Report - www.proxifier.com/download/ProxifierPE.zip

Report Overview

Submitted URL
www.proxifier.com/download/ProxifierPE.zip
IP
172.104.17.238
ASN
#63949 Akamai Connected Cloud
Submitted
2024-03-28 16:49:41
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.proxifier.com	unknown	2004-02-05	2012-05-25	2024-03-27	496 B	3.1 MB	172.104.17.238

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
www.proxifier.com/download/ProxifierPE.zip
IP
172.104.17.238
ASN
#63949 Akamai Connected Cloud

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.1 MB (3099993 bytes)
Hash
5f7e98b0fcf1db489283ea3ed21a3a16
71e7de2c5221500de61c55754bbfac66f9c302af
b8b52109df37ffd560b2d49e2ed084a804c964e54c33c8c0676a4ca4421ca59c

Archive (5)

Filename

Md5

File type

Helper64.exe

fa3fac46bbe8e993c8c16522ae13cd80

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

Proxifier.exe

30b6a8271e02f0554a716fe9fa64d3fc

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ProxyChecker.exe

6d183fda2f78a2c67b4f67c9e8f33d9b

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

PrxDrvPE.dll

50104dfe24f635280c348a5823ba7337

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

PrxDrvPE64.dll

15de6a8b8e564ed2df794e40796c9780

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	www.proxifier.com/download/ProxifierPE.zip	172.104.17.238	200 OK	3.1 MB
URL User Request GET HTTP/1.1 www.proxifier.com/download/ProxifierPE.zip IP 172.104.17.238:443 ASN #63949 Akamai Connected Cloud Certificate IssuerSectigo Limited Subjectproxifier.com Fingerprint9A:B0:4E:FD:DB:00:1B:D7:2B:C8:36:63:C1:69:E0:3B:C4:81:D9:CB ValidityWed, 10 May 2023 00:00:00 GMT - Fri, 10 May 2024 23:59:59 GMT File type Zip archive data, at least v1.0 to extract, compression method=store Size 3.1 MB (3099993 bytes) Hash 5f7e98b0fcf1db489283ea3ed21a3a16 71e7de2c5221500de61c55754bbfac66f9c302af b8b52109df37ffd560b2d49e2ed084a804c964e54c33c8c0676a4ca4421ca59c HTTP Headers `GET /download/ProxifierPE.zip HTTP/1.1 Host: www.proxifier.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Date: Thu, 28 Mar 2024 16:49:14 GMT Content-Type: application/zip Content-Length: 3099993 Last-Modified: Wed, 13 Sep 2023 13:46:44 GMT Connection: keep-alive Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 Accept-Ranges: bytes`

www.proxifier.com/download/ProxifierPE.zip

172.104.17.238

200 OK

3.1 MB

URL User Request GET HTTP/1.1
www.proxifier.com/download/ProxifierPE.zip
IP
172.104.17.238:443
ASN
#63949 Akamai Connected Cloud

Certificate
IssuerSectigo Limited
Subjectproxifier.com
Fingerprint9A:B0:4E:FD:DB:00:1B:D7:2B:C8:36:63:C1:69:E0:3B:C4:81:D9:CB
ValidityWed, 10 May 2023 00:00:00 GMT - Fri, 10 May 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.1 MB (3099993 bytes)
Hash
5f7e98b0fcf1db489283ea3ed21a3a16
71e7de2c5221500de61c55754bbfac66f9c302af
b8b52109df37ffd560b2d49e2ed084a804c964e54c33c8c0676a4ca4421ca59c

HTTP Headers

GET /download/ProxifierPE.zip HTTP/1.1
Host: www.proxifier.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 28 Mar 2024 16:49:14 GMT
Content-Type: application/zip
Content-Length: 3099993
Last-Modified: Wed, 13 Sep 2023 13:46:44 GMT
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Accept-Ranges: bytes

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (5)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers