Report - www.winimage.com/wimait40.zip

Report Overview

Visited public
2025-05-01 00:25:53
Tags
URL
www.winimage.com/wimait40.zip
Finishing URL
about:privatebrowsing
IP / ASN
205.251.81.217
#29838 AMC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.winimage.com	unknown	1996-11-29	2015-08-05	2025-04-26	497 B	69 kB	205.251.81.217

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.winimage.com/wimait40.zip
IP
205.251.81.217
ASN
#29838 AMC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
69 kB (69040 bytes)
Hash
b0559e6e7a63ec97caa1ce3cd2bd36c8
87e1b17bed3cd0e2a6bb584950e3aa5b0468945b
823cc7372af1f76958d6f8f2841b3cb9d18659adf5ea41c31c0f4e3883f2396d

Archive (5)

Filename

Md5

File type

WINIMAIT.HLP

6558a2361038ce9d322622bc1509140f

MS Windows 3.1 help, Thu Aug 21 18:26:24 1997, 72197 bytes

WINIMAIT.CNT

2ec95cb1c2a323fa0ffe48179da4f2c5

MS Windows help file Content, based "winimait.hlp", ISO-8859 text, with CRLF line terminators

WINIMAIT.T32

d2456104e91937105a1f70a41599d758

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

FILE_ID.DIZ

d349f73bffa33c481a7bd45d034e61ca

ASCII text, with CRLF line terminators

README.TXT

e6388d9c2e335ecb562c3741e6c58914

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect pe file that no import table

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.winimage.com/wimait40.zip	205.251.81.217	200 OK	69 kB
URL User Request GET www.winimage.com/wimait40.zip IP 205.251.81.217:443 ASN #29838 AMC Certificate IssuerLet's Encrypt Subjectclb.winimage.com FingerprintFF:DB:35:59:3D:1E:49:01:EF:F8:63:A7:3F:D8:98:3D:EC:51:8F:30 ValidityTue, 29 Apr 2025 10:09:51 GMT - Mon, 28 Jul 2025 10:09:50 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 69 kB (69040 bytes) Hash b0559e6e7a63ec97caa1ce3cd2bd36c8 87e1b17bed3cd0e2a6bb584950e3aa5b0468945b 823cc7372af1f76958d6f8f2841b3cb9d18659adf5ea41c31c0f4e3883f2396d HTTP Headers `GET /wimait40.zip HTTP/1.1 Host: www.winimage.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK content-type: application/zip last-modified: Sat, 01 May 2004 08:02:52 GMT accept-ranges: bytes content-length: 69040 date: Thu, 01 May 2025 00:25:21 GMT server: LiteSpeed alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" X-Firefox-Spdy: h2`

www.winimage.com/wimait40.zip

205.251.81.217

200 OK

69 kB

URL User Request GET
www.winimage.com/wimait40.zip
IP
205.251.81.217:443
ASN
#29838 AMC

Certificate
IssuerLet's Encrypt
Subjectclb.winimage.com
FingerprintFF:DB:35:59:3D:1E:49:01:EF:F8:63:A7:3F:D8:98:3D:EC:51:8F:30
ValidityTue, 29 Apr 2025 10:09:51 GMT - Mon, 28 Jul 2025 10:09:50 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
69 kB (69040 bytes)
Hash
b0559e6e7a63ec97caa1ce3cd2bd36c8
87e1b17bed3cd0e2a6bb584950e3aa5b0468945b
823cc7372af1f76958d6f8f2841b3cb9d18659adf5ea41c31c0f4e3883f2396d

HTTP Headers

GET /wimait40.zip HTTP/1.1
Host: www.winimage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/zip
last-modified: Sat, 01 May 2004 08:02:52 GMT
accept-ranges: bytes
content-length: 69040
date: Thu, 01 May 2025 00:25:21 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (5)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers