Overview

URLpricesandwinners.com/es/tar/sur5box-395/62-chronolimited/a/star
IP 172.67.72.253 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2023-01-27 09:22:40 UTC
StatusLoading report..
IDS alerts0
Blocklist alert5
urlquery alerts No alerts detected
Tags None

Domain Summary (0)

No passive DNS data

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2023-01-27 2 pricesandwinners.com/es/tar/sur5box-395/62-chronolimited/a/star Malware
2023-01-27 2 wildfungames.com/land/rou/js/propeller.min.js Malware
2023-01-27 2 wildfungames.com/land/rou/js/default1.js Malware
2023-01-27 2 wildfungames.com/land/rou/js/winwheel_game.min.js Malware
2023-01-27 2 wildfungames.com/land/rou/js/confetti.js Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected

ThreatFox
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 172.67.72.253
Date UQ / IDS / BL URL IP
2023-03-13 00:05:08 +0000 0 - 0 - 2 pricesandwinners.com/benl/tar/sur6box-750/62/ 172.67.72.253
2023-03-05 01:06:32 +0000 0 - 0 - 2 pricesandwinners.com/benl/tar/sur6box-750/62/ 172.67.72.253
2023-02-05 21:10:01 +0000 0 - 0 - 1 pricesandwinners.com/benl/tar/sur6box-750/62 172.67.72.253
2023-02-05 05:13:10 +0000 0 - 0 - 1 pricesandwinners.com/benl/tar/sur6box-750/62 172.67.72.253
2023-01-29 17:06:27 +0000 0 - 0 - 5 pricesandwinners.com/benl/tar/sur6box-350/338 (...) 172.67.72.253


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-03-25 16:39:56 +0000 0 - 7 - 1 lp.easy-fitness.online/frsms8/ 104.21.12.74
2023-03-25 16:39:31 +0000 0 - 1 - 1 local-fuck-finder.com/cevpb6b/?utm_campaign=1 (...) 188.114.97.1
2023-03-25 16:39:25 +0000 0 - 2 - 15 tracking.t0r4.com/click?pid=740&offer_id=1072 (...) 104.21.19.241
2023-03-25 16:39:21 +0000 0 - 2 - 2 zmgainsurvey.top/ 172.67.159.108
2023-03-25 16:38:48 +0000 0 - 2 - 0 s3.romsfast.com/WII-U/Shantae%20-%20Half-Geni (...) 104.21.9.80


Last 5 reports on domain: pricesandwinners.com
Date UQ / IDS / BL URL IP
2023-03-13 00:05:08 +0000 0 - 0 - 2 pricesandwinners.com/benl/tar/sur6box-750/62/ 172.67.72.253
2023-03-05 01:06:32 +0000 0 - 0 - 2 pricesandwinners.com/benl/tar/sur6box-750/62/ 172.67.72.253
2023-03-01 22:03:19 +0000 0 - 0 - 1 pricesandwinners.com/benl/tar/sur6box-750/62 104.26.11.115
2023-02-26 06:04:31 +0000 0 - 0 - 2 pricesandwinners.com/benl/tar/sur6box-750/62 104.26.11.115
2023-02-10 02:05:24 +0000 0 - 0 - 2 pricesandwinners.com/benl/tar/sur6box-750/62/ 104.26.10.115


Last 5 reports with similar screenshot
Date UQ / IDS / BL URL IP
2023-03-25 04:05:41 +0000 0 - 0 - 4 wildfungames.com/land/rou?campaign=ThIi&utm_c (...) 104.26.4.134
2023-03-19 08:15:03 +0000 0 - 0 - 4 wildfungames.com/land/rou?campaign=ThIi&web=1 (...) 172.67.70.29
2023-02-20 07:56:03 +0000 0 - 0 - 1 premiumprizeplace.com/it/tar/sur3box-250/9 104.26.2.153
2023-02-19 18:56:06 +0000 0 - 0 - 2 placebonusextra.com/gb/tar/sur3box-650/15/ 104.26.14.156
2023-02-19 18:54:54 +0000 0 - 0 - 1 placebonusextra.com/it/tar/sur3box/291-chrono (...) 172.67.72.193

JavaScript

Executed Scripts (10)

Executed Evals (1)
#1 JavaScript::Eval (size: 80) - SHA256: df93bd4decb420efd2f7cf2f567ecddf449e7caafef6721a1a0ea931280d62df
(() => {
    const a = async
    function name() {};
    window['d1pbsrpqbti'] = true;
})()

Executed Writes (0)


HTTP Transactions (40)


Request Response
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16140
Expires: Fri, 27 Jan 2023 13:51:29 GMT
Date: Fri, 27 Jan 2023 09:22:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "EB783CFA8C8544B0574B345ABC0BF3C150979D4EFCE1A013F17B6CD48076FC63"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3932
Expires: Fri, 27 Jan 2023 10:28:01 GMT
Date: Fri, 27 Jan 2023 09:22:29 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 27 Jan 2023 08:35:19 GMT
age: 2830
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    dcd75ca6daca51c5e39d431468511793
Sha1:   07f76d3bf23d65c9110d810fa71a994e39e085d3
Sha256: 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11222
Expires: Fri, 27 Jan 2023 12:29:31 GMT
Date: Fri, 27 Jan 2023 09:22:29 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: amwZqQbDgCr7s2E+nv5zvwrKWMwxVEVtZPioSYCrPm2x/EOsDAVXp8lrqf0AbWXm5Df/PzMW+hY=
x-amz-request-id: GCSW73NRC20A8X0K
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 27 Jan 2023 08:49:21 GMT
age: 1988
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    7b922915ebf1fa3639b333f994c74f24
Sha1:   144a3f80b98fd0652d4614f24cf6cbbee40f8938
Sha256: adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 27 Jan 2023 09:22:29 GMT
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /es/tar/sur5box-395/62-chronolimited/a/star HTTP/1.1 
Host: pricesandwinners.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         172.67.72.253
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 27 Jan 2023 09:22:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
location: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MmAmGnHedSzHKSUgzX%2BA21mve0giNjQVS8EtgratwuXAVGOMVvb3zc47lPwWaJDOHQ9h7MtY9HltetC4Sxiwu8atbA%2FNOqQNYTFhqFCzvy49OVAL1l0ld0QV7AY5kcpXScwdMgme"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 79006c948e4fb4f7-OSL
alt-svc: h2=":443"; ma=60


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "F4D3AF11A74AEB973483FCFB78CF07B6BD2CCD7E255FA9419CE8746DDB4FE6DE"
Last-Modified: Wed, 25 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1571
Expires: Fri, 27 Jan 2023 09:48:40 GMT
Date: Fri, 27 Jan 2023 09:22:29 GMT
Connection: keep-alive

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         35.241.9.150
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Last-Modified, ETag, Expires, Backoff, Content-Length, Cache-Control, Alert, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 27 Jan 2023 08:41:40 GMT
age: 2450
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /land/rou/img/spin_Roulette00.png HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
content-length: 12991
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: "63d27a7e-32bf"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Oeb10CSm%2BaI6QIazTcBeDmbowGw3BUnjS42RI8hUBoQstUJOF8MdInlN7d%2FUEaG8mAfqZlFJsxT02tuOMiOqGF9OzmqFKBI4rF%2B5HPqMt7P4RKQ16UVoiBiIuXZINjzAvNE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9ac94cb4eb-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 170 x 190, 8-bit/color RGBA, non-interlaced\012- data
Size:   12991
Md5:    834a8095777aee926381dd13a5a8b3ab
Sha1:   c0f06099eea950232f33e02355d84dda44a6e35e
Sha256: 589d62b11a4171fb3a9b7c97b6963447601e36f8c2dcb36370dce75f5bd9687e
                                        
                                            GET /land/rou/img/spin_Roulette01.png HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
content-length: 43403
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: "63d27a7e-a98b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQkXBjhCKgUysO52BT7q5HMV13cdM%2F7ZP9Qe1Odugmj90RDGXjFEQ36pXz2txrVG46bBONgZigB%2BKPkDHVF8XSYmpdkTHz7y2rZ0LgU2oYALMeviLOpbtexn2a40UrtCPvo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9ac94eb4eb-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 540 x 540, 8-bit colormap, non-interlaced\012- data
Size:   43403
Md5:    6e422805365b1b64d8da6b0d29ae8c69
Sha1:   37d523943fb63f409cd9a6da32fb5d7663a692da
Sha256: a0c05360734297aae902dc48ed95cd7d3d3f818897f111c54aae6f042428b665
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17060
Expires: Fri, 27 Jan 2023 14:06:50 GMT
Date: Fri, 27 Jan 2023 09:22:30 GMT
Connection: keep-alive

                                        
                                            GET /land/rou/img/spin_Roulette03.png HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
content-length: 1316
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: "63d27a7e-524"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HLm5O3wxFF9n0LmCenahmd8Ju52aGykGw7PlkB4GBkQrt%2FMzjM6EzlHfY5bbNiQAkKYZNGBXQ2XmNRfpSKJCSc1rT5gM8e4eZwLLG1nJ%2Bekr4TW3IjyofcbBOaUqPjeYJTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9ac954b4eb-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 269 x 138, 8-bit/color RGBA, non-interlaced\012- data
Size:   1316
Md5:    5e45d498bdb0b010e058b92e5d5097ac
Sha1:   8a1b41ef4c12fc85b4e4c7d28e3fcf48774054f7
Sha256: 9e860a039b138a3e94b704ff4aae7896c678d88d3c5e1ab2d08e3af5ceecdee6
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5357
Cache-Control: max-age=121047
Date: Fri, 27 Jan 2023 09:22:30 GMT
Etag: "63d2b8c0-118"
Expires: Sat, 28 Jan 2023 18:59:57 GMT
Last-Modified: Thu, 26 Jan 2023 17:30:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /jquery-3.6.0.min.js HTTP/1.1 
Host: code.jquery.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         69.16.175.10
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
content-encoding: gzip
content-length: 30875
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15d9d"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1674811350.dop205.sk1.t,1674811350.cds253.sk1.hn,1674811350.cds210.sk1.c
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65447)
Size:   30875
Md5:    899f0189aaf034bbba5340f724d91dfa
Sha1:   210ea9de03968edb9d839ba4a0ce2d48666a8ab8
Sha256: 949b6597c5ea907a7ef3c8ca6d5ffc73be2352f9df485b78704e5c4dabac5d0f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5357
Cache-Control: max-age=121047
Date: Fri, 27 Jan 2023 09:22:30 GMT
Etag: "63d2b8c0-118"
Expires: Sat, 28 Jan 2023 18:59:57 GMT
Last-Modified: Thu, 26 Jan 2023 17:30:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 5357
Cache-Control: max-age=121047
Date: Fri, 27 Jan 2023 09:22:30 GMT
Etag: "63d2b8c0-118"
Expires: Sat, 28 Jan 2023 18:59:57 GMT
Last-Modified: Thu, 26 Jan 2023 17:30:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /land/rou/img/spin_bg_desk.png HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou/css/default.min.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
content-length: 110359
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: "63d27a7e-1af17"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=57ahlhOlAadh8Y91X6QQMcynhaIEaQZwPrO2rI1srrM68eB8VFWjfIn%2F1qH1IiLig1VL92QcfjgF7jqSXQJbI7raRcvsOt3iieKe7YIUhRHu9WObKbk1XwopASS0MdGTQhU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9baad0b4eb-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 870 x 650, 8-bit colormap, non-interlaced\012- data
Size:   110359
Md5:    eafcb5a49ddbee590cfe266b1b0c8820
Sha1:   254de127e096c137b1a8c8e62cf3c96b7c6492e5
Sha256: da07ed253e14bcf56880e11d0eddb2276a7da9b4f679d49fb17976b97b81172b
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "69D27D77D1DA3A5408B1BBFAFE7BC3616CFFE1197440FFFB755CADE5D2AB05D1"
Last-Modified: Fri, 27 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15364
Expires: Fri, 27 Jan 2023 13:38:34 GMT
Date: Fri, 27 Jan 2023 09:22:30 GMT
Connection: keep-alive

                                        
                                            GET /land/rou/img/spin_Roulette02.png HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
content-length: 35051
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: "63d27a7e-88eb"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6090
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=byDP3th6y5nNPnHlUf5soF9Z1YaqFTODpaleasBjgXId%2BPpiMI85lPVFo%2FWDp1lTwcKV5%2FNdHfxlBZfy50hEV8KpyxQVq5co9A0OeMyi3uYRxCBXbq12Ye6FqubJ8JnTHm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9cac69b4eb-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 434 x 434, 8-bit colormap, non-interlaced\012- data
Size:   35051
Md5:    320aa52aa7ccfde051920d20967e0baa
Sha1:   7a6dc94d3aa311664e94d1259322f081b2f074f7
Sha256: 673f4069c0d4e4e256cd84e482cfc0e60fa76547aa6f62578b3f47c60299d4c1
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: inJ4T04sclpWYGjSMqss2Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         34.212.129.45
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: TetggoaFQs2J6zGV8PfxAk3hg4s=

                                        
                                            GET /land/rou/js/propeller.min.js HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: W/"63d27a7e-2c46"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7155
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G0pA9IXlirMF%2BL7rnsCWkan2pxfmXQXBjroVVAc4YPkyqnnGrGgrs1tp4bkHuMMMWWNgZqcbs0WJqXx%2BrJ2irtMsKN0PdVsjmTdpgKjmawVW6JZlkTGIummsWKczBV8zAcY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9aa936b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (11334), with no line terminators
Size:   3377
Md5:    376f072163701766da03ae6f235edafc
Sha1:   8b97463ee3c10bf8347fca559e237af264c5f282
Sha256: 2fc3c5fd110c857357c8da43ce8e18d9f8c3c9f87e1d26c1c9af2c8fc1c07fc0

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6811
Expires: Fri, 27 Jan 2023 11:16:02 GMT
Date: Fri, 27 Jan 2023 09:22:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6811
Expires: Fri, 27 Jan 2023 11:16:02 GMT
Date: Fri, 27 Jan 2023 09:22:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6811
Expires: Fri, 27 Jan 2023 11:16:02 GMT
Date: Fri, 27 Jan 2023 09:22:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6811
Expires: Fri, 27 Jan 2023 11:16:02 GMT
Date: Fri, 27 Jan 2023 09:22:31 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6811
Expires: Fri, 27 Jan 2023 11:16:02 GMT
Date: Fri, 27 Jan 2023 09:22:31 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb781854-72d1-4a71-a095-0416f886f570.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7538
x-amzn-requestid: 113924cc-a196-4dbd-91d9-68c213265afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e3fobF-ZoAMFjjA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c61302-6b24941a642b22cf21e47dc0;Sampled=0
x-amzn-remapped-date: Tue, 17 Jan 2023 03:16:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2P09wOtKPDHjxxAuzcLFMQJwmGN1zNJcH9LA6IJpeaGiaPVRF4y-TA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 caf6806821bc479b28a6f1ce3043b8a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 05:20:00 GMT
age: 14551
etag: "ffb2035cf64fc83f01db5c6f26ffa264b6aac95b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7538
Md5:    131eb343c5abd61939457d69bd371348
Sha1:   ffb2035cf64fc83f01db5c6f26ffa264b6aac95b
Sha256: 8486eb9dc6325018f8721bc6f37408f260b6e652b145280f2d778d860d3ec2d5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47dfbf8f-d762-4550-83d7-2992a8c8fe66.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 12508
x-amzn-requestid: 68787c38-72fe-4d8a-9521-aeb9efa56b05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fBYWyGIHoAMF-LQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ca075e-1ee9488d2dd0437728beac94;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 03:15:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0lNizMpeWOcOlokaaW-WB7LXRReZwaFfPE38C-SmsS_PbxJPhcRYfw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 15:21:30 GMT
age: 64861
etag: "235bf4642e726bb6a303fe1b69238e2e973414cb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   12508
Md5:    bad60daf652c598a06510ff955137b69
Sha1:   235bf4642e726bb6a303fe1b69238e2e973414cb
Sha256: d655c5ac17274a30a89c31674e14dc9c1b6bc39bfff94db1c9ff0d8006bb673b
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbccadbe9-ae35-4a03-bf17-9342e0629c81.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4272
x-amzn-requestid: 90778100-cfb9-46c5-b75d-caafc1fdbae9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fEMjeEB1oAMFl8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb27af-5743a4b077fde951558d49bd;Sampled=0
x-amzn-remapped-date: Fri, 20 Jan 2023 23:45:51 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Ev8Pkhb87rHNaINJOl0VO5ze6SbLktZjmFANNbIOnVs74H8saNsmOg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 12:34:55 GMT
age: 74856
etag: "f90c205f370a2426dffe3c21b24bfa551b385556"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4272
Md5:    6e96f3ea585b5fa8ed6446ed16e2b4b2
Sha1:   f90c205f370a2426dffe3c21b24bfa551b385556
Sha256: 6967ba25887f87200fcb39a3e6f065fd27596b2ebcf0d33a2751c655d6e724f2
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6418a71b-f89d-45d1-bc77-36d6312f560b.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5943
x-amzn-requestid: 6774f4a4-ed83-49df-868f-4517c2af914b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fUXxNF2UIAMFlYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d1a007-75b1e8975c3f4b503e0a1c5b;Sampled=0
x-amzn-remapped-date: Wed, 25 Jan 2023 21:32:55 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: KY05WKpINERD5g9o2QLYdsNMSuuy_YKn2Tl7Qkn7YaAOaPTDfLteeA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 21:49:48 GMT
age: 41563
etag: "4d825b74865effa4a858ddcad1d0969671facc07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5943
Md5:    ba0a42dadf6a976df148f652e9cc1844
Sha1:   4d825b74865effa4a858ddcad1d0969671facc07
Sha256: 7276a38c9ba6b13a06f24ab8b802f210f98c5541df53fbcd8e879a14d2957d95
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F16430244-f45f-4aea-a8a8-2b1f37fa80ef.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5737
x-amzn-requestid: 23239d1f-0228-4722-b826-40dc8c9a4af2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVzDbEacIAMFZtA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d23215-1604c24e272fbb657b9925cc;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:56:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -_8PZoms7W6Lvw__KsoTwL_CzjfyWChzoSWDc9yCk9zCR8cTs87oNA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Thu, 26 Jan 2023 16:31:35 GMT
age: 60656
etag: "a342f94625e913fa6b8d862a59979f1e3ad80dd1"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5737
Md5:    5e7158416f60576804ccff03307319fe
Sha1:   a342f94625e913fa6b8d862a59979f1e3ad80dd1
Sha256: 5c525df7d169cc7e033d920c11f4a0163a781c025a22b70530882b56964a9a52
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F52a1f3b3-38ab-4f58-ad1a-ca4c9f82503e.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6394
x-amzn-requestid: 215e6698-30e7-45b0-8f8f-96a05c5f6992
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fOirZG1doAMFW_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf4b15-3e1bec6759816cf84467339b;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 03:05:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: tG3T0HguJWldw-LJ9SJSuuUT4ubLCWViwQFB-dZhNfEswMEexb7Tcw==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 04:26:09 GMT
age: 17782
etag: "50510052f0e22e23f747c761d57cdf72910ac533"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6394
Md5:    1695371c247eedad65b4cac82f01215d
Sha1:   50510052f0e22e23f747c761d57cdf72910ac533
Sha256: aadde426229f04f6a489b87d6949a485b19d4fd035cb244b6094549efc08013f
                                        
                                            GET /npm/bootstrap@4.6.0/dist/css/bootstrap.min.css HTTP/1.1 
Host: cdn.jsdelivr.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wildfungames.com
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.16.86.20
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 4.6.0
x-jsd-version-type: version
etag: W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
x-served-by: cache-fra19138-FRA, cache-cdg20754-CDG
x-cache: HIT, MISS
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 11267914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kkxw%2BeDptInteAv5wPIMyo0LgqPg%2BGRV8ug1oGX9ci1iTieP474CLZhCOBZBcEq2Z08G0qCv5x7Hgcs0eut03eKcMmC7MSwwqUFAsAWJFd3nd027Iuw%2BCo2HBr3B%2FJXkIYk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79006c9b3fdc0afa-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /pfe/current/micro.tag.min.js?z=5578843&sw=/sw-check-permissions-cb761.js HTTP/1.1 
Host: beevakum.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.197.250
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Fri, 27 Jan 2023 09:22:30 GMT
last-modified: Thu, 26 Jan 2023 14:02:57 GMT
etag: W/"63d28811-a02e"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
cache-control: max-age=3600, must-revalidate, public
x-content-digest: enebdca5f1b2afb02985ff7ebf59915315
age: 0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1P11Qkw0kmraEfmSxjQFuJBFHPYriNUFECmEwiEupYkxv5wLjZtQwCq4hahL%2B8jz6qyih5LO9luSwFKkzADExUQJhmM88Wnwpqp5rEVnl%2FY5cmrXXGWpN8QKl18F%2Bs7wWfw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79006c987e06b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /land/rou/js/default1.js HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: W/"63d27a7e-b0b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mev8C7JnoEo65lxkRsEaJQKzs2HvECpZYDRahTF8%2BzwdwGATmgGep1jLY42zuogLI18mcztuskRxp7ONe6TQ%2F5KTdABGLt2tJCbI3kXXnrZ5ZrW%2B8YrG3vgguMRqxAvALY4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9aa93ab4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /land/rou/js/winwheel_game.min.js HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: W/"63d27a7e-f0c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ehJmeOJ%2FwwLadtrCD3vzpmiodqL%2FSt2xCyYfE2tpckWV1NARbpHUaigvJ0G1JHfpN%2FcVvn70bmSuYahQTYUOqivuINNeYvDmle16w8bhdFb2UEwGurC2hVaDpNCVsrzMOm8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9aa938b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /land/rou/js/confetti.js HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: W/"63d27a7e-19a6"
cache-control: max-age=14400
cf-cache-status: HIT
age: 6091
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=buDQjZgH7jB3%2Fs7mEewdebgRXmdpI%2B4WtOa6XIgFRYQPX6qfo3%2Ff9tAzcEDkfFc%2F4xfGCi1hcRnQhEgzk%2F8AvjeqAqiRvDeL6fQXM7mFEmmOInsUMS4WQKQqHthqG984tmA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9ab93db4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /land/rou/css/default.min.css HTTP/1.1 
Host: wildfungames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://wildfungames.com/land/rou?campaign=ThIg&web=1&utm_campaign=plc0562781cd0db0d2fd7ee7f87f9fbf
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         104.26.5.134
HTTP/2 200 OK
content-type: text/css
                                        
date: Fri, 27 Jan 2023 09:22:30 GMT
last-modified: Thu, 26 Jan 2023 13:05:02 GMT
etag: W/"63d27a7e-1184"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7153
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=456gwRC60A28FG6KHODlJuoqdd4TxrXexfaSu8N9DeaSRXsqW%2BVdG%2FX41J3hzIekiJDaBdAZ9R9uI29o1y8MCzohtvbT79ehn88rwYrgxiI%2BF7R3EHDkIR%2FW7L3esYQLbOc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 79006c9ab940b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---