{"report_id":"bad990af-4354-404b-904e-3a48390822b8","version":6,"status":"done","tags":[],"date":"2024-07-11T01:02:47Z","url":{"schema":"http","addr":"trendyscreen.co/wp-content/server/dsf4i000954.zip","fqdn":"trendyscreen.co","domain":"trendyscreen.co","tld":"co"},"ip":{"addr":"198.187.31.229","port":0,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T10:10:27Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-09 18:12:41","alert_count":0,"request_count":7,"received_data":6213,"sent_data":2289,"comment":"","tags":null,"fingerprints":null},{"fqdn":"trendyscreen.co","ip":{"addr":"198.187.31.229","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"domain_registered":"2023-09-19","domain_rank":0,"first_seen":"2023-09-20 01:17:40","last_seen":"2023-09-21 19:48:59","alert_count":1,"request_count":1,"received_data":6822139,"sent_data":503,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"1a111248461db6baadd1106730b5f541","sha1":"06e8002ed1a3d60090526b567368d9009aaa814d","sha256":"5d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83","sha512":"f95f51ad7e7ff3818b1f79d5ba6cd5cdb4b3cf372949adeb7b10216cb0aef01f8613687a5d6f277a3061b95d996657a646025879cd94eca141ce3ee50db3d55b","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":6821893,"url":{"schema":"https","addr":"trendyscreen.co/wp-content/server/dsf4i000954.zip","fqdn":"trendyscreen.co","domain":"trendyscreen.co","tld":"co"},"ip":{"addr":"198.187.31.229","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"archive":[{"path":"File ver2-065.msi","filename":"File ver2-065.msi","modified":"","Modified":"2024-07-07T19:07:54+04:00","magic":"Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: ComboTIFF for Windows (64 Bit) - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com 0.0.0.0, Subject: ComboTIFF for Windows (64 Bit) - UNREGISTERED - Wrapped using MSI Wrapper from www.exemsi.com, Author: iRedSoft Technology Inc, Keywords: Installer, Comments: This installation was built with Inno Setup., Template: Intel;1033, Revision Number: {4C0DED81-118E-4270-B4EA-66090A44E4D8}, Create Time/Date: Thu Jan 11 14:59:44 2024, Last Saved Time/Date: Thu Jan 11 14:59:44 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (11.0.53.0), Security: 2","size":4538368,"md5":"094bffe76d0e01a0a2dddc7021916c24","sha1":"4fe032f000386c0c45acb8b9045e340a4d02d7d5","sha256":"94ce57aef932ac86d36fa5d73be56415354f09fac55ef4a9c693386da799d934","sha512":"a1649dbb404cf861b5f63ecf92c453c321e051ac30a8bc9ac2e4fe2e535c3b9ebc04e8d5cc9375b3ca5c263d519660599aff01e3e1d80d9996f7e97c055fa3e6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-10","alert":"Scan result 31/63","trigger":"94ce57aef932ac86d36fa5d73be56415354f09fac55ef4a9c693386da799d934","verdict":"malicious","severity":"","comment":"malicious - 31/63","link":"https://www.virustotal.com/gui/file/94ce57aef932ac86d36fa5d73be56415354f09fac55ef4a9c693386da799d934","meta":null}]}},{"path":"License.txt","filename":"License.txt","modified":"","Modified":"2024-07-01T14:00:36+04:00","magic":"Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators","size":402780,"md5":"0507b454d8793e3c59ed750dfeead0f4","sha1":"63c95b5ecb00d0e2fc956bfcbbd11b02800f49f2","sha256":"a6123d8923a3b9d825b9585425e4302496b159ce13dd1f4730d249e06024da26","sha512":"d97c2c056de3e23bf5850371032a2cc57d04ba29075609e54ed4753c22749ef5f2bca4a496fba172d4db456c9e00a544bb782e339e3294e80908f5a87844b2d2","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/app_type.xml","filename":"app_type.xml","modified":"","Modified":"2024-03-08T19:03:32+04:00","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":159,"md5":"c6e524037a2152d1963a2c29dbfa2966","sha1":"7fa49ada90dbd329086976280edc5ec616de78a3","sha256":"00e68d05801e95c3207dbea1e8b448ac8960be835634df108f7286e56d0706f7","sha512":"dd0e528deed7979628a33ef4e3c17c00c2af2c1e0378dfb2ee2dc1f55de3fcbf1aa2f8527b3ebe5d4a221b7a1a63506af81984353bd13489f37acad8e3556c4a","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/config.ini","filename":"config.ini","modified":"","Modified":"2023-12-15T16:11:53+04:00","magic":"ASCII text, with CRLF line terminators","size":175,"md5":"c487e005db348b8885a99b7327401168","sha1":"a0ca2e30c0f25521a2946dc806ccdca080a844fe","sha256":"97e781ac8173e91756c3d43095f3ebc7f1c268edf19c268fcb21514cd0afb200","sha512":"7bee37eea117963b4a51e50a290eb454f6683ac0db17319e64feae5f30cd32f5da82571b470ca4c7db21b832aa3d42fcea9709f9a9d63f51130a037c962e9a96","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/part1.7z","filename":"part1.7z","modified":"","Modified":"2023-12-11T20:55:04+04:00","magic":"7-zip archive data, version 0.4","size":82,"md5":"376c011a05342973485d88ac988383ca","sha1":"5266b15f836e1cdcaacb33187d31b11768b7d156","sha256":"9b163d948e33ba62e0122e6fb8fa91368f43b43d96845e594574b27c688e069f","sha512":"257dfcd7eadc4231aabb2b9d0aa9f8d9eba584f798d4ca129d9960387f8395a44c93012fc23a14de57fdd97efad0f2d0ee2f340ba7f2eb426483eb4baaedd515","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/part2.7z","filename":"part2.7z","modified":"","Modified":"2023-12-11T20:55:04+04:00","magic":"7-zip archive data, version 0.4","size":167,"md5":"18f06a80a2bf297e36da89e4b7ae0e8e","sha1":"1a7335089360e548de214babab7a427bdac2a425","sha256":"b1ff70e937b7f37bcbd5de9fac1b9d9c82e3030826f51b1d9e97a09c95fd5b20","sha512":"9e509aa531c3b8a663294e04cadaa2a3dd652115f27055637050f2b687280d80f301ec8a20e0c350177410ea635cfb06ad7b8ab3e0e698bfe1c00e3c7837d416","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/part3.7z","filename":"part3.7z","modified":"","Modified":"2023-12-11T20:55:03+04:00","magic":"7-zip archive data, version 0.4","size":360,"md5":"3423b37119f842d6e9838c721e97124c","sha1":"68fa87a5bc0fe3a59a36b920f03cee553de4d96b","sha256":"1cfbc476ee9ac353b25f757a3a5e2736c5f8a905a702af8fb40d473ee5d39c26","sha512":"1f3d05cc2da001744990d8a2f4edbcd0c392cf1e3500f516f4a7bd30e84a59a5d114a5e62ac89a8ae76f8e188afd0d8ab61f4cd24ec9df13263705e4be1e5329","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/Uninstall/unins000.dat","filename":"unins000.dat","modified":"","Modified":"2023-12-15T16:11:53+04:00","magic":"InnoSetup Log lesta Wotspeak ModPack 1.23.0.0 ver.3 {JustDj-D437-4D2E-BFBD-2E44F58DD32C}, version 0x418, 2801435 bytes, LAPTOP-I2\\PC���    , C:\\Games\\Tanki���\u0007         \u0005^","size":2801435,"md5":"a73d07ab51f706c4c75e1c8c41972b07","sha1":"5a488969ac4e537d93d42dcd39a022679959e94c","sha256":"22139226150a59706bc456190b0aa1b7afa3dce34f35013c19e5b5c4be31e8d2","sha512":"17382c22ea8a7269ad2d0cb94f9faa03c5dfcfb9bfca88d5434bc5e1163e4c6d5e48375870d6236f775a1f815527a197d7bf341588251ebfd2569145f1dc4375","alerts":{"urlquery":null,"analyzer":null}},{"path":"updates/Uninstall/unins000.exe","filename":"unins000.exe","modified":"","Modified":"2023-12-15T16:10:52+04:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections","size":1537231,"md5":"3ab31d714c50ae078f9eaba7b2497191","sha1":"45c5e807e459d95618c03a6ded9debe1d70013f3","sha256":"4f1ad8d1547c95e51defcb129c5dcf2568c9735524ab3face5f0fafc5bcbc0eb","sha512":"f89961fb914796b07da8f224317bb794f9cf0cc8b40e635823b0bb8a6713048c5b2de08e1c4e9dd4f81c6f579e3bc3551a9342ba34db9a6de1c0d6755ec140ae","alerts":{"urlquery":null,"analyzer":null}},{"path":"vivoxsdk.dll","filename":"vivoxsdk.dll","modified":"","Modified":"2023-09-08T08:45:22+04:00","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections","size":4096640,"md5":"2e61c567d528d08cef62b718cb8aa82f","sha1":"43d40774fc9495f9be27f8176b6d1816241237de","sha256":"a887805bf1286725ab930359086fb3302124f5ff81b2d9f43633dc02b97c7577","sha512":"17c9d4fe2d03e2723f37534701238688443041fe75ac77e7cfd8aa1b4a3885fb92dcdb23186a7415119e91def9e6fb6fdd27a7cf2fb810a32ed236ba2230d2b0","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-07","alert":"Scan result 3/66","trigger":"5d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83","verdict":"suspicious","severity":"","comment":"suspicious - 3/66","link":"https://www.virustotal.com/gui/file/5d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:19.298249841Z","timestamp":1720659739298,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"EE690BACDDF55FD12AE0C9C39E330E0A1A18776B9EDC91B4AA6C5BAE28824F1E\"\r\nLast-Modified: Tue, 09 Jul 2024 15:28:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=13077\r\nExpires: Thu, 11 Jul 2024 04:40:16 GMT\r\nDate: Thu, 11 Jul 2024 01:02:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e08576e0904dc9903a9c20fa9e3d15b8","sha1":"74feff76140500fd4a61e89c7e9d8d0a60df1183","sha256":"ee690bacddf55fd12ae0c9c39e330e0a1a18776b9edc91b4aa6c5bae28824f1e","sha512":"ce87a5e7c77473d402b395ff6dfc4697ae83d56b168eccca85aed994fbe8d48ed47831aa316978afcefccc1a8ab551ac5279cfc7f3ffc559b7eaea1b2770e2b3","ssdeep":"","tlshash":"01f07e43242b3f20b7aa120838f8cc0d2e202ab6284408c438b282c33807bea8ee1407","first_seen":"2024-07-09T22:22:49Z","last_seen":"2024-08-19T17:27:32.492818Z","times_seen":16077,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:19.299438242Z","timestamp":1720659739299,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"BE84262BBB3F3AABAE368745BC3E85B816E372B16BC37327A1887D3A19992DF6\"\r\nLast-Modified: Wed, 10 Jul 2024 13:53:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3213\r\nExpires: Thu, 11 Jul 2024 01:55:52 GMT\r\nDate: Thu, 11 Jul 2024 01:02:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"ee5b6dc3e7ab972df60b36582e3eaaf4","sha1":"2a5185acc539fcddac9c33895ec74faf552b62dd","sha256":"be84262bbb3f3aabae368745bc3e85b816e372b16bc37327a1887d3a19992df6","sha512":"2d0acb707055bc8195de5f3885af1f1a96cd02f3eb1eebf31033b997b2a155347ae8a0f1647dcdb23264a7d4694fa8cd8289a4d5f171eb52e0466765fb5d0f9e","ssdeep":"","tlshash":"3cf00553005a7c42d3b20561285cd65a5d0d3d9e35554592f9400ae3f460bf8c5c505f","first_seen":"2024-07-10T17:35:11Z","last_seen":"2024-08-19T17:21:55.116113Z","times_seen":34251,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:19.747409442Z","timestamp":1720659739747,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5D1BC1C01894FD88A0D4680490977488D6458BB58A98ACE24EF8AA103538BC1F\"\r\nLast-Modified: Tue, 09 Jul 2024 23:47:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3592\r\nExpires: Thu, 11 Jul 2024 02:02:11 GMT\r\nDate: Thu, 11 Jul 2024 01:02:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"e7492695b5254a3a63fcffb4f1ee8cec","sha1":"0361713c6d8129210245347284c7c6babfd28fb7","sha256":"5d1bc1c01894fd88a0d4680490977488d6458bb58a98ace24ef8aa103538bc1f","sha512":"ec0e52128f983dbd74415511de8ce735b2b718b43605e9ac47400438cd5e97c87e35eb9ba74da906afc0cc7f6d28beca431b3cd9f15b958bce49500f659db147","ssdeep":"","tlshash":"d5f0549736b6bc516ab835253dfbda3e7a309924b15049bceca51291ec383a7418040c","first_seen":"2024-07-10T02:50:08Z","last_seen":"2024-08-19T17:26:17.073472Z","times_seen":39709,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:19.950309174Z","timestamp":1720659739950,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"22F599883DC87540746708049EA46EC4EB88C81C924BA145A58BEBD5EE3199CB\"\r\nLast-Modified: Tue, 09 Jul 2024 16:21:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=7126\r\nExpires: Thu, 11 Jul 2024 03:01:05 GMT\r\nDate: Thu, 11 Jul 2024 01:02:19 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"9b556e25e514a3cd5829bc4d938e5517","sha1":"85eeba07dc1438e7433ce7a145500164d842d5db","sha256":"22f599883dc87540746708049ea46ec4eb88c81c924ba145a58bebd5ee3199cb","sha512":"75b458449c7f8a18c99e53cbb9d4e5b8fdb1f10a8ade5519dbf3e6d1af98b058d7c3d6cb1c193a1db1b5647af3b0cdb0cdd0bfa08b2dd8af44895f225fe59f02","ssdeep":"","tlshash":"d2f0759324a5fd6039f00d1419a4f60c3d414aed281440f9e0a507ff2c51396890c84c","first_seen":"2024-07-09T19:23:51Z","last_seen":"2024-08-19T17:28:50.065285Z","times_seen":12065,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:21.914462509Z","timestamp":1720659741914,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40\"\r\nLast-Modified: Wed, 10 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14534\r\nExpires: Thu, 11 Jul 2024 05:04:35 GMT\r\nDate: Thu, 11 Jul 2024 01:02:21 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50e4489707989517510128817aedd2ea","sha1":"36a54d7b34a9ac621715b569e5a870f62671c574","sha256":"3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40","sha512":"ed92692072bbfb8601b1412479f5eda9a2a39f91902dcfd261b22bd27435a591dcee983015bab15f63c3e2af60ced24f6dc0e1f02620ba660eb0c51fb02ac980","ssdeep":"","tlshash":"3ff0c90025e6f80252a6670abcabdb1f2c383e1636199280a0a012a2ed00bdbc3c51cc","first_seen":"2024-07-10T20:38:58Z","last_seen":"2024-08-19T17:21:03.235Z","times_seen":38767,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:21.9165234Z","timestamp":1720659741916,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40\"\r\nLast-Modified: Wed, 10 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14534\r\nExpires: Thu, 11 Jul 2024 05:04:35 GMT\r\nDate: Thu, 11 Jul 2024 01:02:21 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50e4489707989517510128817aedd2ea","sha1":"36a54d7b34a9ac621715b569e5a870f62671c574","sha256":"3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40","sha512":"ed92692072bbfb8601b1412479f5eda9a2a39f91902dcfd261b22bd27435a591dcee983015bab15f63c3e2af60ced24f6dc0e1f02620ba660eb0c51fb02ac980","ssdeep":"","tlshash":"3ff0c90025e6f80252a6670abcabdb1f2c383e1636199280a0a012a2ed00bdbc3c51cc","first_seen":"2024-07-10T20:38:58Z","last_seen":"2024-08-19T17:21:03.235Z","times_seen":38767,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-11T01:02:21.918044527Z","timestamp":1720659741918,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"3E28EA2CEDE92DAE0F7BFCD98EAF9BD016AB8ECC4EA81B7E8F7B90BA4E20AA40\"\r\nLast-Modified: Wed, 10 Jul 2024 17:32:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=14534\r\nExpires: Thu, 11 Jul 2024 05:04:35 GMT\r\nDate: Thu, 11 Jul 2024 01:02:21 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"50e4489707989517510128817aedd2ea","sha1":"36a54d7b34a9ac621715b569e5a870f62671c574","sha256":"3e28ea2cede92dae0f7bfcd98eaf9bd016ab8ecc4ea81b7e8f7b90ba4e20aa40","sha512":"ed92692072bbfb8601b1412479f5eda9a2a39f91902dcfd261b22bd27435a591dcee983015bab15f63c3e2af60ced24f6dc0e1f02620ba660eb0c51fb02ac980","ssdeep":"","tlshash":"3ff0c90025e6f80252a6670abcabdb1f2c383e1636199280a0a012a2ed00bdbc3c51cc","first_seen":"2024-07-10T20:38:58Z","last_seen":"2024-08-19T17:21:03.235Z","times_seen":38767,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trendyscreen.co/wp-content/server/dsf4i000954.zip","fqdn":"trendyscreen.co","domain":"trendyscreen.co","tld":"co"},"ip":{"addr":"198.187.31.229","port":443,"asn":22612,"as":"NAMECHEAP-NET","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-11T01:02:20.013Z","timestamp":1720659740013,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"trendyscreen.co","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 21 Sep 2023 00:00:00 GMT","end":"Sat, 21 Sep 2024 23:59:59 GMT"},"fingerprint":{"sha1":"CD:B4:9E:F3:67:25:3F:17:75:1B:AE:97:62:8D:02:D0:9D:AC:71:03","sha256":"B7:BA:A8:3F:09:CF:9F:94:71:EC:E4:7E:C9:74:97:00:1E:E7:DC:40:7D:10:52:83:C1:44:34:27:CE:37:7E:3B"}}},"request":{"raw":"GET /wp-content/server/dsf4i000954.zip HTTP/1.1\r\nHost: trendyscreen.co\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/zip\r\nlast-modified: Sun, 07 Jul 2024 15:19:30 GMT\r\naccept-ranges: bytes\r\ncontent-length: 6821893\r\ndate: Thu, 11 Jul 2024 01:02:20 GMT\r\nserver: LiteSpeed\r\nx-turbo-charged-by: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6821893,"size_decoded":6821893,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"1a111248461db6baadd1106730b5f541","sha1":"06e8002ed1a3d60090526b567368d9009aaa814d","sha256":"5d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83","sha512":"f95f51ad7e7ff3818b1f79d5ba6cd5cdb4b3cf372949adeb7b10216cb0aef01f8613687a5d6f277a3061b95d996657a646025879cd94eca141ce3ee50db3d55b","ssdeep":"196608:XwaynMmB2oLx3e317HSj9zfQxcoIWmLNL2:6Mm8oL1G1LSBiu52","tlshash":"1a6633b7dbc3631c9a63368fb7f279901b4088dd4f1dc99f98d75c9480672a81185b2b","first_seen":"2024-08-19T17:19:13.037382Z","last_seen":"2024-08-19T17:19:13.037382Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3004,"timings":{"blocked":547,"dns":1,"connect":171,"send":0,"wait":343,"receive":1566,"ssl":373},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-07","alert":"Scan result 3/66","trigger":"5d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83","verdict":"suspicious","severity":"","comment":"suspicious - 3/66","link":"https://www.virustotal.com/gui/file/5d6d16fdf60d7dd80a2340b7851d01b076bd7174a92fe3c78d0708da35ccae83","meta":null}],"urlquery":null}}]}