| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hasha2104f935c638b4767ca5ae0d738ef23 85c6af15af749be0ceeae6de17c36925b750f166 5d4789a3696bd7faa9916768cb627bbc89bf70a756d80e53860cbac13c2bc8b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D4789A3696BD7FAA9916768CB627BBC89BF70A756D80E53860CBAC13C2BC8B1"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10406
Expires: Sun, 29 Jan 2023 15:10:26 GMT
Date: Sun, 29 Jan 2023 12:17:00 GMT
Connection: keep-alive
|
|
| click.convertkit-mail2.com/n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90 | 3.141.222.179 | 301 Moved Permanently | 169 B |
URL HTTP/1.1click.convertkit-mail2.com/n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90 IP3.141.222.179:0
File typeHTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators Hash84855c13836b389d5ec7cfd4c9266173 1cf3056ff23c4176fd7ca9816a000ed461d6d323 502083c916ae481cdd413b8d93315300653df5fb3dcc5770c01991de19977eae
GET /n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90 HTTP/1.1
Host: click.convertkit-mail2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx/1.18.0
Date: Sun, 29 Jan 2023 12:17:00 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://click.convertkit-mail2.com/n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash3eb88dea4fe00db1182370e72683c3ab ca520abf1e91bfd2aef40c6a1270a911071e8922 d8083ee567c7b3023111dc30f32c94237df7db30d4d2daaea0a569e8a3069ad7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D8083EE567C7B3023111DC30F32C94237DF7DB30D4D2DAAEA0A569E8A3069AD7"
Last-Modified: Sat, 28 Jan 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10394
Expires: Sun, 29 Jan 2023 15:10:14 GMT
Date: Sun, 29 Jan 2023 12:17:00 GMT
Connection: keep-alive
|
|
| firefox.settings.services.mozilla.com/v1/ | 35.241.9.150 | 200 OK | 939 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/ IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (939), with no line terminators Hashdcd75ca6daca51c5e39d431468511793 07f76d3bf23d65c9110d810fa71a994e39e085d3 73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Backoff, Content-Length, Alert, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 29 Jan 2023 11:43:08 GMT
content-type: application/json
age: 2032
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash03092d1a1bc7ac91ee342a1a7ab2a562 52db06ce1fd2c74ddd36b6a0a7aee1b5c891600a 03b8ff2629abac9fc30ebec059c2e2018fcbc41646ad5f71c965ff630fbf1ffd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "03B8FF2629ABAC9FC30EBEC059C2E2018FCBC41646AD5F71C965FF630FBF1FFD"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11927
Expires: Sun, 29 Jan 2023 15:35:47 GMT
Date: Sun, 29 Jan 2023 12:17:00 GMT
Connection: keep-alive
|
|
| content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain | 34.160.144.191 | 200 OK | 5.3 kB |
URL HTTP/2content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain IP34.160.144.191:0
File typePEM certificate\012- , ASCII text Hash7b922915ebf1fa3639b333f994c74f24 144a3f80b98fd0652d4614f24cf6cbbee40f8938 adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3SlVnfyjNXffkNcmfbhU1DfmkWgQ12jdndEXen/n0JempgzraesiAUd4sd/6zBGzYbAZ/+nRBHA=
x-amz-request-id: BBNZSNBCMFC0EWT5
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 29 Jan 2023 11:21:22 GMT
age: 3338
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| contile.services.mozilla.com/v1/tiles | 34.117.237.239 | 200 OK | 12 B |
URL HTTP/2contile.services.mozilla.com/v1/tiles IP34.117.237.239:0
File typeJSON data\012- , ASCII text, with no line terminators Hash23e88fb7b99543fb33315b29b1fad9d6 a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 29 Jan 2023 12:17:00 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ocsp.sca1b.amazontrust.com/ | 54.230.245.110 | 200 OK | 471 B |
URL HTTP/1.1ocsp.sca1b.amazontrust.com/ IP54.230.245.110:0
Hash4674df248cd5bc58ce4442d1be677fea ede954ecc17044611b2acb1a339b7b41c7fc9745 6371c27e24be8bfe3a4048fe3de8c27ce81ccd552d260a0e64d87ee4c8d3ceb4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 29 Jan 2023 12:17:00 GMT
Last-Modified: Sun, 29 Jan 2023 11:55:40 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e-gX5ZKyiXLx4cprXskHYXESvIbQ-QGhRrKQmLmzXuLH2nWpGb7jjw==
Age: 1280
|
|
| firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US | 35.241.9.150 | 200 OK | 329 B |
URL HTTP/2firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US IP35.241.9.150:0
File typeJSON data\012- , ASCII text, with very long lines (329), with no line terminators Hash0333b0655111aa68de771adfcc4db243 63f295a144ac87a7c8e23417626724eeca68a7eb 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Last-Modified, ETag, Content-Length, Expires, Cache-Control, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 29 Jan 2023 11:49:04 GMT
age: 1677
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| click.convertkit-mail2.com/n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90 | 3.18.56.123 | 302 Found | 93 B |
URL HTTP/1.1click.convertkit-mail2.com/n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90 IP3.18.56.123:0
File typeHTML document text\012- HTML document, ASCII text, with no line terminators Hash79ba9a221ad74ec260c1f9074b2cde73 b6c26949df83b14ce63a6458e991624c2a5533e4 3763e1700f6474e96005d8f77d570683c1dbe48a004df32cdb7e465b9cb27cd8
GET /n4u2rv4q5gbvh8gweezf6/owhkhqh4mpvz2gcv/aHR0cHM6Ly9tYWlsLW9mZnNldC50b3AvYm90 HTTP/1.1
Host: click.convertkit-mail2.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.18.0
Date: Sun, 29 Jan 2023 12:17:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 93
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none
Referrer-Policy: strict-origin-when-cross-origin
Location: https://mail-offset.top/bot
Cache-Control: no-cache
X-Request-Id: 7c2e3345-624e-4e1b-8464-3229c2a136e3
X-Runtime: 0.009233
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hash16a7b6a7128312e2f985d30df18c4487 6017bff79ffb525d9c7f9f32b999b74b5dc69602 663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8749
Expires: Sun, 29 Jan 2023 14:42:50 GMT
Date: Sun, 29 Jan 2023 12:17:01 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashda28f53175bde82956b20eb98cd2b00f ca0b81a14383c950257811ef0657fab3be96386f 2d17eca96aaa33489b94a6320c402c6ea99541791128601dc89d90cb5f31e7de
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2D17ECA96AAA33489B94A6320C402C6EA99541791128601DC89D90CB5F31E7DE"
Last-Modified: Sun, 29 Jan 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17767
Expires: Sun, 29 Jan 2023 17:13:08 GMT
Date: Sun, 29 Jan 2023 12:17:01 GMT
Connection: keep-alive
|
|
| mail-offset.top/bot | 91.235.129.191 | 302 Found | 0 B |
IP91.235.129.191:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bot HTTP/1.1
Host: mail-offset.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 29 Jan 2023 12:17:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Sun, 29 Jan 2023 12:17:01 GMT
Location: https://fortuneadvert.com/ggbet1/?flow=1030
Pragma: no-cache
Set-Cookie: _subid=s8hnpagpg3;Expires=Wednesday, 01-Mar-2023 12:17:01 GMT;Max-Age=2678400;Path=/
32b0a=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjI0XCI6MTY3NDk5NDYyMX0sXCJjYW1wYWlnbnNcIjp7XCI5XCI6MTY3NDk5NDYyMX0sXCJ0aW1lXCI6MTY3NDk5NDYyMX0ifQ.PRFMfx__jzTI5LcXhGbD9a_t6WNZG_8NTq5OFPYCWnY;Expires=Friday, 28-Feb-2076 00:34:02 GMT;Max-Age=1675081021;Path=/
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
|
|
| push.services.mozilla.com/ | 35.163.217.60 | 101 Switching Protocols | 0 B |
URL HTTP/1.1push.services.mozilla.com/ IP35.163.217.60:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zMlFGRnQMthpctlifAcrNQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: xQgffodwjkyV0ZG4AYdnLKgFm0E=
|
|
| ocsp.digicert.com/ | 93.184.220.29 | 200 OK | 279 B |
IP93.184.220.29:0
Hash507643faba70df74b3fc7351b06b853b 80d6d6210c52d13195b441a5c5acd36be0edbd08 af703d5d9a1447c3043e4de32172b877fef555cce0620c81d3ce2cf483b6a580
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1405
Cache-Control: max-age=167119
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 12:17:01 GMT
Etag: "63d6480f-117"
Expires: Tue, 31 Jan 2023 10:42:20 GMT
Last-Modified: Sun, 29 Jan 2023 10:18:55 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 279
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash8c630e9bbc930d1c367efa81b67be3f7 ec536695531d40a813d99a06271c7c2d698d51d3 39ca0a60c3e2e85712757ead0830d0da82beac1e4f44b6e90243e5ca9326bf4b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 12:17:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.googleapis.com/css2?family=Open+Sans:wght@600;700&family=Roboto:wght@400;500&display=swap | 142.250.74.74 | 200 OK | 1.3 kB |
URL HTTP/2fonts.googleapis.com/css2?family=Open+Sans:wght@600;700&family=Roboto:wght@400;500&display=swap IP142.250.74.74:0
Hash4ecdc569c9835643fb7f643ed4e23a50 5cbe9aa52e77041599d9f6dd2f50b717fa996dff f5f94cc0ff3a7cb2592cdff84967d93a4ef7e8718de080e0273828ed05c3e2d9
GET /css2?family=Open+Sans:wght@600;700&family=Roboto:wght@400;500&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 29 Jan 2023 12:17:02 GMT
date: Sun, 29 Jan 2023 12:17:02 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/logo.png | 203.30.190.247 | 200 OK | 4.6 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/logo.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 373 x 73, 8-bit/color RGBA, non-interlaced\012- data Hasha48c2ba1afed3e1cb712eaf4cb12017f 4838bf9e19c5fe3c4071496dd9a9dab319467d9a cc0f5d506bbbacd7e4dbba1c2b95d27766d6050e2628849ce325c644c2be0c62
GET /promo/94284/img/logo.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 4599
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
etag: "62a84d43-11f7"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eaafb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/scratch-used.png | 203.30.190.247 | 200 OK | 11 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/scratch-used.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 354 x 203, 8-bit colormap, non-interlaced\012- data Hash15c4b567685fe8f1f173c5b06b810571 63ec335e38b9c90e78dc7b1ddbda0a9dbb3a9266 d3a7608bb9596e1e7f1ba547eb8d4154ac1c60f20913e81dcb0a640473de29d6
GET /promo/94284/img/scratch-used.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 10801
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
etag: "6165982d-2a31"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eabab51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/wheel-en.png | 203.30.190.247 | 200 OK | 201 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/wheel-en.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 1000 x 1000, 8-bit colormap, non-interlaced\012- data Size201 kB (200690 bytes) Hash8a6e237e1eb4c3fc2e2f1be3f0ed3aeb 165cba7ac81afc20eb3a1924d107c43f19d059ab 196699ff75345438bfc7040c57a9190f67de2af1c4a2b5df5ac77ec577837988
GET /promo/94284/img/wheel-en.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 200690
last-modified: Tue, 12 Oct 2021 14:14:07 GMT
etag: "6165982f-30ff2"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eab5b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/nok.jpg | 203.30.190.247 | 200 OK | 38 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/nok.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 354x203, components 3\012- data Hash1f1955a2a359f898f6e28b99579760ca aeaf5fdf6b85eb0e13e1b457022c07b928186eac fc4cb033044e9c29d21bc08a740616b79991dd5e905d3c89ad63e428559f0eea
GET /promo/94284/img/nok.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 37952
access-control-allow-origin: *
cf-bgj: h2pri
etag: "6165982d-9440"
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad4b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/scratch-anim.gif | 203.30.190.247 | 200 OK | 222 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/scratch-anim.gif IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeGIF image data, version 89a, 354 x 203\012- data Size222 kB (221839 bytes) Hash5f8ae650ee24dd61f4797456103e68b7 1423156cc91858eacb7ab823f83e88327f36564d b3bbfb99e030b82d46af82e4c2dbb2bbe46e7801f6268118d6acb50b5bb738d6
GET /promo/94284/img/scratch-anim.gif HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/gif
content-length: 221839
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
etag: "6165982d-3628f"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eab9b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/euro.jpg | 203.30.190.247 | 200 OK | 33 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/euro.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 354x203, components 3\012- data Hash6ba1552497c212206639c581dd1678be dde6cab4cfe55edfb4c2a28c33ef1d39e1c2460a ab4369bb410e176b232215bfc19ec3c862decddaaf0b8920a1fef6dca7e8533b
GET /promo/94284/img/euro.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 32746
access-control-allow-origin: *
cf-bgj: h2pri
etag: "6165982d-7fea"
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eabdb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/Money-THB.jpg | 203.30.190.247 | 200 OK | 42 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/Money-THB.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash48c4fac69c102d0cee4dba5e46404895 f2388b5aa264ebee2d33189ca29582d4eaab29f2 f53415cc8866a98acb5e654bb097c9d623c6c790917cd581bee161f37f11b10a
GET /promo/94284/img/Money-THB.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 41909
access-control-allow-origin: *
cf-bgj: h2pri
etag: "629eff8f-a3b5"
last-modified: Tue, 07 Jun 2022 07:34:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eaceb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/Money_VND.jpg | 203.30.190.247 | 200 OK | 71 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/Money_VND.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hashd281f5fa2ec8ef69f55896d730cbc7fc 7c379ba2c91f060a6df0c71331611cc763fdb100 69b6644bbf84a2f5d83fff98ac88ca39d90a258e46b71120ad48b5c92fbf49e0
GET /promo/94284/img/Money_VND.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 70553
access-control-allow-origin: *
cf-bgj: h2pri
etag: "629eff8f-11399"
last-modified: Tue, 07 Jun 2022 07:34:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad1b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/ars.jpg | 203.30.190.247 | 200 OK | 56 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/ars.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hashb380c4376295d1039ca363e110c76ed5 72bbead428ec904d68764674232bfe686491c805 fb5fb381edfb991063e2a03eebbbd4248da381c58ecb2a92f1c762e4a30401c7
GET /promo/94284/img/ars.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 56456
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-dc88"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fadcb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/huf.jpg | 203.30.190.247 | 200 OK | 52 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/huf.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hashf9146dbde31bfaa8ad7b7cfbf70380d2 87f3cb1504f5d47729700f0e237d93fce27628d2 3c899417103e821c8e066688124db98aa58b96cd734cf317481a0201faab90d9
GET /promo/94284/img/huf.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 51503
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-c92f"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad7b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/clp.jpg | 203.30.190.247 | 200 OK | 60 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/clp.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash06e0d2888066c5c066611dc1c398364e 60988782b027d15d097f8461674a68f8b3d0259c 44ffcf8fde41b71f4c086bfdd0ba635c6e2bf98ecce178696e46bafd46f10d42
GET /promo/94284/img/clp.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 59548
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-e89c"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704faddb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x58.png | 203.30.190.247 | 200 OK | 18 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x58.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash8eac8fde4fc60512799fb98a42ec9e4a f40f7a4719f8c11579e1ddb585d7af3be9ada1ac eb237c03be0f0a8d9b00d2fda873eb66ca35e3094259a608b12a59739d1725e6
GET /promo/94284/img/x58.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 18084
last-modified: Tue, 07 Jun 2022 07:34:40 GMT
etag: "629eff90-46a4"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae1b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/jpy.jpg | 203.30.190.247 | 200 OK | 44 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/jpy.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash40c7a78cc34f083e88237a3c8bba9f2a 4e624f48219cf7b4f4d4d922a7890a04516ac8f0 454fe30567db77c8c03f2a217b801c8bfb94158acec04140478b5a21ba58ccef
GET /promo/94284/img/jpy.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 43617
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-aa61"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad8b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x37.png | 203.30.190.247 | 200 OK | 18 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x37.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash012ba9b0c3e2b7a6876adb1d968df505 060bf69711232bfad4d63c86cd969983af2177bc 8ee0add9d5d23d473ab92a8639716e773335941ac21dbc075f90909345bbf8a8
GET /promo/94284/img/x37.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 18326
last-modified: Tue, 07 Jun 2022 07:34:40 GMT
etag: "629eff90-4796"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae3b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x20.png | 203.30.190.247 | 200 OK | 19 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x20.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash88fac4735780c780b9dc3ab86825e499 e5458468bb52fd92fa9d376de7a99c1b67e43a5c 444193a993020a4cdd7ebed405452289e24dd709542bd7d1de7dc07d47b2b870
GET /promo/94284/img/x20.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 18784
last-modified: Tue, 14 Jun 2022 08:56:38 GMT
etag: "62a84d46-4960"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050aedb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x10.png | 203.30.190.247 | 200 OK | 18 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x10.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hashdf2af5a1827b9772d950affb2c7d8a00 03432a473943dd36af1eb69e33b8c7c6482b4da0 5ee062e3ac6435389fb2e91859a058ace7df05f80233825f8107146399383898
GET /promo/94284/img/x10.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 17919
last-modified: Tue, 12 Oct 2021 14:14:06 GMT
etag: "6165982e-45ff"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae0b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/plzl.jpg | 203.30.190.247 | 200 OK | 50 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/plzl.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 354x203, components 3\012- data Hashda0b534b37364430545f751fd7ace65c 3e39670d4655fba05c93f231d7dce8553bc37017 f34d45cb9aa3049c9915b7cbaf26b5fb87e7d1fdaebc81c4150759d514d4ae5b
GET /promo/94284/img/plzl.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 50068
access-control-allow-origin: *
cf-bgj: h2pri
etag: "6165982d-c394"
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad2b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/ron.jpg | 203.30.190.247 | 200 OK | 60 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/ron.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash7f1553fef2f360a680a278aecd508465 18784144a4bbcb65667dc149aca6edef94980df7 d93248f0eb47e7f2653868ae9c96cd76cac95836bc953205e89c567eb47c7445
GET /promo/94284/img/ron.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 60186
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-eb1a"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad6b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/Money_PHP.jpg | 203.30.190.247 | 200 OK | 64 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/Money_PHP.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash5d4c575359057506c5cc0a6c77eafc55 36a2daaa49367922a7dbb48be7457062f85f0f7e 0a512e7726b590af0ba3df14e1314ce6685fa1b8a8e6343c021057ca88923b7b
GET /promo/94284/img/Money_PHP.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 63801
access-control-allow-origin: *
cf-bgj: h2pri
etag: "629eff8f-f939"
last-modified: Tue, 07 Jun 2022 07:34:39 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eac9b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x50.png | 203.30.190.247 | 200 OK | 18 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x50.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash082a63cf272399b9ba0b0fe5a4b51ed3 eb67966309dc079f97d3ab3a764560bb60f16513 be72554f38ab8dd15f982db72ce7c0488b87e4b9a27509a5e0e16f757a5fc49c
GET /promo/94284/img/x50.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 18105
last-modified: Tue, 07 Jun 2022 07:34:40 GMT
etag: "629eff90-46b9"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae2b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x25.png | 203.30.190.247 | 200 OK | 18 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x25.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hashcd086008bd3837278cb2c8a69bf6d86a 188463beb9c0ca46d9dc7725d5cdc101358af78c 754af2fddfdab46d345f7e506cc74cd93fb250384a73fbda3fa2f97539d4f2cb
GET /promo/94284/img/x25.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 18140
last-modified: Tue, 14 Jun 2022 08:56:39 GMT
etag: "62a84d47-46dc"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae5b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x15.png | 203.30.190.247 | 200 OK | 17 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x15.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash0d3b6f5441baabfe9aa835063472e85f f4b6f68e0bf32c7cedc16b7194cb4313abf7bc1c 86e56a5c02327c390ac798964188feb69a9791ff00c03607adad5126159528e4
GET /promo/94284/img/x15.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 16610
last-modified: Tue, 14 Jun 2022 08:56:38 GMT
etag: "62a84d46-40e2"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae6b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/dkk.jpg | 203.30.190.247 | 200 OK | 70 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/dkk.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hashbd2a7775e893b405e28474f38a3d0470 300fd1ba8411f458ae42e194ffa03406ecda3140 ce6b23c019710f7a8d4f98b118dc36dc19ec14f160a0c08a73cf7b493cb688e8
GET /promo/94284/img/dkk.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 70162
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-11212"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fad5b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/pen.jpg | 203.30.190.247 | 200 OK | 47 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/pen.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash7ff588c8482bd4f21bd480e4909f0365 fd8e0b9d053e09dfccbf49b1b58dec2477dcbbd9 e45e6ef70cce53f461f331019ef9dde43d3f576a26110e996592b5a62a6d3549
GET /promo/94284/img/pen.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 46799
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-b6cf"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fadfb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/brl.jpg | 203.30.190.247 | 200 OK | 43 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/brl.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 417x232, components 3\012- data Hash93aa1656e3a4373b289b7e40fdd0aad2 aea84fb48cb8a649fc1798bf08eca3e1b7ade106 d063dfdd38ebf01fb2656c9cfd5c3bda8f76dc9dc7e8027966d86c8875d412ff
GET /promo/94284/img/brl.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 43034
access-control-allow-origin: *
cf-bgj: h2pri
etag: "62a84d43-a81a"
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fadab51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x8.png | 203.30.190.247 | 200 OK | 13 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x8.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hashf60fb68f214fdf61bc9c3f6a7d04126e 4c0af4145b67a67b72264fc7ff9773fb3f98aa56 92485c15e7d462afb708eb7ad8e350359bc8d202de12cc0a4347ee8961543b2f
GET /promo/94284/img/x8.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 12966
last-modified: Tue, 12 Oct 2021 14:14:06 GMT
etag: "6165982e-32a6"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704fae7b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x100.png | 203.30.190.247 | 200 OK | 15 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x100.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash98523e4705b0adda2ffbad9c0602f78c aea1651e0159e50338e28efd98848638518e9746 f118009020a2cd6916a3f088f537ae868d3e9ad6da61518725d0979347e9fb0b
GET /promo/94284/img/x100.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 14940
last-modified: Tue, 14 Jun 2022 08:56:38 GMT
etag: "62a84d46-3a5c"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050aeab51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/popup-anim.gif | 203.30.190.247 | 200 OK | 265 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/popup-anim.gif IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeGIF image data, version 89a, 360 x 360\012- data Size265 kB (265132 bytes) Hash7322c4e8a1ff4ef031bf7a3d7e88321b 45d077143b48ffe5d03e7bc05c599140f481733c 04a43f15563fda3b9457e1fcbed4f6a6e12dcf910b874073d746683161f8e86a
GET /promo/94284/img/popup-anim.gif HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/gif
content-length: 265132
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
etag: "6165982d-40bac"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050aeeb51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/gamelogo.png | 203.30.190.247 | 200 OK | 27 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/gamelogo.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 244 x 233, 8-bit colormap, non-interlaced\012- data Hash44107a19996eb2f975ad30a510069cfc b8e0607442205ba9e32836bbfa15adf89af4550a 854e6223ea291d3a33c8bf4ef79c32ef6b70969f91c0c19e86ed54885f00013e
GET /promo/94284/img/gamelogo.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 26593
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
etag: "6165982d-67e1"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050af0b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/x35.png | 203.30.190.247 | 200 OK | 19 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/x35.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 243 x 131, 8-bit/color RGBA, non-interlaced\012- data Hash628a59bc5e12b2d97be30fdd8ffe9e02 502bf9f4f50cb12e38fc9c673f7190590267a97c 205c6d34521aebcc0720bddd55308284f265635ecbebcd4d21346957a1d570e8
GET /promo/94284/img/x35.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 18559
last-modified: Tue, 14 Jun 2022 08:56:39 GMT
etag: "62a84d47-487f"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050aecb51e-OSL
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash8cf65fcdafa84b63cf7005fe57927fcb 3f7d163a96e7f00eb2de9828624ec46e22b4b40a dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 12:17:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash8cf65fcdafa84b63cf7005fe57927fcb 3f7d163a96e7f00eb2de9828624ec46e22b4b40a dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 12:17:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 | 142.250.74.35 | 200 OK | 45 kB |
URL HTTP/2fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 IP142.250.74.35:0
File typeWeb Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data Hash565ce506190ad3af920b40baf1794cec ad3cba5d06100e09449a864d3b5e58403b478b3d 8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ratanygaimiaheo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 23 Jan 2023 18:52:41 GMT
expires: Tue, 23 Jan 2024 18:52:41 GMT
cache-control: public, max-age=31536000
age: 494661
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/fs-icon.svg | 203.30.190.247 | 200 OK | 16 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/fs-icon.svg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (489), with no line terminators Hash485f61df95e487b81fa66593b5ec32ad 356964c2e1e8ecea508b18527331adf2913f728c e934625e32eea3758c1355de8184ca52eed7bdd74d1a70b0257b6f1cc29f24ed
GET /promo/94284/img/fs-icon.svg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Oct 2021 14:14:06 GMT
etag: W/"6165982e-1e9"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eab0b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ocsp.pki.goog/gts1c3 | 142.250.74.131 | 200 OK | 471 B |
IP142.250.74.131:0
Hash8cf65fcdafa84b63cf7005fe57927fcb 3f7d163a96e7f00eb2de9828624ec46e22b4b40a dfcf629cc49444f646f3a014014a91e36251b4b43655ce2e2eca55263dd196e3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 29 Jan 2023 12:17:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
|
|
| ratanygaimiaheo.com/promo/94284/img/lang-arr.png | 203.30.190.247 | 200 OK | 186 B |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/lang-arr.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 13 x 8, 8-bit gray+alpha, non-interlaced\012- data Hash17bde78990738cef05597f968e6f8e42 d220d2a7e18a93e39622206497c8937d84ab5288 0c56417b1df7bb7552bba7d60a12aae958c14b72329d3b6e5ad01ad5b5d013ef
GET /promo/94284/img/lang-arr.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/promo/94284/css/style.css
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 186
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
etag: "6165982d-ba"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7064cdab51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/money-icon.svg | 203.30.190.247 | 200 OK | 4.8 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/money-icon.svg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeSVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (729), with no line terminators Hasheb1f727042b440f7e46f2745726bdb9e 010a97b4faa3a8985c2fa67c7d0ff0ef975fb910 6296f5548394cfca4c7c1ef75d8f6294857900435e5fccc482ccdf4bdf807581
GET /promo/94284/img/money-icon.svg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Oct 2021 14:14:06 GMT
etag: W/"6165982e-2d9"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704eab3b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/preloader.svg | 203.30.190.247 | 200 OK | 58 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/preloader.svg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeSVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (438), with no line terminators Hash7eed94ca3d3d97ad7d52420bf1fbf591 af0dbbc817ce7800300e4945682b9392483972ac a929aee2243905dbc3273414cd784c2437edd2bf7b5e06e0f77addfb99f92412
GET /promo/94284/img/preloader.svg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/svg+xml
last-modified: Tue, 12 Oct 2021 14:14:06 GMT
etag: W/"6165982e-1b6"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704daaab51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/bg-desk.jpg | 203.30.190.247 | 200 OK | 280 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/bg-desk.jpg IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data Size280 kB (279864 bytes) Hashf06e4d965f2196eda54014cff2bd466a a635d7907c7a7e8c597272e3af513674507bd021 629cbea55b65805d8596762b83d8e2fc9f48137e5654f58b8a4ab3adb3949183
GET /promo/94284/img/bg-desk.jpg HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/promo/94284/css/style.css
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/jpeg
content-length: 279864
access-control-allow-origin: *
cf-bgj: h2pri
etag: "6165982d-44538"
last-modified: Tue, 12 Oct 2021 14:14:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7064cd9b51e-OSL
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/css/style.css | 203.30.190.247 | 200 OK | 32 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/css/style.css IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeASCII text, with very long lines (15949), with no line terminators Hash6b4998e6755f9a4ad5ed2d090ffa6910 0bd7848b240675f26a2e8a95f2a72e63ca2b0378 f2d2bb4a1e0aa82d597b8f48a35d348613bac6e599433de7388d7d38270a8445
GET /promo/94284/css/style.css HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: text/css
last-modified: Tue, 14 Jun 2022 08:56:24 GMT
etag: W/"62a84d38-3e4d"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e704daa7b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/favico.png | 203.30.190.247 | 200 OK | 204 B |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/favico.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 16 x 16, 4-bit colormap, non-interlaced\012- data Hashd6f7cfe570165a2f152307c584888ff9 106e6cd8faf18a507d75b76a1fad254d21d2dbc9 127344a0d987e219d322b2f2aada87b79ba1d5eec1d942745a53a3b54ca90e33
GET /promo/94284/img/favico.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 204
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
etag: "62a84d43-cc"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e707cedcb51e-OSL
X-Firefox-Spdy: h2
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5141
Expires: Sun, 29 Jan 2023 13:42:43 GMT
Date: Sun, 29 Jan 2023 12:17:02 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5141
Expires: Sun, 29 Jan 2023 13:42:43 GMT
Date: Sun, 29 Jan 2023 12:17:02 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5141
Expires: Sun, 29 Jan 2023 13:42:43 GMT
Date: Sun, 29 Jan 2023 12:17:02 GMT
Connection: keep-alive
|
|
| r3.o.lencr.org/ | 23.36.77.32 | 200 OK | 503 B |
IP23.36.77.32:0 ASN#20940 Akamai International B.V.
Hashdfb84426fed94988d5c90372baff059c f1c4740830034ff8a5759d59ae3f657ea524d083 d97efec67504b084ca6ff9e2af973b45b916f90aa021603e3615806bb2737b6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D97EFEC67504B084CA6FF9E2AF973B45B916F90AA021603E3615806BB2737B6A"
Last-Modified: Sun, 29 Jan 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5141
Expires: Sun, 29 Jan 2023 13:42:43 GMT
Date: Sun, 29 Jan 2023 12:17:02 GMT
Connection: keep-alive
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg | 34.120.237.76 | 200 OK | 8.7 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash43c4a8e963936a8064dbd2bd3c67b905 8508727c97127c98b886833af28b3470306216c2 070c29fe7c0a227029483d675eac863904ab6b291467acdf62167f4845699c21
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdf6aeac1-fd74-4724-86b5-f0e86d98c915.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8652
x-amzn-requestid: 5a5a883e-d7d4-4fc5-925a-3a95830c504e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVguyG7BIAMFm8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d214c4-390b59a32060e41203533c58;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 05:51:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: ewSsCY4u9DwRtaj00U9JCim9tYeCgHRuIQFpdHm4ttI6L02-e44iDQ==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:11:24 GMT
age: 47138
etag: "8508727c97127c98b886833af28b3470306216c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg | 34.120.237.76 | 200 OK | 6.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash2cbbc57c4e469baec1bda006407877cc e988f007b1f9ec2327e7817f38cf56202096aeae 5237a8a8a7aa1fe59548582abf726fe77ad9e1fad8535bb5f88519dc6e779a86
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7cfa685-1688-424d-b352-82b8ce19495a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6158
x-amzn-requestid: 034023e1-bd96-4c41-aa48-cccf5fa7b366
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: feLdTEXToAMF5Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d58c54-5390c17952d82d9108bdd3f8;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 20:57:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ACe_e899vrvXgDH3SKhGkebo6EgwW3c97aiFsr_p0g0cyWhl0XmjIg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 00:04:06 GMT
etag: "e988f007b1f9ec2327e7817f38cf56202096aeae"
content-type: image/jpeg
age: 43976
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/img/flags.png | 203.30.190.247 | 200 OK | 4.3 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/img/flags.png IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typePNG image data, 16 x 320, 8-bit/color RGBA, non-interlaced\012- data Hash6d5d6aa92e5d43ccd484bd63fe832267 2e956402490e3a83b77da7e95732a5112504d8a6 4ab1186072dc5da547575bca2f7aa2261d457c12494c6af33cc8f1e6b59d6491
GET /promo/94284/img/flags.png HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/promo/94284/css/style.css
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1; ch=8e4825f4bfac8149bd4b3f47741b0ad1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: image/png
content-length: 4346
last-modified: Tue, 14 Jun 2022 08:56:35 GMT
etag: "62a84d43-10fa"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7086f8db51e-OSL
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg | 34.120.237.76 | 200 OK | 9.2 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash3be81f83687ddb6c93d3ff3c09a9dba2 50a48e737310d3f31840db4301b25927fbcc12c5 e78c909e2381898e7f546183784a05dff47c31734c95358aaada8c2777ad47be
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9a423a9-16ee-4e3f-b9b4-34f6a469aba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9167
x-amzn-requestid: e6e0789c-a4a9-4ffa-a0ae-691770d1035b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPF9YEBmIAMF0kQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8388-01d2093432d3959903671a69;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:06:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: awfNeaKbFw2bjiTGwUrwUTxU-qbVS2eTjn948H8kn1hy7pi_DwLMlQ==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 17:35:56 GMT
age: 67266
etag: "50a48e737310d3f31840db4301b25927fbcc12c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg | 34.120.237.76 | 200 OK | 5.6 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4c77437e3a7361861aed8bfecbfe6bd6 fefd238c13c0fdfb7d964c90fcc8a8cbbf953034 282d15c443cb6232ae0a30046a0dc24360617355a4651cdba59b11e6f7313d8a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8d4cfe7c-2bbe-4efd-b73a-59ea603c332f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5594
x-amzn-requestid: d56c9b84-dc1f-4d5c-91bf-7db55058bf67
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fLyeEGOloAMFpzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ce3126-5013a6b971d6800c5c85a4eb;Sampled=0
x-amzn-remapped-date: Mon, 23 Jan 2023 07:03:02 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: D2ZAelkDgsd0wjoOSoPRwTzhozs84_aIcgwU-QmbDrTnHztVD0VL_A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 14:57:16 GMT
age: 76786
etag: "fefd238c13c0fdfb7d964c90fcc8a8cbbf953034"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/promo/94284/js/main.js?v2 | 203.30.190.247 | 200 OK | 8.2 kB |
URL HTTP/2ratanygaimiaheo.com/promo/94284/js/main.js?v2 IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
File typeASCII text, with very long lines (5555), with no line terminators Hashd8218b5599b2713975b0017b6c47ea4f 73c7725a8935a578ab8dca96adb177e97db8d0e8 77b068c10392e9435092b638afb45abfb89ad9f8a5ebb4648742fb27356158d2
GET /promo/94284/js/main.js?v2 HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: application/javascript
last-modified: Thu, 12 Jan 2023 15:22:09 GMT
etag: W/"63c025a1-15b3"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050b07b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg | 34.120.237.76 | 200 OK | 4.5 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash4205d8106659e00fff1cbe9262918b8c ab4f6528594a1725934727dc7d834c028a79c609 31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 4jPbm4WufkUKm7ljLvpHrJUFhr-JQ_nl3iYfI5S8nTqEszFdUtz9EQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sun, 29 Jan 2023 05:24:09 GMT
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
age: 24773
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg | 34.120.237.76 | 200 OK | 12 kB |
URL HTTP/2img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg IP34.120.237.76:0
File typeJPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data Hash10a6491e2c1dfde68c7cd7297e70700f d0f195319825a6d3e5e50ad15b2fcab27cb65896 4d9353d5874e5ea03c25e1562db5f479c222a48db526fdd10ede7c2e6a4dd874
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fce27f1aa-8d31-4110-a47f-73de0b95926d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11470
x-amzn-requestid: 62d61967-9380-4ca9-b11a-531425dbd2ae
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fIf6WFgAIAMF6gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cce042-6d9fe51029094b7f37c0a648;Sampled=0
x-amzn-remapped-date: Sun, 22 Jan 2023 07:05:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rUIvvkZQ028ey3klplI-x9oZFugon5HsAWT-SN2GQo5hBeBJWqoMAg==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 23:12:28 GMT
age: 47081
etag: "d0f195319825a6d3e5e50ad15b2fcab27cb65896"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/assets/js/bundle-151220101100.min.js | 203.30.190.247 | 200 OK | 0 B |
URL HTTP/2ratanygaimiaheo.com/assets/js/bundle-151220101100.min.js IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
GET /assets/js/bundle-151220101100.min.js HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 16:06:40 GMT
etag: W/"63d2a510-8fc3"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3023
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050af1b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/shared/js/jquery-3.2.1.min.js | 203.30.190.247 | 200 OK | 0 B |
URL HTTP/2ratanygaimiaheo.com/shared/js/jquery-3.2.1.min.js IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
GET /shared/js/jquery-3.2.1.min.js HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: application/javascript
last-modified: Wed, 24 Oct 2018 15:56:58 GMT
etag: W/"5bd0964a-1500f"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3049
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050af5b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|
| fortuneadvert.com/ggbet1/?flow=1030 | 185.125.19.53 | 302 Found | 0 B |
URL HTTP/2fortuneadvert.com/ggbet1/?flow=1030 IP185.125.19.53:0
GET /ggbet1/?flow=1030 HTTP/1.1
Host: fortuneadvert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 29 Jan 2023 12:17:01 GMT
content-type: text/html; charset=utf-8
location: https://tarenived.com/12720/26797?lp=284¶m=128_1030_&click_id=7096533
set-cookie: site79=1030; expires=Mon, 30-Jan-2023 12:17:01 GMT; Max-Age=86400; path=/
X-Firefox-Spdy: h2
|
|
| ratanygaimiaheo.com/assets/js/lm-1.0.0.min.js | 203.30.190.247 | 200 OK | 0 B |
URL HTTP/2ratanygaimiaheo.com/assets/js/lm-1.0.0.min.js IP203.30.190.247:0 ASN#209242 Cloudflare London, LLC
GET /assets/js/lm-1.0.0.min.js HTTP/1.1
Host: ratanygaimiaheo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ratanygaimiaheo.com/ggbet/p94284?atp=128_1030_&goto=sitereg&click_id=7096533&plid=12720&bnid=26797&lang=en&deeplink=casino&cc=NO
Cookie: promouuid=b6e556252bbd1b92e24d7fcc728c537e9862b476; cd6416780c027c1a8f448eae70577e2f=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 29 Jan 2023 12:17:02 GMT
content-type: application/javascript
last-modified: Thu, 26 Jan 2023 16:06:40 GMT
etag: W/"63d2a510-20a"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 3049
vary: Accept-Encoding
server: cloudflare
cf-ray: 7911e7050af2b51e-OSL
content-encoding: br
X-Firefox-Spdy: h2
|
|