premiumprizeplace.com/pt/tar/sur6box-750/62/
104.26.2.153301 Moved Permanently 446 B URL User Request GET HTTP/1.1 premiumprizeplace.com/pt/tar/sur6box-750/62/
IP 104.26.2.153:80
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 1e191802eeca9639ed81d36475d50292
42d872d4697dd54ea40208b80e4870d30c65857c
c9d648d313077fc7ebbd511630437d24f1a7ee6ef273a6289e7abf5b9c9a4087
Analyzer Verdict Alert fortinet Malware
GET /pt/tar/sur6box-750/62/ HTTP/1.1
Host: premiumprizeplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Date: Fri, 14 Apr 2023 12:31:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: http://premiumprizeplace.com/pt/tar/sur6box-750/62
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DsSM2QWEO5Ey3YjizAf0jed6IAFbjqXy%2BR%2FnXuDleTFr5ENdYiUNbcPSAx086cYyRQgjuhMq3rBfgjRiM6EWMYKsNk0hueLb%2FfIzs6bJVG%2FIitVkdsWUN%2B8nbUounEXEtt34qpWOlg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b7bf74cdc9e0b45-OSL
alt-svc: h2=":443"; ma=60
premiumprizeplace.com/pt/tar/sur6box-750/62
104.26.2.153302 Found 0 B URL User Request GET HTTP/1.1 premiumprizeplace.com/pt/tar/sur6box-750/62
IP 104.26.2.153:80
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /pt/tar/sur6box-750/62 HTTP/1.1
Host: premiumprizeplace.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 14 Apr 2023 12:31:29 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UITp%2Bpf6LJNTTT4rC2e3CUtiUtWL3ZNxJa42W1G1iG4uw8d0Q56GpUvONzcQUgQ57DS%2ByRibq%2B0nz%2FqsgSTcdiuR%2BR5lx53TTm0V%2BxkDPBYpMyqDnLaQ87TExWkgj0cx5S46b0o55Q%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b7bf74f69850b45-OSL
alt-svc: h2=":443"; ma=60
cdn.wildfungames.com/land/rou/img/spin_Roulette00.png
104.26.5.134200 OK 13 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/img/spin_Roulette00.png
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type PNG image data, 170 x 190, 8-bit/color RGBA, non-interlaced\012- data
Hash 834a8095777aee926381dd13a5a8b3ab
c0f06099eea950232f33e02355d84dda44a6e35e
589d62b11a4171fb3a9b7c97b6963447601e36f8c2dcb36370dce75f5bd9687e
GET /land/rou/img/spin_Roulette00.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: image/png
content-length: 12991
etag: "834a8095777aee926381dd13a5a8b3ab"
last-modified: Fri, 27 Jan 2023 19:45:39 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3144
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ff0%2BNRg%2FTQ9UPSnMbNKPlroQWIU1QkxgAQpMnAX%2FqG1YwYHpCP4PfxomyFFFR0b3uUzJat0NLOUFzaSmb0S9w%2BS1A6lzlsLtfNhzRPYWTYUyxRNyQG9ap1G8gAZYGxorb66eXsXr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570cebb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.wildfungames.com/land/rou/img/spin_Roulette01.png
104.26.5.134200 OK 43 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/img/spin_Roulette01.png
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type PNG image data, 540 x 540, 8-bit colormap, non-interlaced\012- data
Hash 6e422805365b1b64d8da6b0d29ae8c69
37d523943fb63f409cd9a6da32fb5d7663a692da
a0c05360734297aae902dc48ed95cd7d3d3f818897f111c54aae6f042428b665
GET /land/rou/img/spin_Roulette01.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: image/png
content-length: 43403
etag: "6e422805365b1b64d8da6b0d29ae8c69"
last-modified: Fri, 27 Jan 2023 12:51:52 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3144
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ykZUPnfOjyizDOae0YdciobVpPJTwbG91qOy1gxZyE3W6V4wAPmWyCxDrFMIigqTlzxBkS%2BMJS5OO0fC3iQ9GYXJNkLeDmf1bQuWwhiByGdzGVaVCzi6UO4NtDxml4teYRhHkNX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570cecb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.wildfungames.com/land/rou/img/spin_Roulette03.png
104.26.5.134200 OK 1.3 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/img/spin_Roulette03.png
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type PNG image data, 269 x 138, 8-bit/color RGBA, non-interlaced\012- data
Hash 5e45d498bdb0b010e058b92e5d5097ac
8a1b41ef4c12fc85b4e4c7d28e3fcf48774054f7
9e860a039b138a3e94b704ff4aae7896c678d88d3c5e1ab2d08e3af5ceecdee6
GET /land/rou/img/spin_Roulette03.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: image/png
content-length: 1316
etag: "5e45d498bdb0b010e058b92e5d5097ac"
last-modified: Fri, 27 Jan 2023 12:51:53 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3144
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ta4t1olRD5UAiyOVM5htWH%2F4%2F%2Fz9ThPY5ibnpQsME1ziocw9ywda0vo%2Fe2Jso761q%2Fq1Pv6eh2hF%2B8VrSeAhVxd7NHftRvpqm6YR2f6KOP23TOUjvyLifMTjVpdOqfRta5%2BgweAo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570ceab4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
code.jquery.com/jquery-3.6.0.min.js
69.16.175.42200 OK 31 kB URL GET HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP 69.16.175.42:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83
ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash 899f0189aaf034bbba5340f724d91dfa
210ea9de03968edb9d839ba4a0ce2d48666a8ab8
949b6597c5ea907a7ef3c8ca6d5ffc73be2352f9df485b78704e5c4dabac5d0f
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-encoding: gzip
content-length: 30875
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d9d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1681475490.dop211.sk1.t,1681475490.cds218.sk1.hn,1681475490.cds210.sk1.c
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/img/spin_bg_desk.png
104.26.5.134200 OK 110 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/img/spin_bg_desk.png
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type PNG image data, 870 x 650, 8-bit colormap, non-interlaced\012- data
Size 110 kB (110359 bytes)
Hash eafcb5a49ddbee590cfe266b1b0c8820
254de127e096c137b1a8c8e62cf3c96b7c6492e5
da07ed253e14bcf56880e11d0eddb2276a7da9b4f679d49fb17976b97b81172b
GET /land/rou/img/spin_bg_desk.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: image/png
content-length: 110359
etag: "eafcb5a49ddbee590cfe266b1b0c8820"
last-modified: Fri, 27 Jan 2023 14:03:36 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3144
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QNYQELgoVaNRotKtqpsOR7E0X5gNDWpnjxdSMgplqIwIJriDZwed87T0menSF2cnU1vqN%2BhW9zwM%2F5HQiVkUt4V0WbH0ksvb68AQpKF0FtUxOw4jzvNZ7ynj5HtjeCvxctAAEhhD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7584ff3b4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.wildfungames.com/land/rou/img/spin_Roulette02.png
104.26.5.134200 OK 35 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/img/spin_Roulette02.png
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type PNG image data, 434 x 434, 8-bit colormap, non-interlaced\012- data
Hash 320aa52aa7ccfde051920d20967e0baa
7a6dc94d3aa311664e94d1259322f081b2f074f7
673f4069c0d4e4e256cd84e482cfc0e60fa76547aa6f62578b3f47c60299d4c1
GET /land/rou/img/spin_Roulette02.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: image/png
content-length: 35051
etag: "320aa52aa7ccfde051920d20967e0baa"
last-modified: Fri, 27 Jan 2023 19:45:41 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3144
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RP38Y2XYUCX46UnJHtSYswoKVvtFO50%2FRkC4DuBp7%2FlwygXXyDCyeADXV1A9K391yqHUVRpTlzoGgQpXHN%2B%2BHnQGTftpldjBd73ygrml%2FpwNrS%2Bb6GTC3YRK0mGCSef27U8FNkR3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf758885cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.wildfungames.com/land/rou/css/default.min.css?v=1
104.26.5.134200 OK 16 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/css/default.min.css?v=1
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type ASCII text, with very long lines (4431), with no line terminators
Hash bdac91f11191c43711fea30f9a4bbce0
8fddbcebea84b31c11e78fff5f948464eb6ef9fd
c8d17ea632e4cb6b44d4d87987154992c6ce744a144e0e93782c969c1b1fdcb9
Analyzer Verdict Alert fortinet Malware
GET /land/rou/css/default.min.css?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: text/css
etag: W/"c87a79b32fd06185ea1eabe4af153677"
last-modified: Fri, 27 Jan 2023 20:13:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3144
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbJbrMewbwZpZi1lbmFKhOjnZss7r%2BGGabq4fSB9Pm2A4%2F0s8Y5KixFRfVnyI8NPkUkT66U5i8vmZikfMS9E4jnPtAnC1wefd3tGzLit17%2Fi0Jt7LdoUtKoUEzTD6PIPKNcN%2B7Pk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570ce8b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
104.26.5.134200 OK 4.2 kB URL User Request GET HTTP/2 wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
IP 104.26.5.134:443
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4418), with no line terminators
Hash c39b54aa82a37ca5ec8fdda0d05858d6
8eee490c9a25a4df069d07701295a9ba355ffcf7
e0a3b2088294535f03d8f08595a98b3a31ac074c64e3683be9a86b89c6a1ba1b
GET /land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8 HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YQ6qCk0p2dhoJUEDsjmNASxHo%2BqHGCbyZG2pxuZryTbsfxY8Eek2zZ9DSug98d0My1IOP4QDRkGce8TJQX8bnq3QTRPEOs3ef4djjGtib2hY4NCuJvfURvHWvtNI3YEIMKI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf751eb070b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
104.16.87.20200 OK 161 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 104.16.87.20:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5C:61:30:2F:8C:51:BF:3D:79:B5:3A:04:9A:91:F0:1C:D9:78:87:40
ValidityThu, 02 Jun 2022 00:00:00 GMT - Thu, 01 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (65326)
Size 161 kB (161409 bytes)
Hash d432e4222814b62dd30c9513dcc29440
2cac4afc120983921411296bd4e8fd8a94ba237e
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
x-served-by: cache-fra-eddf8230111-FRA, cache-yyz4545-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 4420637
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQIkVaNG2RseUvUyMEBPvtcjLPfA9o90xJMX4Of7qdO5Z0Ev0FyzovZtZXfGXd1TkuDxkNZeSe8ZrmnOh8hKpW6FRt%2BPuflZxoxjlahkrYPSx4WVzMNEWw3V4AtE1Ktg2S4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf756fa5db4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/js2/propeller.min.js?v=1
104.26.5.134200 OK 11 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/js2/propeller.min.js?v=1
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type ASCII text, with very long lines (11334), with no line terminators
Hash 20ff2d103a051f36069225e9bb9c87c0
eda19b305872d407fc62cb8d469d7a29b8b7b857
74c66b1c99c8c71ceb2bee5c74748060d22a2998389e7b4dd1080796252c0131
GET /land/rou/js2/propeller.min.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript
etag: W/"20ff2d103a051f36069225e9bb9c87c0"
last-modified: Fri, 27 Jan 2023 19:45:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cE6bHznPeorb5ZcRiX%2B1hAZAp730A5hlHl39aJYae5KDE0ExbcnDggMK53hK1%2BrQrFYLexYZKvV9IMJe8KCzBzabY3CRTVufA49bexr4tIIVBKA95tyB52JnFrV6N%2FXbhya3r6Lr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570ce3b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
104.16.87.20200 OK 84 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP 104.16.87.20:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint5C:61:30:2F:8C:51:BF:3D:79:B5:3A:04:9A:91:F0:1C:D9:78:87:40
ValidityThu, 02 Jun 2022 00:00:00 GMT - Thu, 01 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (65299)
Hash f81d0a1705048649befc8b595e455a94
aec551e4d573463088fca7d14fb644eb389f1839
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
x-served-by: cache-fra-eddf8230133-FRA, cache-yyz4552-YYZ
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 4420653
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hdhe%2FUUV%2FjlxcsE%2Bsa4efPU06B7rqqVaz3ZE%2Bw7i58%2BGVsFQ2DFSVqtFwMNDS4bK7UpGKWmw4PdMtAIX%2FHOo6gBU7oE79EiDRSBIT2MYdQuGuZ7%2F5OFGfsjKhhEGB526g4g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf756fa6bb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1
104.26.5.134200 OK 3.7 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type ASCII text, with very long lines (3786), with no line terminators
Hash 8d6a9c61aa9517fef0c16a9cf5255196
85ea3d266321d3b0cca5ff48230c2c21754f063b
9a9710b587a45328a4f52e43be673c612bad889923e771d1b7fca462ead0dd87
Analyzer Verdict Alert fortinet Malware
GET /land/rou/js2/winwheel_game.min.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript
etag: W/"93ae375d5794d7efc5759847e616b870"
last-modified: Fri, 27 Jan 2023 19:45:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d5aY6qwE8M87SC70vBHYeutOkWVjm8%2BnE4YbBW86DJROPYxA0ghXxYQSsw8wDmJIgwJGgtuM49YmPl1ng%2F%2F4LHsuNDiSncJlX2Unt3rDRyKI7XRMQuv1xuEJ33UP3VmgSYJA3aan"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570ce7b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.wildfungames.com/land/rou/js2/default1.js?v=1.3
104.26.5.134200 OK 2.4 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/js2/default1.js?v=1.3
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type ASCII text, with very long lines (2492), with no line terminators
Hash a01714197378fab470827fdf04d181e4
e50f54749d417d645d7c2122cb3a543ee44c564b
73015b447bd17371ec1de15eb0eeb614baa5e8c21a5a956c346e2baf63ea6911
Analyzer Verdict Alert fortinet Malware
GET /land/rou/js2/default1.js?v=1.3 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript
etag: W/"cb6fb41521eaa67073568b2a55d1f30b"
last-modified: Fri, 03 Mar 2023 09:09:59 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dz4DPoG%2BbZMdqwkYK%2B3Xn%2FNax6LiQcIklRPJVkBckDwjuJO4TsFbQIXb10iVFgeVBBRNT4I1E3c2h8z9iPk5kqYeKu6y9vXEOkkiP0FNkpC2SlG5%2B5xq145YaUkbOarBChDXeqvx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570ce0b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.wildfungames.com/land/rou/js2/confetti.js?v=1.3
104.26.5.134200 OK 6.6 kB URL GET HTTP/3 cdn.wildfungames.com/land/rou/js2/confetti.js?v=1.3
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type ASCII text, with very long lines (6823), with no line terminators
Hash 8cac0113d09ced7378e4b55c2fde937d
a8930a48dbe171c4f5663334db8e5bc0cdf9ab94
c06ce8cb35e8f53cac328cb235ed42f2c7448d2bc48f9aba461e0a9f21fe4c5f
Analyzer Verdict Alert fortinet Malware
GET /land/rou/js2/confetti.js?v=1.3 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript
etag: W/"594e7bd784c66babe7dd35e2cf498f14"
last-modified: Fri, 27 Jan 2023 19:45:44 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6865
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gx50cR2xS2CdvY33swqqwUphCXHsBgiLZerpBsjDw3k1WMt%2BKqVlAcAb9UhV7yfWt%2BJ5pqpMoFASPPUGVGhZpkrQYGpZURFywKrUcvTz%2B3uvshvKmi1LlaHcQ4HkkHTmgI%2FuEV5%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf7570ce6b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
redrotou.net/pfe/current/micro.tag.min.js?z=5759760&sw=/sw-check-permissions-93246.js
139.45.197.251200 OK 42 kB URL GET HTTP/2 redrotou.net/pfe/current/micro.tag.min.js?z=5759760&sw=/sw-check-permissions-93246.js
IP 139.45.197.251:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subjectredrotou.net
Fingerprint82:26:70:97:A6:64:2B:0D:51:75:05:03:52:AE:BE:EB:6C:F4:95:D6
ValidityThu, 02 Mar 2023 05:25:16 GMT - Wed, 31 May 2023 05:25:15 GMT
File type C source, ASCII text, with very long lines (41570), with no line terminators
Hash 08eff11e46939f109205f27499b237fd
0f70e5c907c6957849c1daa7714a8a22dd9f8d13
9562b1886ca40797f649f8be6801a246ab2ce45d019e40906b8188171c87e4fb
GET /pfe/current/micro.tag.min.js?z=5759760&sw=/sw-check-permissions-93246.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript
last-modified: Fri, 14 Apr 2023 07:44:36 GMT
etag: W/"64390464-a262"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
redrotou.net/zone?&pub=0&zone_id=5759760&is_mobile=false&domain=wildfungames.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest
139.45.197.251200 OK 0 B URL POST HTTP/2 redrotou.net/zone?&pub=0&zone_id=5759760&is_mobile=false&domain=wildfungames.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest
IP 139.45.197.251:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subjectredrotou.net
Fingerprint82:26:70:97:A6:64:2B:0D:51:75:05:03:52:AE:BE:EB:6C:F4:95:D6
ValidityThu, 02 Mar 2023 05:25:16 GMT - Wed, 31 May 2023 05:25:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /zone?&pub=0&zone_id=5759760&is_mobile=false&domain=wildfungames.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Fri, 14 Apr 2023 12:31:30 GMT
content-length: 0
x-trace-id: 20ea72e43db81caac8f783cf985d04fd
access-control-allow-origin: https://wildfungames.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2
wildfungames.com/sw-check-permissions-93246.js
104.26.5.134200 OK 566 B URL GET HTTP/3 wildfungames.com/sw-check-permissions-93246.js
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type ASCII text, with very long lines (605), with no line terminators
Hash 62fcf98313c266f8b8d436b45d4ff769
5c2e1bcacdd369b1bbc038a860de18473e344c36
88c375e4f74ef4878bd7a9a751d4d5e55c9256cdc33430e6fd5a39ef96c0369a
Analyzer Verdict Alert fortinet Malware
GET /sw-check-permissions-93246.js HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Alt-Used: wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: application/javascript
last-modified: Fri, 14 Apr 2023 09:54:38 GMT
vary: Accept-Encoding
etag: W/"643922de-236"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3143
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZmblAKE%2BlfRJUaZB5FIpgoSWMzp6HcTwrwT6C7eTeLCgHpwFCgNH98kZjBTINRnEM8xpg5ABpJAUmW%2B0pNH%2Bhb9WD6bN9pZBaAMPKFEIi14ChSqTlo2cqvjmlBeA9w%2FoHw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b7bf75a6c07b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
wildfungames.com/favicon.ico
104.26.5.134200 OK 150 B URL GET HTTP/3 wildfungames.com/favicon.ico
IP 104.26.5.134:443
Requested by https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Certificate IssuerLet's Encrypt
Subject*.wildfungames.com
FingerprintAE:8D:9D:CB:70:7E:DC:23:52:98:5E:1C:C0:89:ED:2F:C1:DF:5B:6C
ValidityMon, 06 Mar 2023 09:04:11 GMT - Sun, 04 Jun 2023 09:04:10 GMT
File type MS Windows icon resource - 2 icons, 1x1, 2 colors, 1x1, 2 colors\012- data
Hash b16ffe438aae1df8db0437e8466b9a2d
4891ca58b0df9d4b67f190eb5f6406f9dd188875
972206ec635266c0b99c42350817a834e92fbb64f1d7cbf5eb5ad7a26d7a41b9
GET /favicon.ico HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&utm_campaign=ThIg&web=1&tcode=plc0457f355bb98bcfddb718977455c8
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 14 Apr 2023 12:31:30 GMT
content-type: image/x-icon
last-modified: Fri, 14 Apr 2023 09:54:38 GMT
etag: W/"643922de-96"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6432
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSION7TvQvNibxhPsKNxq8JVQfGe%2BTN%2BzLDKMC88Hm6JUjWtg7gIynvTazrDFi%2B6XbQpOrLMzX5OvDKPEENVb0XSUZKz7mQjsMBqAGm44MAKK6RbwT%2FYoF8jEkXHgbqrBkQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7b7bf75939b5b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400