Report - www.angelfire.com/ill/hamad/...al.v5.0.142.rar

Report Overview

Submitted URL
www.angelfire.com/ill/hamad/...al.v5.0.142.rar
IP
209.202.252.105
ASN
#6354 LYCOS
Submitted
2024-04-17 14:35:01
Access
public
Website Title
Angelfire - error 403
Final URL
www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
widgets.kiosked.com	unknown	2010-12-29	2016-01-14	2024-04-14	478 B	188 kB	143.204.55.26
sp-log.lycos.com	464992	1995-04-13	2017-02-16	2024-04-16	423 B	310 B	209.202.254.90
ib.adnxs.com	241	2008-05-27	2012-05-20	2024-04-16	481 B	937 B	37.252.171.52
t.tmdn2015x9.com	unknown	2019-08-14	2015-10-14	2023-09-16	413 B	0 B	0.0.0.0
www.angelfire.com	224054	1998-10-15	2016-10-28	2024-04-16	1.0 kB	14 kB	209.202.252.105
scripts.lycos.com	296922	1995-04-13	2012-06-02	2024-04-13	843 B	2.8 kB	209.202.254.12
ly.lygo.net	908775	2002-03-28	2019-12-13	2024-04-17	3.0 kB	215 kB	209.202.254.60
status.geotrust.com	3662	1999-04-04	2017-12-01	2024-04-17	331 B	735 B	192.229.221.95

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	tmdn2015x9.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (13)

	URL	Size	First Seen	Last Seen
	www.angelfire.com/ill/hamad/...al.v5.0.142.rar	0 B	2023-03-07	2024-04-30
Pretty URL www.angelfire.com/ill/hamad/...al.v5.0.142.rar IP 209.202.252.105 ASN #6354 LYCOS Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-30 19:49:30 Times Seen37225570 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	scripts.lycos.com/catman3/code/angelfire.lycos.com/error.js	2.0 kB	2023-04-17	2024-04-17
Pretty URL scripts.lycos.com/catman3/code/angelfire.lycos.com/error.js IP 209.202.254.12 ASN #6354 LYCOS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen86 Hash 27d2cdc3157251f6e64c0369ef120eba 04fdc756ef8f2ac58d67124069bb74f752a483a3 eb8c7a8c87ea660485c9c3c7fd689d2969ab88511a9920762edc5cad73d3a75c Loading...

	widgets.kiosked.com/sniffer/get-script/sign/07c864a5d6ed2f13591069294f0c3c93/albumid/10566/co/10927.js	608 kB	2024-04-02	2024-04-17
Pretty URL widgets.kiosked.com/sniffer/get-script/sign/07c864a5d6ed2f13591069294f0c3c93/albumid/10566/co/10927.js IP 143.204.55.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-02 14:59:37 Last Seen2024-04-17 18:58:20 Times Seen10 Hash e54a006eb26e9d354e5e772f5a3118c5 0ed154c4d7cab1d2e519b89afdd2e0936333d126 39600b80fdec4db320efdc46fb0ab60e715b388dd1f35fa4ae0b4196bceabc98 Loading...

	unknown	206 B	2023-03-12	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 22:13:34 Last Seen2024-04-17 18:58:20 Times Seen83 Hash cf51bcdfb770ba5f8d0cbd73bca59c55 d163a8bb7f6bcbace2fe1f45a8cdcb28242aab82 41c1caab9627a2c5f6ee86e3c71e668b0130097215623292dd54432f5de1a988 Loading...

	unknown	130 B	2023-04-17	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen45 Hash f8e3d376bb7e2c26272e54e981e9cb8d ca8cb4fcc27546514ab30a54498cdbceac7865eb 09c1d815b60c6734533bb5e56b17e3d6ac132acf508297cc8a236662b9898288 Loading...

	ly.lygo.net/af/js/jquery-1.4.2.min.js	72 kB	2023-03-07	2024-04-30
Pretty URL ly.lygo.net/af/js/jquery-1.4.2.min.js IP 209.202.254.60 ASN #6354 LYCOS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:10 Last Seen2024-04-30 16:35:52 Times Seen7211 Hash 10092eee563dec2dca82b77d2cf5a1ae 65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59 Loading...

	unknown	29 B	2024-04-17	2024-04-17
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 16:35:02 Last Seen2024-04-17 16:35:02 Times Seen1 Hash ceb852e49ac9eda5b722a619be5bf154 081c31dc102049a857409588275a9feee7de4b69 8f02f71808a0da997baef9c29f27f413f6ea96400bb402bea797059c1a27dc10 Loading...

	ly.lygo.net/af/js/angelfire-main.js	6.9 kB	2023-04-17	2024-04-17
Pretty URL ly.lygo.net/af/js/angelfire-main.js IP 209.202.254.60 ASN #6354 LYCOS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen87 Hash 4cccd683bc371c3b06e5e73490f9ed8a 14835cf4ea8f663f1919909c1d414ba1309c2cd5 651a7019d5b819f57ae83aa317abd5efe8fb55c32a3e1466fa3c1334f6485d08 Loading...

	scripts.lycos.com/catman/init.js	2.5 kB	2023-03-07	2024-04-30
Pretty URL scripts.lycos.com/catman/init.js IP 209.202.254.12 ASN #6354 LYCOS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:41:12 Last Seen2024-04-30 06:50:07 Times Seen578 Hash 66e54ed2b8eaa3b82ba27ff49c42e81d 79b8df00da71f4fe5526f855345059c7dcdecfe8 b1d4a753cf3cc25720fc2883a3e6c6be8c43637041c34aa376cf7428f7672520 Loading...

		Size	First Seen	Last Seen
	#1 Write - 24cbfb6b31175260fa869224d72c89c9	114 B	2023-04-17	2024-04-17
Pretty Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen43 Hash 24cbfb6b31175260fa869224d72c89c9 e46f3c1ad94813246850e320895ca490b634a521 ab59461711507d928a13c88c2f8baf95e2c56c93be9ceca8c942c91e19700c16 Loading...

	#2 Write - a99913e4d44ceeb12b167ebd88bf62a9	189 B	2023-04-17	2024-04-17
Pretty Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen43 Hash a99913e4d44ceeb12b167ebd88bf62a9 f720168d5598327e3c406a1c6df6da8c2c33cebe 8ca352b6ef9101e486eeb3945869f8692c239775b19ea6d43e8c213af283062c Loading...

	#3 Write - 991438d2ea39b70aaefc08c9cb29d712	132 B	2023-04-17	2024-04-17
Pretty Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen43 Hash 991438d2ea39b70aaefc08c9cb29d712 73a3b691833b413837e5ce47f4fa654fd19ab7a1 6fee995bb488cf2ac1311ae15202b824634127179f375cf5baa636bf84b982b8 Loading...

	#4 Write - bef6f2626e4884d463154a11cc34b6ea	472 B	2023-04-17	2024-04-17
Pretty Observations First Seen2023-04-17 18:37:16 Last Seen2024-04-17 18:58:20 Times Seen47 Hash bef6f2626e4884d463154a11cc34b6ea 0f053ff239ddb2fe242fd4e19d8395b8e75951c9 88195343e3a9d632568cb9cc3f7f178896e5feb9ea40bd6d05f3bdefd3f0e490 Loading...

HTTP Transactions (16)

URL IP Response Size

www.angelfire.com/ill/hamad/...al.v5.0.142.rar

209.202.252.105

302 Moved Temporarily

3.6 kB

URL User Request GET HTTP/1.1
www.angelfire.com/ill/hamad/...al.v5.0.142.rar
IP
209.202.252.105:80
ASN
#6354 LYCOS

File type
HTML document, ASCII text, with very long lines (521), with CRLF, LF line terminators
Size
3.6 kB (3591 bytes)
Hash
ba76b8667a33c695c71917abc7f03011
d758334c4b276d904b895005219cb3b357c35dc2
e3d51dfd44cfda46b1213b212dbc361cf2b34f50845faf91f28a0a717eb3355e

HTTP Headers

GET /ill/hamad/...al.v5.0.142.rar HTTP/1.1
Host: www.angelfire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
server: nginx/1.18.0
date: Wed, 17 Apr 2024 14:34:35 GMT
content-type: text/html; charset=ISO-8859-1
vary: *
x-server-ip: 209.202.245.144
p3p: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
X-Firefox-Spdy: h2

scripts.lycos.com/catman/init.js

209.202.254.12

200 OK

927 B

URL GET HTTP/1.1
scripts.lycos.com/catman/init.js
IP
209.202.254.12:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subject*.lycos.com
Fingerprint4D:79:2B:FE:78:81:74:AA:DA:50:3D:D8:7C:19:87:09:51:56:76:73
ValiditySun, 14 Apr 2024 00:22:43 GMT - Sat, 13 Jul 2024 00:22:42 GMT

File type
ASCII text, with very long lines (905)
Size
927 B (927 bytes)
Hash
66e54ed2b8eaa3b82ba27ff49c42e81d
79b8df00da71f4fe5526f855345059c7dcdecfe8
b1d4a753cf3cc25720fc2883a3e6c6be8c43637041c34aa376cf7428f7672520

HTTP Headers

GET /catman/init.js HTTP/1.1
Host: scripts.lycos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:37 GMT
Server: Apache
Last-Modified: Thu, 13 Oct 2016 19:25:53 GMT
ETag: "9c0-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=21600
Expires: Wed, 17 Apr 2024 20:34:37 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 927
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ly.lygo.net/af/css/afstyle.css

209.202.254.60

200 OK

8.8 kB

URL GET HTTP/1.1
ly.lygo.net/af/css/afstyle.css
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
assembler source, ASCII text, with very long lines (332)
Size
8.8 kB (8782 bytes)
Hash
013deede4094080ba2a29163fe7000c2
30452864fb5436e0d1ef87e8f08036e7a9b18bd6
82fd148f0551bbb54b340c85cc65f06325c7c9137cde13a41e0e4def53b0ec07

HTTP Headers

GET /af/css/afstyle.css HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:37 GMT
Server: Apache
Last-Modified: Wed, 11 Dec 2019 11:40:53 GMT
ETag: "829f-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:37 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 8782
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

ly.lygo.net/af/js/angelfire-main.js

209.202.254.60

200 OK

2.4 kB

URL GET HTTP/1.1
ly.lygo.net/af/js/angelfire-main.js
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
JavaScript source, ASCII text
Size
2.4 kB (2442 bytes)
Hash
4cccd683bc371c3b06e5e73490f9ed8a
14835cf4ea8f663f1919909c1d414ba1309c2cd5
651a7019d5b819f57ae83aa317abd5efe8fb55c32a3e1466fa3c1334f6485d08

HTTP Headers

GET /af/js/angelfire-main.js HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:37 GMT
Server: Apache
Last-Modified: Tue, 21 Jan 2020 14:45:02 GMT
ETag: "1ae5-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:37 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 2442
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

ly.lygo.net/af/js/jquery-1.4.2.min.js

209.202.254.60

200 OK

25 kB

URL GET HTTP/1.1
ly.lygo.net/af/js/jquery-1.4.2.min.js
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
JavaScript source, ASCII text, with very long lines (820)
Size
25 kB (24555 bytes)
Hash
10092eee563dec2dca82b77d2cf5a1ae
65cbff4e9d95d47a6f31d96ab4ea361c1f538a7b
e23a2a4e2d7c2b41ebcdd8ffc0679df7140eb7f52e1eebabf827a88182643c59

HTTP Headers

GET /af/js/jquery-1.4.2.min.js HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:37 GMT
Server: Apache
Last-Modified: Mon, 30 Oct 2017 14:28:09 GMT
ETag: "119ee-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:37 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 24555
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/javascript

scripts.lycos.com/catman3/code/angelfire.lycos.com/error.js

209.202.254.12

200 OK

873 B

URL GET HTTP/1.1
scripts.lycos.com/catman3/code/angelfire.lycos.com/error.js
IP
209.202.254.12:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subject*.lycos.com
Fingerprint4D:79:2B:FE:78:81:74:AA:DA:50:3D:D8:7C:19:87:09:51:56:76:73
ValiditySun, 14 Apr 2024 00:22:43 GMT - Sat, 13 Jul 2024 00:22:42 GMT

File type
HTML document, ASCII text, with very long lines (583)
Size
873 B (873 bytes)
Hash
27d2cdc3157251f6e64c0369ef120eba
04fdc756ef8f2ac58d67124069bb74f752a483a3
eb8c7a8c87ea660485c9c3c7fd689d2969ab88511a9920762edc5cad73d3a75c

HTTP Headers

GET /catman3/code/angelfire.lycos.com/error.js HTTP/1.1
Host: scripts.lycos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:38 GMT
Server: Apache
Last-Modified: Wed, 21 Oct 2020 11:05:02 GMT
ETag: "7eb-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Cache-Control: max-age=21600
Expires: Wed, 17 Apr 2024 20:34:38 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Content-Length: 873
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: application/javascript

status.geotrust.com/

192.229.221.95

471 B

URL
status.geotrust.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
f3eff4826eefa2a67ca541c1bcd4bb0b
354ab0d07ec55791cc5903ad86b6ebeced6629ae
518a482148eaa85bd9361644827af8e51c9700612cc4061d5eefa9b411cf6c49

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3982
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Wed, 17 Apr 2024 14:34:38 GMT
Last-Modified: Wed, 17 Apr 2024 13:28:16 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 471

ly.lygo.net/af/images/angelfireLogo.png

209.202.254.60

200 OK

16 kB

URL GET HTTP/1.1
ly.lygo.net/af/images/angelfireLogo.png
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
PNG image data, 396 x 99, 8-bit/color RGBA, non-interlaced
Size
16 kB (15529 bytes)
Hash
c9929c52d384c4ae50e812c95daefcae
bb7193b5c30d3c3ab033e48ca37bd61f7a324025
7808f8ce2a51e51437a8b047b9c0e73b75ea8e5c2408a3015019d0bd23355a38

HTTP Headers

GET /af/images/angelfireLogo.png HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ly.lygo.net/af/css/afstyle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:38 GMT
Server: Apache
Last-Modified: Mon, 30 Oct 2017 14:25:41 GMT
ETag: "3ca9"
Accept-Ranges: bytes
Content-Length: 15529
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:38 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

ly.lygo.net/af/images/sprite.png

209.202.254.60

200 OK

34 kB

URL GET HTTP/1.1
ly.lygo.net/af/images/sprite.png
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
PNG image data, 285 x 225, 8-bit/color RGBA, non-interlaced
Size
34 kB (33507 bytes)
Hash
7e963492761ba257f81c8d18c59837ff
7f78e990bd5925a8a6ea5f4dc8c253166d4445cd
dca3d1152035732edb45d6e42c65989e57a87d0dd78def912dc8644d91e06972

HTTP Headers

GET /af/images/sprite.png HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ly.lygo.net/af/css/afstyle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:38 GMT
Server: Apache
Last-Modified: Thu, 13 Oct 2016 19:24:55 GMT
ETag: "82e3"
Accept-Ranges: bytes
Content-Length: 33507
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:38 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

ly.lygo.net/af/images/404.jpg

209.202.254.60

200 OK

116 kB

URL GET HTTP/1.1
ly.lygo.net/af/images/404.jpg
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1800x879, components 3
Size
116 kB (115812 bytes)
Hash
e3adf697224c4289e8973de7bf32a32e
b851cde21b984732d31cfc4880e33e9b2616d41e
dec1c841a1f7e57a8b52c01b45d280f1097bf5853b704faf31d852b97a944c2d

HTTP Headers

GET /af/images/404.jpg HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ly.lygo.net/af/css/afstyle.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:38 GMT
Server: Apache
Last-Modified: Mon, 30 Oct 2017 14:28:09 GMT
ETag: "1c464"
Accept-Ranges: bytes
Content-Length: 115812
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:38 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/jpeg

widgets.kiosked.com/sniffer/get-script/sign/07c864a5d6ed2f13591069294f0c3c93/albumid/10566/co/10927.js

143.204.55.26

200 OK

187 kB

URL GET HTTP/1.1
widgets.kiosked.com/sniffer/get-script/sign/07c864a5d6ed2f13591069294f0c3c93/albumid/10566/co/10927.js
IP
143.204.55.26:443
ASN
#16509 AMAZON-02

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerDigiCert Inc
Subject*.kiosked.com
Fingerprint0D:7F:80:AB:78:51:65:B5:30:1D:1B:DE:98:14:DB:73:1E:2A:40:B9
ValidityWed, 27 Sep 2023 00:00:00 GMT - Wed, 02 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65432)
Size
187 kB (186961 bytes)
Hash
e54a006eb26e9d354e5e772f5a3118c5
0ed154c4d7cab1d2e519b89afdd2e0936333d126
39600b80fdec4db320efdc46fb0ab60e715b388dd1f35fa4ae0b4196bceabc98

HTTP Headers

GET /sniffer/get-script/sign/07c864a5d6ed2f13591069294f0c3c93/albumid/10566/co/10927.js HTTP/1.1
Host: widgets.kiosked.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
P3P: CP="KIOSKED"
Server: nginx/1.14.2
Timing-Allow-Origin: *
Cache-Control: public, max-age=1200
Date: Wed, 17 Apr 2024 14:34:38 GMT
ETag: W/"39600b80fdec4db320efdc46fb0ab60e715b388dd1f35fa4ae0b4196bceabc98"
X-Cache: RefreshHit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 1dgAOadbvasm26OUqWS0k-bss8gkIR9GxuAEju9HSlli_Qc9MH4cwA==

sp-log.lycos.com/af_cm.gif

209.202.254.90

200 OK

45 B

URL GET HTTP/1.1
sp-log.lycos.com/af_cm.gif
IP
209.202.254.90:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subject*.lycos.com
Fingerprint4D:79:2B:FE:78:81:74:AA:DA:50:3D:D8:7C:19:87:09:51:56:76:73
ValiditySun, 14 Apr 2024 00:22:43 GMT - Sat, 13 Jul 2024 00:22:42 GMT

File type
GIF image data, version 89a, 5 x 5
Size
45 B (45 bytes)
Hash
c4e3e106fbcc28e9c5b2be2a78018886
fe87fba9c2a6384dfe3827cf6608b0692cb79872
e0f8dceb516151e70891cb4ed02aac4b5800b37c13d8328a35919472efe0f93e

HTTP Headers

GET /af_cm.gif HTTP/1.1
Host: sp-log.lycos.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:38 GMT
Server: Apache
Last-Modified: Mon, 06 Aug 2018 18:05:44 GMT
ETag: "2d-572c8204a63ec"
Accept-Ranges: bytes
Content-Length: 45
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/gif

ly.lygo.net/af/i/favicon.ico

209.202.254.60

200 OK

12 kB

URL GET HTTP/1.1
ly.lygo.net/af/i/favicon.ico
IP
209.202.254.60:443
ASN
#6354 LYCOS

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerLet's Encrypt
Subjectlygo.net
Fingerprint38:8E:CF:86:47:B9:D9:23:35:30:0D:C2:6E:DC:3C:C4:79:EF:AC:8B
ValiditySat, 09 Mar 2024 00:19:19 GMT - Fri, 07 Jun 2024 00:19:18 GMT

File type
MS Windows icon resource - 3 icons, 48x48, 24 bits/pixel, 32x32, 24 bits/pixel
Size
12 kB (11502 bytes)
Hash
9460a636f7d5f633ffae345c7676fc6b
52a6889d803bca43f42589d7a15133fcf09b5044
d3f79977b14f1baf447eece79811ac79257aabcdcaa70786a7b573973743c2a7

HTTP Headers

GET /af/i/favicon.ico HTTP/1.1
Host: ly.lygo.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 17 Apr 2024 14:34:38 GMT
Server: Apache
Last-Modified: Mon, 30 Oct 2017 14:28:09 GMT
ETag: "2cee"
Accept-Ranges: bytes
Content-Length: 11502
Cache-Control: max-age=43200
Expires: Thu, 18 Apr 2024 02:34:38 GMT
P3P: policyref="http://www.lycos.com/w3c/p3p.xml", CP="CAO DSP CUR ADM DEV PSA CONo TAI OUR IND DEM PRE PUR NAV UNI"
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: image/vnd.microsoft.icon

ib.adnxs.com/ut/v3/prebid

37.252.171.52

200 OK

137 B

URL POST HTTP/2
ib.adnxs.com/ut/v3/prebid
IP
37.252.171.52:443
ASN
#29990 ASN-APPNEX

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar
Certificate
IssuerDigiCert Inc
Subject*.adnxs.com
Fingerprint67:2D:49:EE:1E:AF:D8:2B:B2:85:1A:C5:39:29:91:05:8E:5E:6F:AA
ValidityWed, 14 Feb 2024 00:00:00 GMT - Sun, 16 Mar 2025 23:59:59 GMT

File type
JSON text data
Size
137 B (137 bytes)
Hash
e75c6d42cd542f5a6b5278df03bf4409
2f93a849b34739efc1541e085266d8de51a1dc01
e1b31ed8130ee64ccac0e62bc62600fb09a3c0bf75458739627df6aa7a729358

HTTP Headers

POST /ut/v3/prebid HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 1640
Origin: https://www.angelfire.com
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.23.4
date: Wed, 17 Apr 2024 14:34:39 GMT
content-type: application/json; charset=utf-8
content-length: 137
cache-control: no-store, no-cache, private
pragma: no-cache
expires: Sat, 15 Nov 2008 16:00:00 GMT
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-xss-protection: 0
access-control-allow-credentials: true
access-control-allow-origin: https://www.angelfire.com
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
an-x-request-uuid: 5f8b2335-2cf1-4853-a818-60fa6dcd77f1
x-proxy-origin: 91.90.42.154; 91.90.42.154; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-Firefox-Spdy: h2

www.angelfire.com/ill/hamad/...al.v5.0.142.rar

209.202.252.105

302 Moved Temporarily

9.7 kB

URL User Request GET HTTP/1.1
www.angelfire.com/ill/hamad/...al.v5.0.142.rar
IP
209.202.252.105:80
ASN
#6354 LYCOS

File type
data
Size
9.7 kB (9726 bytes)
Hash
43e9fad65de3bc2134918e45f630c4ef
fd7bab31dd89435fa60e2ef6f9fd1f546755194b
1fe6b53c3a49ea2ecfcbfcb3159482f38e8fc74658408b4395d37660117d74fa

HTTP Headers

GET /ill/hamad/...al.v5.0.142.rar HTTP/1.1
Host: www.angelfire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
server: nginx/1.18.0
date: Wed, 17 Apr 2024 14:34:36 GMT
content-type: text/html; charset=ISO-8859-1
vary: *
x-server-ip: 209.202.245.160
p3p: policyref="http://www.lycos.com/w3c/p3p.xml", CP="IDC DSP COR CURa ADMa DEVa CUSa PSAa IVAa CONo OUR IND UNI STA"
X-Firefox-Spdy: h2

t.tmdn2015x9.com/build/fd577adb/v1/

0.0.0.0

0 B

URL GET
t.tmdn2015x9.com/build/fd577adb/v1/
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.angelfire.com/ill/hamad/...al.v5.0.142.rar

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /build/fd577adb/v1/ HTTP/1.1
Host: t.tmdn2015x9.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.angelfire.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (13)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash