{
	"id": "de4ad6fc-967d-456b-bad7-e0cfe5ab17d0",
	"created_at": "2026-04-06T00:22:38.852903Z",
	"updated_at": "2026-04-10T03:22:54.833459Z",
	"deleted_at": null,
	"sha1_hash": "4e9d06d167236f8ecbe9bad41997128be87d6f87",
	"title": "Luna Moth Ransomware: The Threat Actors Behind Recent False Subscription Scams",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 302566,
	"plain_text": "Luna Moth Ransomware: The Threat Actors Behind Recent False\r\nSubscription Scams\r\nBy Sygnia\r\nPublished: 2022-07-01 · Archived: 2026-04-05 23:01:54 UTC\r\nSygnia’s team identified ‘Luna Moth’ ransom group. The threat actors resemble false subscription scammers,\r\nfocusing on corporate data theft.\r\nOren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag\r\n1 July 2022\r\n8 min\r\nOver the last few months, Sygnia’s Incident Response team has been methodically tracking the ‘Luna Moth’\r\nransom group. Their modus-operandi resembles scammers, with the twist of corporate data theft, leveraging the\r\nthreat of publication to demand millions of dollars in ransom.\r\nkey points\r\nThe Sygnia Incident Response team identified a relatively new threat group, which has been operating\r\nsince the end of March 2022. Sygnia refers to this threat actor as ‘Luna Moth’ or TG2729.\r\n‘Luna Moth’ focuses on Data Breach extortion attacks, threatening to leak stolen information if the\r\ndemanded ransom is not paid.\r\nThe initial compromise is achieved by deceiving victims in a phishing campaign under the theme of Zoho\r\nMasterClass and Duolingo subscriptions, leading to the installation of an initial tool on the compromised\r\nhost.\r\nThe group uses commercial remote administration tools (RATs) and publicly available tools to operate on\r\ncompromised devices and maintain persistency, demonstrating once more the simplicity and effectiveness\r\nof ransom attacks.\r\nThe group acts and operates in an opportunistic way: even if there are no assets or devices to compromise\r\nin the network, they exfiltrate any data that is accessible; this emphasizes the importance of managing\r\nsensitive corporate information.\r\nthe ‘Luna Moth’ group \r\nWith the rise in ransomware activity over the past years, the security industry has become used to hearing about\r\ndouble extortion, and even triple extortion attacks, and new crime groups of all kinds. In this blog post, we shed\r\nlight on a relatively new threat actor which goes by the name of the ‘Silent Ransom Group’ (or ‘SRG’) and was\r\ndubbed ‘Luna Moth’ by Sygnia. By launching a phishing campaign with a wide coverage area, ‘Luna Moth’\r\ninfiltrates and compromises victim devices. These attacks can be categorized as data breach ransom attacks, in\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 1 of 11\n\nwhich the main focus of the group is to gain access to sensitive documents and information, and demand payment\r\nto withhold publication of the stolen data. Simple as they may be, these attacks can create serious issues for\r\nvictims if sensitive data and information is stolen in this way.\r\nAlthough the group is not widely known, they have been active in the past months, attempting to build their\r\nreputation as a ransom gang. Their modus-operandi resembles scammers, with the twist of corporate data theft,\r\nleveraging the threat of publication to demand millions of dollars in ransom.\r\nGaining initial access\r\nOver the past three months, the ‘Luna Moth’ group operated a large-scale phishing campaign under the theme of\r\nMasterClass and Duolingo subscriptions, by impersonating Zoho MasterClass Inc and Duolingo. Although\r\nclaiming to be related to the Zoho Corporation or Duolingo, the phishing emails are sent from Gmail addresses\r\nthat are altered to resemble the legitimate company email addresses:\r\n{FIRST-NAME}.{LAST-NAME}.zohomasterclass@gmail.com\r\n{FIRST-NAME}.{LAST-NAME}.duolingo@gmail.com\r\nThis is a classic phishing scam: the email claims that the recipient of the email purchased a subscription to a\r\nlegitimate service, and that payment is due. To complete the scam, an invoice PDF file is attached to the email,\r\nand the victim is recommended to call a phone number, which the email states can be found within the attached\r\nfile, if there are any issues with the subscription.\r\nImage 1: An example of a Zoho Masterclass themed phishing email\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 2 of 11\n\nImage 2-5: Examples of invoices attached as PDF files to the phishing emails\r\nIf the victim wishes to refute the purchase, they are required to join a Zoho remote support session. At this point,\r\nthe threat actor uses the native Zoho Assist functionality to send another email, entitled “Zoho Assist – Remote\r\nSupport session”, which guides the user to download and install the Zoho Assist application. The group then\r\ninvites the victim to the support session using Zoho Assist accounts that are tied to protonmail emails.\r\nDuring this short yet effective Zoho Assist session, the threat actor is able to trick the user into downloading and\r\ninstalling Atera on their device; this is a remote administration tool commonly used by threat actors. Once Atera is\r\ninstalled on the device, the threat actor can access the device and operate freely.\r\nTools in the arsenal\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 3 of 11\n\nThe examples shown above demonstrate that both the activities and the toolset of ‘Luna Moth’ are fairly\r\nunsophisticated. The main tools used by the threat actor consist of remote administration tools (RATs) that allow\r\nthem to control compromised devices; these include Atera, Splashtop, Syncro, and AnyDesk. These tools also\r\nprovide the threat actors with some redundancy and persistence: if one of the RATs is removed from the system, it\r\ncan be reinstalled by the others.\r\nAdditional tools used by the group include off-the-shelf tools such as SoftPerfect Network Scanner, SharpShares,\r\nand\r\nRclone. The tools are stored on compromised machines under false names masquerading as legitimate binaries.\r\nThese tools, in addition to the RATs, provide the threat actors with the means to conduct basic reconnaissance\r\nactivities, access additional available assets, and exfiltrate data from compromised networks.\r\nCampaign infrastructure\r\nThe infrastructure used by ‘Luna Moth’ as part of the subscription scams can be mapped to two main clusters of\r\ndomains and IPs: \r\nExfiltration domains: Domains under the XYZ TLD, such as maaays[.]xyz. These domains are used by the\r\ngroup as part of the Rclone exfiltration process; the domains are the target to which the exfiltrated data is\r\nsent.\r\nPhishing domains that appear to be related to Zoho or Duolingo – for example, masterzohoclass[.]com.\r\nMost of these domains have a very short lifespan of about four hours.\r\nThe first identified domain related to the campaign was registered during April 2022. Both the exfiltration and\r\nphishing domains are hosted by the provider Hostwinds, and registered under Namecheap.\r\nDomain IP Address\r\nRegistration\r\nDate\r\nType\r\ndictumst[.]xyz 23[.]254[.]229[.]90\r\n18/04/2022\r\n08:46\r\nExfiltration\r\nServer\r\ntincidunt[.]xyz 192[.]119[.]110[.]47\r\n18/04/2022\r\n08:53\r\nExfiltration\r\nServer\r\ndeserunt[.]xyz 192[.]119[.]110[.]22\r\n18/04/2022\r\n08:54\r\nExfiltration\r\nServer\r\nmczoho[.]com 192[.]119[.]111[.]25\r\n18/04/2022\r\n14:27\r\nInfrastructure\r\nmasterzohoclass[.]com 192[.]236[.]178[.]3\r\n19/04/2022\r\n13:54\r\nInfrastructure\r\nzohocook[.]com 192[.]236[.]177[.]251\r\n20/04/2022\r\n10:42\r\nInfrastructure\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 4 of 11\n\nmolestie[.]xyz 192[.]236[.]193[.]152\r\n21/04/2022\r\n07:21\r\nExfiltration\r\nServer\r\nadipiscing[.]xyz 192[.]236[.]193[.]150\r\n21/04/2022\r\n07:21\r\nExfiltration\r\nServer\r\nfringilla[.]xyz 192[.]236[.]193[.]148\r\n21/04/2022\r\n13:18\r\nExfiltration\r\nServer\r\nvolutpat[.]xyz 192[.]236[.]193[.]151\r\n21/04/2022\r\n13:19\r\nExfiltration\r\nServer\r\nultrices[.]xyz 192[.]236[.]193[.]149\r\n21/04/2022\r\n13:19\r\nExfiltration\r\nServer\r\ncookwithzoho[.]com 192[.]236[.]193[.]141\r\n21/04/2022\r\n13:34\r\nInfrastructure\r\ncookingbyzoho[.]com 192[.]236[.]193[.]140\r\n22/04/2022\r\n12:15\r\nInfrastructure\r\nmassay[.]xyz 192[.]236[.]177[.]20\r\n25/04/2022\r\n11:28\r\nExfiltration\r\nServer\r\nmasaay[.]xyz 192[.]236[.]176[.]79\r\n25/04/2022\r\n11:28\r\nExfiltration\r\nServer\r\nmyaaas[.]xyz 192[.]236[.]192[.]84\r\n25/04/2022\r\n11:29\r\nExfiltration\r\nServer\r\nmyaasa[.]xyz 192[.]236[.]179[.]76\r\n25/04/2022\r\n11:29\r\nExfiltration\r\nServer\r\nmyasaa[.]xyz 192[.]236[.]178[.]135\r\n25/04/2022\r\n11:29\r\nExfiltration\r\nServer\r\nmasyaa[.]xyz 192[.]236[.]193[.]86\r\n25/04/2022\r\n11:30\r\nExfiltration\r\nServer\r\nmaysaa[.]xyz 192[.]236[.]193[.]81\r\n25/04/2022\r\n11:30\r\nExfiltration\r\nServer\r\nmsaaay[.]xyz 192[.]236[.]192[.]215\r\n25/04/2022\r\n11:30\r\nExfiltration\r\nServer\r\nmaaays[.]xyz 192[.]236[.]194[.]2\r\n25/04/2022\r\n11:35\r\nExfiltration\r\nServer\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 5 of 11\n\nmaaasy[.]xyz 192[.]236[.]194[.]31\r\n25/04/2022\r\n11:36\r\nExfiltration\r\nServer\r\ncookingzoho[.]com 192[.]236[.]195[.]42\r\n25/04/2022\r\n12:50\r\nInfrastructure\r\nzohomclass[.]com 192[.]236[.]195[.]83\r\n26/04/2022\r\n13:02\r\nInfrastructure\r\nzohocooking[.]com 192[.]236[.]198[.]22\r\n27/04/2022\r\n12:12\r\nInfrastructure\r\nstudyzoho[.]com 192[.]236[.]198[.]23\r\n28/04/2022\r\n11:02\r\nInfrastructure\r\nmolesste[.]xyz 192[.]236[.]208[.]56\r\n28/04/2022\r\n20:53\r\nExfiltration\r\nServer\r\nzohocookingmeals[.]com 192[.]236[.]199[.]2\r\n29/04/2022\r\n10:49\r\nInfrastructure\r\nzohokitchen[.]com 192[.]236[.]192[.]2\r\n02/05/2022\r\n13:12\r\nInfrastructure\r\nullamm[.]xyz 23[.]254[.]227[.]79\r\n02/05/2022\r\n16:36\r\nExfiltration\r\nServer\r\nzohokitchenmaster[.]com 192[.]236[.]192[.]9\r\n03/05/2022\r\n10:54\r\nInfrastructure\r\nzohoteachingmaster[.]com 192[.]236[.]192[.]69\r\n04/05/2022\r\n12:42\r\nInfrastructure\r\nzohoteaching[.]com 192[.]236[.]192[.]73\r\n05/05/2022\r\n14:02\r\nInfrastructure\r\ntincidut[.]xyz 142[.]11[.]215[.]104\r\n06/05/2022\r\n13:48\r\nExfiltration\r\nServer\r\nmasterclassgold[.]com 142[.]11[.]215[.]25\r\n09/05/2022\r\n14:42\r\nInfrastructure\r\nproodee[.]xyz 192[.]236[.]179[.]217\r\n09/05/2022\r\n16:07\r\nExfiltration\r\nServer\r\nzohocookingclass[.]com 198[.]54[.]117[.]244\r\n10/05/2022\r\n07:53\r\nInfrastructure\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 6 of 11\n\nzohoclasspro[.]com 142[.]11[.]215[.]212\r\n10/05/2022\r\n11:42\r\nInfrastructure\r\ndeerunt[.]xyz 142[.]11[.]206[.]153\r\n14/05/2022\r\n08:40\r\nExfiltration\r\nServer\r\nnostuud[.]xyz 192[.]236[.]147[.]234\r\n14/05/2022\r\n14:27\r\nExfiltration\r\nServer\r\naliuuip[.]xyz 23[.]254[.]228[.]211\r\n14/05/2022\r\n14:28\r\nExfiltration\r\nServer\r\nzohoduolingo[.]com 192[.]236[.]209[.]36\r\n16/05/2022\r\n13:11\r\nInfrastructure\r\nduolingoclass[.]com 192[.]236[.]209[.]34\r\n17/05/2022\r\n13:24\r\nInfrastructure\r\nacsyruse[.]xyz 192[.]236[.]155[.]81\r\n17/05/2022\r\n20:56\r\nExfiltration\r\nServer\r\nzoholanguageclass[.]com 142[.]11[.]209[.]198\r\n18/05/2022\r\n12:40\r\nInfrastructure\r\nzoholanguage[.]com 104[.]168[.]164[.]244\r\n19/05/2022\r\n13:40\r\nInfrastructure\r\nduo-lingo-class[.]com 104[.]168[.]204[.]231\r\n23/05/2022\r\n12:27\r\nInfrastructure\r\ncaaom[.]xyz 192[.]236[.]155[.]151\r\n23/05/2022\r\n14:04\r\nExfiltration\r\nServer\r\ncaaof[.]xyz 192[.]236[.]155[.]106\r\n23/05/2022\r\n14:05\r\nExfiltration\r\nServer\r\ncaaog[.]xyz 192[.]236[.]155[.]138\r\n23/05/2022\r\n14:05\r\nExfiltration\r\nServer\r\ncaaor[.]xyz 192[.]236[.]155[.]103\r\n23/05/2022\r\n14:06\r\nExfiltration\r\nServer\r\ncaaon[.]xyz 192[.]236[.]155[.]102\r\n23/05/2022\r\n14:28\r\nExfiltration\r\nServer\r\nduolingo-class[.]com 192[.]236[.]192[.]33\r\n24/05/2022\r\n12:29\r\nInfrastructure\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 7 of 11\n\nstudyduolingo[.]com 192[.]236[.]177[.]18\r\n25/05/2022\r\n12:32\r\nInfrastructure\r\nmasterclass-cook[.]com 192[.]236[.]193[.]171\r\n31/05/2022\r\n13:43\r\nInfrastructure\r\nduuis[.]xyz 192[.]236[.]249[.]78\r\n01/06/2022\r\n09:43\r\nExfiltration\r\nServer\r\neeeaa[.]xyz 192[.]236[.]249[.]80\r\n01/06/2022\r\n09:43\r\nExfiltration\r\nServer\r\nveelit[.]xyz 192[.]236[.]249[.]79\r\n01/06/2022\r\n09:44\r\nExfiltration\r\nServer\r\neesse[.]xyz 192[.]236[.]249[.]76\r\n01/06/2022\r\n09:44\r\nExfiltration\r\nServer\r\nmoolit[.]xyz 192[.]236[.]249[.]75\r\n01/06/2022\r\n09:45\r\nExfiltration\r\nServer\r\npremiumduolingo[.]com 104[.]168[.]201[.]129\r\n01/06/2022\r\n12:49\r\nInfrastructure\r\ncook-masterclass[.]com 104[.]168[.]201[.]121\r\n01/06/2022\r\n12:50\r\nInfrastructure\r\nyourduolingo[.]com 104[.]168[.]201[.]87\r\n02/06/2022\r\n11:55\r\nInfrastructure\r\nmasterclasscooking[.]com 192[.]119[.]111[.]51\r\n03/06/2022\r\n12:20\r\nInfrastructure\r\nduolingoeducation[.]com 192[.]119[.]111[.]21\r\n03/06/2022\r\n12:20\r\nInfrastructure\r\neducationduolingo[.]com 192[.]119[.]111[.]197\r\n06/06/2022\r\n11:32\r\nInfrastructure\r\nmasterclass-chef[.]com 104[.]168[.]201[.]100\r\n06/06/2022\r\n11:33\r\nInfrastructure\r\nallduolingo[.]com 192[.]236[.]194[.]113\r\n07/06/2022\r\n13:02\r\nInfrastructure\r\nallredoo[.]xyz 192[.]236[.]194[.]42\r\n07/06/2022\r\n16:02\r\nExfiltration\r\nServer\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 8 of 11\n\naredo[.]xyz 192[.]236[.]160[.]132\r\n07/06/2022\r\n16:03\r\nExfiltration\r\nServer\r\naeedo[.]xyz 192[.]236[.]193[.]182\r\n07/06/2022\r\n16:03\r\nExfiltration\r\nServer\r\nallreedo[.]xyz 104[.]168[.]218[.]242\r\n07/06/2022\r\n16:04\r\nExfiltration\r\nServer\r\nalloout[.]xyz 104[.]168[.]135[.]71\r\n07/06/2022\r\n17:16\r\nExfiltration\r\nServer\r\nsubscriptionduolingo[.]com 192[.]236[.]195[.]74\r\n08/06/2022\r\n12:33\r\nInfrastructure\r\ngermanbyduolingo[.]com 192[.]236[.]208[.]44\r\n10/06/2022\r\n11:59\r\nInfrastructure\r\nduolingo-italianclass[.]com 104[.]168[.]171[.]231\r\n21/06/2022\r\n12:43\r\nInfrastructure\r\naeecc[.]xyz 23[.]238[.]40[.]29\r\n22/06/2022\r\n19:25\r\nExfiltration\r\nServer\r\neceee[.]xyz 23[.]238[.]40[.]28\r\n22/06/2022\r\n19:25\r\nExfiltration\r\nServer\r\naeocc[.]xyz 23[.]238[.]40[.]31\r\n22/06/2022\r\n19:26\r\nExfiltration\r\nServer\r\naedcc[.]xyz 23[.]238[.]40[.]30\r\n22/06/2022\r\n19:26\r\nExfiltration\r\nServer\r\naeucc[.]xyz 23[.]238[.]40[.]32\r\n22/06/2022\r\n19:27\r\nExfiltration\r\nServer\r\nduolingoitalian[.]com 192[.]236[.]155[.]243\r\n23/06/2022\r\n13:05\r\nInfrastructure\r\nduolingoit[.]com 192[.]236[.]176[.]197\r\n24/06/2022\r\n12:48\r\nInfrastructure\r\nduolingoitclass[.]com 104[.]168[.]171[.]104\r\n27/06/2022\r\n13:09\r\nInfrastructure\r\n duolingo-it[.]com  192[.]236[.]176[.]199\r\n 28/06/2022 \r\n13:07\r\n Infrastructure\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 9 of 11\n\nitalian-duolingo[.]com  192[.]119[.]110[.]112\r\n 29/06/2022\r\n13:27\r\n Infrastructure\r\n masterclass-design[.]com  192[.]119[.]110[.]166\r\n 29/06/2022\r\n15:26\r\n Infrastructure\r\n masterclass-design[.]com  192[.]119[.]110[.]166\r\n 29/06/2022\r\n15:26\r\n Infrastructure\r\n masterclass-design[.]com  192[.]119[.]110[.]166\r\n 29/06/2022\r\n15:26\r\n Infrastructure\r\n masterclass-design[.]com  192[.]119[.]110[.]166\r\n 29/06/2022\r\n15:26\r\n Infrastructure\r\n masterclass-design[.]com  192[.]119[.]110[.]166\r\n 29/06/2022\r\n15:26\r\n Infrastructure\r\n masterclass-design[.]com  192[.]119[.]110[.]166\r\n 29/06/2022\r\n15:26\r\n Infrastructure\r\naaeece[.]xyz 142[.]11[.]210[.]14\r\n15/08/2022\r\n10:27\r\nExfiltration\r\nServer\r\naaeeci[.]xyz 108[.]174[.]195[.]199\r\n15/08/2022\r\n10:27\r\nExfiltration\r\nServer\r\naaeeco[.]xyz 108[.]174[.]197[.]196\r\n15/08/2022\r\n10:29\r\nExfiltration\r\nServer\r\naaeecu[.]xyz 104[.]168[.]145[.]45\r\n15/08/2022\r\n10:27\r\nExfiltration\r\nServer\r\naaeecy[.]xyz 142[.]11[.]194[.]201\r\n15/08/2022\r\n10:27\r\nExfiltration\r\nServer\r\neebna[.]xyz 192[.]236[.]194[.]76 08/09/2022 9:52\r\nExfiltration\r\nServer\r\neecna[.]xyz 192[.]236[.]194[.]77 08/09/2022 9:52\r\nExfiltration\r\nServer\r\needna[.]xyz 192[.]236[.]194[.]78 08/09/2022 9:52\r\nExfiltration\r\nServer\r\neegna[.]xyz 192[.]236[.]194[.]80 08/09/2022 9:53\r\nExfiltration\r\nServer\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 10 of 11\n\neetna[.]xyz 192[.]236[.]194[.]81 08/09/2022 9:53\r\nExfiltration\r\nServer\r\nbrightmasterclass[.]com 192[.]236[.]192[.]193\r\n06/09/2022\r\n12:29\r\nInfrastructure\r\neffectivemasterclass[.]com 192[.]236[.]176[.]143\r\n24/08/2022\r\n06:32\r\nInfrastructure\r\nhappymasterclass[.]com 192[.]119[.]110[.]131\r\n07/09/2022\r\n13:25\r\nInfrastructure\r\nmasterclass-business[.]com 192[.]119[.]110[.]166\r\n16/08/2022\r\n09:13\r\nInfrastructure\r\nmasterclasscources[.]com 23[.]254[.]225[.]145\r\n01/09/2022\r\n13:22\r\nInfrastructure\r\nmasterclassworld[.]com 192[.]236[.]198[.]164\r\n09/09/2022\r\n13:51\r\nInfrastructure\r\nrainbowmasterclass[.]com 192[.]236[.]192[.]192\r\n02/09/2022\r\n13:47\r\nInfrastructure\r\nstrongmasterclass[.]com 23[.]254[.]227[.]9\r\n25/08/2022\r\n12:52\r\nInfrastructure\r\nunitedmasterclass[.]com 192[.]236[.]179[.]2\r\n31/08/2022\r\n14:02\r\nInfrastructure\r\nwestsidemasterclass[.]com 23[.]254[.]228[.]85\r\n08/09/2022\r\n13:18\r\nInfrastructure\r\nwesternmasterclass[.]com 23[.]254[.]225[.]145\r\n01/09/2022\r\n16:52\r\nInfrastructure\r\nIf you were impacted by this attack or are seeking guidance on how to prevent similar attacks, please contact us at\r\ncontact@sygnia.co or our 24-hour hotline +1-877-686-8680.\r\nSource: https://blog.sygnia.co/luna-moth-false-subscription-scams\r\nhttps://blog.sygnia.co/luna-moth-false-subscription-scams\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://blog.sygnia.co/luna-moth-false-subscription-scams"
	],
	"report_names": [
		"luna-moth-false-subscription-scams"
	],
	"threat_actors": [
		{
			"id": "d87fb380-03db-447c-a560-33e1b6e70e87",
			"created_at": "2025-05-29T02:00:03.231385Z",
			"updated_at": "2026-04-10T02:00:03.881295Z",
			"deleted_at": null,
			"main_name": "Luna Moth",
			"aliases": [
				"Silent Ransom",
				"TG2729"
			],
			"source_name": "MISPGALAXY:Luna Moth",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434958,
	"ts_updated_at": 1775791374,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4e9d06d167236f8ecbe9bad41997128be87d6f87.pdf",
		"text": "https://archive.orkl.eu/4e9d06d167236f8ecbe9bad41997128be87d6f87.txt",
		"img": "https://archive.orkl.eu/4e9d06d167236f8ecbe9bad41997128be87d6f87.jpg"
	}
}