Report - wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768

Report Overview

URL

wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
IP

104.26.5.134

ASN

#13335 CLOUDFLARENET
Submitted

2023-04-13T18:19:16Z

Access

public
Tags

None
urlquery detections

No alerts detected

Detections

urlquery

0
Network Intrusion Detection

0
Threat Detection Systems

5

Domain Summary

Domain	Rank	First Seen	Last Seen	Sent	Received	IP
wildfungames.com (3)	unknown	2016-11-21 04:51:35	2023-04-12 05:31:30	1323	3950	104.26.5.134
cdn.wildfungames.com (10)	unknown	2023-01-27 13:57:21	2023-04-12 16:56:59	4328	219312	104.26.5.134
cdn.jsdelivr.net (2)	439	2012-09-30 02:15:09	2023-04-13 03:35:26	941	51228	151.101.129.229
code.jquery.com (1)	634	2012-05-21 19:28:02	2023-04-13 06:35:10	433	31333	69.16.175.10
ocsp.globalsign.com (1)	2075	2012-07-20 19:46:16	2023-04-12 18:17:16	358	1919	104.18.20.226
redrotou.net (2)	145989	2021-03-16 06:03:50	2023-04-13 03:03:28	878	15439	139.45.197.251

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator
2023-04-13	medium	cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1
2023-04-13	medium	cdn.wildfungames.com/land/rou/css/default.min.css?v=1
2023-04-13	medium	cdn.wildfungames.com/land/rou/js2/confetti.js?v=1.3
2023-04-13	medium	cdn.wildfungames.com/land/rou/js2/default1.js?v=1.3
2023-04-13	medium	wildfungames.com/sw-check-permissions-93246.js

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

HTTP Transactions (19)

URL IP Response Size

wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768

104.26.5.134

200 OK

1509

URL User Request GET HTTP/1.1

wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
IP

104.26.5.134:80
ASN

#13335 CLOUDFLARENET

Magic

HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text

Size

1509
Hash

b9f54a058d2132b2515eb7888ee4886c

49911f5f473923fffc90a878f57cd9434c3fa721

d4dbe8e740e3ac03b6c1c32fa9425605b6c6ba987c3ad355ea6aa695fefb299d

HTTP Headers

                                        GET /land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768 HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
vary: Accept-Encoding
cache-control: no-cache, private
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SsMN6oT3pTdmJwnU9f1M8t72JAYs8Y%2FXX9Agv%2BTwdwoINEiAX0%2BSCp95Pnsrq6YeDDT2E01LWrndKzZoJ527HnRgp095IS2OLiA5vbSvClqNMi8gTUBZlgyV0ixUpFbave4%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b7008af51bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1

104.26.5.134

200 OK

1360

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/js2/winwheel_game.min.js?v=1
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (3694), with no line terminators

Size

1360
Hash

e8b1f90201cd46bfd3dc724c717a33e1

739f1e9d9673d2aa6e4de5bf0b46103854d6bda2

6b06ad34e47a22c70eddc60bd007de63dfe2928a1323c3e85cb76ef7c574f082

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /land/rou/js2/winwheel_game.min.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"93ae375d5794d7efc5759847e616b870"
Last-Modified: Fri, 27 Jan 2023 19:45:45 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6926
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BecYqSlWqjwW3O5kiWBAmFtmnKS5349X3AkBOTHstsxdhUu9%2Ffx2MsQuKyfdDovO4EAzTDhFhy7WNOeeBUaYohwpVqb5FJSOI2qP9X2Qm4B2n6dpMWI4GawcwSQ%2FVKiltSgnn5l"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b704791cfac0-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26291

URL GET HTTP/2

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
IP

151.101.129.229:443
ASN

#54113 FASTLY

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerGlobalSign nv-sa

Subjectjsdelivr.net

Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F

ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

Magic

ASCII text, with very long lines (65326)

Size

26291
Hash

54a2d3a00438bdd360b988f9d94a7723

41fdd8d0e372e15b5c4f3a941a200c8a22906889

b7c37dca701cbb6f704cb1ef6090a588a1193056fee47ec5ff044ae0ca825f4f

HTTP Headers

                                        GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://wildfungames.com
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
content-encoding: br
accept-ranges: bytes
date: Thu, 13 Apr 2023 18:19:01 GMT
age: 2369636
x-served-by: cache-fra-eddf8230111-FRA, cache-bma1650-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26291
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

69.16.175.10

200 OK

30875

URL GET HTTP/2

code.jquery.com/jquery-3.6.0.min.js
IP

69.16.175.10:443
ASN

#20446 STACKPATH-CDN

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerSectigo Limited

Subject*.jquery.com

Fingerprint64:50:4C:BB:DF:F3:1D:70:CC:5D:9E:B7:BE:80:91:84:03:C1:D1:83

ValidityWed, 03 Aug 2022 00:00:00 GMT - Fri, 14 Jul 2023 23:59:59 GMT

Magic

ASCII text, with very long lines (65447)

Size

30875
Hash

899f0189aaf034bbba5340f724d91dfa

210ea9de03968edb9d839ba4a0ce2d48666a8ab8

949b6597c5ea907a7ef3c8ca6d5ffc73be2352f9df485b78704e5c4dabac5d0f

HTTP Headers

                                        GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://wildfungames.com
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
date: Thu, 13 Apr 2023 18:19:01 GMT
content-encoding: gzip
content-length: 30875
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d9d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1681409941.dop211.sk1.t,1681409941.cds015.sk1.hn,1681409941.cds210.sk1.c
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js

151.101.129.229

200 OK

23377

URL GET HTTP/2

cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
IP

151.101.129.229:443
ASN

#54113 FASTLY

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerGlobalSign nv-sa

Subjectjsdelivr.net

Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F

ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT

Magic

ASCII text, with very long lines (65299)

Size

23377
Hash

6d853527bcfe62daedfee90bb040bba3

c816b3ed28c00474ff4990ecd7c95f7fc193dfdc

565dba55a48167b85d6726f3c97fe38085f27752663ad29fd0d9ae6fa2c895ed

HTTP Headers

                                        GET /npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://wildfungames.com
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
content-encoding: br
accept-ranges: bytes
date: Thu, 13 Apr 2023 18:19:01 GMT
age: 2524756
x-served-by: cache-fra-eddf8230133-FRA, cache-bma1650-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23377
X-Firefox-Spdy: h2

cdn.wildfungames.com/land/rou/css/default.min.css?v=1

104.26.5.134

200 OK

1248

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/css/default.min.css?v=1
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (4431), with no line terminators

Size

1248
Hash

50330b27ab37012510258b86786ba759

30323f5a2fed4be78741ed7d6be027fcdc7ad19d

37c84a700f1e1ab7ca47ca811bc68176960ba1d7dee78c28eea3059b75d6d9ae

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /land/rou/css/default.min.css?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"c87a79b32fd06185ea1eabe4af153677"
Last-Modified: Fri, 27 Jan 2023 20:13:29 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6926
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ct4eRpDlu1mD4F0wDpuyjRyn6ScHld1isOGot7lZoTvsVzUZZ6ccvdrGdSvipMb20YPWzBFZlCZd7seT1DWjRWt9%2BQ13zXmLBS%2BY9%2F%2FSxv2FJXYxz2V9mcJwBvFT8JzxE6x5VQC0"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b7048cbeb50c-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/js2/confetti.js?v=1.3

104.26.5.134

200 OK

1861

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/js2/confetti.js?v=1.3
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

ASCII text

Size

1861
Hash

2526419743133ede6a0b7ea45e33d563

3b66e3ff3ff840449cc5b5e40aafc8008b15e9ea

d25b51238af48538cd3ef9d80712e04f751c882efd7b70e41ce7c719bfe2e5c6

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /land/rou/js2/confetti.js?v=1.3 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"594e7bd784c66babe7dd35e2cf498f14"
Last-Modified: Fri, 27 Jan 2023 19:45:44 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3192
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygfgH0OnUkV6MUU2%2FGjfirGUfGm8NmegPR9Tgw7YnCfMeNqmkyhlEozrBOTBkx1EJQbA1TQn3eps6puMTQ25TSJ763Po4tfw%2BSEdZy1lzWQo%2FKuhyKpzzrXEdPIwe0DZPp2yjhNA"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b70488001c16-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/js2/default1.js?v=1.3

104.26.5.134

200 OK

708

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/js2/default1.js?v=1.3
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

ASCII text

Size

708
Hash

868539b299e3d222198ce4584bff42d5

92281f722de18aec454f3655779bdbbcdfaff707

de0e3ca83bb57b6c72a0653de7103346f4a266dbcf79d3af2547c09a6cdabd43

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /land/rou/js2/default1.js?v=1.3 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"cb6fb41521eaa67073568b2a55d1f30b"
Last-Modified: Fri, 03 Mar 2023 09:09:59 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6926
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ji%2BzDHBUZqMgYaAS8Qh9mSZm%2BXO5WzLj9sdAcD32uApfC79RTw3UNmQu18Ib7p74AZdClRI73CqXZkqLsOiZbdX9gUyqEBYrBLQUP1SbB8waxTP5jw2i1QivEFYR4z%2FUQr38H6hv"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b70489e60b55-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/js2/propeller.min.js?v=1

104.26.5.134

200 OK

3377

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/js2/propeller.min.js?v=1
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

ASCII text, with very long lines (11334), with no line terminators

Size

3377
Hash

2e5fd92be5b702ec0be7b381c2c76e49

7fc09db77b67cf82285a2eaf52b7d2a126893663

4fa34a85b0ee0d3daa6988527b7b6a4d9eccd493f54a96f7e0a05fa0d5d1130d

HTTP Headers

                                        GET /land/rou/js2/propeller.min.js?v=1 HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"20ff2d103a051f36069225e9bb9c87c0"
Last-Modified: Fri, 27 Jan 2023 19:45:45 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6926
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCt33OX%2FwZRaAHfpSIDXKe4mreVD%2Bz2HkpE30d%2FEnmomUKv4nBkj03v9wT53viEqb9lsG7%2FZr650pM9FgBVMfVyEOZ%2Bkh%2Fhx4QrM3Y6knGAL%2BELOwXCPA7ZAuhGktcTGiFj3gf5X"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b7046b24b518-OSL
Content-Encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/img/spin_Roulette03.png

104.26.5.134

200 OK

1316

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/img/spin_Roulette03.png
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

PNG image data, 269 x 138, 8-bit/color RGBA, non-interlaced\012- data

Size

1316
Hash

5e45d498bdb0b010e058b92e5d5097ac

8a1b41ef4c12fc85b4e4c7d28e3fcf48774054f7

9e860a039b138a3e94b704ff4aae7896c678d88d3c5e1ab2d08e3af5ceecdee6

HTTP Headers

                                        GET /land/rou/img/spin_Roulette03.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: image/png
Content-Length: 1316
Connection: keep-alive
ETag: "5e45d498bdb0b010e058b92e5d5097ac"
Last-Modified: Fri, 27 Jan 2023 12:51:53 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6924
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LK1%2Fx2b9HdpXaSsydPpc3cgpEPv%2Fy%2FjRcA3%2BCvIf%2FDst40fUzObE32eglhxnP6I1V6Xp0bMxe0HhuFxVyEwBn5GCh2x%2BTZG6fCAqodrVMoeyFpDz6b1p3A0RloRPoO5g1RS%2FmnZT"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b7049cdcb50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/img/spin_Roulette00.png

104.26.5.134

200 OK

12991

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/img/spin_Roulette00.png
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

PNG image data, 170 x 190, 8-bit/color RGBA, non-interlaced\012- data

Size

12991
Hash

834a8095777aee926381dd13a5a8b3ab

c0f06099eea950232f33e02355d84dda44a6e35e

589d62b11a4171fb3a9b7c97b6963447601e36f8c2dcb36370dce75f5bd9687e

HTTP Headers

                                        GET /land/rou/img/spin_Roulette00.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: image/png
Content-Length: 12991
Connection: keep-alive
ETag: "834a8095777aee926381dd13a5a8b3ab"
Last-Modified: Fri, 27 Jan 2023 19:45:39 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6925
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=84s6ymGASNpmlVHi3YxcH%2Bevdrjr3TvbmEPlkMy%2BFIdeCWBvPzSAWjY4x64Z3ExWy1wj%2F7We5891Pmiaqv9rbBZ0BT%2BUzCNTuBrAVL6kNinrmkmhWEy1agPp6ZSE2tgKaZ%2B5a7Pm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b704995ffac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/img/spin_Roulette01.png

104.26.5.134

200 OK

43403

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/img/spin_Roulette01.png
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

PNG image data, 540 x 540, 8-bit colormap, non-interlaced\012- data

Size

43403
Hash

6e422805365b1b64d8da6b0d29ae8c69

37d523943fb63f409cd9a6da32fb5d7663a692da

a0c05360734297aae902dc48ed95cd7d3d3f818897f111c54aae6f042428b665

HTTP Headers

                                        GET /land/rou/img/spin_Roulette01.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: image/png
Content-Length: 43403
Connection: keep-alive
ETag: "6e422805365b1b64d8da6b0d29ae8c69"
Last-Modified: Fri, 27 Jan 2023 12:51:52 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1004
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eV2Jzem5nY%2FMSNYWpI8iWv7h3f9z9qjYVNh1nvCVqf%2FLMPX5wAxNz3Wi1mJ8MXUDXoKEnWnKISBbURyfSieRuJWJldUGnra0CFq9NDpdDVtc9HVqCfYCqrbI9NGCtwHu5bT1Z8%2By"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b704a8301c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4

104.18.20.226

1462

URL

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP

104.18.20.226:0
ASN

#13335 CLOUDFLARENET

Magic

data

Size

1462
Hash

e65bad781a270683ab20594389ee4d58

609312a88b32130bb1ceb4df727b89eb891688fd

19069ef6b46ed0a2f5888308abb7798eaad953187c3c757d14eb3244d86ab4f4

HTTP Headers

                                        POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "946EC0F1BC4CE2E2E88F0A711545BC5F4410873A"
Expires: Fri, 14 Apr 2023 06:00:00 GMT
Last-Modified: Thu, 13 Apr 2023 18:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 224
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b75b70639d0b4fd-OSL

cdn.wildfungames.com/land/rou/img/spin_bg_desk.png

104.26.5.134

200 OK

110359

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/img/spin_bg_desk.png
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

PNG image data, 870 x 650, 8-bit colormap, non-interlaced\012- data

Size

110359
Hash

eafcb5a49ddbee590cfe266b1b0c8820

254de127e096c137b1a8c8e62cf3c96b7c6492e5

da07ed253e14bcf56880e11d0eddb2276a7da9b4f679d49fb17976b97b81172b

HTTP Headers

                                        GET /land/rou/img/spin_bg_desk.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: image/png
Content-Length: 110359
Connection: keep-alive
ETag: "eafcb5a49ddbee590cfe266b1b0c8820"
Last-Modified: Fri, 27 Jan 2023 14:03:36 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6924
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fmfZXFme3yltxms5cRLJloEnHx99rGEeKTYrkjdGlSfpTcnxx9qjxjL98HLAyexMmCQC00OqRgvhGwT1Ct8t19nnjjc4VjEQEu4BQnyh2jU3qb9NVgvbchKSjl%2BjPontA2dTD1XF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b706aa9b1c16-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

cdn.wildfungames.com/land/rou/img/spin_Roulette02.png

104.26.5.134

200 OK

35051

URL GET HTTP/1.1

cdn.wildfungames.com/land/rou/img/spin_Roulette02.png
IP

104.26.5.134:443
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerCloudflare, Inc.

Subjectcdn.wildfungames.com

Fingerprint12:07:77:64:D4:18:2D:3F:F1:FF:29:E7:5A:87:26:4A:BE:78:4D:1B

ValidityFri, 27 Jan 2023 00:00:00 GMT - Fri, 26 Jan 2024 23:59:59 GMT

Magic

PNG image data, 434 x 434, 8-bit colormap, non-interlaced\012- data

Size

35051
Hash

320aa52aa7ccfde051920d20967e0baa

7a6dc94d3aa311664e94d1259322f081b2f074f7

673f4069c0d4e4e256cd84e482cfc0e60fa76547aa6f62578b3f47c60299d4c1

HTTP Headers

                                        GET /land/rou/img/spin_Roulette02.png HTTP/1.1
Host: cdn.wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: image/png
Content-Length: 35051
Connection: keep-alive
ETag: "320aa52aa7ccfde051920d20967e0baa"
Last-Modified: Fri, 27 Jan 2023 19:45:41 GMT
Vary: Accept-Encoding
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 6395
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3sAYD4BNzKdUuY65m7Fjr1pUBnCgmGS8bqg3LGD7S39WN2n1%2FRee6XPWAQAxOxl%2BDkzH2QvVsx0rrsVfnjoYrDy1NA2M9Aj1tR2QNg9qwfySYQ43jm0oBE0N%2BkuO%2Btypmw%2BwIK5H"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b706abccfac0-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

redrotou.net/pfe/current/micro.tag.min.js?z=5759760&sw=/sw-check-permissions-93246.js

139.45.197.251

200 OK

14707

URL GET HTTP/1.1

redrotou.net/pfe/current/micro.tag.min.js?z=5759760&sw=/sw-check-permissions-93246.js
IP

139.45.197.251:80
ASN

#9002 RETN Limited

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768

Magic

C source, ASCII text, with very long lines (41570), with no line terminators

Size

14707
Hash

fa79574acb03148ea8d64481735088a3

97270d34c887fe655b482197f5bbdd3f837182f9

d9c808ab65b7a2e60b51a8483736437692b2e766b1bed56f533c0e00a7e8c627

HTTP Headers

                                        GET /pfe/current/micro.tag.min.js?z=5759760&sw=/sw-check-permissions-93246.js HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wildfungames.com/
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Server: nginx
Date: Thu, 13 Apr 2023 18:19:01 GMT
Content-Type: application/javascript
Last-Modified: Thu, 13 Apr 2023 14:36:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"64381386-a262"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip

wildfungames.com/favicon.ico

104.26.5.134

200 OK

URL GET HTTP/1.1

wildfungames.com/favicon.ico
IP

104.26.5.134:80
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768

Magic

MS Windows icon resource - 2 icons, 1x1, 2 colors, 1x1, 2 colors\012- data

Size

62
Hash

70515ac92cadd905fa8fecef584d0083

c50b7f0f44d82b3f7dc4aff73145371232b0f703

03901e6846adfc7d2216e031eab780e4605c70d24af897afda998c40b53a3d30

HTTP Headers

                                        GET /favicon.ico HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:02 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 13 Apr 2023 09:59:11 GMT
etag: W/"6437d26f-96"
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZM%2FPvQES54Qcb15RzvAnTKD1gsFDuJzRsc9QMlLN4QCZJlCxVy%2Bu7xaU1fgnMtNWhZslCuNkIkRj7C7Gb6Fl6Oc6VAb71mYdJVoRKmNYipiLKvdXwbvnl%2Ff6hxnv99YoIOc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b75b7076a9f1bfa-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

redrotou.net/zone?&pub=0&zone_id=5759760&is_mobile=false&domain=wildfungames.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest

139.45.197.251

200 OK

URL POST HTTP/2

redrotou.net/zone?&pub=0&zone_id=5759760&is_mobile=false&domain=wildfungames.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest
IP

139.45.197.251:443
ASN

#9002 RETN Limited

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Certificate

IssuerLet's Encrypt

Subjectredrotou.net

Fingerprint82:26:70:97:A6:64:2B:0D:51:75:05:03:52:AE:BE:EB:6C:F4:95:D6

ValidityThu, 02 Mar 2023 05:25:16 GMT - Wed, 31 May 2023 05:25:15 GMT

Magic

Size

0
Hash

d41d8cd98f00b204e9800998ecf8427e

da39a3ee5e6b4b0d3255bfef95601890afd80709

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

                                        POST /zone?&pub=0&zone_id=5759760&is_mobile=false&domain=wildfungames.com&var=&ymid=&var_3=&var_4=&dsig=&action=prerequest HTTP/1.1
Host: redrotou.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://wildfungames.com
Connection: keep-alive
Referer: http://wildfungames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                        HTTP/2 200 OK
server: nginx
date: Thu, 13 Apr 2023 18:19:02 GMT
content-length: 0
x-trace-id: b46dc19c839a9370709de4dbd3ac0e61
access-control-allow-origin: http://wildfungames.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

wildfungames.com/sw-check-permissions-93246.js

104.26.4.134

200 OK

293

URL GET HTTP/1.1

wildfungames.com/sw-check-permissions-93246.js
IP

104.26.4.134:80
ASN

#13335 CLOUDFLARENET

Requested by

http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768

Magic

Java source, ASCII text

Size

293
Hash

ec208c8136cd07ae2ba78fd5b53a3fc5

0619c767616df2274786ddd89dd1625199adc850

80a5a536319cdec5aa7e9bbc2417f3e548d890b8f37f529ffd38f52b9d4d7518

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

                                        GET /sw-check-permissions-93246.js HTTP/1.1
Host: wildfungames.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Moz: prefetch
Connection: keep-alive
Referer: http://wildfungames.com/land/rou?campaign=ThIi&utm_campaign=ThIi&web=1&tcode=plc0d0a27f4c5577bb6faadc111b2768
Pragma: no-cache
Cache-Control: no-cache

                                        HTTP/1.1 200 OK
Date: Thu, 13 Apr 2023 18:19:02 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
last-modified: Thu, 13 Apr 2023 09:59:11 GMT
vary: Accept-Encoding
etag: W/"6437d26f-236"
content-encoding: gzip
Cache-Control: max-age=14400
CF-Cache-Status: EXPIRED
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Kz%2BbfHA%2F8ah5MHMMcirDvrCMwpmvZnnJQ79%2F7gnqoDGj%2B9wCEd9CHr64zqoD93HM61bJdptaaDzNfwVO1Vh3MxalMofHmfvgy0MQpn7lGKc4rIZta%2BKq4FXytA8y478s3o%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7b75b70938c20afe-OSL
alt-svc: h2=":443"; ma=60

Report Overview

URL

IP

ASN

Submitted

Access

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (10)

#1 JS:Script (size: 3694)

#2 JS:Script (size: 2393)

#3 JS:Script (size: 120)

#4 JS:Script (size: 561)

#5 JS:Script (size: 11334)

#6 JS:Script (size: 6566)

#7 JS:Script (size: 41570)

#8 JS:Script (size: 89501)

#9 JS:Script (size: 84378)

#10 JS:Script (size: 301)

HTTP Transactions (19)

URL User Request GET HTTP/1.1

IP

ASN

Magic

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

Certificate

Magic

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

Magic

Size

Hash

HTTP Headers

URL GET HTTP/1.1