Report - www.winimage.com/zLibDll/zlib123dll.zip

Report Overview

Submitted URL
www.winimage.com/zLibDll/zlib123dll.zip
IP
205.251.81.217
ASN
#29838 AMC
Submitted
2024-04-20 15:00:08
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.winimage.com	unknown	1996-11-29	2015-08-05	2024-04-18	493 B	187 kB	205.251.81.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.winimage.com/zLibDll/zlib123dll.zip
IP
205.251.81.217
ASN
#29838 AMC

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
187 kB (186609 bytes)
Hash
5056de1726c7bb77ff7b731e9e652093
6571073756c33e9aae32844e7c3c37bf062d5780
54a63b9b6a5d5cfa325f0e890312b849d13cc8b2582605973e2b63ffeadeb0fe

Archive (8)

Filename

Md5

File type

miniunz.exe

213bf588e70f4ea74e950e1f15eb9a8e

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

minizip.exe

dd77e596cc67bc9346577f07fe657908

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

testzlib.exe

eb6565762e2156e9bbe886aa9ba8a686

PE32 executable (console) Intel 80386, for MS Windows, 3 sections

zlibwapi.dll

4efaa53c545f4ffb1ee0ed1709c15ea7

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

zlibwapi.lib

b52924d66fe9f66c2968d608d45fbbe5

current ar archive

zlib_bor.lib

af16affd72cfd2017bc5461545331f81

Microsoft Visual C/OMF library, page size 16, at 0x1a00 dictionary with 4 blocks (FFLAG=0x9e) 1st entry gzclearerr in page 82, 2nd record "adler32", 3rd record COMMENT class=0xa0 OMF extensions IMPDEF ordinal adler32 exported by zlibwapi.dll

readme.txt

21940930780cb317f5bfe35c0faa9d0e

ASCII text, with CRLF line terminators

zlibstat.lib

0452b56917d39d9d00f4ce380b3ddc32

current ar archive

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
VirusTotal	suspicious	VirusTotal - Scan result 1/63

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

www.winimage.com/zLibDll/zlib123dll.zip

205.251.81.217

200 OK

187 kB

URL User Request GET HTTP/2
www.winimage.com/zLibDll/zlib123dll.zip
IP
205.251.81.217:443
ASN
#29838 AMC

Certificate
IssuerLet's Encrypt
Subjectcurrency.winimage.com
FingerprintEE:72:38:A2:7D:8F:6F:EA:F6:6F:F3:88:A5:F4:EB:7E:B8:18:09:5A
ValidityTue, 27 Feb 2024 10:35:20 GMT - Mon, 27 May 2024 10:35:19 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
187 kB (186609 bytes)
Hash
5056de1726c7bb77ff7b731e9e652093
6571073756c33e9aae32844e7c3c37bf062d5780
54a63b9b6a5d5cfa325f0e890312b849d13cc8b2582605973e2b63ffeadeb0fe

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/63

HTTP Headers

GET /zLibDll/zlib123dll.zip HTTP/1.1
Host: www.winimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Mon, 18 Jul 2005 16:18:32 GMT
accept-ranges: bytes
content-length: 186609
date: Sat, 20 Apr 2024 14:59:43 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (8)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers