Report - www-thewindowsclub-com.translate.goog/downloads/UWT4.zip

Report Overview

Visited public
2025-01-27 03:48:30
Tags
URL
www-thewindowsclub-com.translate.goog/downloads/UWT4.zip
Finishing URL
about:privatebrowsing
IP / ASN
216.58.211.1
#15169 GOOGLE
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.thewindowsclub.com	93702	2008-11-02	2013-02-09	2025-01-01	497 B	216 kB	172.67.73.191
www-thewindowsclub-com.translate.goog	unknown	2017-12-05	2022-06-28	2024-01-24	510 B	519 B	142.250.74.65

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.thewindowsclub.com/downloads/UWT4.zip
IP
172.67.73.191
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
214 kB (214374 bytes)
Hash
e668044896aeaf341e15f441f7c2a4fd
03e44cf38696bf16c3c765438c2e6cf320d99e30
a3d95804f4bb62d1618dde448f0f2f2e6073ed660f1f96d88ca41ee368cefe6a

Archive (4)

Filename

Md5

File type

ButtonExtended.dll

d45cab94cfb2d3dd1b7bbad86090e896

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

Read Me First.txt

a0af49b80631107f6d3c277562f0d107

ASCII text, with very long lines (315), with CRLF line terminators

Ultimate Windows Tweaker 4.8.exe

dfd18eabcfa63ce63fdbebe4673e99c8

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

UWT Homepage.url

2d98d02e794606f540235133d238fdfa

MS Windows 95 Internet shortcut text (URL=<https://www.thewindowsclub.com/ultimate-windows-tweaker-4-windows-10>), ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects ConfuserEx packed file
VirusTotal	suspicious	VirusTotal - Scan result 1/67

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

www-thewindowsclub-com.translate.goog/downloads/UWT4.zip

142.250.74.65

302 Found

0 B

URL User Request GET HTTP/2
www-thewindowsclub-com.translate.goog/downloads/UWT4.zip
IP
142.250.74.65:443
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services
Subject*.googleusercontent.com
FingerprintD2:15:13:77:74:22:58:D3:06:17:16:14:8F:CF:FF:DF:94:2F:1E:20
ValidityMon, 06 Jan 2025 08:37:05 GMT - Mon, 31 Mar 2025 08:37:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /downloads/UWT4.zip HTTP/1.1
Host: www-thewindowsclub-com.translate.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: application/binary
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 27 Jan 2025 03:48:05 GMT
location: https://www.thewindowsclub.com/downloads/UWT4.zip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.thewindowsclub.com/downloads/UWT4.zip

172.67.73.191

200 OK

214 kB

URL User Request GET HTTP/2
www.thewindowsclub.com/downloads/UWT4.zip
IP
172.67.73.191:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectthewindowsclub.com
FingerprintC1:1E:BE:D8:6C:D5:7E:FA:AB:AF:E0:17:8A:C0:4A:B1:49:24:F9:00
ValiditySun, 08 Dec 2024 11:33:38 GMT - Sat, 08 Mar 2025 11:33:37 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
214 kB (214374 bytes)
Hash
e668044896aeaf341e15f441f7c2a4fd
03e44cf38696bf16c3c765438c2e6cf320d99e30
a3d95804f4bb62d1618dde448f0f2f2e6073ed660f1f96d88ca41ee368cefe6a

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/67

HTTP Headers

GET /downloads/UWT4.zip HTTP/1.1
Host: www.thewindowsclub.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 27 Jan 2025 03:48:05 GMT
content-type: application/zip
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=604800
display: staticcontent_sol
last-modified: Mon, 08 Feb 2021 17:45:53 GMT
response: 200
vary: Accept-Encoding,User-Agent,Origin
x-ez-proxy-out: true 2.4
x-ezoic-cdn: Hit d2;mm;f1dd1550c7285294d22a60a0fda23d6d;2-77472-750;gZhPkeSlK2jgb8T27jrBl
x-middleton-display: staticcontent_sol
x-middleton-response: 200
x-origin-cache-control: public, max-age=172800
cf-cache-status: HIT
age: 412621
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LgKIjxkQ2XUZfH6N8o2%2BqZuZ3mAFdNUjAJGQzSkEbtCwwUAbtuUU15gzuOysUflvfDe6WhNZMyslGWOo%2Bmnqbqne%2BfF0rZ7LMulstppx9SBI1ylqn6HEn715b8HeKZjkCjvmVWewFUQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9085c3df3920b527-OSL
server-timing: cfCacheStatus;desc="HIT", cfL4;desc="?proto=TCP&rtt=823&min_rtt=475&rtt_var=756&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3293&recv_bytes=1272&delivery_rate=7912568&cwnd=253&unsent_bytes=0&cid=2377e34debd2c336&ts=30&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (4)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers