status.thawte.com/
192.229.221.95 471 B IP 192.229.221.95:0
Hash f14f9489451c3d910b6d45dd35e0d020
9bf8192f8efa5a50eb63162a851ec47cb7a91770
01c40c7d3361bc42a3ca05aaec66b6b92386407bad8c43274ee4b4c54b903a17
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1805
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Sat, 09 Dec 2023 01:25:16 GMT
Last-Modified: Sat, 09 Dec 2023 00:55:11 GMT
Server: ECAcc (ska/F757)
X-Cache: HIT
Content-Length: 471
download.wildgames.com/WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe
209.67.99.47302 Found 218 B URL User Request GET HTTP/1.1 download.wildgames.com/WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe
IP 209.67.99.47:443
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
Certificate IssuerDigiCert Inc
Subject*.wildgames.com
FingerprintBA:84:6E:6B:39:30:D3:DD:01:EA:26:13:C1:65:AA:6A:F1:E8:26:54
ValidityTue, 26 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4513309e961cf033ff9c59ad891a75f7
f7590e819c4453926bb5392445d3ff3c93d9a9e0
e0a5a06b8c0e801eb5e481c2d5436cfe5b3838d7dd8fee64efa2c99c279a33a3
GET /WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe HTTP/1.1
Host: download.wildgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Location: https://stackpathdownload.wildgames.com/WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 09 Dec 2023 01:25:16 GMT
Connection: close
Content-Length: 218
download.wildgames.com/
209.67.99.47 165 B IP 209.67.99.47:0
ASN #3561 CENTURYLINK-LEGACY-SAVVIS
Certificate IssuerDigiCert Inc
Subject*.wildgames.com
FingerprintBA:84:6E:6B:39:30:D3:DD:01:EA:26:13:C1:65:AA:6A:F1:E8:26:54
ValidityTue, 26 Sep 2023 00:00:00 GMT - Sun, 29 Sep 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 818f188d26c0e8af9da6a83af3d3b260
fa3d35ab5f4331b58525fabc144441cf48776fea
25536e0297e4f83d7da20495505ff2ba52b89f16fc67ba93cbe1c3cba1ccad37
GET / HTTP/1.1
Host: download.wildgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Location: http://stackpathdownload.wildgames.com/index.htm
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 09 Dec 2023 01:25:18 GMT
Connection: close
Content-Length: 165
stackpathdownload.wildgames.com/index.htm
23.36.76.209 0 B URL stackpathdownload.wildgames.com/index.htm
IP 23.36.76.209:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /index.htm HTTP/1.1
Host: stackpathdownload.wildgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://stackpathdownload.wildgames.com/index.htm
Cache-Control: max-age=0
Date: Sat, 09 Dec 2023 01:25:18 GMT
Connection: keep-alive
stackpathdownload.wildgames.com/WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe
23.36.76.128200 OK 899 kB URL User Request GET HTTP/2 stackpathdownload.wildgames.com/WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe
IP 23.36.76.128:443
ASN #20940 Akamai International B.V.
Certificate IssuerLet's Encrypt
Subjectstackpathdownload.wildgames.com
Fingerprint92:E9:EA:B7:06:08:96:0F:52:D2:25:65:50:A0:BF:3D:B6:B6:A9:E8
ValidityWed, 08 Nov 2023 13:23:14 GMT - Tue, 06 Feb 2024 13:23:13 GMT
File type PE32 executable (GUI) Intel 80386, for MS Windows\012- data
Size 899 kB (899384 bytes)
Hash 599e5efc94c7cc20bc4f04b79664d976
7623763539296b8bc2993803d8824377a11ee257
087fcda9bf4256c62bdf63503b07d9cc2d8761206d48905737d4a52e7fe087e6
Analyzer Verdict Alert YARAhub by abuse.ch malware files - file ~tmp01925d3f.exe
GET /WildTangentDownloader/darkromanceromeoandjuliet-hpcnb3c17.exe HTTP/1.1
Host: stackpathdownload.wildgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/octet-stream
last-modified: Tue, 14 Feb 2023 22:04:46 GMT
etag: "DBKOF1QGBLWKWTYXKOQEWG"
content-disposition: attachment; filename=darkromanceromeoandjuliet-hpcnb3c17.exe
content-length: 899384
cache-control: private, max-age=0
date: Sat, 09 Dec 2023 01:25:18 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
stackpathdownload.wildgames.com/index.htm
23.36.76.209 313 B URL stackpathdownload.wildgames.com/index.htm
IP 23.36.76.209:0
ASN #20940 Akamai International B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash 0d59835b5611aa767a6a38308936da98
8ae4031e0937b222c082ae76714b0745fe381685
15932b7f009e2a3cf14c890b1ad46409d7937df7ff5c3c4624395003a823cd05
GET /index.htm HTTP/1.1
Host: stackpathdownload.wildgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html
last-modified: Mon, 16 Apr 2018 21:46:52 GMT
etag: "FYKZO9YGZB08FBNEUSXLFW"
content-length: 313
cache-control: private, max-age=0
date: Sat, 09 Dec 2023 01:25:20 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2