Report - fs2.grafixdrive.com/token/download/tempuser/1Q4E/Fluid_Painter_v1.3.18.zip?download_token=cdf8a127e483ed8a658144223353e64da3dfd3be37d815ec71294797b065e896

Report Overview

Submitted URL
fs2.grafixdrive.com/token/download/tempuser/1Q4E/Fluid_Painter_v1.3.18.zip?download_token=cdf8a127e483ed8a658144223353e64da3dfd3be37d815ec71294797b065e896
IP
65.21.93.86
ASN
#24940 Hetzner Online GmbH
Submitted
2024-04-24 13:49:56
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fs2.grafixdrive.com	unknown	2020-05-28	2023-03-15	2024-04-18	608 B	8.1 MB	65.21.93.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
fs2.grafixdrive.com/token/download/tempuser/1Q4E/Fluid_Painter_v1.3.18.zip?download_token=cdf8a127e483ed8a658144223353e64da3dfd3be37d815ec71294797b065e896
IP
65.21.93.86
ASN
#24940 Hetzner Online GmbH

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.1 MB (8110611 bytes)
Hash
c360486db8a616493b731e808bdd9d9b
317b2f1d682e98dc2a46e84e7b888d80195942c1
74b4903f7bcffeb4bdf5af28a8b910114d9964081eb98bcfb5e4b7655fb95540

Archive (50)

Filename

Md5

File type

__init__.py

e7f8bf892dee30b2b90762276a0b85af

Python script, ASCII text executable, with CRLF line terminators

FP_Append.py

e435924d6d5eb1cbefd0f93abfcac010

Python script, ASCII text executable, with CRLF line terminators

FP_Edit.py

80666d33929bc5ab4e2078e7145cbcbd

Python script, ASCII text executable, with CRLF line terminators

FP_Settings.py

29030fbebe6c238ff3e1666e5c538eda

Python script, ASCII text executable, with CRLF line terminators

FP_Tools.py

74ce7e985514e3a55cbe43371a13b49f

Python script, ASCII text executable, with very long lines (402), with CRLF line terminators

FP_Update.py

248ea58e180d36cb8b0eadd424906f2d

Python script, ASCII text executable, with CRLF line terminators

FP_Utilities.py

8867c996d673c7a055d2b377ff64fe73

Python script, ASCII text executable, with CRLF line terminators

blender_assets.cats.txt

7c5b5321ffe0f42a6ca8633f3df99b3a

ASCII text, with CRLF line terminators

Fluid_Painter_Library.blend

773a780be580421664f9751db3dc21d1

Blender3D, saved as 64-bits little endian with version 3.01

Fluid_Painter_Library.json

474a930f2815d21d9eeba36b5c8bd9bd

JSON text data

Fluid_Biscuit_Image.png

b3b1970508f762511f669ca667edbb85

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Blood+_Image.png

d1a279e48b905ef19c62ffa0d1db5cd1

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_ChocolateBrown_Image.png

c20b9663a169f516c9d5128828e1bb57

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_ChocolateWhite_Image.png

cfbf3bceec4a171fbcbec0d1e2773d26

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Default_Image.png

5818469beca2b4d3c326572735257231

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Default+_Image.png

93b511e8ffc2b3bcea713b20899816b9

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Donut_Image.png

bc1e8f680e09d06c477c301b688d0c08

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Foam_Image.png

dd2039a912fca478f5abac8d9f6cb995

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Glaze_Image.png

089c19e69760af5c2a49af1b50c50ac9

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Glaze+_Image.png

45f185a1c8e3c700d342103ce12cd142

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Glitter_Image.png

f0bc2ce0efe7a6cf11e53a2c5361fc5a

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Gummy_Image.png

2686fc672fc165de104519c2d0831fcc

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Honey_Image.png

392a6b074f210716aacb5b48c8c2aea5

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Honey+_Image.png

38323b35ffe93671d8c8ef006cb9bae8

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Ketchup_Image.png

8438b28cb2fd2e2a2c5358c555094132

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Lube_Image.png

2f9000336ebcb622a99ff31f5fc146da

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_MapleSyrup_Image.png

ee44bdd76ed17fc7d4152c49af21ccb4

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_MapleSyrup+_Image.png

4764325ff9794b202300392d3de22a7e

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Mayo_Image.png

0775b0eb19914c481e5c8476145bec09

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_MetalGold_Image.png

8ce4f7c304c457bef571fbf7aa2a6833

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_MetalSilver_Image.png

79938aa6cad775acd1aa9fdd3c6c5d53

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Milk_Image.png

955ca02cf9db8863b559ddb9b7b00621

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Milk+_Image.png

08f0d5d403b75bfe1d0681886ec2b53a

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Mud+_Image.png

2d1929f0347d2a984e0b1db70eb8c972

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Mustard_Image.png

4b3905373552144bebd61084041acfcf

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Oil+_Image.png

7392c34be8a36644a029c59d6a3c677c

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_OilCrude+_Image.png

e5c5e658eef5556993ed9d1f57fa38b9

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Slime_Image.png

0f91e54e0f48ac4d681f2d79131ee244

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_SlimeGlowing_Image.png

51cfda62108e94d0bc7744b34483234d

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Soap_Image.png

bf98e2044c8df79f2daac76855f42c71

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Soap+_Image.png

ea0dc4a1e49b8571b4739d7c6f325e41

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Water+_Image.png

12f9396520cceaa4f4271732f3aa2244

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_WaterDrops_Image.png

914c426c08632377cddefed845a20789

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_WaterDropsAnim_Image.png

6261562fe81cb7d1d2427b351470e1b8

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Fluid_Wax_Image.png

1bc8bd1bf9d46860db0b4ba80446d065

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

Camera Pilot.url

b4e42ad047990258318c4169fe902588

Generic INItialization configuration [InternetShortcut]

GFXfather.com.url

0668a8c7d943ec5fefe875ba86040a06

Generic INItialization configuration [InternetShortcut]

Grafixfather.com.url

aa161b50b38efd1318534f7b4c8c0e95

Generic INItialization configuration [InternetShortcut]

Join Our Secret Source.url

b2e1f42e4ad6c0ffeef36ea6070bc421

Generic INItialization configuration [InternetShortcut]

Read Me!!!!!.txt

9f79269d6277c09fc4e365dda5e156c6

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

fs2.grafixdrive.com/token/download/tempuser/1Q4E/Fluid_Painter_v1.3.18.zip?download_token=cdf8a127e483ed8a658144223353e64da3dfd3be37d815ec71294797b065e896

65.21.93.86

200 OK

8.1 MB

URL User Request GET HTTP/1.1
fs2.grafixdrive.com/token/download/tempuser/1Q4E/Fluid_Painter_v1.3.18.zip?download_token=cdf8a127e483ed8a658144223353e64da3dfd3be37d815ec71294797b065e896
IP
65.21.93.86:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectfs2.grafixdrive.com
Fingerprint04:52:0A:13:32:17:04:E1:CB:87:E0:AA:D8:D8:9F:F7:B1:1F:8E:DA
ValidityThu, 18 Apr 2024 04:35:18 GMT - Wed, 17 Jul 2024 04:35:17 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.1 MB (8110611 bytes)
Hash
c360486db8a616493b731e808bdd9d9b
317b2f1d682e98dc2a46e84e7b888d80195942c1
74b4903f7bcffeb4bdf5af28a8b910114d9964081eb98bcfb5e4b7655fb95540

HTTP Headers

GET /token/download/tempuser/1Q4E/Fluid_Painter_v1.3.18.zip?download_token=cdf8a127e483ed8a658144223353e64da3dfd3be37d815ec71294797b065e896 HTTP/1.1
Host: fs2.grafixdrive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 13:49:29 GMT
Content-Type: application/x-zip-compressed
Content-Length: 8110611
Last-Modified: Mon, 18 Mar 2024 18:39:42 GMT
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: filehosting=fh8nq3svd3nj8l7714a290479v; expires=Thu, 25-Apr-2024 13:49:28 GMT; Max-Age=86400; path=/
Cache-Control: no-store, no-cache, must-revalidate
Expires: 0
Content-Disposition: attachment; filename="Fluid Painter v1.3.18.zip"
ETag: "65f88a6e-7bc213"
Accept-Ranges: bytes, bytes