e5ecc8d99ccea1755073729","sha512":"360df91e03fabf711fb00090270ccb83b2b5802e7d68ab05f08d6e4b53684d77e50d4fb1a496fa95497aeaabf625d4e0feab86eb48a4fbc1c581e08ab12f4f09","ssdeep":"","tlshash":"74f005fd21f5f714dbac45122d86d09d1b1179e4bc5100d690dc42f16614bd41bdd84d","first_seen":"2024-09-22T19:53:11Z","last_seen":"2024-09-28T08:30:34.944883Z","times_seen":24132,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:43.654492505Z","timestamp":1727030923654,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F\"\r\nLast-Modified: Sat, 21 Sep 2024 12:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18839\r\nExpires: Mon, 23 Sep 2024 00:02:42 GMT\r\nDate: Sun, 22 Sep 2024 18:48:43 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41fa5215726c6fcc00080ad4fd963296","sha1":"b4a425abfbd9dda21ccc1a053fe18793e2ff989b","sha256":"538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f","sha512":"7565c0773d5a001b6146505f4d971ca7ab846c6e23d9244358308cac7cf77433265d84e761f53fb66af3946180503924b0deba684b913cd9f26f22f0fa353687","ssdeep":"","tlshash":"62f07ea03730b801432c012698d0d33318382ce8280003e986c062e3aa107e823e010c","first_seen":"2024-09-21T20:42:07Z","last_seen":"2024-09-28T08:43:22.42194Z","times_seen":15322,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:43.656840438Z","timestamp":1727030923656,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F\"\r\nLast-Modified: Sat, 21 Sep 2024 12:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18839\r\nExpires: Mon, 23 Sep 2024 00:02:42 GMT\r\nDate: Sun, 22 Sep 2024 18:48:43 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41fa5215726c6fcc00080ad4fd963296","sha1":"b4a425abfbd9dda21ccc1a053fe18793e2ff989b","sha256":"538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f","sha512":"7565c0773d5a001b6146505f4d971ca7ab846c6e23d9244358308cac7cf77433265d84e761f53fb66af3946180503924b0deba684b913cd9f26f22f0fa353687","ssdeep":"","tlshash":"62f07ea03730b801432c012698d0d33318382ce8280003e986c062e3aa107e823e010c","first_seen":"2024-09-21T20:42:07Z","last_seen":"2024-09-28T08:43:22.42194Z","times_seen":15322,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-09-22T18:48:43.658226352Z","timestamp":1727030923658,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"538A694D67444839D38B38F534FD67D622457494630B97D887270D47EAA3F00F\"\r\nLast-Modified: Sat, 21 Sep 2024 12:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=18839\r\nExpires: Mon, 23 Sep 2024 00:02:42 GMT\r\nDate: Sun, 22 Sep 2024 18:48:43 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"41fa5215726c6fcc00080ad4fd963296","sha1":"b4a425abfbd9dda21ccc1a053fe18793e2ff989b","sha256":"538a694d67444839d38b38f534fd67d622457494630b97d887270d47eaa3f00f","sha512":"7565c0773d5a001b6146505f4d971ca7ab846c6e23d9244358308cac7cf77433265d84e761f53fb66af3946180503924b0deba684b913cd9f26f22f0fa353687","ssdeep":"","tlshash":"62f07ea03730b801432c012698d0d33318382ce8280003e986c062e3aa107e823e010c","first_seen":"2024-09-21T20:42:07Z","last_seen":"2024-09-28T08:43:22.42194Z","times_seen":15322,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"valyseexecutor.org/kiddions/kdmmv1.0.1.zip","fqdn":"valyseexecutor.org","domain":"valyseexecutor.org","tld":"org"},"ip":{"addr":"184.94.213.93","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-09-22T18:48:41.683Z","timestamp":1727030921683,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"valyseexecutor.org","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 26 Sep 2023 00:00:00 GMT","end":"Thu, 26 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"50:E9:07:E5:33:F9:E5:81:6D:5F:EF:9D:FB:FF:D1:F0:9E:7B:24:74","sha256":"8F:15:68:73:1E:FD:29:59:28:20:B7:15:32:4C:F4:B9:37:C2:D1:6E:D9:1E:1D:8A:C0:3B:10:E7:3D:17:28:27"}}},"request":{"raw":"GET /kiddions/kdmmv1.0.1.zip HTTP/1.1\r\nHost: valyseexecutor.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/zip\r\nlast-modified: Wed, 14 Aug 2024 03:22:43 GMT\r\naccept-ranges: bytes\r\ncontent-length: 17290160\r\ndate: Sun, 22 Sep 2024 18:48:42 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17290160,"size_decoded":17290160,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"556e97e1cde3e21214811a875b30db0f","sha1":"30f819df34ce50164f5f2926ef612058fe8d1961","sha256":"2141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7","sha512":"183998652e18e1baf0c757a1e0580268d987360522f9b67a00910e684ebfb08eb3a496892c6173202003c92239b2f8736c3a012b482314fda3a324885f22eedd","ssdeep":"393216:Rcfg/L1p5Q1gZyRq40RYY+pf5a36wz//D+YdaQ9ADMAWxKaWIENHkxY9X:Rmq5Q1UfrN+pf5aHX4JWxKa88Y9X","tlshash":"c90733ab4192b46729bbff1133e5601361afdd5ae28702e00ddb7f3b542074d9836ab1","first_seen":"2024-08-14T14:34:01Z","last_seen":"2025-05-03T09:34:05.081997Z","times_seen":95,"resource_available":false,"data":null}},"time_used":3592,"timings":{"blocked":384,"dns":1,"connect":161,"send":0,"wait":323,"receive":2496,"ssl":224},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-09-22","alert":"Scan result 15/70","trigger":"2141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7","verdict":"malicious","severity":"","comment":"malicious - 15/70","link":"https://www.virustotal.com/gui/file/2141ee2203a4029758710be351c84954ee8021f5158a7f978f34e04ec29360b7","meta":null}],"urlquery":null}}]}