Domain > happyhippo.com

More information on this domain is in AlienVault OTX

Files that talk to happyhippo.com

MD5	A/V
d2f2c9e7b5d32c5114a2f8511d9efcc2
6bd3a60b66efb707e894f2717cccf17b
57be65340d0a4336f525d108862ccf50
34961ffc0f75d89da0b9464a4c7a02b1	[Backdoor.Win32.Pushdo.qag] [BackDoor.Bulknet.893] [Win32.Heur.KVMF58.hy.(kcloud)] [TrojanDownloader:Win32/Cutwail.BS] [Backdoor/Win32.Pushdo] [Trojan-Downloader.Win32.Cutwail]
3b54013dbac240d454b929a3745a46e4	[Artemis!3B54013DBAC2] [WS.Reputation.1] [HB_Pushdo-1] [Trojan.Win32.Jorik.Cutwail.ppt] [UnclassifiedMalware] [BackDoor.Bulknet.958] [W32/Pushdo.YOY!tr] [SHeur4.BMTZ]
17c3b162c4f71c7aef83c9e7644b6752
3be8faf7b111dadde0d8e17b428125b0	[Backdoor/W32.Androm.39936.C] [Trojan.Androm.vsg.cw4] [Trojan.Inject] [Trojan/Kryptik.bdbi] [Trojan.Win32.Androm.btkkib] [WS.Reputation.1] [TROJ_CUTWAIL.PQP] [Backdoor.Win32.Androm.vsg] [Backdoor.Androm!mmztmFLZ69E] [UnclassifiedMalware] [BackDoor.Bulknet.958] [Win32.HeurC.KVMH004.a.(kcloud)] [TrojanDownloader:Win32/Cutwail] [Client-SMTP.39936] [W32/Backdoor.DIPS-1259] [Backdoor.Androm] [Virus.Win32.Cryptor] [W32/Androm.VSG!tr.bdr] [Win32/Cryptor] [W32/Palevo.GEZ.worm]
622bf7ba2317ae03b0682a650bac03d8	[TrojanDownloader.Cutwail] [Cutwail-FBPN!622BF7BA2317] [W32.Pilleuz] [Pushdo.I] [TROJ_SPNR.1ADR13] [Backdoor.Win32.Pushdo.pyz] [Backdoor.Pushdo!kokJ8DxObyw] [Heur.Suspicious] [BackDoor.Bulknet.893] [Win32.Hack.Pushdo.p.(kcloud)] [TrojanDownloader:Win32/Cutwail.BS] [Backdoor.Win32.U.Pushdo.41472] [Backdoor/Win32.Pushdo] [W32/Backdoor.PJEO-2224] [Backdoor.Pushdo] [Malware.Pilleuz!rem] [Trojan-Downloader.Win32.Cutwail] [W32/Pushdo.PYZ!tr.bdr] [SHeur4.BGUF] [Trj/OCJ.D]
f14ca0281fdf75a0f52f52b66e6884ea
152fbf67adaa5455ac89003f69528244	[BackDoor-FAYA!152FBF67ADAA]
bf4fa138741ec4af0a0734b28142f7ae	[Crypt2.BLVD] [TrojanDownloader*Win32/Cutwail.BS]
899ae574023b4eb95234c2715e8b0955
06d40abb65ee157ff2574df8d24743f1
2020ab6cd65a4853efb16209147b2458
e57d3b285148fa02129b9c0044aa8737	[HB_Pushdo-1] [Dropper/Win32.Vidro] [W32/Pushdo.YOY!tr]
f7dd2cdcc0b90b7d7b2ff3cfb540c796	[Cutwail-FBYD!F7DD2CDCC0B9] [Trojan.PPush] [Trojan.Win32.Bulknet.brrije] [TROJ_DLOAD.RC] [Trojan.Kryptik!QNluqFEr0aI] [UnclassifiedMalware] [BackDoor.Bulknet.893] [Troj/Cutwail-AM] [Win32.HeurC.KVMH004.a.(kcloud)] [TrojanDownloader:Win32/Cutwail.BS] [Trojan.CryptDTE] [Crypt.CDTE] [Trj/CI.A]
82d62080e472af17170f4752ebd4ebd1	[W32.Pilleuz] [Pushdo.G] [Backdoor.Win32.Pushdo.pwz] [Heur.Suspicious] [BackDoor.Bulknet.847] [TrojanDownloader:Win32/Cutwail.BS] [Backdoor.Win32.S.Pushdo.36864] [W32/Backdoor.SFNI-6924] [Malware.Pilleuz!rem] [Win32/Wigon.PH] [Trojan.Crypt] [W32/Pushdo.PWZ!tr.bdr] [SHeur4.BFXO]
a423bbddf78450753f1a239711408b91	[Crypt_c.ABJD] [TrojanDownloader*Win32/Cutwail.BS]
b50e50a9a6c3d407f4b1fac8759d95f6
63e2d975b940af1a4ae7c80f7f6f7052	[TrojanDownloader*Win32/Cutwail.BS]

Whois

Property	Value
NameServer	DNS2.DOMAINSATCOST.CA
Created	1998-01-26 00:00:00
Changed	2015-01-26 00:00:00
Expires	2016-01-25 00:00:00
Registrar	NAMESCOUT CORP

DNS Resolutions

Date	IP Address
2013-08-27	208.73.210.88 (ClassC)
2014-07-24	74.200.250.182 (ClassC)
2014-09-15	74.200.250.184 (ClassC)
2024-04-02	104.22.33.157 (ClassC)
2024-05-06	172.67.31.72 (ClassC)
2025-07-23	172.67.71.196 (ClassC)
2025-08-02	104.26.7.50 (ClassC)
2025-08-09	104.26.6.50 (ClassC)

HTTP/1.1 403 ForbiddenDate: Tue, 02 Apr 2024 02:03:53 GMTContent-Type: text/html; charsetUTF-8Transfer-Encoding: chunkedConnection: keep-aliveX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCac

!DOCTYPE html>!--if lt IE 7> html classno-js ie6 oldie langen-US> !endif-->!--if IE 7>    html classno-js ie7 oldie langen-US> !endif-->!--if IE 8>    html classno-js ie8 oldie langen-US> !endif-->!--if gt IE 8>!--> html classno-js langen-US> !--!endif-->head>title>Attention Required! | Cloudflare/title>meta charsetUTF-8 />meta http-equivContent-Type contenttext/html; charsetUTF-8 />meta http-equivX-UA-Compatible contentIEEdge />meta namerobots contentnoindex, nofollow />meta nameviewport contentwidthdevice-width,initial-scale1 />link relstylesheet idcf_styles-css href/cdn-cgi/styles/cf.errors.css />!--if lt IE 9>link relstylesheet idcf_styles-ie-css href/cdn-cgi/styles/cf.errors.ie.css />!endif-->style>body{margin:0;padding:0}/style>!--if gte IE 10>!-->script>  if (!navigator.cookieEnabled) {    window.addEventListener(DOMContentLoaded, function () {      var cookieEl  document.getElementById(cookie-alert);      cookieEl.style.display  block;    })  }/script>!--!endif-->/head>body>div idcf-wrapper>div classcf-alert cf-alert-error cf-cookie-error idcookie-alert data-translateenable_cookies>Please enable cookies./div>div idcf-error-details classcf-error-details-wrapper>div classcf-wrapper cf-header cf-error-overview>h1 data-translateblock_headline>Sorry, you have been blocked/h1>h2 classcf-subheadline>span data-translateunable_to_access>You are unable to access/span> happyhippo.com/h2>/div>div classcf-section cf-highlight>div classcf-wrapper>div classcf-screenshot-container cf-screenshot-full>span classcf-no-screenshot error>/span>/div>/div>/div>div classcf-section cf-wrapper>div classcf-columns two>div classcf-column>h2 data-translateblocked_why_headline>Why have I been blocked?/h2>p data-translateblocked_why_detail>This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data./p>/div>div classcf-colu

Subdomains

Date	Domain	IP
www.happyhippo.com	2024-11-25	104.26.6.50

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]

Domain > happyhippo.com

Is this malicious?

Files that talk to happyhippo.com

Whois

DNS Resolutions

Port 443

Subdomains