GET wss://127.0.0.1:5939/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5939
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Cyk9/dzjZhAq2JoNNOxjKQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMLLaDigf_EIMeBDgNj1fEhNfV1KO5iHL_GPK9QZ6kn-5qZdAIGmZW1r-FsSuCkEvDUHp_O&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-670631748%3A1751955706034862
403 Forbidden 0 B URL GET accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMLLaDigf_EIMeBDgNj1fEhNfV1KO5iHL_GPK9QZ6kn-5qZdAIGmZW1r-FsSuCkEvDUHp_O&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-670631748%3A1751955706034862
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subject*.google.com
Fingerprint0E:29:D7:DB:FC:32:8C:DD:65:47:B5:CC:0F:62:04:EE:7C:AE:80:42
ValidityTue, 17 Jun 2025 20:01:48 GMT - Tue, 09 Sep 2025 20:01:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMLLaDigf_EIMeBDgNj1fEhNfV1KO5iHL_GPK9QZ6kn-5qZdAIGmZW1r-FsSuCkEvDUHp_O&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-670631748%3A1751955706034862 HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 08 Jul 2025 06:21:46 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-V97QrlHmMLyxPVP5r7igRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.d0E18SHIxFg.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET wss://127.0.0.1:6039/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:6039
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uAHjU/qT/frNhbUYhpR27Q==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wss://127.0.0.1:5944/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5944
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aQUeS1vIfEnBFYZU5JkURg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wss://127.0.0.1:6040/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:6040
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j3GFT1sbJlfht/Xxi7S5ug==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET fs.pudaf.com/fp.js
200 OK 480 kB IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.pinup-antifraud.com
FingerprintB4:28:29:97:0A:1B:BF:C8:B8:5A:E5:AA:DC:FA:7E:36:53:FC:5E:D4
ValiditySat, 21 Jun 2025 00:00:00 GMT - Mon, 20 Jul 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (63009)
Size 480 kB (479819 bytes)
Hash ab5ad3ed8c07056638b12342d7c8d369
98ef4a79678d1f2d047b020f17a0e7d2d675fb46
b03f77e5eb81f487ffdfda41d35c788709babbdfb6c78523c001346567877680
GET /fp.js HTTP/1.1
Host: fs.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 08 Jul 2025 06:21:42 GMT
content-type: application/javascript
server: nginx/1.27.5
last-modified: Tue, 03 Jun 2025 07:29:05 GMT
etag: W/"683ea441-7524b"
content-encoding: gzip
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/radio-checked.png
200 OK 1.5 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/radio-checked.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Hash a9d6a4a0ffa0bea30866c7b13cd522dc
a911d35ff4a27fffb43c8db541d871fb017a8943
d4b87aeffa8d280156918ad7050cd2506eb794f99b6c75df798ba647f44ea3e7
GET /img/radio-checked.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 1535
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "a9d6a4a0ffa0bea30866c7b13cd522dc"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ezIN9WlG6A0jf7MJqw5aJSfm7ukj6SOyYOejsFoUBJY1UBIQVRHDOg==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/icon-fonts/icomoon.ttf
200 OK 12 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/icon-fonts/icomoon.ttf
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, icomoon
Hash 78e73bd89d9c63e7996bfa129459e983
193125cde1ccb9fbc4006fdb970eee83b588773c
012960b48b745dad650be3694043ef1a773e94b8f0dca0e20bcb4e663a067190
GET /fonts/src/icon-fonts/icomoon.ttf HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/ttf
content-length: 12284
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "78e73bd89d9c63e7996bfa129459e983"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UB1oYizR-Kh2msevKpL42EpOFdy8F3iKFCusJpvcoeK3c-oi0iGjGQ==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/banner-bg.jpg
200 OK 60 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/banner-bg.jpg
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1248x1080, components 3
Hash 40ec9fecce9e655eedc6d1ff207eb3eb
5e1767161ef40939e96064603836317407383e17
0cc02178a6398dbc412f41bc70b3b049e2559e319c100473166373d06f3bc20d
GET /img/banner-bg.jpg HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/jpeg
content-length: 60107
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "40ec9fecce9e655eedc6d1ff207eb3eb"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: FMO5wup_hqa0gzVNslABmEA-pIoqW4_u0oMVvpuMC4-WcwjH2uBzlQ==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/fonts/Roboto-Bold/Roboto-Bold.woff2
200 OK 66 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/fonts/Roboto-Bold/Roboto-Bold.woff2
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 66008, version 1.0
Hash 4f2b2ed2943d4b19496951f01c843bf0
2cabd488734129a6545cf27cb6bb723c72948a48
a92a15c6431fb6fd648c9f01ec50b848100fe0e566cd2c0641d89fc3a523d079
GET /fonts/src/fonts/Roboto-Bold/Roboto-Bold.woff2 HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 66008
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "4f2b2ed2943d4b19496951f01c843bf0"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JgIOJ6XSd0qRafAouE8MUEB1z67Woi-mx1sKzCsMVx7UtWt9CnSJxw==
X-Firefox-Spdy: h2
HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
200 OK 0 B URL HEAD pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subject*.g.doubleclick.net
Fingerprint24:5E:A4:9E:C0:2B:40:33:DB:26:14:BB:C1:7C:C0:7F:79:31:AC:BC
ValidityTue, 17 Jun 2025 20:01:47 GMT - Tue, 09 Sep 2025 20:01:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
vary: Accept-Encoding
date: Tue, 08 Jul 2025 06:21:45 GMT
expires: Tue, 08 Jul 2025 06:21:45 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 15690351706899587876
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 53598
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET partnerprofitguide.com/7lWcHaPi/
302 Found 14 kB URL User Request GET partnerprofitguide.com/7lWcHaPi/
IP
ASN #209242 Cloudflare London, LLC
Certificate IssuerGoogle Trust Services
Subjectpartnerprofitguide.com
FingerprintAA:7C:CC:78:E5:31:26:F0:3D:44:9A:D1:50:83:B9:FB:9B:8F:B8:87
ValidityFri, 23 May 2025 03:48:27 GMT - Thu, 21 Aug 2025 01:54:56 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /7lWcHaPi/ HTTP/1.1
Host: partnerprofitguide.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 08 Jul 2025 06:21:41 GMT
content-length: 0
location: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
cf-ray: 95bd7b9c5d088f5c-CPH
set-cookie: click-2025-07-08=",7lWcHaPi"; Path=/; Max-Age=86400
__cf_bm=0637G4l2_kx8f85dFFMbyJanu6SAAOs7_WGu4ADlM2Y-1751955701-1.0.1.1-HHtoTz0XFGgmv8tFyZA3blrMsaxJdGmv9j5EoPB91i0dEmuTiTUtzcQIHbXisyZT0q0kVIJRqTK5eqb.K7vXBqY207EaTj8dnDfXB.aKHMo; path=/; expires=Tue, 08-Jul-25 06:51:41 GMT; domain=.partnerprofitguide.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Au%2FAnBooc4S8KpPRNBYiZ1lxD%2Bod%2FY9eWq3v2vzOqprYyxGS7LWVRMPNSINIJvqyxScTjShB8u8USZuC8ZfJ%2FsDZDtqT67allwnO5WCoI419UqOF0iD%2B4vv9v4Nu8uJbc4bmNLiSJTI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=31159&min_rtt=25702&rtt_var=13866&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3227&recv_bytes=1137&delivery_rate=167038&cwnd=130&unsent_bytes=0&cid=f239b189348c03ec&ts=184&x=0"
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/bonus/bonus-icon-2.png
200 OK 21 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/bonus/bonus-icon-2.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 120 x 80, 8-bit/color RGBA, non-interlaced
Hash 3713406f07335726f0f411a7fc19eec4
7adc590a221f50a10609cd812bd065ae47735232
cb43b697f6c15d01501704349b451e2b99f25a1bc610adfe7b215259eaf82504
GET /img/bonus/bonus-icon-2.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 21175
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "3713406f07335726f0f411a7fc19eec4"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oKPif1wky6GaMoVZt1oJMqmiDRq55-cKbE-r4uAhZWRjURUqReJ7dA==
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtm.js?id=GTM-NZ4GX8TW
200 OK 319 kB URL GET www.googletagmanager.com/gtm.js?id=GTM-NZ4GX8TW
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint06:CD:2A:9C:6E:F9:40:51:AA:E0:81:4A:BB:69:6C:BA:FA:AD:AB:4D
ValidityTue, 17 Jun 2025 20:01:48 GMT - Tue, 09 Sep 2025 20:01:47 GMT
File type JavaScript source, ASCII text, with very long lines (9371)
Size 319 kB (318747 bytes)
Hash da8e698dc24d96b55cf1511022706251
480d029de48fc0f211307cdb3e55e804985232f5
9637d1f08c82179779aedf33ad088c3c83b1a8356c1055a0cbb05d26ac964ef4
GET /gtm.js?id=GTM-NZ4GX8TW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 08 Jul 2025 06:21:42 GMT
expires: Tue, 08 Jul 2025 06:21:42 GMT
cache-control: private, max-age=900
last-modified: Tue, 08 Jul 2025 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1319:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1319:0
report-to: {"group":"ascgcycc:1319:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1319:0"}],}
server: Google Tag Manager
content-length: 107070
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
POST wd.pudaf.com/wde
200 OK 2 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.pinup-antifraud.com
FingerprintB4:28:29:97:0A:1B:BF:C8:B8:5A:E5:AA:DC:FA:7E:36:53:FC:5E:D4
ValiditySat, 21 Jun 2025 00:00:00 GMT - Mon, 20 Jul 2026 23:59:59 GMT
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /wde HTTP/1.1
Host: wd.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 3660
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 08 Jul 2025 06:21:50 GMT
content-type: text/plain; charset=utf-8
content-length: 2
x-powered-by: Express
access-control-allow-origin: *
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/down-arrow-white.svg
200 OK 202 B URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/down-arrow-white.svg
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash c38dbed7c900d063b2fe1973d4736429
419253c4a82e6f353f4f3fe04c067dfe4f8b56ed
1a7d2b2859c4c1fdb801c26ec8aacaddbdee546627eb4e959711d2f86a059f55
GET /img/down-arrow-white.svg HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 202
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "c38dbed7c900d063b2fe1973d4736429"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: oU-IQ5wdoeiHZdGxkPB9GhiScjGP2xW5YaBbDFJBgj08SNL7o26lig==
X-Firefox-Spdy: h2
OPTIONS f.pudaf.com/p
204 No Content 0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ak,content-type,ri,si,x-ctr
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Tue, 08 Jul 2025 06:21:45 GMT
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
vary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-headers: Origin,Content-Length,Content-Type,if-none-match,x-ctr,ak,si,ui,ri
access-control-max-age: 43200
x-cache: Miss from cloudfront
via: 1.1 7a83657ba338d5960d8d5abdbe0a3136.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: LIyqjwn6Je2QFwO9uK7-dSH20sGsjlzMv0xYZRT3IcFPVTg7NsOXIA==
X-Firefox-Spdy: h2
OPTIONS f.pudaf.com/p
204 No Content 0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: ak,content-type,ri,si,x-ctr
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Tue, 08 Jul 2025 06:21:48 GMT
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
vary: Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-origin: *
access-control-allow-methods: GET,POST,HEAD,PUT,DELETE,PATCH
access-control-allow-headers: Origin,Content-Length,Content-Type,if-none-match,x-ctr,ak,si,ui,ri
access-control-max-age: 43200
x-cache: Miss from cloudfront
via: 1.1 7a83657ba338d5960d8d5abdbe0a3136.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: UO2c0E_uHEEpS5kdbejfflutUyKBYU4Qtg2mBdVTK0pPBPEGe9v4mQ==
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/destination?id=G-DPE8XS53LM&cx=c>m=45He5720h1v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104885889~104885891~104909302~104909304
200 OK 386 kB URL GET www.googletagmanager.com/gtag/destination?id=G-DPE8XS53LM&cx=c>m=45He5720h1v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104885889~104885891~104909302~104909304
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint06:CD:2A:9C:6E:F9:40:51:AA:E0:81:4A:BB:69:6C:BA:FA:AD:AB:4D
ValidityTue, 17 Jun 2025 20:01:48 GMT - Tue, 09 Sep 2025 20:01:47 GMT
File type JavaScript source, ASCII text, with very long lines (6004)
Size 386 kB (385732 bytes)
Hash d5fe3fff24a2aaf637009b2cf91047e9
95603a112a171db378d9a5afbd94ecb2b8038bca
117c882999ec441f42b1ff2e11d8e0035f0332acff2355b9699120e47b7536be
GET /gtag/destination?id=G-DPE8XS53LM&cx=c>m=45He5720h1v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104885889~104885891~104909302~104909304 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 08 Jul 2025 06:21:45 GMT
expires: Tue, 08 Jul 2025 06:21:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcysghrgc:42:0
report-to: {"group":"ascgcysghrgc:42:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
server: Google Tag Manager
content-length: 129743
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET wss://127.0.0.1:3389/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:3389
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ngd3GZeDtoOZ1YtJD/tpHw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wss://127.0.0.1:5901/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5901
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: cjoxisI4TU3MOx7mKmEyYA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
POST f.pudaf.com/p
200 OK 35 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash 6dfa0365ba01f1fc1a7a57ff1eb530dc
06c914513e2a9cc24c707e7528a8131409b320d9
e8aa2bb8a59d857fa4ef7369322540caa1e361a694668e8ef6bc8342496e2e83
POST /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/html, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Content-Type: application/octet-stream
ak: vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE
si: 841876a5ef31485592a2f7cb435cf4e7
ri: 5f822cfccb344a59b91753e23992666e
x-ctr: LaLMpkSiKwV7JcIMEzcyBw
Content-Length: 8880
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json
content-length: 35
date: Tue, 08 Jul 2025 06:21:50 GMT
accept-ch: sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors
access-control-allow-origin: *
access-control-max-age: 43200
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
x-trace-id: 287790db89c7f71a2fa85737f39ce3fd
etag: 686cb8fce9a1ca66ac193767
last-modified: Tue, 08 Jul 2025 06:20:08 GMT
x-cache: Miss from cloudfront
via: 1.1 7a83657ba338d5960d8d5abdbe0a3136.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 1LFeg9ZA7sWGliID5cV7RjhR22hrDPF7CMrfb5GpKYLDYtcqZB_7kg==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/bundle.js
200 OK 123 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/bundle.js
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (14870), with NEL line terminators
Size 123 kB (122690 bytes)
Hash 8e69ed2afe1d76c4e50f8115ebac1684
aff2f233945c775f370a0b73a6511b3bb63f3bf9
4feb9d89f5d75a08b4d63ff078260ced66fd2dbebfddf7febec70644366e1250
GET /bundle.js HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript
content-length: 122690
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "a2f58c3820f6246cf833d64545455750"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2JNuTx89jeyjWX4ZfVbiYYJwMLOge6KDYe4Wkefk58KZkN-kS_qZtg==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/country/russia.png
200 OK 120 B URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/country/russia.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 135 x 90, 2-bit colormap, non-interlaced
Hash cf6658fec8903cd31e9f0b2c1c7ddb99
98f3a8f9efd8aeb6c5393a7a338fd07550a2cd12
df0a50d39011b2dc412647e725fbf47a5075f78ddf3c9aba041b0e1927080afa
GET /img/country/russia.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 120
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "cf6658fec8903cd31e9f0b2c1c7ddb99"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ukcv37tDDw9vENksCpaSo2GTf17BKRVv18PcxGcmBsjcQd0egYx4AA==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/favicon/apple-touch-icon.png
200 OK 8.3 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/favicon/apple-touch-icon.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 3d9d4246e24dadbf068e62602252a659
47a90a20e08cbd42ca6f5f84c48d71091a14f05a
8034cbfa45ae85777a394137bfc8b0a1a8ba60e68c187dff4c0cb0035d5c0cb0
GET /img/favicon/apple-touch-icon.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 8328
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "3d9d4246e24dadbf068e62602252a659"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: bGvWztw2Ys4G0u-aF8rIhkid-AW26g86nductT6Vbe4UiYEY18MNaw==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/favicon/favicon-16x16.png
200 OK 916 B URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/favicon/favicon-16x16.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Hash 4002504e6a7b16eae1a825909650ec25
857543e6566871461da4c299a186471611925829
0a1fdd6dc7a85ac17b99a484b1fe4f0a926b9e1b1c80c4929f3b312e73e781d1
GET /img/favicon/favicon-16x16.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 916
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "4002504e6a7b16eae1a825909650ec25"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RatnYMZdJdFGen64imlbQ51yxZwkGhXEx-nMtSq3-_xUlm-twf6eJw==
X-Firefox-Spdy: h2
POST f.pudaf.com/p
200 OK 137 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subjectfrogo-aft.com
Fingerprint0A:45:88:73:A6:1A:3C:61:A6:C6:F7:D3:7A:E1:A2:53:82:E8:25:F2
ValidityMon, 07 Oct 2024 00:00:00 GMT - Wed, 05 Nov 2025 23:59:59 GMT
Hash 5a3bb1c7f98705ac8971ba3fd49f4ee5
8c0b0e797c0a58cc9e43a2a97f733a13492721ae
780fb254d60f32aa1cedeb1325175c7ca0646c9e136d2e45e8f56fb301470360
POST /p HTTP/1.1
Host: f.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/html, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Content-Type: application/octet-stream
ak: vyg6SLajEWjklRFo1ig1JqhMkSHHpSp3FLYvfzZE
si: 841876a5ef31485592a2f7cb435cf4e7
ri: 5f822cfccb344a59b91753e23992666e
x-ctr: 6Nw0UlMqwR_0y2xvj_43VA
Content-Length: 7227
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/json
content-length: 137
date: Tue, 08 Jul 2025 06:21:45 GMT
accept-ch: sec-ch-ua,ua,sec-ch-ua-platformua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-wow64,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors
access-control-allow-origin: *
access-control-max-age: 43200
access-control-expose-headers: If-Match,If-Modified-Since,If-None-Match,etag,Last-Modified
x-trace-id: 9a3c434dd6a00e2f0e46e5b6d11202ef
etag: 686cb8f97856088bce95de3f
last-modified: Tue, 08 Jul 2025 06:20:05 GMT
x-cache: Miss from cloudfront
via: 1.1 7a83657ba338d5960d8d5abdbe0a3136.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 0rp6fSqnF5bL8LVMJfXRFgkAgSm_z4wrj7vzY8sir75mZsGYfc2ARw==
X-Firefox-Spdy: h2
GET www.googletagmanager.com/gtag/js?id=G-DPE8XS53LM&cx=c>m=45He5720h1v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104885889~104885891~104909302~104909304
200 OK 386 kB URL GET www.googletagmanager.com/gtag/js?id=G-DPE8XS53LM&cx=c>m=45He5720h1v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104885889~104885891~104909302~104909304
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint06:CD:2A:9C:6E:F9:40:51:AA:E0:81:4A:BB:69:6C:BA:FA:AD:AB:4D
ValidityTue, 17 Jun 2025 20:01:48 GMT - Tue, 09 Sep 2025 20:01:47 GMT
File type JavaScript source, ASCII text, with very long lines (6004)
Size 386 kB (385708 bytes)
Hash 6e828a2ae5f409825920194ad52f1452
b2c2eafce0d848235a68e9e8e878a9faaafb002e
daacce9eaf567013b20a3d3c853b3593b58906d6b85f3ca2061c59915381c876
GET /gtag/js?id=G-DPE8XS53LM&cx=c>m=45He5720h1v9192584757za200&tag_exp=101509157~103116026~103200004~103233427~103351869~103351871~104684208~104684211~104718208~104839054~104839056~104885889~104885891~104909302~104909304 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 08 Jul 2025 06:21:45 GMT
expires: Tue, 08 Jul 2025 06:21:45 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1077:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1077:0
report-to: {"group":"ascgcycc:1077:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1077:0"}],}
server: Google Tag Manager
content-length: 129821
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET wss://127.0.0.1:7070/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:7070
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: spdhB4q14pbTC/HrdSIIUA==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
POST wd.pudaf.com/wde
200 OK 2 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.pinup-antifraud.com
FingerprintB4:28:29:97:0A:1B:BF:C8:B8:5A:E5:AA:DC:FA:7E:36:53:FC:5E:D4
ValiditySat, 21 Jun 2025 00:00:00 GMT - Mon, 20 Jul 2026 23:59:59 GMT
File type ASCII text, with no line terminators
Hash e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
POST /wde HTTP/1.1
Host: wd.pudaf.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/plain
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 3656
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 08 Jul 2025 06:21:50 GMT
content-type: text/plain; charset=utf-8
content-length: 2
x-powered-by: Express
access-control-allow-origin: *
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/logo/logo_pinco.svg
200 OK 9.7 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/logo/logo_pinco.svg
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 6ddf171694231590e4476225f6dd7030
25dd0f1af3784d25279b405b1cd04be1e9b1fbee
a5e9250b23598712d9e595e9e34be1c79a22da830f31481e7f46d3d1b58df242
GET /img/logo/logo_pinco.svg HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/svg+xml
content-length: 9739
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "6ddf171694231590e4476225f6dd7030"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: IpYI-QfMArujKN0IvnNwfGZSThVDFm1VpbUiqsUNd_Ngejhmy7Kqrw==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/radio.png
200 OK 1.3 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/radio.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Hash e28b14259b2aa0704fe04f9b15bb4ba9
21b4a7a86001de5df6b38585593c77b91a9bc013
7a289931eccabfce6b79485a23b997ad3bb0287658b54a8527d9b5c1842b0858
GET /img/radio.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 1253
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "e28b14259b2aa0704fe04f9b15bb4ba9"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 3eOAD-EV3NUOll2bzqSeUylahLHuJXZMwqGDMcgzDupR61PUlpOYyQ==
X-Firefox-Spdy: h2
GET unpkg.com/web-vitals/dist/web-vitals.iife.js
302 Found 5.9 kB URL GET unpkg.com/web-vitals/dist/web-vitals.iife.js
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint74:03:6D:4D:8D:B7:AF:5F:95:BA:97:8E:E3:FA:63:4F:20:FD:29:80
ValidityFri, 27 Jun 2025 07:12:29 GMT - Thu, 25 Sep 2025 08:12:28 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web-vitals/dist/web-vitals.iife.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 08 Jul 2025 06:21:45 GMT
content-type: text/plain;charset=UTF-8
content-length: 56
location: /web-vitals@5.0.3/dist/web-vitals.iife.js
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=300
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 95bd7bb79d9b5697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET wss://127.0.0.1:5902/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5902
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: anc93QfSk0RfdXIadPC3xg==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET roscasinos.com/go-visit/rubetwagercasino/
301 Moved Permanently 14 kB URL User Request GET roscasinos.com/go-visit/rubetwagercasino/
IP
ASN #42745 Safe Value Limited
Certificate IssuerLet's Encrypt
Subjectroscasinos.com
FingerprintB1:A8:D9:85:4F:D9:6D:1B:53:61:AD:35:4B:E8:22:1E:A9:C8:C7:93
ValiditySun, 13 Apr 2025 06:01:15 GMT - Sat, 12 Jul 2025 06:01:14 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /go-visit/rubetwagercasino/ HTTP/1.1
Host: roscasinos.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
server: nginx
date: Tue, 08 Jul 2025 06:21:40 GMT
content-type: text/html; charset=UTF-8
location: https://goportal.link/dgZrkY/?site=topkazino
set-cookie: PHPSESSID=cub0pf956ci2afjhh1p096heit; path=/
pragma: no-cache
expires: Tue, 08 Jul 2025 07:21:40 GMT
cache-control: max-age=3600
x-redirect-by: redirection
last-modified: Tuesday, 08-Jul-2025 06:21:40 GMT
X-Firefox-Spdy: h2
GET goportal.link/dgZrkY/?site=topkazino
302 Found 14 kB URL User Request GET goportal.link/dgZrkY/?site=topkazino
IP
Certificate IssuerGoogle Trust Services
Subjectgoportal.link
Fingerprint20:C2:36:B3:9B:EE:6C:6A:ED:FD:58:18:3E:FD:B3:6E:3A:35:2E:C4
ValidityWed, 02 Jul 2025 07:36:03 GMT - Tue, 30 Sep 2025 08:34:23 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dgZrkY/?site=topkazino HTTP/1.1
Host: goportal.link
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 08 Jul 2025 06:21:41 GMT
content-type: text/html; charset=UTF-8
location: https://partnerprofitguide.com/7lWcHaPi/
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
expires: 0
last-modified: Tue, 08 Jul 2025 06:21:41 GMT
pragma: no-cache
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Bq6u%2Fb1%2B%2FkkSRzf%2FoYiixbK1w0MAbSIVSoh85Te1nIX1%2BB6nW3eUQ03nUknmwoK0KgFgtZvamcolRRs0oWOLnxAOds4ucTbQUQuy"}]}
set-cookie: _subid=1sjos4f1hlls7; Path=/; Max-Age=2678400
_token=uuid_1sjos4f1hlls7_1sjos4f1hlls7686cb8f5098785.55906614; Path=/; Max-Age=2678400
20582=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjE0OTE0XCI6MTc1MTk1NTcwMX0sXCJjYW1wYWlnbnNcIjp7XCI1MzQyXCI6MTc1MTk1NTcwMX0sXCJ0aW1lXCI6MTc1MTk1NTcwMX0ifQ.hyz1A1U8LN4aD_78WTe87D9QJegPyVZQWDhVfmbs0tY; Path=/; Max-Age=1752042101
cf-ray: 95bd7b9adf48568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
200 OK 14 kB URL User Request GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
IP
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (10568)
Hash a189fec799d7a4675bf96c16b6d67e1a
688fbe8414fff230ea92ab6b7a1e2ded9ff34c75
cd3d77c59f5aef1680e6dbd6961bf26f2dcff7ad31322c0143143fb93910c228
GET /?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html; charset=utf-8
content-length: 13558
date: Tue, 08 Jul 2025 06:21:42 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "b03289e3b7a8a415b03544b7268e8964"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: HblgiDGRi9YJq9gOFeaRhx2j15IbMm03VoPu6gpr1-RGBBGs4H0hig==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
200 OK 30 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type ASCII text, with very long lines (29842), with no line terminators
Hash c35fd9895a037050911fb837bd71e192
a77d51e5fcd61c53437e1cae13589b311432467a
7bfc89612e2eff37c70147e79244a3821d9e9f7363fb52cd16d2147b32d8d309
GET /main.css HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
content-length: 29842
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "c35fd9895a037050911fb837bd71e192"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 803L_pzSIioq8e6urmwgPR7HkA58iCIrWHatavElotWgkKP559xTBg==
X-Firefox-Spdy: h2
GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiPkP04xHzZMUJjsj1tx3tRhX7nAbZznGaXSukiJG9BQP2XpreP5UlAt-tZJR7dXdSQMWCf0Hw
302 Found 0 B URL GET accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiPkP04xHzZMUJjsj1tx3tRhX7nAbZznGaXSukiJG9BQP2XpreP5UlAt-tZJR7dXdSQMWCf0Hw
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subject*.google.com
Fingerprint0E:29:D7:DB:FC:32:8C:DD:65:47:B5:CC:0F:62:04:EE:7C:AE:80:42
ValidityTue, 17 Jun 2025 20:01:48 GMT - Tue, 09 Sep 2025 20:01:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiPkP04xHzZMUJjsj1tx3tRhX7nAbZznGaXSukiJG9BQP2XpreP5UlAt-tZJR7dXdSQMWCf0Hw HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:g2ozl9L1kTNM67biIS7t1SHCkaSlkQ:MphdiGTR3HwG-lLq;Path=/;Expires=Thu, 08-Jul-2027 06:21:46 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 08 Jul 2025 06:21:46 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&ifkv=AdBytiMLLaDigf_EIMeBDgNj1fEhNfV1KO5iHL_GPK9QZ6kn-5qZdAIGmZW1r-FsSuCkEvDUHp_O&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S-670631748%3A1751955706034862
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-Yh1TJGeb4Ot8xWkDMXKKmQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 414
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET unpkg.com/web-vitals@5.0.3/dist/web-vitals.iife.js
200 OK 5.9 kB URL GET unpkg.com/web-vitals@5.0.3/dist/web-vitals.iife.js
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subjectunpkg.com
Fingerprint74:03:6D:4D:8D:B7:AF:5F:95:BA:97:8E:E3:FA:63:4F:20:FD:29:80
ValidityFri, 27 Jun 2025 07:12:29 GMT - Thu, 25 Sep 2025 08:12:28 GMT
File type JavaScript source, ASCII text, with very long lines (5913)
Hash f2eff7f2ef99612a700e1d6b8e256fb5
c83e8bf68dbedc3bf37aec29cbe62c934891ce45
4c6659dfdfa720ad360bbd9a49290b83c7ec2ffc6a2efe9acd0bd928e6077327
GET /web-vitals@5.0.3/dist/web-vitals.iife.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 08 Jul 2025 06:21:45 GMT
content-type: text/javascript; charset=utf-8
cf-ray: 95bd7bb9db67568a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 165013
cache-control: public, max-age=31536000
expires: Wed, 08 Jul 2026 06:21:45 GMT
last-modified: Wed, 11 Jun 2025 18:36:36 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 fly.io, 1.1 fly.io
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-expose-headers: *
content-digest: sha256=:TGZZ39+nIK02C72aSSkLg8fsL/xqLv6azQvZKOYHcyc=:
cross-origin-resource-policy: cross-origin
fly-request-id: 01JXG4F88H0EKG3EPEAMKFXHG8-ord
x-content-type-options: nosniff
priority: u=3,i=?0
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
302 Found 0 B URL GET accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerGoogle Trust Services
Subjectaccounts.google.com
FingerprintFF:F3:CC:D7:E9:C3:7E:10:C4:8A:5F:69:07:3E:95:0E:99:EE:91:34
ValidityTue, 17 Jun 2025 20:03:47 GMT - Tue, 09 Sep 2025 20:03:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:tW4kTHIuU1iG1aa6FrqUo57IGVQ0vg:ylxJhCB_dKmonVMl; Expires=Thu, 08-Jul-2027 06:21:45 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 08 Jul 2025 06:21:45 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico&hl=en&passive=true&service=mail&uilel=3&ifkv=AdBytiPkP04xHzZMUJjsj1tx3tRhX7nAbZznGaXSukiJG9BQP2XpreP5UlAt-tZJR7dXdSQMWCf0Hw
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-M4rj-qe9-Rcv9vWM3JYyrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
cross-origin-opener-policy: unsafe-none
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
GET wss://127.0.0.1:5900/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5900
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ULUXkJtOlCap0XqzRS1eJw==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET wss://127.0.0.1:5903/
0 B IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET / HTTP/1.1
Host: 127.0.0.1:5903
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: aJQS7P09/QHGKRU/stfxZQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/bonus/bonus-icon-1.png
200 OK 20 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/img/bonus/bonus-icon-1.png
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type PNG image data, 112 x 80, 8-bit/color RGBA, non-interlaced
Hash fa2265b5e723d719b491853341681467
6fef2282ffe643fd25f68aebb00d6aea9cfccebd
e6352b8f9d571374f161962a9bb861245151a6bedcc8adf27784e34f218419f4
GET /img/bonus/bonus-icon-1.png HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 20362
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "fa2265b5e723d719b491853341681467"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Jm_tcq3agxsElPmOXckTuKbxh5Py9q4W0g3erOj9NA2zbdZ_B6WUZA==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2
200 OK 66 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 65992, version 1.0
Hash 2222f1fd23aa2c08af158311d680ac4a
713bc1f45391eb8c40ce868ba938737a881057b1
6f62f51295d471a285e41bf8063c23b6046ee2770a5c0baa55a5a7ed04251d22
GET /fonts/src/fonts/Roboto-Regular/Roboto-Regular.woff2 HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 65992
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "2222f1fd23aa2c08af158311d680ac4a"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: vLzw0-av9gLcy_RaRe3X7lKLjetEG5fXGsEdwvvdFXxjaxass8OUlg==
X-Firefox-Spdy: h2
GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/fonts/Roboto-Medium/Roboto-Medium.woff2
200 OK 67 kB URL GET main-page-pinco-form-promocode-2-cis.po.ppp40co.com/fonts/src/fonts/Roboto-Medium/Roboto-Medium.woff2
IP
Requested by https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/?form_email=%7Bform_email%7D&form_phone=%7Bform_phone%7D&lang=ru&lrrPath=casino&pc=30&s1=&s2=&s3=&s4=&s5=&source=&st=7lWcHaPi&startTime=1751955701294422082&trId=d1mbhtfcqo9c73b4p66g
Certificate IssuerAmazon
Subject*.po.ppp40co.com
FingerprintB5:F5:FE:83:33:73:19:92:76:1C:D5:1E:9B:D5:9B:F9:EF:05:6D:1B
ValidityFri, 06 Jun 2025 00:00:00 GMT - Sun, 05 Jul 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 66648, version 1.0
Hash 3c5527473962295b79be7b9ceb2b9084
afec031da1e0167fe0774516d04b814c17567dda
79950ee4e44866f1fb3b7c5fa755d8a267cf79eeff962dd3bb4f8a9e974f761c
GET /fonts/src/fonts/Roboto-Medium/Roboto-Medium.woff2 HTTP/1.1
Host: main-page-pinco-form-promocode-2-cis.po.ppp40co.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://main-page-pinco-form-promocode-2-cis.po.ppp40co.com/main.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: font/woff2
content-length: 66648
date: Tue, 08 Jul 2025 06:21:43 GMT
last-modified: Thu, 03 Jul 2025 10:25:10 GMT
etag: "3c5527473962295b79be7b9ceb2b9084"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fY_AQHgHXI-CkwsrVLxN7FwzbcCPvQNvFGcqLstYRogf8Z9c3Cxjqg==
X-Firefox-Spdy: h2
193.233.63.54
172.67.180.134
54.240.174.15
18.158.20.207
45.67.214.2