{"report_id":"7ed0293f-6b73-471c-a6f4-a6a2207cd803","version":6,"status":"done","tags":[],"date":"2025-11-20T11:36:43Z","url":{"schema":"http","addr":"i64cl3er5t.com/?serial=55273\u0026creative_id=186\u0026anid=w9skvid55dv0or9e3ft7osa0\u0026cep=3VagkZcMAtLcpl2lavbu7fUfkbfk0fWA1oWipa0EoZ43-DsTMjLZUmuPOBV7MkYXhnswMLAXwxSRUgopudB10wXDyCRx--394eV90j4rPfGbSIc0eDdMPNiDqwi5Gyo8IjCzY3voNkWIdxM7VGi2AUCplkgTTsRrOlzqXJYb1DtomSEXSeXYfL6L3gvBZsiJkhEgjsPPWN58FC2SNMp-qM7MY-GO5lLajEusoei39cnM3WAO8q-qJOquLKLk0m0WqLtxZy8fzD_XHPmEAP7NoC2awTR7ZcE9CIsIBJOAZ_qD_wz-x6Opc3p08zkigA82Up8LKD0fak84UrrtwbBUPiAALgKR0QcY4AuJ5HpFf3JLrpp6G0OXSDWprHgD2T9bVrUIVHrV499P9efABJzA1Q\u0026lptoken=17ab63d3641203975563","fqdn":"i64cl3er5t.com","domain":"i64cl3er5t.com","tld":"com"},"ip":{"addr":"104.21.59.16","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","fqdn":"2102.info","domain":"2102.info","tld":"info"},"title":"LEON","dom":{"size":5061,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"78eb556d0915e4e2fbdae1fe9a0e1146","sha1":"5d5553396bc4048e3b93c935bb78e62246e02439","sha256":"e7e90176059bc094d1ab194ce673a5299f1e612d7a36e61564b92f291a6e4120","sha512":"e934ebc321f932ecddade1307e3d043d2d991a34c7ad84a6c7adadec8d5a486dda8d825729a53ba68313d30b704d8f5dd6b93e672856cd806d438e1a577547ba","ssdeep":"96:ndjHeFTOkGNR9lBSEfhw4gI5gLoqzW4dRf1a:djHopGb9lIEfhw4gIk/B8","tlshash":"16a1233212a571930192e0c6ff238f0ed957ea0be91b4542b1ec0a871fc6d93ee2355d","dom_hash":"domhash54255b3c45d9d2e522df10e04bfd67a3","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"i64cl3er5t.com/?serial=55273\u0026creative_id=186\u0026anid=w9skvid55dv0or9e3ft7osa0\u0026cep=3VagkZcMAtLcpl2lavbu7fUfkbfk0fWA1oWipa0EoZ43-DsTMjLZUmuPOBV7MkYXhnswMLAXwxSRUgopudB10wXDyCRx--394eV90j4rPfGbSIc0eDdMPNiDqwi5Gyo8IjCzY3voNkWIdxM7VGi2AUCplkgTTsRrOlzqXJYb1DtomSEXSeXYfL6L3gvBZsiJkhEgjsPPWN58FC2SNMp-qM7MY-GO5lLajEusoei39cnM3WAO8q-qJOquLKLk0m0WqLtxZy8fzD_XHPmEAP7NoC2awTR7ZcE9CIsIBJOAZ_qD_wz-x6Opc3p08zkigA82Up8LKD0fak84UrrtwbBUPiAALgKR0QcY4AuJ5HpFf3JLrpp6G0OXSDWprHgD2T9bVrUIVHrV499P9efABJzA1Q\u0026lptoken=17ab63d3641203975563","fqdn":"i64cl3er5t.com","domain":"i64cl3er5t.com","tld":"com"},"ip":{"addr":"104.21.59.16","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-25T11:36:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"2102.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"landingpageslb.gcdn.co","ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"domain_registered":"2014-06-11","domain_rank":0,"first_seen":"2022-07-10T14:40:19Z","last_seen":"2025-11-15T14:55:12.967009Z","alert_count":0,"request_count":22,"received_data":1235602,"sent_data":10842,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pixel-us.r2drtb.com","ip":{"addr":"88.214.195.17","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"domain_registered":"2024-07-08","domain_rank":5001008,"first_seen":"2024-07-30T23:22:43Z","last_seen":"2025-11-14T01:20:03.311161Z","alert_count":0,"request_count":2,"received_data":1077,"sent_data":1108,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"2102.info","ip":{"addr":"94.237.118.177","port":443,"asn":202053,"as":"UpCloud Ltd","country":"Finland","country_code":"FI"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":5002,"sent_data":567,"comment":"","tags":null,"fingerprints":[{"name":"parallax.js","description":"Simple parallax scrolling effect.","website":"https://github.com/pixelcog/parallax.js","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"i64cl3er5t.com","ip":{"addr":"104.21.59.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-12-23","domain_rank":4837675,"first_seen":"2025-10-18T07:34:49.497184Z","last_seen":"2025-11-13T20:27:09.179587Z","alert_count":0,"request_count":1,"received_data":5802,"sent_data":982,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","fqdn":"2102.info","domain":"2102.info","tld":"info"},"ip":{"addr":"94.237.118.177","port":443,"asn":202053,"as":"UpCloud Ltd","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":true,"md5":"3e2dc1be80a7772fb33c26543f05ddb3","sha1":"eb7ed064bf76f56ada5c44130c172ba5134d2006","sha256":"0cbb930c9850ba102d96aaab5f293a861c78168c1746dbadd19a2abd9899ddba","sha512":"aa62182d78711d23a6a7ff98a4472f57f7053f5f77437c4c80055856bc14488db56cb5de713605e174dd35f4bc94397e30e8c7b329bf0a13088369d0031e061d","ssdeep":"","tlshash":"44e0689d32b7f6b00262a6ec1d5fd248983020073109d08cf64c67a16f83d1a8af5fac","size":415,"data":"","first_seen":"2025-06-02T01:36:43.718585Z","last_seen":"2026-03-16T00:12:12.901865Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/js/main.min.js?v=1","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"4c3619f1b0df69f61a4b722111044ad8","sha1":"41c495bd1c59eef851068eccf60029432ad7355b","sha256":"efb8ffb7397c5229c4faceb08fef3615cb4b9052a908e2075fa0bd5f1bcc2356","sha512":"b4ee702b7dfe2d4f0e75acc87cd92f0132e0797ab5c8902f87b82c15313a452c1b92e2c29600db685b1034afb604654d60ea02843cf66b142bd36e94bb5f8fe1","ssdeep":"","tlshash":"6d411164fc2835320af751fb59af528db63a20fd9485408468b4e8e24cf98ce4ec2f59","size":2181,"data":"","first_seen":"2025-07-09T04:47:50.361645Z","last_seen":"2025-12-04T06:43:07.386695Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel-us.r2drtb.com/pixel/js?auth=2kxsx1\u0026event=lpview\u0026uid={USER_ID}\u0026tid={TRANSACTION_ID}\u0026cur={CURRENCY}\u0026amount={DEPOSIT}\u0026affid={AFFILIATE_ID}","fqdn":"pixel-us.r2drtb.com","domain":"r2drtb.com","tld":"com"},"ip":{"addr":"88.214.195.17","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"52c8a2859ecea117f3271f86a1256440","sha1":"85d4cae6f4b5127f19af93424a304409410bdb96","sha256":"bf64189904f95b6a62ea6965c0d8a274b6a64c3b48c8c23575ddc749971d1bb2","sha512":"76f464e13746633da40dbeff27128d64e87cccb1cac982ce168e0d950ee3145ceecb888a5391042bc946d36509ac2a28e1fa9cea5aa35c6548901ff06a2e217a","ssdeep":"","tlshash":"5ff09e6d536c7e01516524677f32554c1c3542fa3f4948925c8c9da43499fcfb735cd0","size":474,"data":"","first_seen":"2025-09-18T11:41:10.237052Z","last_seen":"2026-03-14T09:31:59.349827Z","times_seen":39,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/bandit.png?v=67.84193329935711","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/bandit.png?v=67.84193329935711 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 232143\r\ntraceparent: 00-41c559b40fdaec2328d6abb52b724bb2-6eeeaad3455a9be8-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-38acf\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":232143,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 902 x 974, 8-bit colormap, non-interlaced","md5":"387c27ed4490fe401e250288d2e9cd3a","sha1":"d2b2ee8b2f741f1d40d1801c0f4b7b51bd610a78","sha256":"f04e31dfaccaf8be115d2cca48e06015fb2117282e2cf09524f29f3a4bcf648d","sha512":"4e1dfa6074d8cf4d90996ba96d1a3dc660d1b40ecc642fa16c8f48554a12a2f80e2a7d12e551e9f2806b4223724b84ec7af4f42e2b8f9d4687160495c9fc23ad","ssdeep":"6144:2LIeCNl2ZubPwgEaN0BlPzxXYxNfTkJOMJRX6FSWq:2wNcZuLwgdN03PzxXYxNQV3qm","tlshash":"2c3422020e3ff661de5d94954bf740fb13aaa142345b3e59aeb337968a34c4cba01762","first_seen":"2025-11-08T12:31:40.07969Z","last_seen":"2025-12-04T06:43:07.388615Z","times_seen":6,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":20,"dns":0,"connect":0,"send":0,"wait":37,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/popup/popup-1.png?v=65.90158819122831","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/popup/popup-1.png?v=65.90158819122831 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 43672\r\ntraceparent: 00-d7b2e8d95fe40fdd6e85780430b14a57-0ad8d269919f93b8-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:40 GMT\r\netag: \"688091bc-aa98\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345781\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43672,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 602 x 333, 8-bit/color RGBA, non-interlaced","md5":"0f1b7ea5581ae81278020b128a5ec65a","sha1":"b79ef8dfc28bc5783842b78caa2093e16c0e7f92","sha256":"ff02e2a01a8e709848d79ecc7f5c634605e4ad8b5c5adaa3b24fb36cde2d6c76","sha512":"8d271fa5a49c09693796778e19b9a044e0480710377602e9425b6775c0f5482d91b8352b624591026e0940b021a3f071b45064c7df64a7016af5f809ac230f63","ssdeep":"768:7GkHmjZpaETWK2KLpZEm9Yx67nGoDn7v3ylSZW6MjycZwZe9Y2ABXM4WbOhV6T6+:7Gumtpa5KngdCGk7vi4ZWNhcs7AB84W5","tlshash":"4a13f2517342908de5ea0a31d3204fda4bea6af49905983c0a338de69573bf5b006fde","first_seen":"2025-11-08T12:31:40.091277Z","last_seen":"2025-12-04T06:43:07.386109Z","times_seen":6,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":101,"dns":0,"connect":0,"send":0,"wait":10,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/fonts/UniSansBold.woff2","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:20.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/fonts/UniSansBold.woff2 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://2102.info\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://landingpageslb.gcdn.co/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 23344\r\ntraceparent: 00-476c91078ee6cefd97474441b298647f-54e730fc68fbbde0-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:38 GMT\r\netag: \"688091ba-5b30\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:20+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":23344,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 23344, version 1.0","md5":"b8f639241ddbdee32692e54cd999d8e6","sha1":"fb2b21bcd074301a836f55da27cdce9f59b56623","sha256":"ec4bd70634f7282ef39e69103f5e31d3ddde953b78c301f43878f9bd2b824193","sha512":"623d30ec865eeb4964eb2c8ee8020f45fa7de007090e702ef2d6eb894cfeadff61835da0f54fbedf1ddbe52f3cf895bef4814c97b4a1c910de6425b8e9393918","ssdeep":"384:hA2A3eYi/QKsjMCJbV3pMoOaszv5qfiJpqWRIZh9qy98d/3YJm:hhA3k/PiVMN9qfifVRIZfNG/3Yw","tlshash":"67a2d1b1f1a68e3be12758381fbb0d303c97e16134ebd95413124b7e9e814a46c6e6a3","first_seen":"2023-09-23T01:05:39Z","last_seen":"2026-03-16T00:12:12.896196Z","times_seen":15,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/css/style.min.css?v=67.62634815787447","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.873Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/css/style.min.css?v=67.62634815787447 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: text/css\r\ncontent-length: 19068\r\ntraceparent: 00-f2e891b57e3e193dc4c18f36a7cda16f-7ed22347beb32059-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:34 GMT\r\netag: \"688091b6-4a7c\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":19068,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19068), with no line terminators","md5":"6e4349200ace2c5923396878a0d440ac","sha1":"62cbf7b230552b64fe34729bb5a36567f9e868a0","sha256":"e3685edfc2687545ffed9ebe7d8390a566da957c4bcabd133be6ae16421133d0","sha512":"58a7b9ace19e6716c8b175e6e22f849aec08a386b9af73b488b0a14bf181302962191bfded9478b61e3cac0436093ae64e1d9b2038f74fb79717d2ed11670d54","ssdeep":"192:yjWVZalHztqcANDb2J3FCk1FHCA+FLBd46en54l46h46Kd1qBx5P5m:IK0jMK2d46Zl46h46Kd1qBx5xm","tlshash":"168243b34d012148d07f8d179bd86aa05538d632a53219ef36259a1ac7c37ee03bfa4f","first_seen":"2025-11-08T12:31:40.092161Z","last_seen":"2025-12-04T06:43:07.402101Z","times_seen":6,"resource_available":false,"data":null}},"time_used":147,"timings":{"blocked":42,"dns":5,"connect":1,"send":0,"wait":4,"receive":2,"ssl":87},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/circle-1.png?v=58.87039428520979","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.890Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/circle-1.png?v=58.87039428520979 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 200893\r\ntraceparent: 00-38fe65e24db529084ce0e6c49db34053-f058072c1dee0d05-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-310bd\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":200893,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 584 x 584, 8-bit/color RGBA, non-interlaced","md5":"a81c5cf004cc727516301204f8d2f74e","sha1":"e5ad46e6747e32d04998f0fbc1c4275124d32691","sha256":"36666a6b5843086705e446185af4c559e256ee5cebcf17d72eb3895b484b7ed8","sha512":"b7ef1679bbf24fbc55ac7e5ad2e66c8b70870c4475268030ad1890edc34aefa01bc1e77b9f794d5907af43d1de07ac9df85c952856c8d0385c93cd3200dfd931","ssdeep":"3072:j2CHTiFNthdBH1s10xdB+NlwXioXKmBNUzzt6Rz7114BtcbNBaM6U7+POqCPuxot:joNjcGL0lEioXKqNB7P4TMNIMnIeuxNa","tlshash":"45142291ed348926ab5ac4a332794ffdfd9d6474ed0c7ac2a01808384c3792b78f4799","first_seen":"2025-11-08T12:31:40.09294Z","last_seen":"2025-12-04T06:43:07.393417Z","times_seen":6,"resource_available":false,"data":null}},"time_used":77,"timings":{"blocked":26,"dns":0,"connect":0,"send":0,"wait":37,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/circle-2.png?v=88.69424163921742","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/circle-2.png?v=88.69424163921742 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 167466\r\ntraceparent: 00-3f3e2a1a715238c288144560640c8859-afbcf5f7f5b821f3-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-28e2a\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":167466,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 266 x 477, 8-bit/color RGBA, non-interlaced","md5":"8cdcd556eb2b301d7328becf72263365","sha1":"94ebe59b297d95d2b711ade7f12bd6237c266ca4","sha256":"a611d531217b3003e8173cbadbf37392c90ae1b36f5db0aa092611143f38f0e6","sha512":"43a81d36a57e105bbe227b0d4a92918075be4eafd6e55aee33ae68d8be82a087c1c7694ae3210aea73606bceb5f553aea23fc4f090ad6a3b08ab0c49c65483df","ssdeep":"3072:0cY2JnTk5ocy3RcdS/1jaC4Hcxpkqt3/Dt8OqVQkEOxyH3ZT+E2+LW:rMy3Rv/h5pkU3bGbVhEOG14+S","tlshash":"c9f312803b65067637cbe20e1f3631675464026863b6bc39f6c37278d360eeda5caa74","first_seen":"2025-11-08T12:31:40.086346Z","last_seen":"2025-12-04T06:43:07.40087Z","times_seen":6,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":22,"dns":0,"connect":0,"send":0,"wait":37,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/bg.jpg","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:20.683Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/bg.jpg HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://landingpageslb.gcdn.co/wheel_rubandito/public/css/style.min.css?v=67.62634815787447\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 76508\r\ntraceparent: 00-e1f6650de33edf4e172e3c012e333eb8-3bd35bfdfcd213c8-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-12adc\"\r\nx-id: osix-hw-edge-gc4\r\nage: 324513\r\naccess-control-allow-origin: *\r\ncache: HIT\r\nx-cached-since: 2025-11-16T17:27:47+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":76508,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3","md5":"1b05b62d5f89eef4d0606928f3574447","sha1":"f5f518cbd5928d68c9505d698c2797bd0caec707","sha256":"cd54f1fe8ad92e89ceeaf01610de558e1835d72513aaab7fa6b0eab9a8afbac4","sha512":"f0628afa9b28e29444c3e6932b030bfa92e6be3ae54a1764d3fd3b1022697ec04f4c7e6abd03ca43ee940d1987c8c7cbac71a10bd8ea1852f5f4402e3ef23056","ssdeep":"1536:M+6IT89GHCScx6QASFFQzjKVANnum3gTAzuga5iM275cwlzmti:M+6TINKSiFQOgn3gCuOlZl6ti","tlshash":"cf73021229ab233de9d84b70e4c4329c26e1223557bf8fa13862ec67b754712754ebc7","first_seen":"2025-11-08T12:31:40.097793Z","last_seen":"2025-12-04T06:43:07.389444Z","times_seen":6,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/fonts/UniSansHeavy.woff2","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:20.750Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/fonts/UniSansHeavy.woff2 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://2102.info\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://landingpageslb.gcdn.co/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 33496\r\ntraceparent: 00-1e61e4f11e60e0c43de3178f7617c753-2b9cfad882f497da-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:38 GMT\r\netag: \"688091ba-82d8\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:20+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33496,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 33496, version 1.0","md5":"84c82f03e7682d88953c7a403cabf8d6","sha1":"80a7dc6e6ba3813e60f69e7f47a0bbc7a615a412","sha256":"6fe959ba831e6c4b3230a81da96933b389e0372d1316d641cf0f53e6136eec88","sha512":"a1f764b6c6034ef18a240070d6f355f3440bd62a8ef34e5be09a44fef02054e366590b174528c5941ee73f8f6b96f7190601d34eed1775b135d560f2b1c47e45","ssdeep":"768:8Wid1b4wMYm+CXPE9Ct0hqMvYTfmLWHyHiCIrbXM25p1q:8WigPSCX+7vvY0CCWXd71q","tlshash":"92e2f12644cf90fa0cd639f78891350bd6da124be336ce18063852f15299a6f2c6d4fd","first_seen":"2024-12-09T09:15:10.550435Z","last_seen":"2025-12-04T06:43:07.401455Z","times_seen":9,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel-us.r2drtb.com/pixel?auth=2kxsx1\u0026event=lpview\u0026uid=%7BUSER_ID%7D\u0026tid=%7BTRANSACTION_ID%7D\u0026cur=%7BCURRENCY%7D\u0026amount=%7BDEPOSIT%7D\u0026affid=%7BAFFILIATE_ID%7D\u0026site=2102.info\u0026ln=en-US","fqdn":"pixel-us.r2drtb.com","domain":"r2drtb.com","tld":"com"},"ip":{"addr":"88.214.195.17","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:20.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2drtb.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 26 Jun 2025 00:00:00 GMT","end":"Wed, 08 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:48:15:25:D2:83:00:DD:7D:70:07:A2:B0:40:FB:88:E5:9B:C3:05","sha256":"59:30:1A:64:93:31:49:89:58:C3:C8:2E:88:12:01:02:54:8C:F0:86:A1:40:B7:58:E0:4A:3B:ED:8D:8F:9F:A0"}}},"request":{"raw":"GET /pixel?auth=2kxsx1\u0026event=lpview\u0026uid=%7BUSER_ID%7D\u0026tid=%7BTRANSACTION_ID%7D\u0026cur=%7BCURRENCY%7D\u0026amount=%7BDEPOSIT%7D\u0026affid=%7BAFFILIATE_ID%7D\u0026site=2102.info\u0026ln=en-US HTTP/1.1\r\nHost: pixel-us.r2drtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 20 Nov 2025 11:36:20 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store\r\nPragma: no-cache\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/favicon.ico","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:21.002Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/favicon.ico HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15086\r\ntraceparent: 00-25d7fbc2d6058b74b0b81c1d6dcc827e-9be10d0cb1237514-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:35 GMT\r\netag: \"688091b7-3aee\"\r\nx-id: osix-hw-edge-gc4\r\nage: 117291\r\naccess-control-allow-origin: *\r\ncache: HIT\r\nx-cached-since: 2025-11-19T03:01:29+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15086,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"ecebcab0b96abc2da79f44d0da0490e9","sha1":"8250bf86a63ce811202c759b101ec0b0783b7bae","sha256":"8e3de882262db91e0ec959cb5c6f432016747157c6fa46bfd61f78e00c6baab1","sha512":"f520ee3342303c2d13578d552e11447e6acc04e1f2fc5ac4f7bb0d44cf096d1bf18f0e1a77388f938dca71b7e18a17e3a014cd0556d7d1e10f221c2c218565af","ssdeep":"48:jXHyYB9rzIUuU0yfa0ZaBhmHvKlXjdQWREbCF2vCRVca1A0Ot5GRNOYlH:jXHyufIUuSa0RoeC0C33A0guOYlH","tlshash":"09620b0427a2cc19c108a639ce27cfbd1a29ae98bd92420b75d07f5b3db9752284729d","first_seen":"2024-12-09T09:15:10.556856Z","last_seen":"2026-03-16T00:12:12.901341Z","times_seen":33,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","fqdn":"2102.info","domain":"2102.info","tld":"info"},"ip":{"addr":"94.237.118.177","port":443,"asn":202053,"as":"UpCloud Ltd","country":"Finland","country_code":"FI"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T11:36:19.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"2102.info","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 14 Nov 2025 04:24:36 GMT","end":"Thu, 12 Feb 2026 04:24:35 GMT"},"fingerprint":{"sha1":"14:42:E9:32:8E:9F:28:82:E3:83:9A:69:82:8B:0E:8E:AC:1E:B9:D2","sha256":"E2:94:BC:7D:11:23:CA:81:61:6E:E0:59:2E:41:B7:8C:94:68:25:CC:E3:E3:06:3F:3D:A6:C1:33:BC:2B:2C:89"}}},"request":{"raw":"GET /traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0 HTTP/1.1\r\nHost: 2102.info\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.27.5\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: text/html\r\nlast-modified: Wed, 10 Sep 2025 13:03:44 GMT\r\netag: W/\"68c17730-12b2\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"parallax.js","description":"Simple parallax scrolling effect.","website":"https://github.com/pixelcog/parallax.js","common_platform_enumeration":"","icon":"","categories":["JavaScript libraries"]},{"name":"Nginx:1.27.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4786,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"b9cce0f375aa3831f3583071ca0a80dc","sha1":"6765a0f37c25f0050603b07e992c6d4c1a9278dc","sha256":"879320814b17bbe95e07e10f00d5795b973ec614e570c046c847ad9a0ca7ea59","sha512":"70551ecec6b5a8d1047eaecf961cc38afac396289c6ecb7c9865c4280f4701681946012815e9818791537245ac2c122d76a230a2a931a36210fd927d6b5573f7","ssdeep":"48:PsfpOR+zZQHeFTO6++xnqs+oS0px9lUOUUSEfOKw4TMIXM63YmgLYWKqzqplC:fjHeFTOcxq2R9lBSEfhw4gI5gLoqzWC","tlshash":"82a1123216b661a30192e0c6bf275f0ed997ea0be91b454271ec0a871fc7d93ed2350d","first_seen":"2025-11-08T12:31:40.084953Z","last_seen":"2025-12-04T06:43:07.395477Z","times_seen":6,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":67,"dns":27,"connect":13,"send":0,"wait":94,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-20","alert":"Sinkholed","trigger":"2102.info","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pixel-us.r2drtb.com/pixel/js?auth=2kxsx1\u0026event=lpview\u0026uid={USER_ID}\u0026tid={TRANSACTION_ID}\u0026cur={CURRENCY}\u0026amount={DEPOSIT}\u0026affid={AFFILIATE_ID}","fqdn":"pixel-us.r2drtb.com","domain":"r2drtb.com","tld":"com"},"ip":{"addr":"88.214.195.17","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.879Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2drtb.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 26 Jun 2025 00:00:00 GMT","end":"Wed, 08 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:48:15:25:D2:83:00:DD:7D:70:07:A2:B0:40:FB:88:E5:9B:C3:05","sha256":"59:30:1A:64:93:31:49:89:58:C3:C8:2E:88:12:01:02:54:8C:F0:86:A1:40:B7:58:E0:4A:3B:ED:8D:8F:9F:A0"}}},"request":{"raw":"GET /pixel/js?auth=2kxsx1\u0026event=lpview\u0026uid={USER_ID}\u0026tid={TRANSACTION_ID}\u0026cur={CURRENCY}\u0026amount={DEPOSIT}\u0026affid={AFFILIATE_ID} HTTP/1.1\r\nHost: pixel-us.r2drtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Thu, 20 Nov 2025 11:36:20 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 474\r\nConnection: keep-alive\r\nCache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store\r\nPragma: no-cache\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":474,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"52c8a2859ecea117f3271f86a1256440","sha1":"85d4cae6f4b5127f19af93424a304409410bdb96","sha256":"bf64189904f95b6a62ea6965c0d8a274b6a64c3b48c8c23575ddc749971d1bb2","sha512":"76f464e13746633da40dbeff27128d64e87cccb1cac982ce168e0d950ee3145ceecb888a5391042bc946d36509ac2a28e1fa9cea5aa35c6548901ff06a2e217a","ssdeep":"","tlshash":"5ff09e6d536c7e01516524677f32554c1c3542fa3f4948925c8c9da43499fcfb735cd0","first_seen":"2025-09-18T11:41:10.237052Z","last_seen":"2026-03-14T09:31:59.349827Z","times_seen":39,"resource_available":true,"data":null}},"time_used":1840,"timings":{"blocked":840,"dns":51,"connect":149,"send":0,"wait":102,"receive":0,"ssl":692},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/elem/el-2.png?v=17.36000902636734","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.903Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/elem/el-2.png?v=17.36000902636734 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 5084\r\ntraceparent: 00-27f05b4ddd7e9ac560f12ce38b86313f-bc79acef9571b086-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:39 GMT\r\netag: \"688091bb-13dc\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5084,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 220 x 390, 8-bit colormap, non-interlaced","md5":"9338f3a0d60e5d93ae68105e17acca09","sha1":"43042e6859dd33ce622ed62226241b5ecf56e77d","sha256":"50267258db56ed1c2835d4fc5648288cbc3579a30098df2bac8e9ab980f692ff","sha512":"2d397a0e4f6b6a00f5f87f504dd7af73e8116f9f77e76d2f432b2cce2cbb38623dd11aaf156893d626039e298909f584b5f7ba90032d8e653aa85b6fc8557e91","ssdeep":"96:DoIdLX+nn+F53nCAoGTEQx5BzqZoBE7v/EUWpmqsz/AE2B5pM:EqPFwGTES9qCE7nEUImH/AEW6","tlshash":"eca18fb3df92a808e6692fb0fc591e053323d11452e3d1e676dd319adb7e6319140d23","first_seen":"2025-11-08T12:31:40.08709Z","last_seen":"2025-12-04T06:43:07.394133Z","times_seen":6,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":37,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/elem/el-3.png?v=4.070684169448424","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.905Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/elem/el-3.png?v=4.070684169448424 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 7722\r\ntraceparent: 00-4257105e6e30b26528d8a2973e962542-01be291c6d9bb034-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:39 GMT\r\netag: \"688091bb-1e2a\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":7722,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 174 x 160, 8-bit colormap, non-interlaced","md5":"ada67db2a3d535321ca41363114230fb","sha1":"5dcda6065f3c69bee8cab71efef0fa1a236b9ce3","sha256":"2db4f07c22d37fd5eefc7ff87f1b7942113179c0d9bb0fb4563fa47634ef37fd","sha512":"d29bf85e422b2d9b8ee54134c4ba40fe79b1abd8b355e57765ab858e6900625bc9798e1a8480fe834de7d81150d67c4cf6c39417046880f6bec404f896db1a95","ssdeep":"192:vQg77kC1HaMZn0pXL8PzrgHqoCMwaKsWntFgX1zif:vR7B1HN0dL8PhzaKVvH","tlshash":"aaf1bec1f7dc40a6de4809ab1583a79c7eb1aaf667439af8bf900c514c92845fcb390d","first_seen":"2025-11-08T12:31:40.097011Z","last_seen":"2025-12-04T06:43:07.39634Z","times_seen":6,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":13,"dns":0,"connect":0,"send":0,"wait":37,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/elem/el-4.png?v=23.2709302348727","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/elem/el-4.png?v=23.2709302348727 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 3368\r\ntraceparent: 00-5d4220d49a2c7c224c43b49fc5e2cdc8-66ccc10a2a41fa78-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:39 GMT\r\netag: \"688091bb-d28\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3368,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 132 x 74, 8-bit colormap, non-interlaced","md5":"863922991c89876699cbc47ca93e5318","sha1":"18e5ddba92ac63334232a8a5bab292c347634a54","sha256":"017744b885c77adafac4e4dc32550757b3f1db3aa6d87a69e5db2d28544d3345","sha512":"b81520a002ee13a0acb009bb2ba83935be3b063271d033c1e23c07fde09582fc2e33905832d35d8fa6cd29deaab54ffed2f2d7487e34f4747e97a44c098782c7","ssdeep":"","tlshash":"19616cf95e3858fac2b9971095ba58b11612c2efb45884d0c868c90d57f3fcf485ca63","first_seen":"2025-11-08T12:31:40.094581Z","last_seen":"2025-12-04T06:43:07.385469Z","times_seen":6,"resource_available":false,"data":null}},"time_used":111,"timings":{"blocked":11,"dns":0,"connect":0,"send":0,"wait":37,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/popup/popup-2.png?v=70.70338021721581","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.911Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/popup/popup-2.png?v=70.70338021721581 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 84860\r\ntraceparent: 00-9f739390ee4fa8d29401b2df1903969b-1c0662cec8c36992-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:40 GMT\r\netag: \"688091bc-14b7c\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345781\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":84860,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 725 x 807, 8-bit colormap, non-interlaced","md5":"38b8c93de6276d0345cfa2a3d4bf2a05","sha1":"6265e5e15b9d68fd8dedaec2973272d5187f458f","sha256":"9a41cd21fbd39d94994316c9cf0768b422b76905c5676bdf94c09b4e4bc2a5ec","sha512":"de734e32043e0a70e40ab8f69b3a432b3c105daba318fb2adadaa3b2138858389f2d8cf97ff35ff378d549f7cd3b535bd83b23c69017fd787b0b3c52495d8e0f","ssdeep":"1536:DOuWJnImNkwqq/7VznrgzbWzDWEGhEOqWxiJt6PFx91Uk8ZqiIL3DuzEO/EfRq7C:/WJhk07VP3zDehoWQWdx91UdqJW7iRqW","tlshash":"a78312bbdadcdccee815c13bc44a85fdcc2637fb4b1b87161da402172da4894d34a5a2","first_seen":"2025-11-08T12:31:40.078795Z","last_seen":"2025-12-04T06:43:07.394883Z","times_seen":6,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":108,"dns":0,"connect":0,"send":0,"wait":13,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/fonts/UniSansRegular.woff2","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:20.698Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/fonts/UniSansRegular.woff2 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://2102.info\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://landingpageslb.gcdn.co/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 22868\r\ntraceparent: 00-17f25c8cf8728c5318384b1ea58085b8-3fe1f580149dbceb-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:37 GMT\r\netag: \"688091b9-5954\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:20+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":22868,"size_decoded":0,"mime_type":"application/octet-stream","magic":"Web Open Font Format (Version 2), TrueType, length 22868, version 1.0","md5":"2154cd1f7e162812689691d41baf2ba7","sha1":"e9ccbd3c97955f292a85be4a0231f82d0750bf46","sha256":"ee38a6cfa0f1a18dafe507759c7f3b9c7f78bc6f617f81d6032dfc6c9eccf465","sha512":"e6897aa66d95d3fa2d84596d506a7ef5a108030295a119cf0d3cbf6bded60993565c88e841b678274f8be2d7a7c9753bccba59374017d173a764a357584844ae","ssdeep":"384:SES4BG0QaQPPbSr+A1O8rH1r0XczeUneluC/v1buubTpvl22583Pq6hLH8UivG:VScGlPuqA08rHN+2Cl3/g4cCqPqSLcUL","tlshash":"bda2e14db2b4209cea4f14be777ca4832485436e16ca5129bf391eeaec337af5d02508","first_seen":"2023-08-09T07:15:39Z","last_seen":"2025-12-06T14:37:24.942417Z","times_seen":15,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i64cl3er5t.com/?serial=55273\u0026creative_id=186\u0026anid=w9skvid55dv0or9e3ft7osa0\u0026cep=3VagkZcMAtLcpl2lavbu7fUfkbfk0fWA1oWipa0EoZ43-DsTMjLZUmuPOBV7MkYXhnswMLAXwxSRUgopudB10wXDyCRx--394eV90j4rPfGbSIc0eDdMPNiDqwi5Gyo8IjCzY3voNkWIdxM7VGi2AUCplkgTTsRrOlzqXJYb1DtomSEXSeXYfL6L3gvBZsiJkhEgjsPPWN58FC2SNMp-qM7MY-GO5lLajEusoei39cnM3WAO8q-qJOquLKLk0m0WqLtxZy8fzD_XHPmEAP7NoC2awTR7ZcE9CIsIBJOAZ_qD_wz-x6Opc3p08zkigA82Up8LKD0fak84UrrtwbBUPiAALgKR0QcY4AuJ5HpFf3JLrpp6G0OXSDWprHgD2T9bVrUIVHrV499P9efABJzA1Q\u0026lptoken=17ab63d3641203975563","fqdn":"i64cl3er5t.com","domain":"i64cl3er5t.com","tld":"com"},"ip":{"addr":"104.21.59.16","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-20T11:36:19.079Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"i64cl3er5t.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Oct 2025 19:47:20 GMT","end":"Thu, 22 Jan 2026 20:45:03 GMT"},"fingerprint":{"sha1":"46:B0:98:F2:9C:14:0A:91:57:F9:AB:A1:CA:CB:F4:30:10:B0:43:79","sha256":"B6:25:AC:7F:45:4F:44:5F:46:31:B2:AC:D2:F2:B1:85:B3:D8:06:C2:F1:EE:17:EA:5A:DB:1C:80:72:52:06:25"}}},"request":{"raw":"GET /?serial=55273\u0026creative_id=186\u0026anid=w9skvid55dv0or9e3ft7osa0\u0026cep=3VagkZcMAtLcpl2lavbu7fUfkbfk0fWA1oWipa0EoZ43-DsTMjLZUmuPOBV7MkYXhnswMLAXwxSRUgopudB10wXDyCRx--394eV90j4rPfGbSIc0eDdMPNiDqwi5Gyo8IjCzY3voNkWIdxM7VGi2AUCplkgTTsRrOlzqXJYb1DtomSEXSeXYfL6L3gvBZsiJkhEgjsPPWN58FC2SNMp-qM7MY-GO5lLajEusoei39cnM3WAO8q-qJOquLKLk0m0WqLtxZy8fzD_XHPmEAP7NoC2awTR7ZcE9CIsIBJOAZ_qD_wz-x6Opc3p08zkigA82Up8LKD0fak84UrrtwbBUPiAALgKR0QcY4AuJ5HpFf3JLrpp6G0OXSDWprHgD2T9bVrUIVHrV499P9efABJzA1Q\u0026lptoken=17ab63d3641203975563 HTTP/1.1\r\nHost: i64cl3er5t.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlocation: https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0\r\nserver: cloudflare\r\nx-frame-options: SAMEORIGIN\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-download-options: noopen\r\nx-permitted-cross-domain-policies: none\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: no-cache\r\nx-request-id: 0b862bbf95192098898e628a6ee84d05\r\nx-runtime: 0.032020\r\nstrict-transport-security: max-age=0; includeSubDomains\r\nvary: Origin\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OyAXeQ6rVieILqZZXOLx%2FlHTVDC20RWXH7ykewy9UvDTqeMeezUERhnJy0u1T%2FMwxCMLNYF2%2BSgrIqhIEV%2BbSaKanBR6U5dL7swfsUoa\"}]}\r\ncf-ray: 9a17a61f8c745fac-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4786,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":279,"timings":{"blocked":52,"dns":6,"connect":4,"send":0,"wait":175,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/wildlogo.png?v=27.410905406520648","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.886Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/wildlogo.png?v=27.410905406520648 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 39538\r\ntraceparent: 00-9269a275fddcbcf728e0d8b5c62e39d0-90114b4d936a809e-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-9a72\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345781\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":39538,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 444 x 265, 8-bit colormap, non-interlaced","md5":"ecf5daa3c5470d27f76c4ff872ac7da3","sha1":"e4f0fe1024c92010e71df967037c78e289c3ea0e","sha256":"6d01eb70e5f9fd14f6c880ed62bd78f9760f11c548dcad125c69475a29b0edfc","sha512":"ac2510125e6f71c29735c5c754f8cb3b7fd26d48d22a364a94583d99a749d61247964454b6679d319516ec24c5a3033977b8a3565b6d3b05a8e5c7ca3e4650ba","ssdeep":"768:3hnUMO35F6v/jJpdatwq/bTeMz4xAWP9ds0aWLK:3hnUhb6vbJpdatwGTeMz4xZPX9aWG","tlshash":"fa0302e961e07f2d74bae4edbc44902c0758a41a32739eb35232de1c165e2719367f71","first_seen":"2025-11-08T12:31:40.096183Z","last_seen":"2025-12-04T06:43:07.398583Z","times_seen":6,"resource_available":false,"data":null}},"time_used":152,"timings":{"blocked":133,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/circle-bg.png?v=29.029768708406188","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/circle-bg.png?v=29.029768708406188 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 230311\r\ntraceparent: 00-f8858a2c6ec66a77fc1c96d869522282-91eb817d5995d91d-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:35 GMT\r\netag: \"688091b7-383a7\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":230311,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 809 x 689, 8-bit colormap, non-interlaced","md5":"5e516a8834f79f583728ecd69abff837","sha1":"e4f8ab950a582e704f1ea99f295abb770a708db7","sha256":"98c2641f42d57c0e814eb4a9f4345dce4c83ceef89192e169320ab1939aa5daf","sha512":"0eb7b6828a542ad8e104c95497374f4e6658354039e1230d98e40056eca7b76e19c7253eac872c8811e1cfbd6d9faf9695729480e5e5f6da7a7b6a107903f23b","ssdeep":"6144:7hJeqFCn0Fg6b7O4L2nL9JokcABh0XyOf3ms59b5yoQWCbr0s:7hJ1k6GjnL9J1dTs3msN+0s","tlshash":"8e3423b99b7c25fd58ce944cc49035850f99f4953b2a01c29acef636aeaf00fb40cd5a","first_seen":"2025-11-08T12:31:40.085695Z","last_seen":"2025-12-04T06:43:07.392842Z","times_seen":6,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":7,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/elem/el-1.png?v=60.54092442472345","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/elem/el-1.png?v=60.54092442472345 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:19 GMT\r\ncontent-type: image/png\r\ncontent-length: 6670\r\ntraceparent: 00-077b18c6e4dca52b1324dbf422dda13f-bff7c424a404d0f8-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:39 GMT\r\netag: \"688091bb-1a0e\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345780\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6670,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 137 x 184, 8-bit colormap, non-interlaced","md5":"3f1747c65c01dc76cd0742ed361af9e9","sha1":"99fc42e4d305b009a8ddd40e16a41ea063472156","sha256":"41ace5d00a9866259b12eea03a052d3b5c9bcc2daa8d5b799fb87daf1f44ec0d","sha512":"79516e72e0851e869f9dafe7aa9929ed388bfa4f958e3ea06a2cb59835e0197573ad29ef47fcb54b271e7775459b4640f59ecf5f5985e02679f5c3b178486b52","ssdeep":"192:vTIxeaQnUuylH3SKm15bLE3UJ1WpQIygQdKDe8mIFfMEaaNHUPGS3lo:vJmlsb8+W4zkS+yapqW","tlshash":"16d18e820940502aee34063747abdd1a7476f70ae7a37ac794a38f5379943232e651d5","first_seen":"2025-11-08T12:31:40.093707Z","last_seen":"2025-12-04T06:43:07.399136Z","times_seen":6,"resource_available":false,"data":null}},"time_used":110,"timings":{"blocked":18,"dns":0,"connect":0,"send":0,"wait":37,"receive":55,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/elem/el-5.png?v=45.71912609743636","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.908Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/elem/el-5.png?v=45.71912609743636 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 4592\r\ntraceparent: 00-687e4b7fb0a6dcd6b1cb61843d863cee-3d212f527475baf8-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:39 GMT\r\netag: \"688091bb-11f0\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345781\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4592,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 115 x 282, 8-bit colormap, non-interlaced","md5":"c148c6a30a0c303d442c0330705dfe59","sha1":"d6dc4fe4321d2913a2bfb23ca6b9d9eff2c9169a","sha256":"e8488ae2bccf1b4f7b49f34086dcc63db1d56de655660aa24c05d9abcaa46612","sha512":"e8ac1ca830c2dbb5595497ebabcff40cd134f891b4847ffecaca49785a8a6ff1798276ee754a9abb856e848ba1b2853a6279f6e700420f1a4163eb81ed0f4652","ssdeep":"96:z8e4ATWJIHJZ26x1a8SwCnXPde1VBrqZQp0ZnNwTInMXBOg4/1f8hvz:zNv2C26x1a85eXwYZA0Zn+TxT4dG","tlshash":"05918cc36748817274e07e7c4aad123a476f1f494a26ca678d2c744932f3c0727b1d01","first_seen":"2025-11-08T12:31:40.090454Z","last_seen":"2025-12-04T06:43:07.396901Z","times_seen":6,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":101,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/js/parallax.min.js","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.912Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/js/parallax.min.js HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: text/html\r\ntraceparent: 00-3a6de5b49a9e9524db8f1ea0403b4baf-a601481ee6aca0d5-01\r\ncontent-encoding: gzip\r\nx-id: osix-hw-edge-gc4\r\ncache: MISS\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":309,"timings":{"blocked":107,"dns":23,"connect":1,"send":0,"wait":30,"receive":0,"ssl":129},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/js/main.min.js?v=1","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/js/main.min.js?v=1 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2181\r\ntraceparent: 00-3b9108a838bd00440c62dac5f04d0309-ba037d1c0b0fe7a2-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:34 GMT\r\netag: \"688091b6-885\"\r\nx-id: osix-hw-edge-gc4\r\nage: 324513\r\naccess-control-allow-origin: *\r\ncache: HIT\r\nx-cached-since: 2025-11-16T17:27:47+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2181,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (2181), with no line terminators","md5":"4c3619f1b0df69f61a4b722111044ad8","sha1":"41c495bd1c59eef851068eccf60029432ad7355b","sha256":"efb8ffb7397c5229c4faceb08fef3615cb4b9052a908e2075fa0bd5f1bcc2356","sha512":"b4ee702b7dfe2d4f0e75acc87cd92f0132e0797ab5c8902f87b82c15313a452c1b92e2c29600db685b1034afb604654d60ea02843cf66b142bd36e94bb5f8fe1","ssdeep":"","tlshash":"6d411164fc2835320af751fb59af528db63a20fd9485408468b4e8e24cf98ce4ec2f59","first_seen":"2025-07-09T04:47:50.361645Z","last_seen":"2025-12-04T06:43:07.386695Z","times_seen":11,"resource_available":true,"data":null}},"time_used":298,"timings":{"blocked":107,"dns":23,"connect":1,"send":0,"wait":18,"receive":0,"ssl":128},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/btn.png","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:20.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/btn.png HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://landingpageslb.gcdn.co/wheel_rubandito/public/css/style.min.css?v=67.62634815787447\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/png\r\ncontent-length: 5937\r\ntraceparent: 00-da4a6e052c3b1647db43ab8faf941f7b-b2f8d798ac189c31-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-1731\"\r\nx-id: osix-hw-edge-gc4\r\nage: 324513\r\naccess-control-allow-origin: *\r\ncache: HIT\r\nx-cached-since: 2025-11-16T17:27:47+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5937,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 350 x 90, 8-bit colormap, non-interlaced","md5":"a518e6dd2c9a3c892ed7cb515d9a3b60","sha1":"54268e821b79639e38fabf48399567dd5ab4acb8","sha256":"cda29462c4db038eb0194a582f0840cf43963d1202194b85c4e8f50defa61918","sha512":"18f6f8f2082512eee8129846e852ac74e9f8e7a39e34aaf0c59d9b7c6cade4e5ac3ccfaf61b13978b2836bbf44cf628826f8b839da92156fdce84cbd008ccafb","ssdeep":"96:EiQ866hywyG7+yS7FHI0iCFqZLtxRvMGDQtfhLya5Ip1QLIo4QhNDtk0+Di5Jwr:ZCwyGiyS+0n0ZLtDv+yKIp1Qs3ytCt","tlshash":"dac19efb7e995dce58685f4aa214d7b16aad10c1ef4ec024f34324864eac8d3843896a","first_seen":"2025-07-09T04:47:50.341865Z","last_seen":"2025-12-04T06:43:07.390007Z","times_seen":10,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"landingpageslb.gcdn.co/wheel_rubandito/public/img/logo.svg?v=54.85252846486337","fqdn":"landingpageslb.gcdn.co","domain":"gcdn.co","tld":"co"},"ip":{"addr":"185.244.209.62","port":443,"asn":199524,"as":"G-Core Labs S.A.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://2102.info/traff/ru/bandito_wheel/index_volum.html?qtag=a34309_t55273_c186_sw9skvid55dv0or9e3ft7osa0","date":"2025-11-20T11:36:19.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gcdn.co","organization":"G-Core Innovations S.a.r.l"},"issuer":{"commonName":"DigiCert Global G3 TLS ECC SHA384 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 14 Jul 2025 00:00:00 GMT","end":"Fri, 14 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"31:C3:DA:25:B0:1F:33:33:70:56:0C:EA:55:D2:CE:7E:B6:E4:8C:71","sha256":"17:C0:97:35:7B:85:89:7F:7C:67:5A:29:D2:64:8E:CE:C3:78:A2:23:B5:1B:87:3D:D1:C6:DC:C7:3A:04:1C:CB"}}},"request":{"raw":"GET /wheel_rubandito/public/img/logo.svg?v=54.85252846486337 HTTP/1.1\r\nHost: landingpageslb.gcdn.co\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://2102.info/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Thu, 20 Nov 2025 11:36:20 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1583\r\ntraceparent: 00-61e8a03db61dc34b83237f6b93d8cf19-42a1acfbbc09aa52-01\r\nlast-modified: Wed, 23 Jul 2025 07:39:36 GMT\r\netag: \"688091b8-62f\"\r\nx-id: osix-hw-edge-gc4\r\nage: 345781\r\naccess-control-allow-origin: *\r\ncache: STALE\r\nx-cached-since: 2025-11-16T11:33:19+00:00\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1583,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"d8672e954a0ff31d95124d9e2fa90eaf","sha1":"e7b412bc7ca9a47f449cfb60f187c1d0fe6a6b33","sha256":"8888a631459933fda25c74f4c2397fb316b84d8d13662a4e52d1538d53b7cb66","sha512":"095d8f7929f61c7b764895d1b9d005172cd3b89180b75342adeded5d5caf3513ac6c2242f1ee44b6052fa8771b47008c00bd056c6a5042b2fc8b3a9c2adea027","ssdeep":"","tlshash":"d53153190b2a1d7e69958f5f92f052c93378605f77e183fcc3a2676fa5067b04890a5c","first_seen":"2023-11-04T20:35:07Z","last_seen":"2026-03-16T00:12:12.890785Z","times_seen":30,"resource_available":false,"data":null}},"time_used":154,"timings":{"blocked":137,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}