Report - www.ntwind.com/download/HotkeyScreener.zip

Report Overview

Visited public
2025-04-21 03:33:51
Tags
URL
www.ntwind.com/download/HotkeyScreener.zip
Finishing URL
about:privatebrowsing
IP / ASN
199.250.205.216
#54641 IMH-IAD
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.ntwind.com	unknown	2005-03-25	2012-05-31	2025-04-13	510 B	3.0 MB	199.250.205.216

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.ntwind.com/download/HotkeyScreener.zip
IP
199.250.205.216
ASN
#54641 IMH-IAD

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.0 MB (3006108 bytes)
Hash
a2879d53bf3d75e4b53faf1d6dc465c5
671daf63b53abbcc08bd6bac4fa4bde97911e5c9
5a4e69d6698b9187be516be589712f1baede5c3f5fee1b4b6cf01de6f786cce0

Archive (5)

Filename

Md5

File type

hkscr.dll

5676ceb916e27fe38ef23a944109d20a

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

hkscr.exe

1ed723ab9e9009b21f705bc627ccf869

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

hkscr64.dll

96989b32d9cc466c92028dccecd966e3

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections

hkscr64.exe

6c35064bce240adfb7f9a5542c551a77

PE32+ executable (GUI) x86-64, for MS Windows, 9 sections

ReadMe.txt

bc0abf562cebf3f0f07ee8746bc05886

Non-ISO extended-ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.ntwind.com/download/HotkeyScreener.zip	199.250.205.216	200 OK	3.0 MB
URL User Request GET www.ntwind.com/download/HotkeyScreener.zip IP 199.250.205.216:443 ASN #54641 IMH-IAD Certificate IssuerLet's Encrypt Subjectcpcontacts.ntwind.com FingerprintA1:5D:A3:46:E0:C5:60:44:2A:5D:DD:27:7C:C6:2F:A8:1F:CD:93:6C ValidityWed, 05 Mar 2025 00:04:56 GMT - Tue, 03 Jun 2025 00:04:55 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 3.0 MB (3006108 bytes) Hash a2879d53bf3d75e4b53faf1d6dc465c5 671daf63b53abbcc08bd6bac4fa4bde97911e5c9 5a4e69d6698b9187be516be589712f1baede5c3f5fee1b4b6cf01de6f786cce0 HTTP Headers `GET /download/HotkeyScreener.zip HTTP/1.1 Host: www.ntwind.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx/1.27.4 date: Mon, 21 Apr 2025 03:33:28 GMT content-type: application/zip content-length: 3006108 last-modified: Thu, 29 Jun 2023 14:44:30 GMT cache-control: max-age=0 expires: Mon, 21 Apr 2025 03:05:36 GMT x-proxy-cache: HIT accept-ranges: bytes X-Firefox-Spdy: h2`

www.ntwind.com/download/HotkeyScreener.zip

199.250.205.216

200 OK

3.0 MB

URL User Request GET
www.ntwind.com/download/HotkeyScreener.zip
IP
199.250.205.216:443
ASN
#54641 IMH-IAD

Certificate
IssuerLet's Encrypt
Subjectcpcontacts.ntwind.com
FingerprintA1:5D:A3:46:E0:C5:60:44:2A:5D:DD:27:7C:C6:2F:A8:1F:CD:93:6C
ValidityWed, 05 Mar 2025 00:04:56 GMT - Tue, 03 Jun 2025 00:04:55 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.0 MB (3006108 bytes)
Hash
a2879d53bf3d75e4b53faf1d6dc465c5
671daf63b53abbcc08bd6bac4fa4bde97911e5c9
5a4e69d6698b9187be516be589712f1baede5c3f5fee1b4b6cf01de6f786cce0

HTTP Headers

GET /download/HotkeyScreener.zip HTTP/1.1
Host: www.ntwind.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.27.4
date: Mon, 21 Apr 2025 03:33:28 GMT
content-type: application/zip
content-length: 3006108
last-modified: Thu, 29 Jun 2023 14:44:30 GMT
cache-control: max-age=0
expires: Mon, 21 Apr 2025 03:05:36 GMT
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (5)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers