Report - mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2

Report Overview

Submitted URL
mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
IP
67.222.134.147
ASN
#30277 DFW-DATACENTER
Submitted
2024-05-02 22:34:29
Access
public
Website Title
Sonic Lost World Fangame Demo 2 Yesmen10 - 263427464 - Download mediafire files
Final URL
mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
mediafiretrend.com	179287	2010-10-04	2013-05-19	2024-02-05	1.9 kB	10 kB	67.222.134.147
questioningtosscontradiction.com	unknown	2021-09-13	2021-09-13	2024-02-05	1.4 kB	54 kB	172.240.108.76
whackresolved.com	unknown	unknown	No data	No data	479 B	898 B	192.243.61.225
fleckfound.com	unknown	2024-04-29	2024-04-30	2024-05-01	483 B	467 B	172.240.108.76
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2024-05-02	1.3 kB	1.3 kB	35.158.46.84
ssl.gstatic.com	unknown	2008-02-11	2012-05-23	2024-05-01	435 B	5.7 kB	216.58.211.3
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-05-01	512 B	1.2 kB	35.244.181.201
accounts.google.com	81	1997-09-15	2016-03-20	2024-05-01	730 B	1.3 kB	173.194.221.84
apis.google.com	105	1997-09-15	2013-05-06	2024-05-02	4.1 kB	147 kB	142.250.74.110
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21	2024-05-02	1.0 kB	2.8 kB	143.204.53.97
www.profitabledisplaycontent.com	138390	2020-10-14	2020-10-16	2024-04-16	3.0 kB	3.6 kB	172.240.108.84
cdn.onesignal.com	3015	2011-09-10	2015-04-22	2024-05-01	417 B	10 kB	104.17.111.223
capaciousdrewreligion.com	unknown	2023-11-07	2023-11-27	2024-05-02	417 B	327 B	172.240.108.76
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-01	425 B	88 kB	142.250.74.168
unseenreport.com	unknown	2022-03-30	2022-03-30	2024-05-02	738 B	423 B	192.243.61.227
downstairsnegotiatebarren.com	unknown	2024-03-04	2024-03-04	2024-05-02	415 B	87 kB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-05-02	medium	whackresolved.com	Sinkholed
2024-05-02	medium	fleckfound.com	Sinkholed
2024-05-02	medium	unseenreport.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	apis.google.com/js/plusone.js	56 kB	2024-04-23	2024-05-16
Pretty URL apis.google.com/js/plusone.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 01:08:16 Last Seen2024-05-16 06:28:25 Times Seen254 Hash fb86282646c76d835cd2e6c49b8625f7 d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0 638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109 Loading...

	mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html	24 B	2023-03-17	2024-05-03
Pretty URL mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html IP 67.222.134.147 ASN #30277 DFW-DATACENTER Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-17 10:16:01 Last Seen2024-05-03 00:34:36 Times Seen2 Hash 55eba90dc25fe315d5f736d43ee0b9b9 5738e890885bc3c59e93c5f7995f0dae4da608ea 0525995eaa695c11b4f4d1552ec796fc45562ce25b2cea7d61ea791c2c5be5f5 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs	102 kB	2024-04-23	2024-05-16
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 18:10:08 Last Seen2024-05-16 04:32:31 Times Seen82 Hash 2194126651ec918368e1c172f3003494 44cbf3b9bd5ac4f5c95cfcc8ad31844ba9f67c48 f3bed417a7effbce45e190fabd36fba0d906f4d39a893231eaf61c0801d0fbca Loading...

	mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html	465 B	2023-03-17	2024-05-05
Pretty URL mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html IP 67.222.134.147 ASN #30277 DFW-DATACENTER Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-17 10:16:01 Last Seen2024-05-05 01:26:08 Times Seen5 Hash ec12b33bcf8ccdd82176071c29678145 be8fe4ed235317049aaf41f2f591bb13458141a5 a5c5b180cdd09263c78325fe45590fb19b31e6e56e28ed6d53483c0abf46e36f Loading...

	mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html	442 B	2024-05-03	2024-05-03
Pretty URL mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html IP 67.222.134.147 ASN #30277 DFW-DATACENTER Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-03 00:34:36 Last Seen2024-05-03 00:34:36 Times Seen1 Hash 7ae15e3c263b0f369c0ef6b3634a9e57 c9e70ea5f976f960d6f3bdd185e26e5ba3828426 bbeb3c36f050c926192d54bf59c53df60b3d3fe38c9ec8872d55c80f7c023bfe Loading...

	mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html	294 B	2024-02-05	2024-05-05
Pretty URL mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html IP 67.222.134.147 ASN #30277 DFW-DATACENTER Introduced by scriptElement Embedded in HTML true Observations First Seen2024-02-05 06:04:41 Last Seen2024-05-05 01:26:08 Times Seen3 Hash ef6f8b744d1a879fa6edb46982aba9a7 b727a98411d3be247808c473c2b55f0753c919f7 46e9e93ba546000b2b9c2f40ab1fa9db1eb11ab8d0df184065de9542712aaf2c Loading...

	www.googletagmanager.com/gtag/js?id=G-4908KN5GDY	246 kB	2024-05-03	2024-05-03
Pretty URL www.googletagmanager.com/gtag/js?id=G-4908KN5GDY IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 00:34:36 Last Seen2024-05-03 00:34:36 Times Seen2 Hash 4429bcb365acf73e0fbdcd4e2a2378ca 65d1b619f10928ec0e58b0a6ddba7fa6a72101e6 f0e2b615acd7fb9917169de3ca609fef5a84ed818fce87545a4ee6d613e1c03c Loading...

	capaciousdrewreligion.com/advertisers.js	0 B	2023-03-07	2024-05-17
Pretty URL capaciousdrewreligion.com/advertisers.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-17 11:09:38 Times Seen37737236 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs	161 kB	2024-04-23	2024-05-16
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 01:08:16 Last Seen2024-05-16 06:28:26 Times Seen224 Hash a07a0041143bc11d11c2fe0d37a5ded7 cb14b39ec6f8a362a08d1957af211d81f750d54d 233746b5d7f58579f0d5ea21e4907fdb5be5469f05dd7691633448aead77fc98 Loading...

	unknown	145 B	2024-02-05	2024-05-05
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-05 06:04:40 Last Seen2024-05-05 01:26:08 Times Seen3 Hash 0bc9e035028ab4c49ec8396a213f6ef9 71295e67be3d5992f2bcd1c903ae5a9307f8a221 b75501f71ab07c6db688f961b4bef902cba22d075607943f302f957955425980 Loading...

	cdn.onesignal.com/sdks/OneSignalSDK.js	9.2 kB	2023-11-28	2024-05-17
Pretty URL cdn.onesignal.com/sdks/OneSignalSDK.js IP 104.17.111.223 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 20:00:16 Last Seen2024-05-17 10:28:12 Times Seen3719 Hash a87c48d211877c49b878679b2e3cdab8 e75653dd0156806682e39abe8b1323ed40d840ca 4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f Loading...

	questioningtosscontradiction.com/987c5bcd322e84c5759937076ef7c99c/invoke.js	27 kB	2024-05-03	2024-05-03
Pretty URL questioningtosscontradiction.com/987c5bcd322e84c5759937076ef7c99c/invoke.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 00:34:36 Last Seen2024-05-03 00:34:36 Times Seen2 Hash 2b56ba9de7c8a58000de424059e97f58 2406b86dba667b0b42a016a716e46c2c637805ed e36cd08365b2b5f3bf3abc5f09eeeb9e2e34083fa4679282d027534a228e0907 Loading...

	downstairsnegotiatebarren.com/sfp.js	86 kB	2024-03-29	2024-05-17
Pretty URL downstairsnegotiatebarren.com/sfp.js IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-29 13:13:34 Last Seen2024-05-17 11:02:34 Times Seen3540 Hash f4a2f8f9f99541c6f105bbd0a025bd40 1f8e3eff12168fdd9e719adfc098d24a45b6916a b717cb04231a10d425fd55b73c85a5407119c6826a8bac94142fddfff6958716 Loading...

	ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js	11 kB	2024-04-19	2024-05-16
Pretty URL ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js IP 216.58.211.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 09:16:40 Last Seen2024-05-16 04:32:31 Times Seen204 Hash 40aaadf2a7451d276b940cddefb2d0ed b2fc8129a4f5e5a0c8cb631218f40a4230444d9e 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2 Loading...

	apis.google.com/js/rpc:shindig_random.js?onload=init	15 kB	2024-04-23	2024-05-16
Pretty URL apis.google.com/js/rpc:shindig_random.js?onload=init IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 10:05:22 Last Seen2024-05-16 04:32:31 Times Seen185 Hash 23a7ab8d8ba33d255e61be9fc36b1d16 042d8431d552c81f4e504644ac88adce7bf2b76f 127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5 Loading...

	mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html	153 B	2023-09-23	2024-05-05
Pretty URL mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html IP 67.222.134.147 ASN #30277 DFW-DATACENTER Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-23 18:17:52 Last Seen2024-05-05 01:26:08 Times Seen4 Hash e1d2df3ed28a7af7662c7249d52871cc 1845c24938d55351991ac33953f9b9de0eeddd62 6af4c68349a3a326e2d575fa43eb6eca8583eeabde06048cc613893dfdae80da Loading...

	questioningtosscontradiction.com/029df468b29833c6cbf3554e951d7c81/invoke.js	31 kB	2024-05-03	2024-05-05
Pretty URL questioningtosscontradiction.com/029df468b29833c6cbf3554e951d7c81/invoke.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 00:34:36 Last Seen2024-05-05 01:26:08 Times Seen4 Hash 1aa981639ceebfca81a2633b10ce67d7 f2a50294f6cfa4e0bbd4c1d1bb2076a6e725970d c19180e72375358d5681a70f5c5d2f528b64ce9296de43233970c3341df90808 Loading...

	questioningtosscontradiction.com/dd/6a/42/dd6a421db78c65363347d1784b71968c.js	82 kB	2024-05-03	2024-05-03
Pretty URL questioningtosscontradiction.com/dd/6a/42/dd6a421db78c65363347d1784b71968c.js IP 172.240.108.76 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-03 00:34:36 Last Seen2024-05-03 00:34:36 Times Seen2 Hash 406cb595ca869f148c301e7f7c93bc86 f2992c16e660974b26b510428ea997931c1be6b8 2667ecf6e75b41f53dc70572c4418308342f8226cf1c00019bcad942204a2550 Loading...

	apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs	66 kB	2024-04-23	2024-05-16
Pretty URL apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-23 10:05:23 Last Seen2024-05-16 04:32:31 Times Seen182 Hash 63e5a0b45632b3dde3694ffcaf0e3f7a 923736d0cdc308331d5cfaa0ea159bfedc83d53f 889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db Loading...

		Size	First Seen	Last Seen
	#1 Write - 59adc8fcd89ec83110b3026379879388	134 B	2024-05-03	2024-05-03
Pretty Observations First Seen2024-05-03 00:34:36 Last Seen2024-05-03 00:34:36 Times Seen1 Hash 59adc8fcd89ec83110b3026379879388 0c24c8a76c87c31863894fff0344c8745626c886 772d3a475ec2a7fb4d8fd5aaf6a05023be8b8887ce38f2b1492b4dca75ac593e Loading...

	#2 Write - 713966641e00724303a5db1d1e9a33a2	124 B	2023-12-01	2024-05-05
Pretty Observations First Seen2023-12-01 13:52:37 Last Seen2024-05-05 01:26:08 Times Seen4 Hash 713966641e00724303a5db1d1e9a33a2 98185bb0ad6de130b590040ddde4114511d63cb9 2ebc218b1f1ec47fa5a07ed6bae975916b10296d59612fac89739fcc2dcae59b Loading...

HTTP Transactions (31)

URL IP Response Size

mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html

67.222.134.147

200 OK

4.2 kB

URL User Request GET HTTP/1.1
mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
IP
67.222.134.147:443
ASN
#30277 DFW-DATACENTER

Certificate
IssuerLet's Encrypt
Subjectmediafiretrend.com
Fingerprint9F:4E:12:17:E6:7B:EA:32:74:3C:B7:F4:61:67:F0:FC:80:FB:A4:EA
ValidityThu, 28 Mar 2024 10:01:58 GMT - Wed, 26 Jun 2024 10:01:57 GMT

File type
JavaScript source, ASCII text, with very long lines (2151)
Size
4.2 kB (4243 bytes)
Hash
4b314be199bd9fe9e8d9b26f16dd4517
b60d300cd81025a98b6802b51e6ac6617c30111b
1521184735c4cac2c424fe6142911dacbb2f7fdb470b0765aa6c65f87782a9a4

HTTP Headers

GET /f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html HTTP/1.1
Host: mediafiretrend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache
Date: Thu, 02 May 2024 22:34:02 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=7717f8d2474fb5a5b7b76ca40e7e6146; path=/; domain=.mediafiretrend.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Encoding: gzip

mediafiretrend.com/logo.gif

67.222.134.147

200 OK

5.1 kB

URL GET HTTP/1.1
mediafiretrend.com/logo.gif
IP
67.222.134.147:443
ASN
#30277 DFW-DATACENTER

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectmediafiretrend.com
Fingerprint9F:4E:12:17:E6:7B:EA:32:74:3C:B7:F4:61:67:F0:FC:80:FB:A4:EA
ValidityThu, 28 Mar 2024 10:01:58 GMT - Wed, 26 Jun 2024 10:01:57 GMT

File type
GIF image data, version 89a, 500 x 80
Size
5.1 kB (5126 bytes)
Hash
f586fd0c5e756fe823c92d85701d7362
5ca03518e3342a2577b73642efc736582d488b32
4e1e682b3780cfbc0342dd24a1b4cf06719347699518b732e5e1675b0b70bdf1

HTTP Headers

GET /logo.gif HTTP/1.1
Host: mediafiretrend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Cookie: PHPSESSID=7717f8d2474fb5a5b7b76ca40e7e6146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache
Date: Thu, 02 May 2024 22:34:03 GMT
Content-Type: image/gif
Content-Length: 5126
Last-Modified: Tue, 05 Oct 2010 17:21:52 GMT
Connection: keep-alive
ETag: "4cab5eb0-1406"
Accept-Ranges: bytes

www.googletagmanager.com/gtag/js?id=G-4908KN5GDY

142.250.74.168

200 OK

88 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-4908KN5GDY
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
88 kB (87657 bytes)
Hash
4429bcb365acf73e0fbdcd4e2a2378ca
65d1b619f10928ec0e58b0a6ddba7fa6a72101e6
f0e2b615acd7fb9917169de3ca609fef5a84ed818fce87545a4ee6d613e1c03c

HTTP Headers

GET /gtag/js?id=G-4908KN5GDY HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 02 May 2024 22:34:04 GMT
expires: Thu, 02 May 2024 22:34:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87657
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/js/plusone.js

142.250.74.110

200 OK

21 kB

URL GET HTTP/2
apis.google.com/js/plusone.js
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.apis.google.com
FingerprintA2:59:20:19:C5:59:93:57:6E:20:C4:F9:82:FE:17:0C:78:A8:1E:8C
ValidityMon, 08 Apr 2024 07:34:09 GMT - Mon, 01 Jul 2024 07:34:08 GMT

File type
JavaScript source, ASCII text, with very long lines (2050)
Size
21 kB (21303 bytes)
Hash
fb86282646c76d835cd2e6c49b8625f7
d1b33142b0ce10c3e883e4799dcb0a2f9ddaa3d0
638374c6c6251af66fe3f5018eb3ff62b47df830a0137afb51e36ac3279d8109

HTTP Headers

GET /js/plusone.js HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 21303
date: Thu, 02 May 2024 22:34:04 GMT
expires: Thu, 02 May 2024 22:34:04 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "80d5c9d57d5f206f"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

questioningtosscontradiction.com/029df468b29833c6cbf3554e951d7c81/invoke.js

172.240.108.76

200 OK

12 kB

URL GET HTTP/1.1
questioningtosscontradiction.com/029df468b29833c6cbf3554e951d7c81/invoke.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectquestioningtosscontradiction.com
FingerprintAA:AA:12:97:CC:C1:41:64:82:82:0E:BC:52:92:54:A6:76:18:81:EB
ValidityThu, 02 May 2024 07:45:46 GMT - Wed, 31 Jul 2024 07:45:45 GMT

File type
JavaScript source, ASCII text, with very long lines (31299), with no line terminators
Size
12 kB (11818 bytes)
Hash
1aa981639ceebfca81a2633b10ce67d7
f2a50294f6cfa4e0bbd4c1d1bb2076a6e725970d
c19180e72375358d5681a70f5c5d2f528b64ce9296de43233970c3341df90808

HTTP Headers

GET /029df468b29833c6cbf3554e951d7c81/invoke.js HTTP/1.1
Host: questioningtosscontradiction.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 75ba033dfcb6ab28bbf6574ba1b996e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

questioningtosscontradiction.com/987c5bcd322e84c5759937076ef7c99c/invoke.js

172.240.108.76

200 OK

9.8 kB

URL GET HTTP/1.1
questioningtosscontradiction.com/987c5bcd322e84c5759937076ef7c99c/invoke.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectquestioningtosscontradiction.com
FingerprintAA:AA:12:97:CC:C1:41:64:82:82:0E:BC:52:92:54:A6:76:18:81:EB
ValidityThu, 02 May 2024 07:45:46 GMT - Wed, 31 Jul 2024 07:45:45 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (26567), with no line terminators
Size
9.8 kB (9785 bytes)
Hash
2b56ba9de7c8a58000de424059e97f58
2406b86dba667b0b42a016a716e46c2c637805ed
e36cd08365b2b5f3bf3abc5f09eeeb9e2e34083fa4679282d027534a228e0907

HTTP Headers

GET /987c5bcd322e84c5759937076ef7c99c/invoke.js HTTP/1.1
Host: questioningtosscontradiction.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 24073ede7833d79e2d20110797e7e568
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

questioningtosscontradiction.com/dd/6a/42/dd6a421db78c65363347d1784b71968c.js

172.240.108.76

200 OK

30 kB

URL GET HTTP/1.1
questioningtosscontradiction.com/dd/6a/42/dd6a421db78c65363347d1784b71968c.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectquestioningtosscontradiction.com
FingerprintAA:AA:12:97:CC:C1:41:64:82:82:0E:BC:52:92:54:A6:76:18:81:EB
ValidityThu, 02 May 2024 07:45:46 GMT - Wed, 31 Jul 2024 07:45:45 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
30 kB (30051 bytes)
Hash
406cb595ca869f148c301e7f7c93bc86
f2992c16e660974b26b510428ea997931c1be6b8
2667ecf6e75b41f53dc70572c4418308342f8226cf1c00019bcad942204a2550

HTTP Headers

GET /dd/6a/42/dd6a421db78c65363347d1784b71968c.js HTTP/1.1
Host: questioningtosscontradiction.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a23858b2884cfb1a4e32cd62b5d007ec
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=Tall&origin=https%3A%2F%2Fmediafiretrend.com&url=https%3A%2F%2Fmediafiretrend.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

142.250.74.110

226 B

URL
apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=Tall&origin=https%3A%2F%2Fmediafiretrend.com&url=https%3A%2F%2Fmediafiretrend.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
IP
142.250.74.110:0
ASN
#15169 GOOGLE

Certificate
IssuerGoogle Trust Services LLC
Subject*.apis.google.com
FingerprintA2:59:20:19:C5:59:93:57:6E:20:C4:F9:82:FE:17:0C:78:A8:1E:8C
ValidityMon, 08 Apr 2024 07:34:09 GMT - Mon, 01 Jul 2024 07:34:08 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
226 B (226 bytes)
Hash
4df07581948280a6e769a24c5d99d775
843a2c95362347eb8894a6acb607f139be65ded4
3561b93a48d81fac116ccd6e60163bd382abb1d594c81240f5718feb1f197f73

HTTP Headers

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=Tall&origin=https%3A%2F%2Fmediafiretrend.com&url=https%3A%2F%2Fmediafiretrend.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 02 May 2024 22:34:04 GMT
expires: Thu, 02 May 2024 23:04:04 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

whackresolved.com/ntv.json?key=987c5bcd322e84c5759937076ef7c99c&vstc=4

192.243.61.225

200 OK

0 B

URL GET HTTP/1.1
whackresolved.com/ntv.json?key=987c5bcd322e84c5759937076ef7c99c&vstc=4
IP
192.243.61.225:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectwhackresolved.com
Fingerprint9D:15:57:1B:C7:77:0C:78:90:4B:03:53:26:EC:51:7C:26:F2:F3:D8
ValidityMon, 29 Apr 2024 08:46:37 GMT - Sun, 28 Jul 2024 08:46:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /ntv.json?key=987c5bcd322e84c5759937076ef7c99c&vstc=4 HTTP/1.1
Host: whackresolved.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafiretrend.com
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:05 GMT
Content-Type: application/json
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafiretrend.com
Access-Control-Allow-Origin: https://mediafiretrend.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=14925896; expires=Fri, 03 May 2024 22:34:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f8de75ab1f999a2706dcec312dcc098
Strict-Transport-Security: max-age=0; includeSubdomains

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8b36a1d5c1baf125ac6c6e9dbbba0f9e
ec227af9795dfdb98c3d64e9909aa9dd5813607a
448cf1c668a852a9500e3b540e3f70edcf0e5b980c36124f47487836a6f5b165

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 22:34:05 GMT
Last-Modified: Thu, 02 May 2024 21:24:07 GMT
Server: ECAcc (ska/F757)
X-Cache: Miss from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nSlTvgCFj39TB34XRKx44_YItk8M9qhRUSiL8529Vr8GaiPqQp4PXA==
Age: 4198

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8b36a1d5c1baf125ac6c6e9dbbba0f9e
ec227af9795dfdb98c3d64e9909aa9dd5813607a
448cf1c668a852a9500e3b540e3f70edcf0e5b980c36124f47487836a6f5b165

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 22:34:05 GMT
Last-Modified: Thu, 02 May 2024 21:26:14 GMT
Server: ECAcc (ska/F756)
X-Cache: Miss from cloudfront
Via: 1.1 2afd697fc5d0058ea30d6c4b939e714c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BXakM9BIP0e6zQzaVmgTeEXm5uZ0GD9SHtkLr48vHpFA4c5s2AXi5Q==
Age: 4071

ocsp.r2m03.amazontrust.com/

143.204.53.97

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
143.204.53.97:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
8b36a1d5c1baf125ac6c6e9dbbba0f9e
ec227af9795dfdb98c3d64e9909aa9dd5813607a
448cf1c668a852a9500e3b540e3f70edcf0e5b980c36124f47487836a6f5b165

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Thu, 02 May 2024 22:34:05 GMT
Last-Modified: Thu, 02 May 2024 21:24:07 GMT
Server: ECAcc (ska/F73A)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 56WPhtq7FTn-14WSwBErV4m3gIV5aLyWP-LQl0vOD7kD2JRlwEMbAw==
Age: 4198

fleckfound.com/pixel/purst?dl=0&th=0&sc=0&rs=1833&rd=1833&fd=916&bv=24.4.6923&tmpl=70

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
fleckfound.com/pixel/purst?dl=0&th=0&sc=0&rs=1833&rd=1833&fd=916&bv=24.4.6923&tmpl=70
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectfleckfound.com
Fingerprint06:C3:C5:8B:02:60:4C:0D:E3:E4:62:97:7A:84:1B:D5:9B:3F:49:F9
ValidityMon, 29 Apr 2024 12:52:40 GMT - Sun, 28 Jul 2024 12:52:39 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=1833&rd=1833&fd=916&bv=24.4.6923&tmpl=70 HTTP/1.1
Host: fleckfound.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
9f496d7a52705bec5e5fd9609e859334
d4b8ab5f27e9180d83741e670d92236deb9db69d
14c58abf6ade663741620b34598d4976d4beb975e918d0e0ca0f60f176832a36

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafiretrend.com
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 22:34:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mediafiretrend.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=73c845be-c826-4dd4-a363-14cd7fdcded7:3:1; expires=Sun, 30 Apr 2034 22:34:05 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
33df19c038b5c4be2188d841e3b205ea
6fbab9cdfb7bef3de84778028fc7e8a26e5ea4ba
4ef49ffcfce4e7358fdab712eeabd5e30b601f8240e6f3e6a49ede31f271a41b

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafiretrend.com
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 22:34:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mediafiretrend.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=0d2da442-77fd-43ef-817b-c76ab1af327d:2:1; expires=Sun, 30 Apr 2034 22:34:05 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

35.158.46.84

200 OK

40 B

URL GET HTTP/2
proftrafficcounter.com/stats
IP
35.158.46.84:443
ASN
#16509 AMAZON-02

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerAmazon
Subjectproftrafficcounter.com
FingerprintE3:9F:79:6F:80:C0:BF:F8:C4:EB:45:F3:E9:0F:A7:41:F6:0C:05:E6
ValidityTue, 21 Nov 2023 00:00:00 GMT - Thu, 19 Dec 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
85e012a98524afe24f0464ab454c85c9
aae88e597d836c76c9285bbb601885de4990d6be
3f188522160cf96a1913c1aeea6f57191ddab274de4f7204502ac9ec23bcec6c

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafiretrend.com
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 22:34:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://mediafiretrend.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=9e5dfb3c-e10c-4391-b019-c0f3b24db38f:2:1; expires=Sun, 30 Apr 2034 22:34:05 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

capaciousdrewreligion.com/advertisers.js

172.240.108.76

200 OK

0 B

URL GET HTTP/1.1
capaciousdrewreligion.com/advertisers.js
IP
172.240.108.76:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectcapaciousdrewreligion.com
Fingerprint53:B6:ED:C6:B5:B6:60:3E:6D:02:5A:92:2E:C3:12:74:64:A1:23:DC
ValidityWed, 06 Mar 2024 11:57:32 GMT - Tue, 04 Jun 2024 11:57:31 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: capaciousdrewreligion.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:05 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7f79d718db2ceb97d16a83603c4b2fa6
Strict-Transport-Security: max-age=0; includeSubdomains

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs

142.250.74.110

200 OK

35 kB

URL GET HTTP/3
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
JavaScript source, ASCII text, with very long lines (1586)
Size
35 kB (35323 bytes)
Hash
2194126651ec918368e1c172f3003494
44cbf3b9bd5ac4f5c95cfcc8ad31844ba9f67c48
f3bed417a7effbce45e190fabd36fba0d906f4d39a893231eaf61c0801d0fbca

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=auth/exm=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_1?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 35323
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:51:38 GMT
expires: Fri, 02 May 2025 01:51:38 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 18:15:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 74547
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

142.250.74.110

200 OK

56 kB

URL GET HTTP/3
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
JavaScript source, ASCII text, with very long lines (2124)
Size
56 kB (55813 bytes)
Hash
a07a0041143bc11d11c2fe0d37a5ded7
cb14b39ec6f8a362a08d1957af211d81f750d54d
233746b5d7f58579f0d5ea21e4907fdb5be5469f05dd7691633448aead77fc98

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 55813
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 12:30:04 GMT
expires: Fri, 02 May 2025 12:30:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 18:15:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 36241
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.profitabledisplaycontent.com/watch.1320807866607.js?key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&tz=0&dev=e&res=14.2071&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1

172.240.108.84

307 Temporary Redirect

0 B

URL GET HTTP/1.1
www.profitabledisplaycontent.com/watch.1320807866607.js?key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&tz=0&dev=e&res=14.2071&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subject*.profitabledisplaycontent.com
FingerprintF4:C1:8B:22:C3:5A:D9:C2:C4:6B:E0:3E:34:96:8E:99:A2:FE:86:0E
ValiditySat, 30 Mar 2024 06:41:06 GMT - Fri, 28 Jun 2024 06:41:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.1320807866607.js?key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&tz=0&dev=e&res=14.2071&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1 HTTP/1.1
Host: www.profitabledisplaycontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafiretrend.com
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafiretrend.com
Access-Control-Allow-Origin: https://mediafiretrend.com
Access-Control-Allow-Credentials: true
Location: https://www.profitabledisplaycontent.com/watch.1320807866607.js?dev=e&key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&pst=1714689305&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&res=14.2071&rmtc=t&shu=0e6bb8e287c53ad3a7d6ddf681f77795b60214ebba911d9f0688ed652178bf38060c36c3941777a9d61aa0f77443810d655432d96db90b5f1323166fe4279a0bb0925f8d94a0a008f4509aea66352472ba97ebbb35e0c9e878b57646b1f6&tz=0&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1
Set-Cookie: u_pl=29748; expires=Fri, 03 May 2024 22:34:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyOTc0OCwiayI6IjAyOWRmNDY4YjI5ODMzYzZjYmYzNTU0ZTk1MWQ3YzgxIiwic2lkIjoiIiwiaXNpZCI6NCwiYXNpZCI6MSwiemlkIjoxMjQ4NCwicGlkIjo2NjM1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ1eTNiOXlzYiIsImNwa3MiOnsiNDciOiJhNGI5ZjBlNzA3YWVkNWE1MjI0MWQ0NThhMjkxMDcwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9tZWRpYWZpcmV0cmVuZC5jb20vZi8yNjM0Mjc0NjQvc29uaWNfbG9zdF93b3JsZF9mYW5nYW1lX2RlbW9fMl95ZXNtZW4xMC5odG1sIiwiYXIiOltdfX0.nigS7-h_SFeai3v9JxsxCComzME2NP8QROvf0q9XumU; expires=Thu, 02 May 2024 22:35:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ca79dc4ef5b0d62c712f59d272029b99
Strict-Transport-Security: max-age=0; includeSubdomains

mediafiretrend.com/favicon.ico

67.222.134.147

200 OK

198 B

URL GET HTTP/1.1
mediafiretrend.com/favicon.ico
IP
67.222.134.147:443
ASN
#30277 DFW-DATACENTER

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectmediafiretrend.com
Fingerprint9F:4E:12:17:E6:7B:EA:32:74:3C:B7:F4:61:67:F0:FC:80:FB:A4:EA
ValidityThu, 28 Mar 2024 10:01:58 GMT - Wed, 26 Jun 2024 10:01:57 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors
Size
198 B (198 bytes)
Hash
7d2fac9ec784802103b07df705aeefc4
d427cc62b7fc793ebc4b0e60cdecc73c462cd74e
5870d4b4a73c45ad0adae8ec77b4b6c129a7197c0462dde29f405f32e6cd5fe1

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: mediafiretrend.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Cookie: PHPSESSID=7717f8d2474fb5a5b7b76ca40e7e6146; _ga_4908KN5GDY=GS1.1.1714689244.1.0.1714689244.0.0.0; _ga=GA1.1.491345381.1714689245; m5a4xojbcp2nx3gptmm633qal3gzmadn=whackresolved.com; pp_main_dd6a421db78c65363347d1784b71968c=1; dom3ic8zudi28v8lr6fgphwffqoz0j6c=9e5dfb3c-e10c-4391-b019-c0f3b24db38f%3A2%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache
Date: Thu, 02 May 2024 22:34:05 GMT
Content-Type: image/x-icon
Content-Length: 198
Last-Modified: Fri, 16 Nov 2012 15:35:46 GMT
Connection: keep-alive
ETag: "50a65d52-c6"
Accept-Ranges: bytes

www.profitabledisplaycontent.com/watch.1320807866607.js?dev=e&key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&pst=1714689305&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&res=14.2071&rmtc=t&shu=0e6bb8e287c53ad3a7d6ddf681f77795b60214ebba911d9f0688ed652178bf38060c36c3941777a9d61aa0f77443810d655432d96db90b5f1323166fe4279a0bb0925f8d94a0a008f4509aea66352472ba97ebbb35e0c9e878b57646b1f6&tz=0&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1

172.240.108.84

200 OK

0 B

URL GET HTTP/1.1
www.profitabledisplaycontent.com/watch.1320807866607.js?dev=e&key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&pst=1714689305&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&res=14.2071&rmtc=t&shu=0e6bb8e287c53ad3a7d6ddf681f77795b60214ebba911d9f0688ed652178bf38060c36c3941777a9d61aa0f77443810d655432d96db90b5f1323166fe4279a0bb0925f8d94a0a008f4509aea66352472ba97ebbb35e0c9e878b57646b1f6&tz=0&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1
IP
172.240.108.84:443
ASN
#7979 SERVERS-COM

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subject*.profitabledisplaycontent.com
FingerprintF4:C1:8B:22:C3:5A:D9:C2:C4:6B:E0:3E:34:96:8E:99:A2:FE:86:0E
ValiditySat, 30 Mar 2024 06:41:06 GMT - Fri, 28 Jun 2024 06:41:05 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /watch.1320807866607.js?dev=e&key=029df468b29833c6cbf3554e951d7c81&kw=%5B%22sonic%22%2C%22lost%22%2C%22world%22%2C%22fangame%22%2C%22demo%22%2C%222%22%2C%22yesmen10%22%2C%22-%22%2C%22263427464%22%2C%22-%22%2C%22download%22%2C%22mediafire%22%2C%22files%22%5D&pst=1714689305&refer=https%3A%2F%2Fmediafiretrend.com%2Ff%2F263427464%2Fsonic_lost_world_fangame_demo_2_yesmen10.html&res=14.2071&rmtc=t&shu=0e6bb8e287c53ad3a7d6ddf681f77795b60214ebba911d9f0688ed652178bf38060c36c3941777a9d61aa0f77443810d655432d96db90b5f1323166fe4279a0bb0925f8d94a0a008f4509aea66352472ba97ebbb35e0c9e878b57646b1f6&tz=0&uuid=0d2da442-77fd-43ef-817b-c76ab1af327d%3A2%3A1 HTTP/1.1
Host: www.profitabledisplaycontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediafiretrend.com
Referer: https://mediafiretrend.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=29748; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyOTc0OCwiayI6IjAyOWRmNDY4YjI5ODMzYzZjYmYzNTU0ZTk1MWQ3YzgxIiwic2lkIjoiIiwiaXNpZCI6NCwiYXNpZCI6MSwiemlkIjoxMjQ4NCwicGlkIjo2NjM1LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjIxLCJhaWQiOjIzLCJwdCI6NCwicGsiOiJ1eTNiOXlzYiIsImNwa3MiOnsiNDciOiJhNGI5ZjBlNzA3YWVkNWE1MjI0MWQ0NThhMjkxMDcwNSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9tZWRpYWZpcmV0cmVuZC5jb20vZi8yNjM0Mjc0NjQvc29uaWNfbG9zdF93b3JsZF9mYW5nYW1lX2RlbW9fMl95ZXNtZW4xMC5odG1sIiwiYXIiOltdfX0.nigS7-h_SFeai3v9JxsxCComzME2NP8QROvf0q9XumU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://mediafiretrend.com
Access-Control-Allow-Origin: https://mediafiretrend.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=0d2da442-77fd-43ef-817b-c76ab1af327d:2:1; expires=Thu, 09 May 2024 22:34:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e6b5c2bd755abf3c2fea3aca84194fa1
Strict-Transport-Security: max-age=0; includeSubdomains

apis.google.com/js/rpc:shindig_random.js?onload=init

142.250.74.110

200 OK

5.9 kB

URL GET HTTP/3
apis.google.com/js/rpc:shindig_random.js?onload=init
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmediafiretrend.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__#rpctoken=346049231&forcesecure=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
JavaScript source, ASCII text, with very long lines (2054)
Size
5.9 kB (5908 bytes)
Hash
23a7ab8d8ba33d255e61be9fc36b1d16
042d8431d552c81f4e504644ac88adce7bf2b76f
127ffe5850ed564a98f7ac65c81f0d71c163ea45df74f130841f78d4ac5afad5

HTTP Headers

GET /js/rpc:shindig_random.js?onload=init HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
access-control-allow-origin: *
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="gapi-team"
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
timing-allow-origin: *
content-length: 5908
date: Thu, 02 May 2024 22:34:06 GMT
expires: Thu, 02 May 2024 22:34:06 GMT
cache-control: private, max-age=1800, stale-while-revalidate=1800
etag: "9b77125b6924cb07"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js

216.58.211.3

200 OK

4.8 kB

URL GET HTTP/2
ssl.gstatic.com/accounts/o/3604799710-postmessagerelay.js
IP
216.58.211.3:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmediafiretrend.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__#rpctoken=346049231&forcesecure=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint93:EC:35:60:8A:5B:23:EA:C0:36:D7:AE:03:0C:C3:77:17:5A:20:33
ValidityMon, 08 Apr 2024 07:31:57 GMT - Mon, 01 Jul 2024 07:31:56 GMT

File type
JavaScript source, ASCII text, with very long lines (1915)
Size
4.8 kB (4846 bytes)
Hash
40aaadf2a7451d276b940cddefb2d0ed
b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

HTTP Headers

GET /accounts/o/3604799710-postmessagerelay.js HTTP/1.1
Host: ssl.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="federated-signon-mpm-access"
report-to: {"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-length: 4846
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 02:15:05 GMT
expires: Fri, 02 May 2025 02:15:05 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 29 Apr 2024 12:07:43 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 73141
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs

142.250.74.110

200 OK

24 kB

URL GET HTTP/3
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmediafiretrend.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__#rpctoken=346049231&forcesecure=1
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type
JavaScript source, ASCII text, with very long lines (2124)
Size
24 kB (23473 bytes)
Hash
63e5a0b45632b3dde3694ffcaf0e3f7a
923736d0cdc308331d5cfaa0ea159bfedc83d53f
889109910477919b3457416e7764bcd0add19fd959848253026125c7c35c43db

HTTP Headers

GET /_/scs/abc-static/_/js/k=gapi.lb.en.JisoxTPHVRs.O/m=rpc,shindig_random/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg/cb=gapi.loaded_0?le=scs HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accounts.google.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-length: 23473
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:59:06 GMT
expires: Fri, 02 May 2025 01:59:06 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Apr 2024 18:15:45 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 74100
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

unseenreport.com/pxf.gif?uuid=9e5dfb3c-e10c-4391-b019-c0f3b24db38f&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=dd6a421db78c65363347d1784b71968c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22

192.243.61.227

200 OK

1 B

URL GET HTTP/1.1
unseenreport.com/pxf.gif?uuid=9e5dfb3c-e10c-4391-b019-c0f3b24db38f&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=dd6a421db78c65363347d1784b71968c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subject*.unseenreport.com
Fingerprint71:46:15:FD:76:6A:F5:5B:51:06:CC:93:DD:D8:63:E3:8B:10:BF:13
ValidityFri, 22 Mar 2024 07:32:41 GMT - Thu, 20 Jun 2024 07:32:40 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pxf.gif?uuid=9e5dfb3c-e10c-4391-b019-c0f3b24db38f&eb=978028c5053b26833423c7a069ce3bd5&te=5db3a4e34790624df926db520a13f79f&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=e&res=14.2071&b_frame=0&pk=dd6a421db78c65363347d1784b71968c&bl=en-US&sr=1024x1280&sz=1024x1280&hjs=22 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Thu, 02 May 2024 22:34:07 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 02c6ba37c65c6b0c7e1a0bb2d2568c87
Strict-Transport-Security: max-age=0; includeSubdomains

aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

444 B

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
XML 1.0 document, ASCII text, with very long lines (332)
Size
444 B (444 bytes)
Hash
3b324dec137a87ef7e24a30a65b13dd0
c0faa95b2f1018e264b3a14aaf50d1003e6c27b3
6cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463

HTTP Headers

GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-06-09-11-51-10.chain; p384ecdsa=EbvCdcN9rUuz3YfDvjaVyQSvMAyhPysR8mSWGOh7hQn_BCsa3NLHpn0AoQPqafpccNzL9obznD26cNZWlNo7sI4x0DoqYzGaWnZWcSE3muBpJcyBSJ40fDIvNZQyB2Ly
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: MISS
content-encoding: gzip
via: 1.1 google
date: Thu, 02 May 2024 22:33:13 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
content-length: 444
age: 69
cache-control: public,max-age=90
alt-svc: clear
X-Firefox-Spdy: h2

downstairsnegotiatebarren.com/sfp.js

188.114.97.1

200 OK

86 kB

URL GET HTTP/2
downstairsnegotiatebarren.com/sfp.js
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerLet's Encrypt
Subjectdownstairsnegotiatebarren.com
Fingerprint5D:DB:CB:C6:CE:2A:8B:34:7D:BC:43:74:33:1D:5F:77:48:F7:BC:1B
ValidityThu, 02 May 2024 21:26:34 GMT - Wed, 31 Jul 2024 21:26:33 GMT

File type

Size
86 kB (85611 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sfp.js HTTP/1.1
Host: downstairsnegotiatebarren.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 22:34:05 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 3bec791c4b4edad35da064046054854e
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Thu, 02 May 2024 22:34:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0oeCGHyCS1tNJ0F%2BHy8%2FpKSv16l0swxfjBqQsLJaznR1ZW6l6RAgQ5VyWCs6APtvZGk8X6evMOtgsrEuhBggnushIrA4SJoxm1Zu3Q3H4sm0By0NNRXnuC0w36LzujaglX0VM9fi8oZIyVljJmntQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87db7a054aa2712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

142.250.74.110

301 Moved Permanently

0 B

URL GET HTTP/3
apis.google.com/u/0/se/0/_/+1/fastbutton?usegapi=1&size=Tall&origin=https%3A%2F%2Fmediafiretrend.com&url=https%3A%2F%2Fmediafiretrend.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
IP
142.250.74.110:443
ASN
#15169 GOOGLE

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint01:16:A3:AE:CA:C9:AC:ED:3A:C9:AA:75:BE:C2:51:EF:65:CE:23:E1
ValidityMon, 08 Apr 2024 06:34:56 GMT - Mon, 01 Jul 2024 06:34:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /u/0/se/0/_/+1/fastbutton?usegapi=1&size=Tall&origin=https%3A%2F%2Fmediafiretrend.com&url=https%3A%2F%2Fmediafiretrend.com%2F&gsrc=3p&ic=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Host: apis.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
location: http://developers.google.com/
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 02 May 2024 22:34:04 GMT
expires: Thu, 02 May 2024 23:04:04 GMT
cache-control: public, max-age=1800
server: sffe
content-length: 226
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdn.onesignal.com/sdks/OneSignalSDK.js

104.17.111.223

200 OK

9.2 kB

URL GET HTTP/2
cdn.onesignal.com/sdks/OneSignalSDK.js
IP
104.17.111.223:443
ASN
#13335 CLOUDFLARENET

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subjectonesignal.com
Fingerprint28:4D:B2:BB:68:03:29:A7:D8:CB:4B:48:D4:14:BD:A4:4C:0F:D8:70
ValidityMon, 01 Apr 2024 23:12:28 GMT - Sun, 30 Jun 2024 23:12:27 GMT

File type
JavaScript source, ASCII text, with very long lines (9410), with no line terminators
Size
9.2 kB (9204 bytes)
Hash
5eb2adfca36be15c8d4a206576132abd
f507beb2560693723f4b360af70bfe9bd8bed534
6ad1aa44625325d8e975bccee776e9a60ae134d2de1cb8d98852de9f3109aa4a

HTTP Headers

GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 02 May 2024 22:34:04 GMT
content-type: application/javascript
etag: W/"a87c48d211877c49b878679b2e3cdab8"
access-control-allow-headers: OneSignal-Subscription-Id
via: 1.1 google
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 402
expires: Sun, 05 May 2024 22:34:04 GMT
cache-control: public, max-age=259200
set-cookie: __cf_bm=CjUVs5SAqMM0x2DN2duEP9wYSXIVIXXuQB2IwvaNnRo-1714689244-1.0.1.1-JJkGSq1wAsIpIu7jw_mgONlO4nj6znPyGr7Stye6anRFMLwia8zXD07ZrqNFTl2tdPe7PKo5k7gG2YZ4g2BHbw; path=/; expires=Thu, 02-May-24 23:04:04 GMT; domain=.onesignal.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 87db79fef94a568d-OSL
content-encoding: br
X-Firefox-Spdy: h2

accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmediafiretrend.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__

173.194.221.84

200 OK

566 B

URL GET HTTP/2
accounts.google.com/o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmediafiretrend.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__
IP
173.194.221.84:443
ASN
#15169 GOOGLE

Requested by
https://mediafiretrend.com/f/263427464/sonic_lost_world_fangame_demo_2_yesmen10.html
Certificate
IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint9A:72:A8:C3:56:5C:93:B4:72:C7:5B:1B:60:BB:0F:3E:1E:C4:1B:67
ValidityTue, 16 Apr 2024 04:20:36 GMT - Tue, 09 Jul 2024 04:20:35 GMT

File type
HTML document, ASCII text, with very long lines (586), with no line terminators
Size
566 B (566 bytes)
Hash
1de424429e0860a892567add3b1d8071
e888d2cc9b2e75eac242171fa166f4c6ed8261b0
b433a76eb165c2e051001bdb91b4e8389776defb12e13cbad8a6790e7c6fca2d

HTTP Headers

GET /o/oauth2/postmessageRelay?parent=https%3A%2F%2Fmediafiretrend.com&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.lb.en.JisoxTPHVRs.O%2Fam%3DAAAC%2Fd%3D1%2Frs%3DAHpOoo9VOmUKkb8FAwL65OiDUU4etqWcRg%2Fm%3D__features__ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://mediafiretrend.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Thu, 02 May 2024 22:34:06 GMT
content-security-policy: script-src 'nonce-QK1S_EOeP1ygCLI9oBoT-Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport, require-trusted-types-for 'script';report-uri /o/cspreport
cross-origin-resource-policy: same-site
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML