Report - www.hideallip.com/dwn/hideallip

Report Overview

Submitted URL
www.hideallip.com/dwn/hideallip_portable.zip
IP
45.79.67.69
ASN
#63949 Akamai Connected Cloud
Submitted
2024-04-16 16:51:30
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
13

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.hideallip.com	unknown	2013-05-20	2017-02-18	2024-03-02	498 B	8.5 MB	45.79.67.69
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-04-16	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.hideallip.com/dwn/hideallip_portable.zip
IP
45.79.67.69
ASN
#63949 Akamai Connected Cloud

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.5 MB (8523581 bytes)
Hash
b4e0d5e4f1695540dddf05982bb35c20
d208dbad3870d9bfa0dcaf99d541d6c737669266
fea2abe06d7161aee6ee7d74a99c0289d173305169d81ec872800deeda1f7221

Archive (30)

Filename

Md5

File type

AutoUpgrade.exe

4fa5dcdfbcfcd25191388aadeba6b549

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

bigflags.dat

b567cb03045ff1644f1dac0e505eab56

data

cookieintf.dll

a32f76da6b79e42c4091beac0a1dbde5

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

gatewayapi.dll

8a076b9058570867594fbf0848b6caff

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

hai_privoxy.exe

72b6860e385aba4fd19a3ea4ffc1a2fb

PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 6 sections

haisoftap.exe

fc2ae74ea984626730cdb8b02d4763fa

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

hideallip.buildnum

56fbdc9fa2ba479b8b7d84afa7042dce

ASCII text, with CRLF line terminators

hideallip.dat

d1ced97a25b6401b1d85888ad2056203

data

HideAllIP.exe

ad1b2c885cab2ec36dc9d9911b05b3ed

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

HideALLIP_readme.txt

8cf1e06444bebffb7670ffbc7485de57

ASCII text, with CRLF line terminators

HideALLIP_RunAsAdmin.exe

59e4a0b06eddc12eeb407a56181aba24

PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections

hideip.ini

f2a201eda1af6891b05b520cdb77b95e

ASCII text, with CRLF line terminators

ipdb.dat

563429ef854b084f7dc879ee3f97f388

data

libeay32.dll

263af932c3d1a8a876f122e32498e058

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

lspx86util.exe

46181fd137c107789ab1a936b88f4581

PE32 executable (console) Intel 80386, for MS Windows, 8 sections

mgwz.dll

22619b97cb85becc62732d4042ca1988

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 7 sections

networkdll.dll

9c19984ae3e79818b1b1997af1561607

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

networkdll_L.dll

2a6440b7b91dde91c4c54aa918dab460

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

networkdlllsp.dll

013eed5ebacfa0135b1bdc0b1b15ed3c

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 7 sections

networkdlllspx64.dll

03e95064a121563a7aa53a3337640310

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections

networkdllx64.dll

e86dbaffcbb75e5b7df328262e913716

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections

networkdllx64_l.dll

b10fea334255fd4b83192b97e38ca6ac

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 10 sections

networktunneldrv.zap

6b535877d576da181d1003d4620eaba5

data

networktunnelserver_x64.sys

8db00922f8ba146e6d6cd24b1cd501d5

PE32+ executable (native) x86-64, for MS Windows, 7 sections

networktunnelserver_x86.sys

041a56e0dfddf6b045df8172eb88e30b

PE32 executable (native) Intel 80386, for MS Windows, 6 sections

networktunnelx64.sys

b5612580119e64d1228e1b8007a5eaf2

PE32+ executable (native) x86-64, for MS Windows, 6 sections

networktunnelx64helper.exe

e6ab0371c029a2c978c3e6a1af09b654

PE32+ executable (GUI) x86-64, for MS Windows, 11 sections

sntutils.dll

03cdfc4b82d3258d0162b201db27e9ea

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 8 sections

sntx64tool.dll

991dff173776a13e459a939f18c6acd0

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

ssleay32.dll

4b0465c7e934fa0ef98cf663f5bca74b

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
YARAhub by abuse.ch	malware	meth_stackstrings
VirusTotal	suspicious	VirusTotal - Scan result 2/65

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

www.hideallip.com/dwn/hideallip_portable.zip

45.79.67.69

200 OK

8.5 MB

URL User Request GET HTTP/1.1
www.hideallip.com/dwn/hideallip_portable.zip
IP
45.79.67.69:443
ASN
#63949 Akamai Connected Cloud

Certificate
IssuerGoDaddy.com, Inc.
Subjecthideallip.com
Fingerprint5E:28:F2:52:BF:75:12:24:E7:79:9E:D2:8E:2A:0C:FE:0D:4A:67:A1
ValidityThu, 21 Dec 2023 13:54:25 GMT - Tue, 21 Jan 2025 13:54:25 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
8.5 MB (8523581 bytes)
Hash
b4e0d5e4f1695540dddf05982bb35c20
d208dbad3870d9bfa0dcaf99d541d6c737669266
fea2abe06d7161aee6ee7d74a99c0289d173305169d81ec872800deeda1f7221

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 2/65

HTTP Headers

GET /dwn/hideallip_portable.zip HTTP/1.1
Host: www.hideallip.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 16 Apr 2024 16:47:05 GMT
Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Last-Modified: Thu, 23 Feb 2023 06:06:15 GMT
ETag: "41bf7-820f3d-5f557cf7a2ae8"
Accept-Ranges: bytes
Content-Length: 8523581
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/zip

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-101-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-05-20-00-15-28.chain; p384ecdsa=cTRYDpuWNxmuF4beHdzJA7HrKoVJKROmOrNxTPTkdFk9Fs3ndB-MvS9BzudORhW_4bTTbiDl-0B-LExbHLXq9MajvwltpDA1dyEyPOzHIRjhupXXoo_evRZVGTYGLMt1
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
content-length: 444
date: Tue, 16 Apr 2024 16:50:00 GMT
age: 79
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (30)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers