Report - fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d

Report Overview

Submitted URL
fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d
IP
65.21.93.86
ASN
#24940 Hetzner Online GmbH
Submitted
2024-04-24 12:11:45
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fs2.grafixdrive.com	unknown	2020-05-28	2023-03-15	2024-04-18	605 B	6.7 MB	65.21.93.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d
IP
65.21.93.86
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.7 MB (6714634 bytes)
Hash
d02af8a7300f07f2221e067a41be144a
25bfb5ebc1aa9793a81492ff586387228edaeba3
51e5123e2a74d12405e6e3954af52eeeb8f76bddd31aa3cf7c240335cded2026

Archive (26)

Filename

Md5

File type

__init__.py

9f0e9976b454bc410b0dfa0ec3e9d5ac

Python script, ASCII text executable, with CRLF line terminators

LICENSE

e62637ea8a114355b985fd86c9ffbd6e

ASCII text, with CRLF line terminators

read_me.txt

9fb5dce65891be52ec2f55fd5539e68b

ASCII text, with CRLF line terminators

cable_coupling01.stl

f3c662efe013b7dc6671590e0aebc113

data

cable_coupling02.stl

d59bb8b8e31ede65d4a12a3bb4b8ea61

data

flange01.stl

6c59fa13be2ff4dd54eb43f9ef528921

data

flange02.stl

8b4b8d5cc507f7e5e34a6845bdc52f30

data

flange03_hvy.stl

4bb380b9d2bf41ec7992646df6f0dcbb

data

flange04_hvy.stl

5e90db8cb6fc50dfb4f15956cac14838

data

flange05_caps.stl

34b351dc19c421e0e11472c99f24ee28

data

flange06_caps.stl

f2169f918da9574afb6c993bc71e5203

data

grunge_shaders_01.blend

6cae80ab8e5434529860ab62c530214b

Blender3D, saved as 64-bits little endian with version 4.00

operators.py

2144a8e916739b945028e4aad937dcac

Python script, ASCII text executable, with CRLF line terminators

preferences.py

2dcdf07685d142fbbc868b6e1106b3db

Python script, ASCII text executable, with CRLF line terminators

captive01.stl

f1fd38c09bc30ee5949bc61abcb6df1f

data

captive02.stl

24146041acc5b38f3ab1fddcead0c085

data

phillips01.stl

b30dde7f357479fa009937aad27ea772

data

roundhead01.stl

af2c81002fc385ff89cafeb285b53fad

data

ui.py

6462b1d1f364ee3229c1ebaa1a9cfb28

Python script, ASCII text executable, with CRLF line terminators

utils.py

fec70da46ca80d07069beecbe467deb0

Python script, ASCII text executable, with CRLF line terminators

Camera Pilot.url

b4e42ad047990258318c4169fe902588

Generic INItialization configuration [InternetShortcut]

Courseslib.com Everything Free.txt

3ab97015c8c3128af3fe06a0a537308e

ASCII text, with no line terminators

GFXfather.com.url

0668a8c7d943ec5fefe875ba86040a06

Generic INItialization configuration [InternetShortcut]

Grafixfather.com.url

aa161b50b38efd1318534f7b4c8c0e95

Generic INItialization configuration [InternetShortcut]

Join Our Secret Source.url

b2e1f42e4ad6c0ffeef36ea6070bc421

Generic INItialization configuration [InternetShortcut]

Read Me!!!!!.txt

9f79269d6277c09fc4e365dda5e156c6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d	65.21.93.86	200 OK	6.7 MB
URL User Request GET HTTP/1.1 fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d IP 65.21.93.86:443 ASN #24940 Hetzner Online GmbH Certificate IssuerLet's Encrypt Subjectfs2.grafixdrive.com Fingerprint04:52:0A:13:32:17:04:E1:CB:87:E0:AA:D8:D8:9F:F7:B1:1F:8E:DA ValidityThu, 18 Apr 2024 04:35:18 GMT - Wed, 17 Jul 2024 04:35:17 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 6.7 MB (6714634 bytes) Hash d02af8a7300f07f2221e067a41be144a 25bfb5ebc1aa9793a81492ff586387228edaeba3 51e5123e2a74d12405e6e3954af52eeeb8f76bddd31aa3cf7c240335cded2026 HTTP Headers GET /token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d HTTP/1.1 Host: fs2.grafixdrive.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Server: nginx Date: Wed, 24 Apr 2024 12:11:19 GMT Content-Type: application/x-zip-compressed Content-Length: 6714634 Last-Modified: Thu, 11 Apr 2024 16:41:35 GMT Connection: keep-alive Keep-Alive: timeout=60 Set-Cookie: filehosting=sc3m2d8u5kbnjc79q0ep5nhicc; expires=Thu, 25-Apr-2024 12:11:18 GMT; Max-Age=86400; path=/ Cache-Control: no-store, no-cache, must-revalidate Expires: 0 Content-Disposition: attachment; filename="Random Flow v3.0.1.zip" ETag: "661812bf-66750a" Accept-Ranges: bytes, bytes

fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d

65.21.93.86

200 OK

6.7 MB

URL User Request GET HTTP/1.1
fs2.grafixdrive.com/token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d
IP
65.21.93.86:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectfs2.grafixdrive.com
Fingerprint04:52:0A:13:32:17:04:E1:CB:87:E0:AA:D8:D8:9F:F7:B1:1F:8E:DA
ValidityThu, 18 Apr 2024 04:35:18 GMT - Wed, 17 Jul 2024 04:35:17 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
6.7 MB (6714634 bytes)
Hash
d02af8a7300f07f2221e067a41be144a
25bfb5ebc1aa9793a81492ff586387228edaeba3
51e5123e2a74d12405e6e3954af52eeeb8f76bddd31aa3cf7c240335cded2026

HTTP Headers

GET /token/download/tempuser/10dt/Random_Flow_v3.0.1.zip?download_token=b6d65080acf3f52ce9c258db57d424aef768e2166e62e85c6d369e5a3f1f271d HTTP/1.1
Host: fs2.grafixdrive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 12:11:19 GMT
Content-Type: application/x-zip-compressed
Content-Length: 6714634
Last-Modified: Thu, 11 Apr 2024 16:41:35 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: filehosting=sc3m2d8u5kbnjc79q0ep5nhicc; expires=Thu, 25-Apr-2024 12:11:18 GMT; Max-Age=86400; path=/
Cache-Control: no-store, no-cache, must-revalidate
Expires: 0
Content-Disposition: attachment; filename="Random Flow v3.0.1.zip"
ETag: "661812bf-66750a"
Accept-Ranges: bytes, bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (26)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers