GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-2.png
200 OK 5.6 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-2.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 197 x 197, 8-bit colormap, non-interlaced
Hash 1c3032de06564aacd1f4bfe5115f07c1
9d11d857e9c28c9a27aefb6075f8d15dafb6b1fa
5c700de031dbc96da397fcb54d2604ab94aed0073eeec27d5e7000bf621ead9e
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/coin-2.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 5583
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "1c3032de06564aacd1f4bfe5115f07c1"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _J--ixj_bpfxwlaNXh-XwssbM_ErCj5Tzx4AKTHz3EUq8J9-1xeJpw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/bundle.js
200 OK 121 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/bundle.js
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (57286), with no line terminators
Size 121 kB (120788 bytes)
Hash f2471b35862ab1bc8039e7c2f1309e94
656cc4acd7be1692c4fc86ded035aeeb394ea5ee
e9aedf2c6977f0aeccb0d548546964b75825024ad379648f49c276d0e37da099
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /bundle.js HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/javascript
content-length: 120788
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "f2471b35862ab1bc8039e7c2f1309e94"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KPulTWQkCGJRREY_NfBoOXJytQN5MXQ7A0Z6W-QrBa-Dj8L1n-xuWg==
X-Firefox-Spdy: h2
GET wss://127.0.0.1:5902/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ukbSbD4hTAjWuG9BtUZlKQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
POST f.pudaf.com/p
200 OK 137 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash 03d2a2b4f8884c76d52ed2b9514333f2
8547e6dcc563f6dbdfcad6b044ce12ab497dedf0
1dbf23938531fe8303254315f7af95829f41e79d0008c3d9fc28c063fc59308c
POST /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/html, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Content-Type: application/octet-stream
ak: vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE
si: 5bb357ddb09e40caa88b2431c8417586
ri: 88cf8e848aa04518bd556fbaf49f7135
x-ctr: xembdZwQZaMHRUcgusQ7UQ
Content-Length: 8907
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json
content-length: 137
date: Tue, 10 Jun 2025 04:19:58 GMT
accept-ch: sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors
access-control-allow-origin: *
access-control-max-age: 43200
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
x-trace-id: 381d28df6ed7dec0936e15d3ca1e7442
etag: 6847b26e150a872b288e2864
last-modified: Tue, 10 Jun 2025 04:18:18 GMT
x-cache: Miss from cloudfront
via: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 9KNBU3SuUuXAR3WvpOGxCs-4732l5VYrhLmN00nVDfxuyaBMYSvg-g==
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.4.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.4.min.js
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 641dd14370106e992d352166f5a07e99
eda46747c71d38a880bee44f9a439c3858bb8f99
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
GET /jquery-3.6.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15ec3"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 10 Jun 2025 04:19:52 GMT
age: 4882987
x-served-by: cache-lga21953-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 104614, 269838
x-timer: S1749529193.663354,VS0,VE0
vary: Accept-Encoding
content-length: 31011
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/4.png
200 OK 11 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/4.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 179 x 205, 8-bit colormap, non-interlaced
Hash d8f7a7d2d70b8041c29683aa39a53ded
9b4fe8bd2320217e835f10fe4c6bf2b7d4135398
d2f425d5da391fae9ded98a21f8fea1c4f0e9cb09fa5b7cb336cda913a9af1a6
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/4.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10595
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "d8f7a7d2d70b8041c29683aa39a53ded"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Z2R0sy5ka5UWoBvd3BxWX-79JMA4zCeYsStd3biDpxHqNPWum7BGAw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-4.png
200 OK 5.4 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-4.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 201 x 201, 8-bit colormap, non-interlaced
Hash 4b58fefa888ade7b7bdbf9a62d996d54
a20932cfc810d18aafd9b5069bfe9c43b7f1dc5c
97f4301e5fddfc6009cb79dc467808c231dd857e222a48dad698fdecb3214d5b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/coin-4.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 5424
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "4b58fefa888ade7b7bdbf9a62d996d54"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 77G-9N_gyO3HJBe6Hi1FXiDPPmHTjXSEblGN6yqqhUI4LEWTL1Usag==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/form-mummy.png
200 OK 20 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/form-mummy.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 245 x 245, 8-bit colormap, non-interlaced
Hash 03971039be5815f56b50e8643e0313ea
47f4261ba8921df2536290885e3797c9550e1c01
06b78ddee40a7e790d3c00e10e7bed587b0cfea8adfb187c804ab91db49c643b
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/form-mummy.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 20062
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "03971039be5815f56b50e8643e0313ea"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zxXGq4yotDkpFVzeOiMwqAPJlcoUmBvOnjOWsgQuHiEqr22nTpz8Eg==
X-Firefox-Spdy: h2
GET wss://127.0.0.1:6039/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:6039
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: IXplqs0+XyaEM0KNiXQAWQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wss://127.0.0.1:5903/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5903
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: K6tq32+KdKBrDbMMaHAb8w==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/arrow.svg
200 OK 150 B URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/arrow.svg
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 1769d032c59a411c017a6d0329fcf359
b504bb4c1900da900e4118eb9cd1ab3620c3665f
03ac3d438693bec4b6cb2570cf1d16d2e6146fcc47fddbc48b717b36b9645cc5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/arrow.svg HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 150
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "1769d032c59a411c017a6d0329fcf359"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: nMOfdI-3B-tv0qVNs4Ksw5DEvPgDxFe9p7oMAMTn8kQs2umlpaK0xw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/wheel-btn.png
200 OK 6.1 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/wheel-btn.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 152 x 152, 8-bit colormap, non-interlaced
Hash ea31480b6f8a0e4e2e4f598501d5faca
cf374c9360df5dc3ebebd1e5820c0dc64ef956f6
f9117126dbd34abd397b44c27e91f229f1684f551a5ecd1a30ace10ba9e52d5d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/wheel-btn.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 6100
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "ea31480b6f8a0e4e2e4f598501d5faca"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zHxruglA4WB68WCEWFGt9VH2kNuoUkR7VcQ4w_W5Dff19XALIU06ng==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/logo/logo_casino.svg
200 OK 9.7 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/logo/logo_casino.svg
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 6ddf171694231590e4476225f6dd7030
25dd0f1af3784d25279b405b1cd04be1e9b1fbee
a5e9250b23598712d9e595e9e34be1c79a22da830f31481e7f46d3d1b58df242
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/logo/logo_casino.svg HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 9739
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "6ddf171694231590e4476225f6dd7030"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zPebcD2_9TJ0uVuXI9_GpVVazl7evIcGyuyRJOSbKIavIdArM871uA==
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/js?id=G-DPE8XS53LM&cx=c>m=45He5650v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104684208~104684211~104698127~104698129
200 OK 381 kB URL GET www.googletagmanager.com/gtag/js?id=G-DPE8XS53LM&cx=c>m=45He5650v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104684208~104684211~104698127~104698129
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
File type JavaScript source, ASCII text, with very long lines (6004)
Size 381 kB (380974 bytes)
Hash a3c1e98fce45637eed7b954e73b5ee52
3faf26fdebbff1fe7b0a81acec2fbafa5c03b1ec
1cdba64b27349c3c214456735ebc2e712b2c9a07bcc966eebb47ef5af891b638
GET /gtag/js?id=G-DPE8XS53LM&cx=c>m=45He5650v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104617979~104617981~104653070~104653072~104661466~104661468~104684208~104684211~104698127~104698129 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 10 Jun 2025 04:19:55 GMT
expires: Tue, 10 Jun 2025 04:19:55 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 128062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET unpkg.com/web-vitals@5.0.2/dist/web-vitals.iife.js
200 OK 5.9 kB URL GET unpkg.com/web-vitals@5.0.2/dist/web-vitals.iife.js
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint6A:50:E9:D4:F9:DB:BA:3A:76:D2:D3:E2:A2:6D:16:12:07:9D:D4:DA
ValidityTue, 29 Apr 2025 07:12:06 GMT - Mon, 28 Jul 2025 08:12:03 GMT
File type JavaScript source, ASCII text, with very long lines (5850)
Hash 8e91e35b53216d67bae84f3aea08f382
7f8f5cb5e91a14219677db53f1fed4fe78ab8dc9
59232ad2436efe87cad2003f8aa6e04897645ac02c48348c2014d0ecfacab6a5
GET /web-vitals@5.0.2/dist/web-vitals.iife.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 10 Jun 2025 04:19:55 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 94d612c2af58b4f7-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 511337
cache-control: public, max-age=31536000
expires: Wed, 10 Jun 2026 04:19:55 GMT
last-modified: Thu, 29 May 2025 12:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 fly.io, 1.1 fly.io
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-expose-headers: *
content-digest: sha256=:WSMq0kNu/ofK0gA/iqbgSJdkWsAsSDSMIBTQ7PrKtqU=:
cross-origin-resource-policy: cross-origin
fly-request-id: 01JWDZZ132PHR9XG6QPC1AAMZK-ord
x-content-type-options: nosniff
priority: u=3,i=?0
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET wss://127.0.0.1:5939/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5939
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: WEbomE3FDrZe7xBWmkErBw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
OPTIONS f.pudaf.com/p
204 No Content 0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ak,content-type,ri,si,x-ctr
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Tue, 10 Jun 2025 04:19:58 GMT
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
vary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-headers: Origin,Content-Length,Content-Type,if-none-match,x-ctr,ak,si,ui,ri
access-control-max-age: 43200
x-cache: Miss from cloudfront
via: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 7XhBxbtYefgDSZ40ibSu7RIHqXj60ZqMxxzCEEm8cVAOFtZScIPusw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
200 OK 46 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type ASCII text, with very long lines (46304), with no line terminators
Hash b187af8ac23ee27bc199d72ebf0e926f
4a442f11e6ea60d96de8bd7bb56028f66bac15db
5dc00527e447910b97ae6f6e8e868f1ba5731a11cd89d71d248a7a632c8b2235
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /main.css HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
content-length: 46304
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "b187af8ac23ee27bc199d72ebf0e926f"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: KaX4H_Ag7Eq57mvgAeUZL6jnefOCaHgRV72LfLCTCXtYUHj0MV9mqg==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/header/lang/kazakh.png
200 OK 6.5 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/header/lang/kazakh.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 135 x 90, 8-bit/color RGB, non-interlaced
Hash 1ffa8281a12464862ccd3d844d2d2a78
14215ced72bc705a71d98d3c322bd322750d464b
78ad555d048af744e4c383fc00ff851b738ae84a48df2af6abc02581d17a7d13
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/header/lang/kazakh.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 6521
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "1ffa8281a12464862ccd3d844d2d2a78"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bhkif8oSuyNd8LeAlRUA3HOqNza6Q4Lnn9ObF06_6Ygrda8eXZJzcQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/header/lang/kazakh-russian.png
200 OK 651 B URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/header/lang/kazakh-russian.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 32 x 24, 8-bit colormap, non-interlaced
Hash 1648c980a380ac4be58791d45c82d5a9
f2c7aa8df57e3b53a0cbaa32031da6b38fc04479
307bcd15270bd7523fee2c844cfb1de6cbedc01bbe63c4067f9573fbd9744cda
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/header/lang/kazakh-russian.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 651
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "1648c980a380ac4be58791d45c82d5a9"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bZz8Lkma1x0WalsWvQ5RBPqwU12u0V9pJ59f3Ng31hWituD8XbajoQ==
X-Firefox-Spdy: h2
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMPd7kFtk7btyjXRrPvRVpDns7ObvhQIcoMljPohrZu1cXXabr0mYjj1qFUvk28XxGzV4JPTQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308484625%3A1749529195589888
403 Forbidden 0 B URL GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMPd7kFtk7btyjXRrPvRVpDns7ObvhQIcoMljPohrZu1cXXabr0mYjj1qFUvk28XxGzV4JPTQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308484625%3A1749529195589888
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintB1:06:D8:49:F1:03:BE:43:D7:79:D9:25:25:FE:92:54:6C:93:0B:54
ValidityMon, 12 May 2025 08:44:47 GMT - Mon, 04 Aug 2025 08:44:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMPd7kFtk7btyjXRrPvRVpDns7ObvhQIcoMljPohrZu1cXXabr0mYjj1qFUvk28XxGzV4JPTQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308484625%3A1749529195589888 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 10 Jun 2025 04:19:55 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3EPuRamPvwz766nQ55JcBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.google.com/tools/feedback/help_api.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.google.com/tools/feedback/chat_load.js https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.l6QsJgyEyPU.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET wss://127.0.0.1:6040/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:6040
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TmvnNWJAaeCQ7oJcQ4o+tQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-5.png
200 OK 5.5 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-5.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 206 x 192, 8-bit colormap, non-interlaced
Hash e9a98e4c16f68e36d8aad816bb75f893
a979b2205093721460e5ccc7def7b4e72e84ceac
500e2ccc482e0b28700c6c608071cd907b3580bf70426fc894073278d860cd00
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/coin-5.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 5476
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "e9a98e4c16f68e36d8aad816bb75f893"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: hmuL1zuIm5jITnPd8TacMm3aSJybSw1LQkg8Z48Q6CL1M-sMThN7Qg==
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtm.js?id=GTM-NZ4GX8TW
200 OK 314 kB URL GET www.googletagmanager.com/gtm.js?id=GTM-NZ4GX8TW
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint10:76:57:2F:C3:21:F2:5F:71:E4:85:A5:DB:F7:65:3F:51:03:55:07
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
File type JavaScript source, ASCII text, with very long lines (9371)
Size 314 kB (314138 bytes)
Hash 8ee467e67dedf21b63b0cb1d59178744
71af736db0948ed759ccbee3524dfe715aa9e94e
f895440f5e6b64a48a57a83670283dc56f8a52db8916d1f68b2e44c41d8e5888
GET /gtm.js?id=GTM-NZ4GX8TW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 10 Jun 2025 04:19:53 GMT
expires: Tue, 10 Jun 2025 04:19:53 GMT
cache-control: private, max-age=900
last-modified: Tue, 10 Jun 2025 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 105354
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2
200 OK 66 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 65992, version 1.0
Hash 2222f1fd23aa2c08af158311d680ac4a
713bc1f45391eb8c40ce868ba938737a881057b1
6f62f51295d471a285e41bf8063c23b6046ee2770a5c0baa55a5a7ed04251d22
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2 HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 65992
x-amz-id-2: u32pTPM72FyGVI9XttvZzdUGx9PCtRccVxx87dbdlUS62zIoc3lzm2Zo8HSlYuC3R4MxqJ/+Yt8=
x-amz-request-id: DN73KWXH9JMHQWSF
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "2222f1fd23aa2c08af158311d680ac4a"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zPxAvVCHCs2to0gs27Ngh54L4DY5hR7279-eG-0ahelIPqwqN4rGXg==
X-Firefox-Spdy: h2
GET wss://127.0.0.1:3389/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:3389
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: fmabH+noUyvjsPH9dwERhw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wss://127.0.0.1:5944/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5944
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XN5qtsDEYluAldLnLrJDqA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-1.png
200 OK 8.9 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-1.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 271 x 271, 8-bit colormap, non-interlaced
Hash 846bc1a061ae70c7bcdd6f986883e104
c933f2fe363e5b9a4cc575dd378a31d87ba53a43
307800ae2946140bc22bf14348214411f276dad28d86e820f8fa7f1e960abbd3
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/coin-1.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 8939
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "846bc1a061ae70c7bcdd6f986883e104"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UOe0tMe5IwBOSXua1uwTc8NCWD-kTlZ9Ly_ZEYicKHHLpO5CWrbQOw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/wheel_sprite-kz-ru.png
200 OK 61 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/wheel_sprite-kz-ru.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 691 x 690, 8-bit colormap, non-interlaced
Hash c1516beda3b3525d6eeda63190625874
86704ebfbef6540932039734b1013581429e5f99
3d84a31880e1432f2bf432587efdbf40487996c779f91577b28e98567147a1a7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/wheel_sprite-kz-ru.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 61273
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "c1516beda3b3525d6eeda63190625874"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: OI-tQ2HTiESc1Sb1-dsGwSWxCpSg2Q683YivIiPSAPjIJ1HoWVxgJA==
X-Firefox-Spdy: h2
HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
200 OK 0 B URL HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subject*.g.doubleclick.net
FingerprintCB:D6:DD:24:49:A1:05:33:C4:D6:0A:04:6A:88:75:11:64:1B:56:6D
ValidityMon, 12 May 2025 08:42:57 GMT - Mon, 04 Aug 2025 08:42:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Tue, 10 Jun 2025 04:19:55 GMT
expires: Tue, 10 Jun 2025 04:19:55 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 5943962022313769979
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53688
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 0 B URL GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintB1:06:D8:49:F1:03:BE:43:D7:79:D9:25:25:FE:92:54:6C:93:0B:54
ValidityMon, 12 May 2025 08:44:47 GMT - Mon, 04 Aug 2025 08:44:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:CFuCYtd9uNkrLuJmcm4kFj1nBTF5ng:Og-oGZFlh7daxi1E; Expires=Thu, 10-Jun-2027 04:19:55 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 10 Jun 2025 04:19:55 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOc2Widzfbp5MXhLavh1CV4UjSnFx8sNBrjOeF_C1ucMhyYoC-xROqqFX4nbSzYy57MpTxQuQ
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-Eb3bXPZX5rWE-rHBvFfMhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Bold/Roboto-Bold.woff2
200 OK 66 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Bold/Roboto-Bold.woff2
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 66008, version 1.0
Hash 4f2b2ed2943d4b19496951f01c843bf0
2cabd488734129a6545cf27cb6bb723c72948a48
a92a15c6431fb6fd648c9f01ec50b848100fe0e566cd2c0641d89fc3a523d079
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/src/fonts/Roboto-Bold/Roboto-Bold.woff2 HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 66008
x-amz-id-2: sa4TIXceC1V5j+hhWPWiIcGg4gXRCm89m4nKKBrDLLRDSzCIOVolh35r8zIh4hjACSCc5ufvaFBNlm0QuwThTcet3GzK7mx2RlOuWIzuUd4=
x-amz-request-id: DN70JNM5T0QKMG5M
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "4f2b2ed2943d4b19496951f01c843bf0"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yykr_vTxLE5lagSaYfIv0M_Ht7i0o3ARLUKk__i3QnFdTRHNd0zOXg==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Black/Roboto-Black.woff2
200 OK 64 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Black/Roboto-Black.woff2
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 64168, version 1.0
Hash 995731878f1aa1552cc781ebc70878cd
6dbb4a53616cc14ef1879c98465be3977c43f85d
5b6a369db6c5c529261b8df91d073bcddb752136fd9799d6fb10015bf79ae7c1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/src/fonts/Roboto-Black/Roboto-Black.woff2 HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 64168
x-amz-id-2: nEbeUdBhOTz1rb2kP+vhUEFCce1am5iCzTDX9EQ+qTupwHJawrkIYMlHVdrXDa0fdHIll3ic00c1vOPu/f0M44Vnk//vPkqAKIwNU+bF0go=
x-amz-request-id: DN76Q0GWQYK9QH8P
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "995731878f1aa1552cc781ebc70878cd"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XtTa_OVqn1dgBLRDAOJ908rS8C21z76noOxLwB_L1xMfAEqLWEwhqw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Medium/Roboto-Medium.woff2
200 OK 67 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/fonts/src/fonts/Roboto-Medium/Roboto-Medium.woff2
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 66648, version 1.0
Hash 3c5527473962295b79be7b9ceb2b9084
afec031da1e0167fe0774516d04b814c17567dda
79950ee4e44866f1fb3b7c5fa755d8a267cf79eeff962dd3bb4f8a9e974f761c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /fonts/src/fonts/Roboto-Medium/Roboto-Medium.woff2 HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 66648
x-amz-id-2: XIqMUF5Hw01F9cVmQCbdjg36RTyRDRyBdy9rturRSAtLkMJPD3RyuBdMn0kKodF8cSDhZTDzQL0sjW0JqAFbYDk2rVX2/4KDl7/9qrta+5k=
x-amz-request-id: DN7FP2M2RVHA5E64
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "3c5527473962295b79be7b9ceb2b9084"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _R-2XAbki0MVawhscTmEZFrpS8W96BPhI03WwhDiZ_Ofa5Yz6SY_Jg==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/country/kazakhstan.png
200 OK 6.5 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/country/kazakhstan.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 135 x 90, 8-bit/color RGB, non-interlaced
Hash 1ffa8281a12464862ccd3d844d2d2a78
14215ced72bc705a71d98d3c322bd322750d464b
78ad555d048af744e4c383fc00ff851b738ae84a48df2af6abc02581d17a7d13
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/country/kazakhstan.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 6521
x-amz-id-2: GE89MA1PS5svGLzm7gENNkNpgD1BekTzbomdcnRSKKFmucvW4R4AaDmcpmvDZwWlpTkBIwje4IY=
x-amz-request-id: DN7728RF206586MW
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "1ffa8281a12464862ccd3d844d2d2a78"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -ViChsl0mky_Z62CPjJH37Y-lEbFyBzXZUP-soWRvobDHTAOAdlZUA==
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOc2Widzfbp5MXhLavh1CV4UjSnFx8sNBrjOeF_C1ucMhyYoC-xROqqFX4nbSzYy57MpTxQuQ
302 Found 0 B URL GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOc2Widzfbp5MXhLavh1CV4UjSnFx8sNBrjOeF_C1ucMhyYoC-xROqqFX4nbSzYy57MpTxQuQ
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintB1:06:D8:49:F1:03:BE:43:D7:79:D9:25:25:FE:92:54:6C:93:0B:54
ValidityMon, 12 May 2025 08:44:47 GMT - Mon, 04 Aug 2025 08:44:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiOc2Widzfbp5MXhLavh1CV4UjSnFx8sNBrjOeF_C1ucMhyYoC-xROqqFX4nbSzYy57MpTxQuQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:yWZbQxJzZYI4yfSHowE7OWtH3pzjmQ:WiUz6HRIXNchn_8-;Path=/;Expires=Thu, 10-Jun-2027 04:19:55 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 10 Jun 2025 04:19:55 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMPd7kFtk7btyjXRrPvRVpDns7ObvhQIcoMljPohrZu1cXXabr0mYjj1qFUvk28XxGzV4JPTQ&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-1308484625%3A1749529195589888
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-FNGCJSjMERo-6wtyCqfSmA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 418
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/column-right.png
200 OK 69 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/column-right.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 422 x 1062, 8-bit colormap, non-interlaced
Hash c658587d551e157ceab541df8ce4f363
be953fb7e371f873b715c322c93c68ac7173ef31
f9536d1b5e5adc500025895626acb2ff3d6fea20435f27f6d20e8a93d59e83b0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/column-right.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 69395
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "c658587d551e157ceab541df8ce4f363"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oiYnmyb2MQ85U3eDakY5zCgryqsM4OVNAY0AtGQLKedn2Nb1SRbDSg==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/form-book.png
200 OK 24 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/form-book.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 379 x 216, 8-bit colormap, non-interlaced
Hash 32be4908fdaee840b92cd20a53251e0b
0c3f1e7cda8c9f11cf8940be1db6f04e35d37b1b
5a005765d30f6781d03acd8a79948363b3740dcf0e25ab1bf6ccdc8d7a8213a8
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/form-book.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 23480
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "32be4908fdaee840b92cd20a53251e0b"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UG57seFIbxESdEpZT-uD1kJ9KatzXmbUU3MBNuRHLqcjfWGr-_29mg==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/favicon/favicon-16x16.png
200 OK 916 B URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/favicon/favicon-16x16.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Hash 4002504e6a7b16eae1a825909650ec25
857543e6566871461da4c299a186471611925829
0a1fdd6dc7a85ac17b99a484b1fe4f0a926b9e1b1c80c4929f3b312e73e781d1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon/favicon-16x16.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 916
x-amz-id-2: HDKOKkQ/BstPiXIs14Bnv2z/nPllw9syBhIBnvs67BBf2/31WCasTTpk2Vl4Zqx1sp993lqJf7DH8xcVwuJioA==
x-amz-request-id: DN72GCYKACA3XJ8C
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "4002504e6a7b16eae1a825909650ec25"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: U4ryN6o6oLNPvzliQv97wlCUALvqSs7Bt4YSri_uRYw_Ef3M1D-ipA==
X-Firefox-Spdy: h2
GET wss://127.0.0.1:7070/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:7070
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ckmDIzsbl4LC2wovmJIPzw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/logo/logo-game.svg
200 OK 426 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/logo/logo-game.svg
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Size 426 kB (426040 bytes)
Hash 84d5e09e4a82f8bcc5b93b9d136f8898
b391f6eda76d38a5c1e9fd4bbe5caba645bc3b34
e5862be1a739b4fda6367b43dd603830106ab92a68e0fd5f8e693295bc2ac291
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/logo/logo-game.svg HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 426040
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "84d5e09e4a82f8bcc5b93b9d136f8898"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: D_5eMDRPfeH0eQ3oyf3U0jZqOa206DbHvTmLL3MwoErMg8in_DGFoQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/6.png
200 OK 19 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/6.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 304 x 449, 8-bit colormap, non-interlaced
Hash 6229c1383311f361b508a42394bc7889
64fd35333d5cc519ca77648acf165aa3c27cda0c
99908d79d5ebf1a1e89f341f822128b5192cddb795560a77db021115fa1e12fc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/6.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 18853
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "6229c1383311f361b508a42394bc7889"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: xe0imla_oAwtZyvxMto4cegD5qGCC_-NYpm0M3yqSNj5OCxY0Cgh4Q==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-3.png
200 OK 9.6 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/coin-3.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 265 x 265, 8-bit colormap, non-interlaced
Hash de8ebd9fd945a75dedc2f81ab20d881c
e67b411c107c5ea318f15b5f742162c093a31fed
212456aeabae6ac6ea550a91c2056c84b4945a1952659c5f10546c39ed30d382
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/coin-3.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 9613
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "de8ebd9fd945a75dedc2f81ab20d881c"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tdgo-slonVGolOun7PIeASypw0fgp2fHynHfq8JycKMBtSYgSQUiWA==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/column-left.png
200 OK 74 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/column-left.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 422 x 1062, 8-bit colormap, non-interlaced
Hash e1bb6dd9c32d213d498825686d323f31
50a2362058ddd7e5d7db9b38d3d746c6242be19e
2170be68b7684a9c57bab7fb86dae6911fdca0b26861840be54e0b5cb480e040
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/column-left.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 73916
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "e1bb6dd9c32d213d498825686d323f31"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: zTeTOgYb79GSc2omKznStHOJLKqSnh7IEbTA1cG9FN9bYnSoy3OnxQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/book.png
200 OK 38 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/book.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 516 x 246, 8-bit colormap, non-interlaced
Hash 00b9c82f2a259810b673b15471f86d77
1b266e6ff6a8d31d8bf0f7a1cfc75405ba6c3ea6
17211922ba6d67fa967575f8924970d51d6889b0d4a34051a95eb02213569b1d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/book.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 38169
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "00b9c82f2a259810b673b15471f86d77"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qqf8hEwxU4yz0fUxyCY0LD8DqrnQTQ6X7723s8-FSRRWAR36mYjIlQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/3.png
200 OK 13 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/3.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 212 x 212, 8-bit colormap, non-interlaced
Hash 0193e2b65c0a230e4cc47137a197c25f
32a29f23cd3278de0869fe9a7ccb400cab4cce15
c0e8d8dc102e9148a383bf8dcd86ba3aec89c762fa59b3a9506e7fc0d1a31b4c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/3.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 13055
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "0193e2b65c0a230e4cc47137a197c25f"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 48OHOv53WH7ESRi8QCYyaVt6CihegI0ptd1EAA2a6sKwIE16QpkKcQ==
X-Firefox-Spdy: h2
GET unpkg.com/web-vitals/dist/web-vitals.iife.js
302 Found 5.9 kB URL GET unpkg.com/web-vitals/dist/web-vitals.iife.js
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint6A:50:E9:D4:F9:DB:BA:3A:76:D2:D3:E2:A2:6D:16:12:07:9D:D4:DA
ValidityTue, 29 Apr 2025 07:12:06 GMT - Mon, 28 Jul 2025 08:12:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web-vitals/dist/web-vitals.iife.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 10 Jun 2025 04:19:55 GMT
content-type: text/plain;charset=UTF-8
content-length: 56
location: /web-vitals@5.0.2/dist/web-vitals.iife.js
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=300
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 94d612c20a5056c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET fs.pudaf.com/fp.js
200 OK 480 kB IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pinup-antifraud.com
FingerprintF5:F3:8A:08:CA:52:FE:DF:45:88:F8:62:FC:D6:77:72:21:32:4A:25
ValidityWed, 22 May 2024 00:00:00 GMT - Fri, 20 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (63009)
Size 480 kB (479819 bytes)
Hash ab5ad3ed8c07056638b12342d7c8d369
98ef4a79678d1f2d047b020f17a0e7d2d675fb46
b03f77e5eb81f487ffdfda41d35c788709babbdfb6c78523c001346567877680
GET /fp.js HTTP/1.1
Host: fs.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 10 Jun 2025 04:19:52 GMT
content-type: application/javascript
server: nginx/1.27.5
last-modified: Tue, 03 Jun 2025 07:29:05 GMT
etag: W/"683ea441-7524b"
content-encoding: gzip
X-Firefox-Spdy: h2
OPTIONS f.pudaf.com/p
204 No Content 0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ak,content-type,ri,si,x-ctr
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Tue, 10 Jun 2025 04:19:55 GMT
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
vary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-headers: Origin,Content-Length,Content-Type,if-none-match,x-ctr,ak,si,ui,ri
access-control-max-age: 43200
x-cache: Miss from cloudfront
via: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: U9A18Ljz5ndCFz7_JedZdRR45oghathq5_rgaHdnqzMxhGJe9kSy5Q==
X-Firefox-Spdy: h2
GET wss://127.0.0.1:5901/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5901
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lEYAwxPTMuk2sS6zeNp4sw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/form-statue.png
200 OK 17 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/form-statue.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 208 x 208, 8-bit colormap, non-interlaced
Hash 68b4c33a213faf43068853d18b8fe4f0
3b4824d50c91eafe6ef0042a6cab95f1a7127564
4b1a83e1a89522e88393de8f78a1d446c7c15e62bff44c74b254a4b0354103e2
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/form-statue.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 17111
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "68b4c33a213faf43068853d18b8fe4f0"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rdkNG31ixRbJ7LMSkDlFVXcWcNp4FOGeHoW9eMTOtsy6HKBxRUPM6Q==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/geo/
200 OK 16 B URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/geo/
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
Hash 452880c1a375b8fba8c9499f0930d05f
ffe5484a23512c2a574d837fe2d3267b134e48c8
8b3383aa4c71f1d816bfaf33e3ef2e8ded067698a7798b9f306204d5777b140d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /geo/ HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: CloudFront
date: Tue, 10 Jun 2025 04:19:53 GMT
content-type: application/json
content-length: 16
x-cache: FunctionGeneratedResponse from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YPfzIQti7AiX7wNmvI3U_aZIUiiQF66wu22yt2W_WTI5Hxm_tM9FeQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/favicon/apple-touch-icon.png
200 OK 8.3 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/favicon/apple-touch-icon.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 3d9d4246e24dadbf068e62602252a659
47a90a20e08cbd42ca6f5f84c48d71091a14f05a
8034cbfa45ae85777a394137bfc8b0a1a8ba60e68c187dff4c0cb0035d5c0cb0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/favicon/apple-touch-icon.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 8328
x-amz-id-2: KLxQlUc9GkMLaIkbnIryDV0P/pklsgkoUDQUnWddgYX36nCDSsD1ZQfRRjDUhvAcrbOJ8QcIf0Y=
x-amz-request-id: DN78EPAHZV5677EY
date: Tue, 10 Jun 2025 04:19:54 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "3d9d4246e24dadbf068e62602252a659"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 4cJyBoE5O6uFt-5ySKhgmWDm6iTwRbRYb_W6X7ZNlm1f9aHgUA-rhA==
X-Firefox-Spdy: h2
GET wss://127.0.0.1:5900/
0 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5900
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: gevA5Wd+8D/6/UyWM4qD+g==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/1.png
200 OK 17 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/1.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 241 x 259, 8-bit colormap, non-interlaced
Hash 001ce0a63f1f9fdf41d498b74e63ada6
3f51b63ffc07a200815da14a4cd599437e66abfc
199d56be20fd1d274672a769406c9a7e03c5e412ba92fd47d4b438dcc46b339d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/1.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 16892
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "001ce0a63f1f9fdf41d498b74e63ada6"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lJCXwchZC1BlRAKm46VBJqiRMzVqJIq5tVNCpsZA3of1jzxO_Yj_-g==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/5.png
200 OK 28 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/5.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 320 x 320, 8-bit colormap, non-interlaced
Hash 0f43a6f009b301eb6e5b0d92cd328fe8
ab05de923b2a0b6a7fedcaf545f979890cfbc0b0
1c452d308618f793f3b8e6b427d61fbf8f8fab7e1707d4c52b3b0078749bd957
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/5.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 28210
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "0f43a6f009b301eb6e5b0d92cd328fe8"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Sr3Cuk3wcQawLR5_a1Wxb-7bcP-0pqbGoikfrgDJrigka08wWsMCjQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/girl.png
200 OK 178 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/girl.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 551 x 974, 8-bit colormap, non-interlaced
Size 178 kB (177797 bytes)
Hash 3dc22ad9fae93c7f976e6e9c6f98c56e
bba52e4804ee772b44df8e879c76d051ca6b2d1c
849a9112fef2d04a76b67595be3ef3d7d26f25ad816f1945c030a737be8f2c44
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/girl.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 177797
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "3dc22ad9fae93c7f976e6e9c6f98c56e"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aoGlhOMfLNMt5oU74sshKZrAU4QnbRh64GLxWlWEJA9p4Kxj9WnQ0g==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/bg.jpg
200 OK 28 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/bg.jpg
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3
Hash b64d77e8dff58c26f715143b86af091c
f35d7767412e2c96cbb00fb00d31109175feeac2
c3a30a5239662c33220404db42b1b53a3ccedbb758c46e039e64b0920e157fc5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/bg.jpg HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 27746
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "b64d77e8dff58c26f715143b86af091c"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Iswc8B3x7X24n4F0iLTk1kb_e93CP5rS2e9PMcg8UKksxtEutm7HqQ==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
200 OK 23 kB URL User Request GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
IP
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (14571)
Hash d48f83440812578851605ebe96388d8d
3b5192c1be97f0b49d288669d41fe6b1295eb77a
7cae35cdfff476f89f361dd36bb8d0aa636b75306dcccf7bbbd25bde7de4b092
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId= HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
content-length: 23410
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "624e6429efda03483870a729c20537c8"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fe1lveFSvxGPcX9BRVQlQGJOG60m9m35VgH75ycp4RBL6hT-hPzeNw==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/2.png
200 OK 14 kB URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/decor/2.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 191 x 203, 8-bit colormap, non-interlaced
Hash b4f3e6c61688b0d0222f492c7f3cffca
9e90b9c4360030a903718453e0d62449eef684fc
94c8d25807a7cb264fc2b8a82f9de0d32d0625fdf2bfe6013ef103d42d866531
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/decor/2.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 14132
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:19 GMT
etag: "b4f3e6c61688b0d0222f492c7f3cffca"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: G1I9akXC3riDOI-pCKaW6zw1g7iyzSB8D3czU3eRKuaAQhRqSJuiyg==
X-Firefox-Spdy: h2
GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/wheel-around.png
200 OK 747 B URL GET wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/img/wheel-around.png
IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subject*.pg.ppp40co.com
FingerprintCC:C4:6E:2E:9C:C0:9B:BA:08:25:9B:0B:4F:BA:CA:7F:52:9A:05:69
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 691 x 690, 4-bit colormap, non-interlaced
Hash 9549eb4f7928d106b3a32c782b4e070d
c56c617d75225bfb5b05b1c999996de6279b9887
6fb81d0b0efd5c27a3958cb02f5be6855a4dea55897401edc85f367cd1ba15d5
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /img/wheel-around.png HTTP/1.1
Host: wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 747
date: Tue, 10 Jun 2025 04:19:53 GMT
last-modified: Fri, 23 May 2025 11:09:20 GMT
etag: "9549eb4f7928d106b3a32c782b4e070d"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2X4ICFIERCL7k_oXP4nwkvKJaniwBnWGIKrrSWe3oS6ZCGuY9FSQyA==
X-Firefox-Spdy: h2
POST f.pudaf.com/p
200 OK 137 B IP
Requested by https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/?form_email={form_email}&form_phone={form_phone}&lrrPath=casino/provider/greentube/book-of-ra&pc=30&s1=30544&s2=385051771749521604&s3=410_KZ&s4=14783&s5=&source=https://kllastroad.com/&st=RWXIlqpA&startTime=1749521605234198176&trId=
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash 03d2a2b4f8884c76d52ed2b9514333f2
8547e6dcc563f6dbdfcad6b044ce12ab497dedf0
1dbf23938531fe8303254315f7af95829f41e79d0008c3d9fc28c063fc59308c
POST /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/html, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com/
Content-Type: application/octet-stream
ak: vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE
si: 5bb357ddb09e40caa88b2431c8417586
ri: 88cf8e848aa04518bd556fbaf49f7135
x-ctr: AZuqoeU1FmD73SVPqXbHJQ
Content-Length: 7261
Origin: https://wheel-bookofra-pinco-kz-geo.pg.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json
content-length: 137
date: Tue, 10 Jun 2025 04:19:55 GMT
accept-ch: sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors
access-control-allow-origin: *
access-control-max-age: 43200
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
x-trace-id: c5dab2db39c5b91c1cfabc27ab403555
etag: 6847b26be5ab955c02baaca7
last-modified: Tue, 10 Jun 2025 04:18:15 GMT
x-cache: Miss from cloudfront
via: 1.1 094188bf05865a3d323dcbfb7173f1f6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: V_LLlcZ2-45LtpFZfiWgJPAC1Fyy3VmV3a_BT4TuRek1xINbzSaKLg==
X-Firefox-Spdy: h2
54.240.174.50
104.18.1.22
35.159.47.237