pricesandwinners.com/benl/tar/sur6box-750/62/
104.26.11.115301 Moved Permanently 450 B URL HTTP/1.1 pricesandwinners.com/benl/tar/sur6box-750/62/
IP 104.26.11.115:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 25a6ea79fa96ff96de5ef18ba3680217
0c44dc10954bcbb14a58e2d9ce8960ce1ddc5557
78136bc780ad4a408bd6c53f8790de3d5604b2712f22eeeec3dc28453fb84d06
Analyzer Verdict Alert fortinet Malware
GET /benl/tar/sur6box-750/62/ HTTP/1.1
Host: pricesandwinners.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sun, 29 Jan 2023 22:07:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: http://pricesandwinners.com/benl/tar/sur6box-750/62
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ofRW34EJdfhft1HhkwXatAMbeDZTtJZox8BOm0FJ7jo9PyfKsRPjNi3mn0t%2FQeRQNp2yU%2FAE58vRNOtHFpYX4jghatIrf%2BJ61Cvyv14N6522BtneW%2BhOCi%2FNVtyba91rIW181C8t"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791547b70944b4ed-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3eb88dea4fe00db1182370e72683c3ab
ca520abf1e91bfd2aef40c6a1270a911071e8922
d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13676
Expires: Mon, 30 Jan 2023 01:55:16 GMT
Date: Sun, 29 Jan 2023 22:07:20 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a2104f935c638b4767ca5ae0d738ef23
85c6af15af749be0ceeae6de17c36925b750f166
5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13905
Expires: Mon, 30 Jan 2023 01:59:05 GMT
Date: Sun, 29 Jan 2023 22:07:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 21:43:09 GMT
content-type: application/json
age: 1451
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 03092d1a1bc7ac91ee342a1a7ab2a562
52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a
03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12530
Expires: Mon, 30 Jan 2023 01:36:10 GMT
Date: Sun, 29 Jan 2023 22:07:20 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iAVqOSUorLE8LNyguJtdFYFqCTGYEBU+jaGSlUUKq+6EtxuFpmSUvBsTE5/6rFVZCVTAHGon2kflbls3OU1rlg==
x-amz-request-id: CSBGNYBRNTAANPBF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 21:21:32 GMT
age: 2748
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 22:07:20 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
pricesandwinners.com/benl/tar/sur6box-750/62
104.26.11.115302 Found 0 B URL HTTP/1.1 pricesandwinners.com/benl/tar/sur6box-750/62
IP 104.26.11.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /benl/tar/sur6box-750/62 HTTP/1.1
Host: pricesandwinners.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Date: Sun, 29 Jan 2023 22:07:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
location: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0f81e3c8f2f44904dba8d58bad0b3
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83sJQrnbrn5ebALvEnpwk4HZwG%2BLK68YKaMn5V47WY3S30%2FAYbjbn6vetAEF2EqzX%2B81Gnd9OeNKFWq0os6HxyEp%2FPv9DCBUfkj7bcCe1r5YhP%2F2J702TNoFO35LhNgPk1omh9XU"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 791547b8cba0b4ed-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f6f53a6b0ba9efd76f96fd5209510557
12883da74a509e591ab7ab8cc47f6332ce60999e
6b29472d97cb1c0accff38239addc6f5bd2d2cc49dc8441d4dc3fef656afe170
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6B29472D97CB1C0ACCFF38239ADDC6F5BD2D2CC49DC8441D4DC3FEF656AFE170"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=674
Expires: Sun, 29 Jan 2023 22:18:34 GMT
Date: Sun, 29 Jan 2023 22:07:20 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 21:41:41 GMT
age: 1539
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12218
Expires: Mon, 30 Jan 2023 01:30:59 GMT
Date: Sun, 29 Jan 2023 22:07:21 GMT
Connection: keep-alive
code.jquery.com/jquery-3.6.0.min.js
69.16.175.42200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65447)
Hash 899f0189aaf034bbba5340f724d91dfa
210ea9de03968edb9d839ba4a0ce2d48666a8ab8
949b6597c5ea907a7ef3c8ca6d5ffc73be2352f9df485b78704e5c4dabac5d0f
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-encoding: gzip
content-length: 30875
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d9d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675030041.dop024.sk1.t,1675030041.cds020.sk1.hn,1675030041.cds210.sk1.c
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
151.101.129.229200 OK 24 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP 151.101.129.229:0
File type ASCII text, with very long lines (65326)
Hash 849f3e827da80e4e4c6a8c49689f057d
035d81aaaf6da3ffa5ce241179a9e14d533e7a3b
9546dbb82c3facf833e4adb713ce7e57a34dd53f6b55697ef1e1877bdbd8bb73
GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 29 Jan 2023 22:07:21 GMT
age: 11486816
x-served-by: cache-fra19147-FRA, cache-bma1653-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 24100
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a4cf3af8a8356eddc4ccbc2a0a6e3b9c
a7fa03bc7a62cb46f7a87493758d0f9089408ef0
87edeef92da57eb5134534d6a270252095b8a2247c68943180128c7bba2b7007
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2636
Cache-Control: max-age=161353
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:07:21 GMT
Etag: "63d6b717-116"
Expires: Tue, 31 Jan 2023 18:56:34 GMT
Last-Modified: Sun, 29 Jan 2023 18:12:39 GMT
Server: ECS (amb/6B84)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a4cf3af8a8356eddc4ccbc2a0a6e3b9c
a7fa03bc7a62cb46f7a87493758d0f9089408ef0
87edeef92da57eb5134534d6a270252095b8a2247c68943180128c7bba2b7007
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:07:21 GMT
Etag: "63d56598-116"
Server: ECS (amb/6BA8)
Content-Length: 278
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
151.101.129.229200 OK 22 kB URL HTTP/2 cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP 151.101.129.229:0
File type ASCII text, with very long lines (65299)
Hash a5cbb97cf034dd181106adecdafe3035
5fca1af6c76dd3e609f7f92841e564df1281927a
5ae018daf5df2cd903f80162efbaa3e138e0ed47ff90a315f2e2c497dc88a890
GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: gzip
accept-ranges: bytes
date: Sun, 29 Jan 2023 22:07:21 GMT
age: 20718685
x-served-by: cache-fra19162-FRA, cache-bma1653-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 21830
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/img/spin_Roulette00.png
104.26.5.134200 OK 13 kB URL HTTP/2 cdn.wildfungames.com/land/rou/img/spin_Roulette00.png
IP 104.26.5.134:0
File type PNG image data, 170 x 190, 8-bit/color RGBA, non-interlaced\012- data
Hash 834a8095777aee926381dd13a5a8b3ab
c0f06099eea950232f33e02355d84dda44a6e35e
589d62b11a4171fb3a9b7c97b6963447601e36f8c2dcb36370dce75f5bd9687e
GET /land/rou/img/spin_Roulette00.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: image/png
content-length: 12991
etag: "834a8095777aee926381dd13a5a8b3ab"
last-modified: Fri, 27 Jan 2023 12:51:51 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5guFaNjPZEyVXs1Lr7H%2FpD2YDFxd5cxSmOfJlX3rzqBLsvSglsFhw%2BU1HocMbX6USTjMGzE5W2zO%2BIaXEsmifdXl6ruj%2Bw8MmBWBSh5sEH5iGkAEf2Lol%2F7SGFebVbgOBfCahmaB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdde151c16-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a4cf3af8a8356eddc4ccbc2a0a6e3b9c
a7fa03bc7a62cb46f7a87493758d0f9089408ef0
87edeef92da57eb5134534d6a270252095b8a2247c68943180128c7bba2b7007
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=158718
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:07:21 GMT
Etag: "63d6b717-116"
Expires: Tue, 31 Jan 2023 18:12:39 GMT
Last-Modified: Sun, 29 Jan 2023 18:12:39 GMT
Server: nginx
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a4cf3af8a8356eddc4ccbc2a0a6e3b9c
a7fa03bc7a62cb46f7a87493758d0f9089408ef0
87edeef92da57eb5134534d6a270252095b8a2247c68943180128c7bba2b7007
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=158718
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 22:07:21 GMT
Etag: "63d6b717-116"
Expires: Tue, 31 Jan 2023 18:12:39 GMT
Last-Modified: Sun, 29 Jan 2023 18:12:39 GMT
Server: nginx
Content-Length: 278
cdn.wildfungames.com/land/rou/img/spin_Roulette03.png
104.26.5.134200 OK 1.3 kB URL HTTP/2 cdn.wildfungames.com/land/rou/img/spin_Roulette03.png
IP 104.26.5.134:0
File type PNG image data, 269 x 138, 8-bit/color RGBA, non-interlaced\012- data
Hash 5e45d498bdb0b010e058b92e5d5097ac
8a1b41ef4c12fc85b4e4c7d28e3fcf48774054f7
9e860a039b138a3e94b704ff4aae7896c678d88d3c5e1ab2d08e3af5ceecdee6
GET /land/rou/img/spin_Roulette03.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: image/png
content-length: 1316
etag: "5e45d498bdb0b010e058b92e5d5097ac"
last-modified: Fri, 27 Jan 2023 12:51:53 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKTa3n2djnAwh4HUej2s0OwF%2FD5GHWuNm87twOTpNqlYqmT7GQaVjgr1JbyR2lpk59mqOrTIuycy1HjYWqf8S9XYIbBCRUfbbM6HcMAKm2A7GSp37Yykc77O84fO56hdtREijLQ9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdfe3c1c16-OSL
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/img/spin_Roulette01.png
104.26.5.134200 OK 43 kB URL HTTP/2 cdn.wildfungames.com/land/rou/img/spin_Roulette01.png
IP 104.26.5.134:0
File type PNG image data, 540 x 540, 8-bit colormap, non-interlaced\012- data
Hash 6e422805365b1b64d8da6b0d29ae8c69
37d523943fb63f409cd9a6da32fb5d7663a692da
a0c05360734297aae902dc48ed95cd7d3d3f818897f111c54aae6f042428b665
GET /land/rou/img/spin_Roulette01.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: image/png
content-length: 43403
etag: "6e422805365b1b64d8da6b0d29ae8c69"
last-modified: Fri, 27 Jan 2023 12:51:52 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2BWpMj14FTWyHY88rEfSau04a3ZzJGZmNsoggvZy6uiNKu0QD3Ddod03Wa4Al5a7eAL%2FtXCtglMTqHTTvvnckSIU279NcW8FFZeYsSsT646GScfOkIeH9rBojADzoSkCcqL21VZk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdee2b1c16-OSL
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/js2/propeller.min.js?v=1
104.26.5.134200 OK 4.8 kB URL HTTP/2 cdn.wildfungames.com/land/rou/js2/propeller.min.js?v=1
IP 104.26.5.134:0
File type ASCII text, with very long lines (11334), with no line terminators
Hash 9997013f0507e000e7dedaa4a0d72be5
14763cfb2366173c7f6c866ef2232e412797e72b
bd4b1fccaeb6f30ac8c38a7fe37026395fcc85039aca4e16f1505b8029cd3fa7
GET /land/rou/js2/propeller.min.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: application/javascript
etag: W/"20ff2d103a051f36069225e9bb9c87c0"
last-modified: Fri, 27 Jan 2023 19:45:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K3Ixw0AWaSIE2QyKJ%2BgHTdagYzGKRcTKyFks33ylKNI8v%2Bv4z66DqgQFoQtat9AG1QuxDK30gZNxrepUjWoZbOJ5KCVLGJylUsZ9cRY6V1K02Ev9%2BttworcQ%2Fqb4IEyK82E5TxYO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdce0a1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/img/spin_bg_desk.png
104.26.5.134200 OK 110 kB URL HTTP/2 cdn.wildfungames.com/land/rou/img/spin_bg_desk.png
IP 104.26.5.134:0
File type PNG image data, 870 x 650, 8-bit colormap, non-interlaced\012- data
Size 110 kB (110359 bytes)
Hash eafcb5a49ddbee590cfe266b1b0c8820
254de127e096c137b1a8c8e62cf3c96b7c6492e5
da07ed253e14bcf56880e11d0eddb2276a7da9b4f679d49fb17976b97b81172b
GET /land/rou/img/spin_bg_desk.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: image/png
content-length: 110359
etag: "eafcb5a49ddbee590cfe266b1b0c8820"
last-modified: Fri, 27 Jan 2023 14:03:36 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZmenBuHvUajVXQg0SIZcnhOQU5ZSjP0EQqVI2ExfHbKhkEbH1dAZraTly5ARkAwcHPTg7UC9pM6mdbhMGvoo7FYP9%2BL8cIptFXiSXNE6FQtXgIc1ijqfbmRBOmVPOEnzKp0eDCnK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bebf1d1c16-OSL
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.149.149.164101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.149.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HQzdMQ6pTQgfCVZJMr+K8A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: QTN6iuo3o1LtKbS2eIqvyzyfaLo=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae21e024ce2ce820a35f134735ac2cde
fe4c1f1c138e3b0f91e24c4cc02a8a15cb56f69a
acf684db9c614739975c319c5388cffe6207cf7914bcc58ae0687e3284d54657
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACF684DB9C614739975C319C5388CFFE6207CF7914BCC58AE0687E3284D54657"
Last-Modified: Sun, 29 Jan 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14728
Expires: Mon, 30 Jan 2023 02:12:49 GMT
Date: Sun, 29 Jan 2023 22:07:21 GMT
Connection: keep-alive
cdn.wildfungames.com/land/rou/img/spin_Roulette02.png
104.26.5.134200 OK 35 kB URL HTTP/2 cdn.wildfungames.com/land/rou/img/spin_Roulette02.png
IP 104.26.5.134:0
File type PNG image data, 434 x 434, 8-bit colormap, non-interlaced\012- data
Hash 320aa52aa7ccfde051920d20967e0baa
7a6dc94d3aa311664e94d1259322f081b2f074f7
673f4069c0d4e4e256cd84e482cfc0e60fa76547aa6f62578b3f47c60299d4c1
GET /land/rou/img/spin_Roulette02.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: image/png
content-length: 35051
etag: "320aa52aa7ccfde051920d20967e0baa"
last-modified: Fri, 27 Jan 2023 14:03:35 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4yn1gLrnAchfGKgeynrOTNVBTfSk58PPWj5NwUeAOeiIBW1T8V12Yb9%2FYmGVsRQyXTnlLLpIF1uEGOnvBE5GmllYv%2Bq7q7rMkjWAMXrny%2BKZPtMWuBI%2B9adhD7rDwSJgQmBMV6IV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547beef4a1c16-OSL
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/js2/default1.js?v=1
104.26.5.134200 OK 752 B URL HTTP/2 cdn.wildfungames.com/land/rou/js2/default1.js?v=1
IP 104.26.5.134:0
Hash 19ebffcd7d1a252e448be06eaaef4fbb
c9d5bd60da58350765656ad14eddc2ee6534bf3e
631948914859c0aa2af5db7441f6db97b85f53c5b68213b07165d4e123444ae4
Analyzer Verdict Alert fortinet Malware
GET /land/rou/js2/default1.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: application/javascript
etag: W/"cb6fb41521eaa67073568b2a55d1f30b"
last-modified: Fri, 27 Jan 2023 19:45:44 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzw4PATUwcN12cbawPf6%2BWpt2Ez6aaZegq%2FcUudFfe7NCmCbMQ4QZgC%2F7z%2FxTdzUkOB%2B5rCUffrkcZ%2FDibnO4muk1ELOxKoPKE0qRRV3m732jA61Fksb4%2B9TleNxMLIb0fOzukny"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdde101c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8378
Expires: Mon, 30 Jan 2023 00:27:00 GMT
Date: Sun, 29 Jan 2023 22:07:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8378
Expires: Mon, 30 Jan 2023 00:27:00 GMT
Date: Sun, 29 Jan 2023 22:07:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8378
Expires: Mon, 30 Jan 2023 00:27:00 GMT
Date: Sun, 29 Jan 2023 22:07:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f2a0c2c0f25bdd19baf87cbb3a87dcdb
bc78ca6206ee8cc1cc05ab7778df71c7e6d1182a
c57f26c0c2e439dc2f69181e1b2f6ae371bff9d299af739e0047eabc8bfb5a69
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C57F26C0C2E439DC2F69181E1B2F6AE371BFF9D299AF739E0047EABC8BFB5A69"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8378
Expires: Mon, 30 Jan 2023 00:27:00 GMT
Date: Sun, 29 Jan 2023 22:07:22 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc62816c-5ae0-4a32-ad19-0aa70ed552c5.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc62816c-5ae0-4a32-ad19-0aa70ed552c5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1133381d25a3804d01148f332e4cdd7e
d0d0e9d7e8afbf5a4926c44d9fc9ff94bc276f5a
7dd9a03052e733f3418991f237cae7b9aa5d20c34dd661078199bd85d26a4d1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc62816c-5ae0-4a32-ad19-0aa70ed552c5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8751
x-amzn-requestid: 28610adf-7206-4dff-9e34-c9441fdaf4b1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkGHFixIAMF1jg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6f3-1de169331c105c35519fd34c;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vpkET9Ym44JpkXbIxIW7hH5afDO2COTnP4_l-65mJeIavP17a2w3FA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 960
etag: "d0d0e9d7e8afbf5a4926c44d9fc9ff94bc276f5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3e04b9eaf7449828136ad59e4c9d69f1
b820be4ed885dcf288eb6460c57e1fa7b1c7c476
df75cf7183d401a19655aab025d08ad2c498573c88b32e9b258d951d2993b936
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3bb7921c-8aaf-40cd-bf87-43903c3f1a74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7679
x-amzn-requestid: 0c7983d5-6040-44e9-b394-21c3784702a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEfHoAMFaNA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-54c55dbd09ca642048af8916;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: VHh2SQ21xoDoBnGvM2kRiposhXuCE-DdWW1bM35kEykjbHYmhsldVA==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 960
etag: "b820be4ed885dcf288eb6460c57e1fa7b1c7c476"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9169e1aa-278a-45ac-a3cb-92421681099d.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9169e1aa-278a-45ac-a3cb-92421681099d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 01f406ed5d9b17a7aa00015301bddf94
d78e18830fc6cf231f66f95cc0e01520cfeebddf
33245ea764fb634a01ee9657e529a30567588ecbb10fc0e6499aac14cd21fe81
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9169e1aa-278a-45ac-a3cb-92421681099d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7333
x-amzn-requestid: 7563c72f-e40d-4e96-a73f-8aa404ae0b25
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFK8IAMFzMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-7eb009311701187873f05b20;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -npeyE-5ETAaI6cs7oewWxVe4ZUrtmhvCNC4tMWT_3ab3hZ3tw060w==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 960
etag: "d78e18830fc6cf231f66f95cc0e01520cfeebddf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbe179e9-ed5b-474f-b131-5b5a63a84dfb.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbe179e9-ed5b-474f-b131-5b5a63a84dfb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2ffefd279ef73e586048a7907c0425b8
53d3da3cdf647e619abe96c6af42f2374112f334
75d7034fd709cb69e15234a4de94cdd9b42de1e26e3a0b2cb107be3228575af2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffbe179e9-ed5b-474f-b131-5b5a63a84dfb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8414
x-amzn-requestid: 3ca84a59-6dce-45f8-919e-bd551d553a99
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhj5EGvAIAMFtPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6a0-446d1dff705f17853e7d0a77;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:35:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hUnafsPNiSpfZcu0hzwVC3VOHbVjqwIHo2vuJuZUKT1Lj93l9NkVrQ==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 960
etag: "53d3da3cdf647e619abe96c6af42f2374112f334"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/css/default.min.css?v=1
104.26.5.134200 OK 25 kB URL HTTP/2 cdn.wildfungames.com/land/rou/css/default.min.css?v=1
IP 104.26.5.134:0
File type ASCII text, with very long lines (4431), with no line terminators
Hash 7b9cd7733f220459e69eb9d6778f45f0
ad16cd36c44a6f9d810452d823ef49a527ff3def
d6166108988f8139e66e50a3146976d7ce00abc23e209c3343bcb39f2f19d76a
Analyzer Verdict Alert fortinet Malware
GET /land/rou/css/default.min.css?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: text/css
etag: W/"c87a79b32fd06185ea1eabe4af153677"
last-modified: Fri, 27 Jan 2023 20:13:29 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6hQJTKY6KxLzUiL1sly%2B8OJ4JniqW5%2FXbESGMXju8fvYzWvgXL4Ln2OPTar%2FKWUnjHIeBrA8L19NxUmysmxj2swDyo9LOuCUJC2bBJxovAt5xhKx1u7zjEnPmWNCdR5kkTyujPAC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdde141c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7aae2b2c-8949-4749-8a9b-24d6a82a5b50.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7aae2b2c-8949-4749-8a9b-24d6a82a5b50.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 435598df0723ba8070784ee6a8d6de8b
0dab67801b42d738a5074ec3f0489f04c5e6552c
05339073fff5fe4213a38505242c577f579aba68d5c249e8bac10b03d379a2dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7aae2b2c-8949-4749-8a9b-24d6a82a5b50.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10616
x-amzn-requestid: 809aadb4-f948-41a5-82bc-84a520a5689a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhkEtEZIIAMFreQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e6ea-2c659eae4d513b433aa749e3;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:36:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4v4fldiJ0EsLGeNNodBg_GPY8hiq1Yyr5kzBIYyZXuf8bcTZ4CmsHQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:51:22 GMT
age: 960
etag: "0dab67801b42d738a5074ec3f0489f04c5e6552c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5190c0bdc6abe0ee258e9f8c20ddaf51
d60f280f8a742480527dbc32d08f321f972d4fcf
874b38a04aa3736e65aaef72da2cc2efceb208618267107a495bdfe51ec58e58
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F55e9b24d-3c7c-46d8-89b7-084483cc3d1d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12507
x-amzn-requestid: 85c9adcd-b997-48ca-bbfb-ccdeaf3e8cfb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fhklyFaJoAMFqKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d6e7be-2bcdd8c353d8429d2b1e95f6;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 21:40:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XABaoZCqUulmnfZOXx6XTLSUMS5Mie6u0OfkqozmBzCf3Qjzf-fbRA==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 21:54:32 GMT
age: 777
etag: "d60f280f8a742480527dbc32d08f321f972d4fcf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/js2/confetti.js?v=1
104.26.5.134200 OK 0 B URL HTTP/2 cdn.wildfungames.com/land/rou/js2/confetti.js?v=1
IP 104.26.5.134:0
Analyzer Verdict Alert fortinet Malware
GET /land/rou/js2/confetti.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: application/javascript
etag: W/"594e7bd784c66babe7dd35e2cf498f14"
last-modified: Fri, 27 Jan 2023 19:45:44 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bHIs5o7YZNhl%2BLS4PAKTk9Y00U5FxPjLPI6vSB%2FYbP32DpuS6ONoxk%2BsDDUHZSg%2F9QHKe5fsW1Tf7uIDcom9nEkATJW6kFItnjgo1amo7o%2FX1a4OpaJi1iIMmAebzoZxIZYjB1%2BR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdde111c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0f81e3c8f2f44904dba8d58bad0b3
104.26.5.134200 OK 0 B URL HTTP/2 wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0f81e3c8f2f44904dba8d58bad0b3
IP 104.26.5.134:0
GET /land/rou?campaign=ThIg&web=1&utm_campaign=plc0f81e3c8f2f44904dba8d58bad0b3 HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=3600, must-revalidate, public
x-content-digest: en88eb51ff0d81316fd0264480f682595f
age: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y3FIvAf1zMvgAWL%2Fzc8gvDvOayZZFKHXs6bSZDGK787A6fumbPlTrfpWBYuGkTwhRgGWHWiKKNe%2F0aMaxYnJdyky0pfd489pqKG9jFvBN4BheLhJmF2LOFTPv91jXaVNNwg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bb3bca1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1
104.26.5.134200 OK 0 B URL HTTP/2 cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1
IP 104.26.5.134:0
Analyzer Verdict Alert fortinet Malware
GET /land/rou/js2/winwheel_game.min.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 22:07:21 GMT
content-type: application/javascript
etag: W/"93ae375d5794d7efc5759847e616b870"
last-modified: Fri, 27 Jan 2023 19:45:45 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2uPQgHRoxX6jJaUExrqBhJRgrhb%2BhiyQE4X6dbk7QoaX0h%2FH0dVPIIruFlKxZJnctfbtBwCGXikln5%2FqoeltnIfy8kBGvYre8NUNI29YlCS2HR0JaCgf4avNqvXFkdAAe2JMxnc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 791547bdce0f1c16-OSL
content-encoding: br
X-Firefox-Spdy: h2