{"report_id":"e73ffd4f-6915-4fd7-8153-503e338d74f0","version":6,"status":"done","tags":[],"date":"2024-05-18T03:58:39Z","url":{"schema":"http","addr":"flingtrainer.com/wp-content/uploads/2021/11/Tainted.Grail.Conquest.v1.0-v1.2.Plus.19.Trainer-FLiNG.zip","fqdn":"flingtrainer.com","domain":"flingtrainer.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T16:33:29Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"flingtrainer.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"domain_registered":"2019-05-13","domain_rank":292890,"first_seen":"2019-05-15 19:51:44","last_seen":"2024-04-18 08:51:30","alert_count":1,"request_count":1,"received_data":997134,"sent_data":558,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"b9f1346e5b5ad4bae9cfa397d5c80a09","sha1":"326e6dff0324948d2cb5d6470fea998e832366df","sha256":"a0536b212921f10def81bd83c6f54ba850faca9227e70ec866fa78deb8b561bc","sha512":"d1ab933f99dde4523a02ef5885c6206820da196c67f46442957f791a1549f60e5e1d048b53a4135d261aa8be34d67e2878e10171f457715c84caf9c02ca79e1e","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":996335,"url":{"schema":"https","addr":"flingtrainer.com/wp-content/uploads/2021/11/Tainted.Grail.Conquest.v1.0-v1.2.Plus.19.Trainer-FLiNG.zip","fqdn":"flingtrainer.com","domain":"flingtrainer.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"archive":[{"path":"Tainted Grail Conquest v1.0-v1.2 Plus 19 Trainer.exe","filename":"Tainted Grail Conquest v1.0-v1.2 Plus 19 Trainer.exe","modified":"","Modified":"2021-11-01T08:39:38-04:00","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":1684992,"md5":"58059f24392801599fab5712f1bc89bc","sha1":"500c61fb2288cf2eb9ba83f3bea79ebfd4662480","sha256":"7de6fbdc2693ad1823dbbba8d50e2afca3643e7ac54c99080150f86f6e2ddc55","sha512":"316c6b6e8746c62e01c72d4838f3d6b85cd561477fe90076af04df4cf8a10eea174b6d3e576d550a98629b2bb7c03d2b1840b1ed65d97e2e04dbcad25ebc5e14","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-25","alert":"Scan result 27/72","trigger":"7de6fbdc2693ad1823dbbba8d50e2afca3643e7ac54c99080150f86f6e2ddc55","verdict":"malicious","severity":"","comment":"malicious - 27/72","link":"https://www.virustotal.com/gui/file/7de6fbdc2693ad1823dbbba8d50e2afca3643e7ac54c99080150f86f6e2ddc55","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-18","alert":"Scan result 20/67","trigger":"a0536b212921f10def81bd83c6f54ba850faca9227e70ec866fa78deb8b561bc","verdict":"malicious","severity":"","comment":"malicious - 20/67","link":"https://www.virustotal.com/gui/file/a0536b212921f10def81bd83c6f54ba850faca9227e70ec866fa78deb8b561bc","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"flingtrainer.com/wp-content/uploads/2021/11/Tainted.Grail.Conquest.v1.0-v1.2.Plus.19.Trainer-FLiNG.zip","fqdn":"flingtrainer.com","domain":"flingtrainer.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"The Netherlands","country_code":"NL"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-05-18T03:58:13.858Z","timestamp":1716004693858,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flingtrainer.com","organization":""},"issuer":{"commonName":"E1","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Apr 2024 01:06:18 GMT","end":"Sat, 13 Jul 2024 01:06:17 GMT"},"fingerprint":{"sha1":"F3:76:70:69:BD:68:6B:9A:54:8A:9D:58:D0:BB:DA:86:DD:4A:01:26","sha256":"BD:FB:5B:57:BB:BA:6D:92:D1:87:1C:7C:32:B5:3D:E7:90:17:73:7C:A5:D3:0F:EF:E3:51:87:CE:CB:3A:E5:90"}}},"request":{"raw":"GET /wp-content/uploads/2021/11/Tainted.Grail.Conquest.v1.0-v1.2.Plus.19.Trainer-FLiNG.zip HTTP/1.1\r\nHost: flingtrainer.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 May 2024 03:58:14 GMT\r\ncontent-type: application/zip\r\nlast-modified: Mon, 01 Nov 2021 13:26:21 GMT\r\nvary: Accept-Encoding\r\netag: W/\"617feafd-f33ef\"\r\nexpires: Mon, 17 Jun 2024 03:58:14 GMT\r\ncache-control: max-age=2592000\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=KPdRlsonK%2FrYnfdzhh0uHf4M%2FCOFk%2F5mJF5DiUdD6es3QDXoywqrGrEahktUz%2BzWcU3xwG6kjjJx1pD4nsJcWhQPHNi%2FkLBLPeL6W9L8WP7aWmgQFcSM5v%2B7pDWiRQsDfOFf\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8858ed78cb7356aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":996335,"size_decoded":996335,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"b9f1346e5b5ad4bae9cfa397d5c80a09","sha1":"326e6dff0324948d2cb5d6470fea998e832366df","sha256":"a0536b212921f10def81bd83c6f54ba850faca9227e70ec866fa78deb8b561bc","sha512":"d1ab933f99dde4523a02ef5885c6206820da196c67f46442957f791a1549f60e5e1d048b53a4135d261aa8be34d67e2878e10171f457715c84caf9c02ca79e1e","ssdeep":"24576:7mypJWf61UEnLikYg4Li4v0Ne//edDV9CBmUoPSjDw:71pJWfRELYsNe3eROnM","tlshash":"d82533a48db8a0674e0bb65d2616c04df10bf956b12ee5c00988c9d3b63d7e6c47f2f9","first_seen":"2023-11-11T15:55:03Z","last_seen":"2024-10-12T13:58:29.545771Z","times_seen":4,"resource_available":false,"data":null}},"time_used":1115,"timings":{"blocked":23,"dns":0,"connect":1,"send":0,"wait":1068,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-05-18","alert":"Scan result 20/67","trigger":"a0536b212921f10def81bd83c6f54ba850faca9227e70ec866fa78deb8b561bc","verdict":"malicious","severity":"","comment":"malicious - 20/67","link":"https://www.virustotal.com/gui/file/a0536b212921f10def81bd83c6f54ba850faca9227e70ec866fa78deb8b561bc","meta":null}],"urlquery":null}}]}