GET mediaget.com/ld/get_installer.php?r=rg-mechanics.top&bbl=1&f=The+Ranch+of+Rivershine&u=https://thelastgame.org/index.php?do=download&bbls_client_id=1626723983&bbl_clk_id=185829-1750272694&use_f=1
302 Found 4.8 MB URL User Request GET mediaget.com/ld/get_installer.php?r=rg-mechanics.top&bbl=1&f=The+Ranch+of+Rivershine&u=https://thelastgame.org/index.php?do=download&bbls_client_id=1626723983&bbl_clk_id=185829-1750272694&use_f=1
IP
ASN #12876 Scaleway S.a.s.
Certificate IssuerLet's Encrypt
Subject*.mg-prod.mediaget.com
Fingerprint56:33:6A:56:AA:A8:98:0C:6B:36:4A:B0:81:D8:D9:81:92:8A:57:30
ValidityFri, 13 Jun 2025 09:38:12 GMT - Thu, 11 Sep 2025 09:38:11 GMT
Size 4.8 MB (4833056 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ld/get_installer.php?r=rg-mechanics.top&bbl=1&f=The+Ranch+of+Rivershine&u=https://thelastgame.org/index.php?do=download&bbls_client_id=1626723983&bbl_clk_id=185829-1750272694&use_f=1 HTTP/1.1
Host: mediaget.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
alt-svc: h3=":8443"; ma=2592000
content-type: text/html; charset=UTF-8
date: Wed, 18 Jun 2025 18:52:05 GMT
location: https://mediaget.com/installer/mediaget_installer_490.exe?filename=the-ranch-of-rivershine_id150288ids1s.exe
server: nginx/1.14.1
set-cookie: cookie=2b2acf38dc29d78c; Path=/; HttpOnly; Secure; SameSite=None
notuniq=1; expires=Thu, 19-Jun-2025 18:52:05 GMT; Max-Age=86400
X-Firefox-Spdy: h2
GET mediaget.com/installer/mediaget_installer_490.exe?filename=the-ranch-of-rivershine_id150288ids1s.exe
200 OK 4.8 MB URL User Request GET mediaget.com/installer/mediaget_installer_490.exe?filename=the-ranch-of-rivershine_id150288ids1s.exe
IP
ASN #12876 Scaleway S.a.s.
Certificate IssuerLet's Encrypt
Subject*.mg-prod.mediaget.com
Fingerprint56:33:6A:56:AA:A8:98:0C:6B:36:4A:B0:81:D8:D9:81:92:8A:57:30
ValidityFri, 13 Jun 2025 09:38:12 GMT - Thu, 11 Sep 2025 09:38:11 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
Size 4.8 MB (4833056 bytes)
Hash a9d291b7640244fa347acdde042b0141
978875a000557ae9f592b07d3496cf0932c0af80
c729612b7b9ca8b1efa0a014dcc55bcb15228398907ca9746bfe6be9aa0f1acc
Analyzer Verdict Alert YARAhub by abuse.ch malware win_amadey_bytecodes_oct_2023
VirusTotal malicious
GET /installer/mediaget_installer_490.exe?filename=the-ranch-of-rivershine_id150288ids1s.exe HTTP/1.1
Host: mediaget.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cookie=2b2acf38dc29d78c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
alt-svc: h3=":8443"; ma=2592000
content-disposition: attachment; filename="the-ranch-of-rivershine_id150288ids1s.exe"
content-type: application/x-msdownload
date: Wed, 18 Jun 2025 18:52:05 GMT
etag: "a9d291b7640244fa347acdde042b0141"
last-modified: Wed, 11 Dec 2024 16:08:45 GMT
server: nginx/1.27.4
set-cookie: cookie=cde35a1c7f424217; Path=/; HttpOnly; Secure; SameSite=None
x-amz-request-id: tx00000ad2d2510a906e717-0067f14a8d-15465e5de-default
x-amz-storage-class: STANDARD
x-rgw-object-type: Normal
content-length: 4833056
X-Firefox-Spdy: h2
51.158.227.48