Report - m.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip

Report Overview

Visited public
2025-04-08 08:49:14
Tags
URL
m.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip
Finishing URL
about:privatebrowsing
IP / ASN
151.101.3.52
#54113 FASTLY
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
static.emuparadise.me	unknown	2011-06-15	2012-12-22	2025-03-31	447 B	7.9 MB	111.90.159.152
mprd.se	unknown	2016-01-12	2017-02-01	2025-03-31	523 B	7.9 MB	199.101.98.243
m.emuparadise.me	532979	2011-06-15	2017-02-01	2025-03-26	526 B	7.9 MB	151.101.195.52
www.emuparadise.me	353979	2011-06-15	2012-05-25	2025-04-03	1.1 kB	16 MB	151.101.195.52

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
mprd.se/media/emulators/files/mednafen-1.21.2-win64.zip
IP
199.101.98.243
ASN
#46261 QUICKPACKET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
7.9 MB (7868058 bytes)
Hash
8cb39b893038f28e1ccf3944b0cf83db
37fa12cab2759bbd8f372c2f44b5c23fed216921
e4a1765fe9ee994fe3041772b698e4a26e3021e17ce981fc6179e9de61ecbc19

Archive (47)

Filename

Md5

File type

COPYING

6e233eda45c807aa29aeaa6d94bc48a2

ASCII text

ChangeLog

93e3725918cdf598ac215499743490e2

ASCII text

bwolf0.png

79f1508d5918a085fb27e4b61775acdb

PNG image data, 280 x 240, 8-bit colormap, non-interlaced

bwolf1.png

6ed53fed84fb90d0d98bf539af1b2d03

PNG image data, 280 x 240, 8-bit colormap, non-interlaced

cdplay.html

941663415c79279aedfaf048b54bb60e

HTML document, ASCII text, with very long lines (1770)

cheat.html

7d6abdb735f3d53811cb3ca4605ecab9

ASCII text

cheats.txt

3e79ed9e780a09bcdbaff52dbf2e4158

ASCII text

debugger.html

586d3f6c623a83ee883949ecee3d829c

HTML document, ASCII text

fname_format.txt

8b173d7b09dc8619921d35f21dc91aa1

ASCII text

gb.html

a83acd960b3b576cc0214230912d3764

HTML document, ASCII text, with very long lines (1762)

gba.html

0adb66bcb2ae602cb0dd080a6b730e9c

HTML document, ASCII text, with very long lines (1764)

gg.html

eba80d3e1be95d511a7f2b6ddd7e1197

HTML document, ASCII text, with very long lines (1762)

headerbg.png

6eb078069a71c657c13a36fd88054b8d

PNG image data, 8 x 42, 8-bit/color RGB, non-interlaced

lynx.html

60ccdbba686158104a4a3f6fffa9b4e8

HTML document, ASCII text, with very long lines (1766)

md.html

7bec576827b497dde7099c9222b5061f

HTML document, ASCII text, with very long lines (1762)

mednafen.css

3d1f49c7fce02e7171a8a4adeac626f0

ASCII text

mednafen.html

db1b3609bb40e2cbc767064dc36668dd

HTML document, Unicode text, UTF-8 text, with very long lines (6500)

mednafen.png

694bebf575d4c08936abc18bdbc43dfe

PNG image data, 696 x 204, 8-bit/color RGB, non-interlaced

nes.html

1d72b7d1e9433c9969f36c308341ad3c

HTML document, ASCII text, with very long lines (1764)

netplay.html

ccd1c34d7901719a371705e7763c70a4

HTML document, Unicode text, UTF-8 text, with very long lines (407)

ngp.html

692570a986a78676797b299502fe9f50

HTML document, ASCII text, with very long lines (1764)

pce.html

01769f05e4e58bbc945c2bf954edaa9d

HTML document, ASCII text, with very long lines (1764)

pce_fast.html

5e119dc16f252f144e5466f8c8d9ed03

HTML document, ASCII text, with very long lines (1774)

pcfx.html

383192e5f1990b0810abbdb4d19c7ab9

HTML document, ASCII text, with very long lines (1766)

psx.html

3b9e7b83e020083d69d1fbf1f90d31bd

HTML document, Unicode text, UTF-8 text, with very long lines (1942)

sapphire0.png

4d0d6f9e8b9c5c8f2c7fd99b68356838

PNG image data, 280 x 240, 8-bit colormap, non-interlaced

sapphire1.png

6c639c2be9222d991ea41a19b2a3921e

PNG image data, 280 x 240, 8-bit colormap, non-interlaced

sms.html

b628a888a4c169da348da5ab3ffc4fb2

HTML document, ASCII text, with very long lines (1764)

snes.html

40edbcd799bed10f2d494001fba8ef63

HTML document, ASCII text, with very long lines (1766)

snes_faust.html

88b44812fd4aeab095187bddf64fed71

HTML document, ASCII text, with very long lines (1778)

ss.html

dd37c8296cdaf75afb1c89368338d3fa

HTML document, Unicode text, UTF-8 text, with very long lines (1762)

ssfplay.html

f04e391886641e2278563971efd8e6e5

HTML document, ASCII text, with very long lines (1772)

vb.html

bac3a3201a3fbc7128894896906a7a3f

HTML document, ASCII text, with very long lines (1762)

wswan.html

7c911bbcd875a78399c917c7bb142f2a

HTML document, ASCII text, with very long lines (1768)

SDL2.dll

4ae407a72538922feb368f1c8a2cc095

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections

mednafen.mo

7ab0c037dd3eceed6da61ecf9ec8b7bc

GNU message catalog (little endian), revision 0.0, 231 messages, Project-Id-Version: mednafen ' Für Options-Parameter und Verwendung bitte in der Dokumentation nachsehen.'

libFLAC-8.dll

fdd7c0935fb6583875498aea29427a57

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

libcharset-1.dll

a4f775b7b6bc2827190dae976f0922af

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

libgcc_s_seh-1.dll

8e71f95a979bffed927fa3505006c0a6

PE32+ executable (DLL) (console) x86-64, for MS Windows, 19 sections

libiconv-2.dll

aaa4d88320ffca6b82a55cc9a5a7df38

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

libogg-0.dll

58f19c628fe5074bd180382c4fe8adaf

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

libsndfile-1.dll

8a74395637348620f105f2e8a4787c74

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections

libstdc++-6.dll

7e005e54d487239b981a592b5c6fef2b

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

libvorbis-0.dll

abae309269bd278dc7d9fcfb05725cce

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

libvorbisenc-2.dll

27f89d5d06b04b87ec0ee43f07f688bb

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 9 sections

mednafen.exe

c06aeaeec52a3052c48d0f4dfb093ab5

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 10 sections

mednafen.mo

aa6d6e455174fe3a215c640895391de3

GNU message catalog (little endian), revision 0.0, 237 messages, Project-Id-Version: mednafen ' Сверьтесь с документацией по настройке и использованию эмулятора.'

Detections

Analyzer	Verdict	Alert
CAPEv2 YARA detection rules	malware	Emotet Payload
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (5)

	URL	IP	Response	Size
	static.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip	111.90.159.152	301 Moved Permanently	7.9 MB
URL User Request GET static.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip IP 111.90.159.152:80 ASN #45839 Shinjiru Technology Sdn Bhd File type Size 7.9 MB (7868058 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /emulators/files/mednafen-1.21.2-win64.zip HTTP/1.1 Host: static.emuparadise.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 301 Moved Permanently Server: nginx/1.12.0 Date: Tue, 08 Apr 2025 08:48:49 GMT Content-Type: text/html Content-Length: 185 Connection: keep-alive Location: https://mprd.se/media/emulators/files/mednafen-1.21.2-win64.zip`

	mprd.se/media/emulators/files/mednafen-1.21.2-win64.zip	199.101.98.243	200 OK	7.9 MB
URL User Request GET mprd.se/media/emulators/files/mednafen-1.21.2-win64.zip IP 199.101.98.243:443 ASN #46261 QUICKPACKET Certificate IssuerLet's Encrypt Subjectmprd.se Fingerprint8A:0E:DD:77:75:64:2A:B3:37:F1:3F:AF:86:A3:63:9F:72:BF:D7:71 ValidityMon, 24 Feb 2025 09:25:03 GMT - Sun, 25 May 2025 09:25:02 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 7.9 MB (7868058 bytes) Hash 8cb39b893038f28e1ccf3944b0cf83db 37fa12cab2759bbd8f372c2f44b5c23fed216921 e4a1765fe9ee994fe3041772b698e4a26e3021e17ce981fc6179e9de61ecbc19 HTTP Headers GET /media/emulators/files/mednafen-1.21.2-win64.zip HTTP/1.1 Host: mprd.se User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Server: nginx/1.10.1 Date: Tue, 08 Apr 2025 08:48:49 GMT Content-Type: application/zip Content-Length: 7868058 Last-Modified: Tue, 03 Apr 2018 17:54:31 GMT Connection: keep-alive ETag: "5ac3bfd7-780e9a" Expires: Wed, 09 Apr 2025 08:48:49 GMT Cache-Control: max-age=86400 Accept-Ranges: bytes`

	m.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip	151.101.195.52	301 Moved Permanently	7.9 MB
URL User Request GET m.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip IP 151.101.195.52:443 ASN #54113 FASTLY Certificate IssuerCertainly Subjectwww.emuparadise.me Fingerprint71:35:EE:AB:23:0F:70:EE:4A:9A:5A:A9:7C:64:B1:65:82:91:AF:12 ValidityThu, 20 Mar 2025 00:03:08 GMT - Sat, 19 Apr 2025 00:03:07 GMT File type Size 7.9 MB (7868058 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /emulators/files/mednafen-1.21.2-win64.zip HTTP/1.1 Host: m.emuparadise.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 301 Moved Permanently server: nginx/1.12.0 content-type: text/html location: https://www.emuparadise.me/redirect/desktop/emulators/files/mednafen-1.21.2-win64.zip cache-control: private, no-cache, no-store, proxy-revalidate, no-transform accept-ranges: bytes via: 1.1 varnish, 1.1 varnish date: Tue, 08 Apr 2025 08:48:48 GMT x-served-by: cache-qpg120101-QPG, cache-hel1410033-HEL x-cache: MISS, MISS x-cache-hits: 0, 0 x-timer: S1744102128.047021,VS0,VE225 strict-transport-security: max-age=31557600 content-length: 185 X-Firefox-Spdy: h2

	www.emuparadise.me/redirect/desktop/emulators/files/mednafen-1.21.2-win64.zip	151.101.195.52	301 Moved Permanently	7.9 MB
URL User Request GET www.emuparadise.me/redirect/desktop/emulators/files/mednafen-1.21.2-win64.zip IP 151.101.195.52:443 ASN #54113 FASTLY Certificate IssuerCertainly Subjectwww.emuparadise.me Fingerprint71:35:EE:AB:23:0F:70:EE:4A:9A:5A:A9:7C:64:B1:65:82:91:AF:12 ValidityThu, 20 Mar 2025 00:03:08 GMT - Sat, 19 Apr 2025 00:03:07 GMT File type Size 7.9 MB (7868058 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /redirect/desktop/emulators/files/mednafen-1.21.2-win64.zip HTTP/1.1 Host: www.emuparadise.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 301 Moved Permanently server: nginx/1.12.0 content-type: text/html location: https://www.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip cache-control: private, no-cache, no-store, proxy-revalidate, no-transform accept-ranges: bytes via: 1.1 varnish, 1.1 varnish date: Tue, 08 Apr 2025 08:48:48 GMT x-served-by: cache-qpg120087-QPG, cache-hel1410033-HEL x-cache: MISS, MISS x-cache-hits: 0, 0 x-timer: S1744102128.338645,VS0,VE225 strict-transport-security: max-age=31557600 content-length: 185 X-Firefox-Spdy: h2

	www.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip	151.101.195.52	301 Moved Permanently	7.9 MB
URL User Request GET www.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip IP 151.101.195.52:443 ASN #54113 FASTLY Certificate IssuerCertainly Subjectwww.emuparadise.me Fingerprint71:35:EE:AB:23:0F:70:EE:4A:9A:5A:A9:7C:64:B1:65:82:91:AF:12 ValidityThu, 20 Mar 2025 00:03:08 GMT - Sat, 19 Apr 2025 00:03:07 GMT File type Size 7.9 MB (7868058 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /emulators/files/mednafen-1.21.2-win64.zip HTTP/1.1 Host: www.emuparadise.me User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/2 301 Moved Permanently server: nginx/1.12.0 content-type: text/html location: http://static.emuparadise.me/emulators/files/mednafen-1.21.2-win64.zip via: 1.1 varnish, 1.1 varnish accept-ranges: bytes age: 0 date: Tue, 08 Apr 2025 08:48:48 GMT x-served-by: cache-qpg120086-QPG, cache-hel1410033-HEL x-cache: HIT, MISS x-cache-hits: 3, 0 x-timer: S1744102129.586204,VS0,VE211 strict-transport-security: max-age=31557600 content-length: 185 X-Firefox-Spdy: h2`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (47)

Detections

JavaScript (0)

HTTP Transactions (5)

URL User Request GET

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers