Report - rtpair168gg.click/

Report Overview

Visited public
2023-12-03 17:28:09
Tags
suspicious
URL
rtpair168gg.click/
Finishing URL
air168-rtp.click/
IP / ASN
104.21.14.250
#13335 CLOUDFLARENET
Title
Air168 RTP Judi Slot Gacor Gampang Maxwin Hari Ini
Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
rtpair168gg.click	unknown	unknown	No data	No data	486 B	4.9 MB	172.67.160.212
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17 22:46:33	2023-12-03 05:09:13	1.5 kB	92 kB	104.17.25.14
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-03 05:09:22	425 B	125 kB	151.101.130.137
cdn.ampproject.org	329	2015-08-31	2015-10-09 06:27:01	2023-12-03 05:30:26	1.8 kB	95 kB	142.250.74.129
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-03 07:56:40	890 B	24 kB	142.250.74.131
air168-rtp.click	unknown	unknown	No data	No data	8.1 kB	383 kB	188.114.97.1
media.fastchecker.us	224498	2018-02-28	2022-05-12 15:26:35	2023-11-29 05:23:34	10 kB	257 kB	104.21.233.199
i.ibb.co	13485	2010-07-20	2018-11-25 11:13:48	2023-12-03 13:11:12	1.4 kB	250 kB	162.19.58.160

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (17)

	URL	From	Size	First Seen	Last Seen
	www.gstatic.com/firebasejs/5.5.8/firebase-app.js	ScriptElement	35 kB	2023-11-04	2025-04-17
Pretty URL www.gstatic.com/firebasejs/5.5.8/firebase-app.js IP 142.250.74.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-04 20:50 Last Seen2025-04-17 04:12 Times Seen49 Hash 4de81e8733af1c90040961e8bddb9a1c ab803fd855772d9ff2e5d7b2b425e653276958f3 a73e6b7e9a591f7ab3704395b03f94b31b1d7dff684fc5943c123f4750b6b680 Loading...

	air168-rtp.click/	ScriptElement	90 kB	2023-11-04	2025-02-07
Pretty URL air168-rtp.click/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-04 20:50 Last Seen2025-02-07 02:21 Times Seen48 Hash 83dc8f347a04c4ac5ac24766c1ad7d90 22dd4f90fdbbf111d04765351c04a529b57beca6 390219872ec92921ef0b3c153acd7552b19646f55785db762bc430d741707921 Loading...

	cdn.ampproject.org/rtv/012311171837000/v0/amp-auto-lightbox-0.1.js	ScriptElement	7.8 kB	2023-11-28	2024-08-20
Pretty URL cdn.ampproject.org/rtv/012311171837000/v0/amp-auto-lightbox-0.1.js IP 142.250.74.129 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 23:51 Last Seen2024-08-20 17:32 Times Seen75 Hash 3d563ff38b734c6bc3aed47141e8040e c6f4f93b089785efafade8dab4fa7d2b4fed113a 9490f2bb8d22cf23953bd1cc028e6405f228e7918b18aa914fa8f56ba9db0087 Loading...

	unknown	ScriptElement	17 kB	2023-12-03	2025-02-07
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 18:28 Last Seen2025-02-07 02:21 Times Seen21 Hash c5f26a1fc900129ed6b2d56ea25b7aca b44f43ae9ecd591b4c76ba8b73d617c252cbad42 19de20103ebc853f13dc2ec938a7278112cbb142c1d3d728b52b794a9d0d5f57 Loading...

	unknown	ScriptElement	2.9 MB	2023-12-03	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 18:28 Last Seen2024-09-28 08:34 Times Seen2 Hash 4ba248e9be3481022c641ffe53913fb0 b3441180a83bffe92520547075abaa7a4c774957 0ffc737ffc30b81d9c5f9676b6d2d40806cd0339a9793cf20f8057ff8f06fb59 Loading...

	air168-rtp.click/	ScriptElement	60 kB	2023-11-04	2025-02-07
Pretty URL air168-rtp.click/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-04 20:50 Last Seen2025-02-07 02:21 Times Seen47 Hash 224301fa82c21af6a86ef651a2360d18 52925f63e70077ba1d3f210f7edcd4610c8f2e9f f41daff3e126a600ad4ed182a012d52819cf1f91e9d81dda669570a1a0155ab1 Loading...

	air168-rtp.click/	ScriptElement	5.7 kB	2023-11-04	2025-02-07
Pretty URL air168-rtp.click/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-04 20:50 Last Seen2025-02-07 02:21 Times Seen47 Hash 5da1c200345e18362d7e20aacbc57f5f 5185015aab57c22c5c33bb6f7952152e391c5084 6d3c19fc44fdb8d397705d25948e499d276f95723951887ec368b7606fc931fa Loading...

	air168-rtp.click/sandbox%20eval%20code		123 B	2023-05-05	2025-05-09
Pretty URL air168-rtp.click/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 23:38 Last Seen2025-05-09 12:16 Times Seen8313 Hash 239166f4d1bda569909c9af241098419 ad3987a93224de5c735c7c380daf5bfaecf60ac8 255566913e81e0587539abba68839777480779575271b734e817e7093f4dceec Loading...

	cdn.ampproject.org/v0.js	ScriptElement	284 kB	2023-11-28	2024-08-20
Pretty URL cdn.ampproject.org/v0.js IP 142.250.74.129 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 23:51 Last Seen2024-08-20 17:32 Times Seen84 Hash df3b844c80e523b9b84badc2e8efeec1 242fa02a53432806f0de571b36e0c81c9836385e 0d686f2ab1157df64803644aceb025dda3e21438ee6167951feb732b82c163c5 Loading...

	www.gstatic.com/firebasejs/5.5.8/firebase-messaging.js	ScriptElement	36 kB	2023-03-07	2025-04-17
Pretty URL www.gstatic.com/firebasejs/5.5.8/firebase-messaging.js IP 142.250.74.131 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:59 Last Seen2025-04-17 04:12 Times Seen100 Hash a2c5dc2c7f2a8f427db53334c1656ad6 70a40d4173fbdf694bcff8d74eb9bf0d1499f7ec 55b61bb491d81d60e6c1aa84b59bfc94e96cbbf510138720c2e1536c7ebd1ba8 Loading...

	air168-rtp.click/	ScriptElement	4.5 MB	2024-08-20	2024-08-20
Pretty URL air168-rtp.click/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash deab4f5ec4ab497dedcff3308b46bf01 424ba95467a3dec8a6fb46021ac0a3381a9c1a8a 670d4fa3ecb99a9ca4bb07a3fc5f1c225f7df280abf529fd1d1ed67ad8780d01 Loading...

	cdnjs.cloudflare.com/ajax/libs/progressbar.js/1.0.1/progressbar.min.js	ScriptElement	22 kB	2023-03-07	2025-05-07
Pretty URL cdnjs.cloudflare.com/ajax/libs/progressbar.js/1.0.1/progressbar.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:20 Last Seen2025-05-07 22:51 Times Seen299 Hash 1970f37f615a8339b6b249e396ee7d0d 4c9777e758b9fc1b444e11ec031125e24065fdc9 56ea4cd865555cad9cdd29aae4bc578d41c166f7964ecdf986ed5a97ab2cea49 Loading...

	code.jquery.com/ui/1.12.1/jquery-ui.js	ScriptElement	521 kB	2023-03-07	2025-05-09
Pretty URL code.jquery.com/ui/1.12.1/jquery-ui.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-09 10:55 Times Seen3500 Hash ab5284de5e3d221e53647fd348e5644b 75c20acdc6cbc6334fe2b918ab7afeec007f969e 4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d Loading...

	moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/shims/firebase.js		2.3 kB	2023-05-05	2025-05-09
Pretty URL moz-extension://94b86a3e-a8f5-4509-b451-a3e524e5069f/shims/firebase.js IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-05 23:38 Last Seen2025-05-09 12:16 Times Seen10728 Hash 32d439c9ec8c789e843ae58b6774681c deb2c661dacf46eb3a1eacbba3e430dcf10cc395 f65e83801e16f98e150ae8843afb4c98c0b3ac0fa7fbe5a5ec687b08119732d6 Loading...

	cdn.ampproject.org/v0/amp-iframe-0.1.js	ScriptElement	26 kB	2023-11-28	2023-12-05
Pretty URL cdn.ampproject.org/v0/amp-iframe-0.1.js IP 142.250.74.129 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 23:51 Last Seen2023-12-05 18:52 Times Seen16 Hash 22cbf532a86bfeb9938430233aeac9f2 7771513b95d2ae699630fff0b7e78668d5a431b7 6bebb5a3a14000a9c601f0c5b84508fba2e35d68ed495f8bc83edd5336c40735 Loading...

	cdn.ampproject.org/rtv/012311171837000/v0/amp-loader-0.1.js	ScriptElement	13 kB	2023-11-28	2024-08-20
Pretty URL cdn.ampproject.org/rtv/012311171837000/v0/amp-loader-0.1.js IP 142.250.74.129 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-28 23:51 Last Seen2024-08-20 17:32 Times Seen74 Hash 6bade6be990f97264cdc8b0c6baf6314 5a8537b00cdb22a1635a41907138b8eea2c2b02a 600d54e614ecc2e8c06f0cb077d8973485f4abd2eb0b7e62815b1b173eeaedbb Loading...

		Size	First Seen	Last Seen
	#1 Write - 4f94c875b8907e6122f0864a7af3bde2	3.0 MB	2024-08-20 16:55	2024-08-20 16:55
Pretty Observations First Seen2024-08-20 16:55 Last Seen2024-08-20 16:55 Times Seen1 Hash 4f94c875b8907e6122f0864a7af3bde2 25019089a5b308090f65d4d9f0be26c1855783a4 fa441a7e622d03ebdce983c16c775ed45a4225dea81a70cdc8d123ac0696b261 Loading...

HTTP Transactions (52)

	URL	IP	Response	Size
	cdnjs.cloudflare.com/ajax/libs/progressbar.js/1.0.1/progressbar.min.js	104.17.25.14	200 OK	6.2 kB
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/progressbar.js/1.0.1/progressbar.min.js IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT File type ASCII text, with very long lines (21557) Size 6.2 kB (6181 bytes) Hash 1970f37f615a8339b6b249e396ee7d0d 4c9777e758b9fc1b444e11ec031125e24065fdc9 56ea4cd865555cad9cdd29aae4bc578d41c166f7964ecdf986ed5a97ab2cea49 HTTP Headers `GET /ajax/libs/progressbar.js/1.0.1/progressbar.min.js HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:48 GMT content-type: application/javascript; charset=utf-8 content-length: 6181 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03fac-54bd" last-modified: Mon, 04 May 2020 16:15:40 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 837940 expires: Fri, 22 Nov 2024 17:27:48 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFXOyI3XwK2rPGYYnkSKvqWtQQEp2MMCcREjaVRWwReyR7TZmAIP5qNF7cjRLRAnZr8bjQkxFK8DbwpXCMy0AhBEuewPF0LojhEsf7%2FtCGPjWmUtlhctQYjw6p2q%2BNwV96BVfyJT"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 82fd85be1c73b4fa-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css	104.17.25.14	200 OK	5.6 kB
URL GET HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT File type ASCII text, with very long lines (30837) Size 5.6 kB (5631 bytes) Hash 269550530cc127b6aa5a35925a7de6ce 512c7d79033e3028a9be61b540cf1a6870c896f8 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd HTTP Headers `GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:48 GMT content-type: text/css; charset=utf-8 content-length: 5631 access-control-allow-origin: * cache-control: public, max-age=30672000 content-encoding: br etag: "5eb03e5f-7918" last-modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 653656 expires: Fri, 22 Nov 2024 17:27:48 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kU75F9f5%2BVClH0divoHGQoK25bdpXBfkWtHxe%2Fg6V6yxbKVv0tKpApu%2FBUpfBZnziDQY3QtYq%2Fo8JywpSQWoTjxH3FCyvPaLhr9AfpXpW98WuvE75yzZFnjgll4JdSNazGJt2L%2BV"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 82fd85be1c72b4fa-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	code.jquery.com/ui/1.12.1/jquery-ui.js	151.101.130.137	200 OK	124 kB
URL GET HTTP/2 code.jquery.com/ui/1.12.1/jquery-ui.js IP 151.101.130.137:443 ASN #54113 FASTLY Requested by https://air168-rtp.click/ Certificate IssuerSectigo Limited Subject.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT File type ASCII text, with very long lines (1002) Size 124 kB (124434 bytes) Hash ab5284de5e3d221e53647fd348e5644b 75c20acdc6cbc6334fe2b918ab7afeec007f969e 4f455eb2ddf2094ee969f470f6bfac7adb4c057e8990a374e9da819e943c777d HTTP Headers `GET /ui/1.12.1/jquery-ui.js HTTP/1.1 Host: code.jquery.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx content-type: application/javascript; charset=utf-8 last-modified: Fri, 18 Oct 1991 12:00:00 GMT etag: W/"28feccc0-7f20a" cache-control: public, max-age=31536000, stale-while-revalidate=604800 access-control-allow-origin: * content-encoding: gzip via: 1.1 varnish, 1.1 varnish accept-ranges: bytes date: Sun, 03 Dec 2023 17:27:48 GMT age: 6823864 x-served-by: cache-lga21932-LGA, cache-bma1674-BMA x-cache: HIT, HIT x-cache-hits: 350, 226412 x-timer: S1701624468.184980,VS0,VE0 vary: Accept-Encoding content-length: 124434 X-Firefox-Spdy: h2

	cdn.ampproject.org/v0/amp-iframe-0.1.js	142.250.74.129	200 OK	8.9 kB
URL GET HTTP/2 cdn.ampproject.org/v0/amp-iframe-0.1.js IP 142.250.74.129:443 ASN #15169 GOOGLE Requested by https://air168-rtp.click/ Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type ASCII text, with very long lines (25607) Size 8.9 kB (8935 bytes) Hash 22cbf532a86bfeb9938430233aeac9f2 7771513b95d2ae699630fff0b7e78668d5a431b7 6bebb5a3a14000a9c601f0c5b84508fba2e35d68ed495f8bc83edd5336c40735 HTTP Headers `GET /v0/amp-iframe-0.1.js HTTP/1.1 Host: cdn.ampproject.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-encoding: br content-type: text/javascript; charset=UTF-8 access-control-allow-origin: * content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp cross-origin-resource-policy: cross-origin cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available" report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} timing-allow-origin: * content-length: 8935 date: Sun, 03 Dec 2023 17:27:48 GMT expires: Sun, 03 Dec 2023 17:27:48 GMT cache-control: private, max-age=604800, stale-while-revalidate=604800 etag: "1fde9125c05045bb" strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	cdn.ampproject.org/v0.js	142.250.74.129	200 OK	73 kB
URL GET HTTP/2 cdn.ampproject.org/v0.js IP 142.250.74.129:443 ASN #15169 GOOGLE Requested by https://air168-rtp.click/ Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type Unicode text, UTF-8 text, with very long lines (64684) Size 73 kB (73067 bytes) Hash df3b844c80e523b9b84badc2e8efeec1 242fa02a53432806f0de571b36e0c81c9836385e 0d686f2ab1157df64803644aceb025dda3e21438ee6167951feb732b82c163c5 HTTP Headers `GET /v0.js HTTP/1.1 Host: cdn.ampproject.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes vary: Accept-Encoding content-encoding: br content-type: text/javascript; charset=UTF-8 access-control-allow-origin: * content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp cross-origin-resource-policy: cross-origin cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available" report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} timing-allow-origin: * content-length: 73067 date: Sun, 03 Dec 2023 17:27:48 GMT expires: Sun, 03 Dec 2023 17:27:48 GMT cache-control: private, max-age=3000, stale-while-revalidate=1206600 etag: "1283125788d1ffce" strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff server: sffe x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.gstatic.com/firebasejs/5.5.8/firebase-app.js	142.250.74.131	200 OK	12 kB
URL GET HTTP/2 www.gstatic.com/firebasejs/5.5.8/firebase-app.js IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://air168-rtp.click/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type ASCII text, with very long lines (34802) Size 12 kB (12419 bytes) Hash 4de81e8733af1c90040961e8bddb9a1c ab803fd855772d9ff2e5d7b2b425e653276958f3 a73e6b7e9a591f7ab3704395b03f94b31b1d7dff684fc5943c123f4750b6b680 HTTP Headers `GET /firebasejs/5.5.8/firebase-app.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 12419 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 30 Nov 2023 05:12:16 GMT expires: Fri, 29 Nov 2024 05:12:16 GMT cache-control: public, max-age=31536000 age: 303332 last-modified: Thu, 08 Nov 2018 23:21:36 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.gstatic.com/firebasejs/5.5.8/firebase-messaging.js	142.250.74.131	200 OK	10 kB
URL GET HTTP/2 www.gstatic.com/firebasejs/5.5.8/firebase-messaging.js IP 142.250.74.131:443 ASN #15169 GOOGLE Requested by https://air168-rtp.click/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT File type ASCII text, with very long lines (35800) Size 10 kB (10096 bytes) Hash a2c5dc2c7f2a8f427db53334c1656ad6 70a40d4173fbdf694bcff8d74eb9bf0d1499f7ec 55b61bb491d81d60e6c1aa84b59bfc94e96cbbf510138720c2e1536c7ebd1ba8 HTTP Headers `GET /firebasejs/5.5.8/firebase-messaging.js HTTP/1.1 Host: www.gstatic.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK accept-ranges: bytes content-encoding: gzip access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js" report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]} content-length: 10096 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 30 Nov 2023 05:37:12 GMT expires: Fri, 29 Nov 2024 05:37:12 GMT cache-control: public, max-age=31536000 age: 301837 last-modified: Thu, 08 Nov 2018 23:21:36 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	air168-rtp.click/search.png	188.114.97.1	200 OK	7.7 kB
URL GET HTTP/3 air168-rtp.click/search.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 600 x 598, 8-bit/color RGBA, non-interlaced\012- data Size 7.7 kB (7697 bytes) Hash 7565b5e7041e4ccdab8553289eb77b4c da15b94bbb6302d4862940e2a5a680d2bf6fc5c8 88b11c80c165b901b6c1e6de10bddc9e1aa0270745d2ef7d9f652e61008e8872 HTTP Headers `GET /search.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/png content-length: 7697 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eaiuwaLW1zWxHvMZUk5Egbe%2FiUQxhGfiEDiyp8g2wTe%2F9Rs%2FzEjvD%2FEOcRQ%2Bnfe%2BObCC7UDWPMvLzRKbdmP5S24qwXmnUD%2FP1%2B2DyAlBMqUw5PEWoaT0a5P6%2Bx%2BktLKSWWg%2B"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c57d98b524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/sad.png	188.114.97.1	200 OK	8.3 kB
URL GET HTTP/3 air168-rtp.click/sad.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 246 x 179, 8-bit/color RGBA, non-interlaced\012- data Size 8.3 kB (8278 bytes) Hash 3f27ef15fa733c428dcd5d378141129f fc23cad7f675c9cf00481a1c9daa231b05ea3fc5 8bc800297c808160b7ae93f14c32e5e7bb15601511def082239d4193255b8fe1 HTTP Headers `GET /sad.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/png content-length: 8278 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z7ksK%2BylvD44ZJ7Wc7BaVT9ggdWfPIFJ9EDf5THmWj5%2BW%2BbonrmhEmiivtonWRmWuaIq3hS4Fu3I%2Bj1vyXNDL3dYWvH7zAgd%2Bwl1P7q8qxlGrG%2B3GsBmvtD64Yvvq%2BcLYB0w"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c5adcbb524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/home.svg	188.114.97.1	200 OK	78 kB
URL GET HTTP/3 air168-rtp.click/home.svg IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (825) Size 78 kB (77845 bytes) Hash 53fc3e894dcf73fed45a06a607313c9f dee9bbb1b4232ff8163c5f4956a2faa04b87d477 0fc4fb1642e866e62e633c61eff89dfeff69ed24525b7e4d5bf80273d0da3c7d HTTP Headers `GET /home.svg HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/svg+xml last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hdOOhEg3znkN81Zkc%2FZtHSL2TIfJxbBOvOvWPgYJ%2Fa92zDucjcbfhGVZCM%2Fgra9%2FQbB55bHZxEBt8Uny3VDUkRmdRawFzfMbCJqmrLyJ9vvm673xRCUJRbtYhG9DJClt%2BSpu"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c58d9ab524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	cdn.ampproject.org/rtv/012311171837000/v0/amp-loader-0.1.js	142.250.74.129	200 OK	3.9 kB
URL GET HTTP/3 cdn.ampproject.org/rtv/012311171837000/v0/amp-loader-0.1.js IP 142.250.74.129:443 ASN #15169 GOOGLE Requested by https://air168-rtp.click/ Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type ASCII text, with very long lines (12615) Size 3.9 kB (3937 bytes) Hash 6bade6be990f97264cdc8b0c6baf6314 5a8537b00cdb22a1635a41907138b8eea2c2b02a 600d54e614ecc2e8c06f0cb077d8973485f4abd2eb0b7e62815b1b173eeaedbb HTTP Headers `GET /rtv/012311171837000/v0/amp-loader-0.1.js HTTP/1.1 Host: cdn.ampproject.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://air168-rtp.click DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK accept-ranges: bytes content-encoding: br access-control-allow-origin: * content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp cross-origin-resource-policy: cross-origin cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available" report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} timing-allow-origin: * content-length: 3937 strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Tue, 28 Nov 2023 21:31:55 GMT expires: Wed, 27 Nov 2024 21:31:55 GMT cache-control: public, max-age=31536000 etag: "53fc57f869c7e77f" content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 417354 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	cdn.ampproject.org/rtv/012311171837000/v0/amp-auto-lightbox-0.1.js	142.250.74.129	200 OK	3.0 kB
URL GET HTTP/3 cdn.ampproject.org/rtv/012311171837000/v0/amp-auto-lightbox-0.1.js IP 142.250.74.129:443 ASN #15169 GOOGLE Requested by https://air168-rtp.click/ Certificate IssuerGoogle Trust Services LLC Subjectmisc-sni.google.com FingerprintE4:33:2C:42:1C:4F:E6:01:93:AD:F1:5F:70:4D:33:1F:3B:5F:AB:DE ValidityMon, 23 Oct 2023 11:20:02 GMT - Mon, 15 Jan 2024 11:20:01 GMT File type ASCII text, with very long lines (7690) Size 3.0 kB (2981 bytes) Hash 3d563ff38b734c6bc3aed47141e8040e c6f4f93b089785efafade8dab4fa7d2b4fed113a 9490f2bb8d22cf23953bd1cc028e6405f228e7918b18aa914fa8f56ba9db0087 HTTP Headers `GET /rtv/012311171837000/v0/amp-auto-lightbox-0.1.js HTTP/1.1 Host: cdn.ampproject.org User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://air168-rtp.click DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK accept-ranges: bytes content-encoding: br access-control-allow-origin: * content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp cross-origin-resource-policy: cross-origin cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available" report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]} timing-allow-origin: * content-length: 2981 strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 30 Nov 2023 00:05:09 GMT expires: Fri, 29 Nov 2024 00:05:09 GMT cache-control: public, max-age=31536000 etag: "c752a0bdfe6b8e6b" content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 321760 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Queen%20of%20Godssss.webp?v=7.0	104.21.233.199	200 OK	14 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Queen%20of%20Godssss.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 14 kB (13922 bytes) Hash a977e6aa881f265924fd4faf5bd3c551 fb1891c47e3f4969d206cb40a6774cd1565dd50c 75ee4d44e738e56a0327ab4ff0503a5e66ffed46130a0a6f9f8803a79e6eac43 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Queen%20of%20Godssss.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/webp content-length: 13922 last-modified: Mon, 01 Aug 2022 00:03:48 GMT etag: "62e71864-3662" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kU6laqyDkEyp6S8p1I9JZcsmBafOckMupn4qRahDOHhuJ8tDKsmhQG8brE42SubOskNK6lwuRt%2FW7noqBf8Ql34VLr98ju5ZoTrf9oXtXVU8LDH%2Fjv5bDt0QvdCyIwltc2rJ6ksmTA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d070b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Aztec%20Gems%20Deluxe-minw.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Aztec%20Gems%20Deluxe-minw.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (15216 bytes) Hash ad7dcc95fd62f4bc7eef5edb53539d85 76a7288240f2ebe97274caa8ce005b8a6cecac6e bdaf1119f9424fc76ad4276f2c66164a16229271203d016f6f9cb70814f3bf12 HTTP Headers GET /idnsmedia/is/slots-v3/pragmatic-direct/Aztec%20Gems%20Deluxe-minw.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/webp content-length: 15216 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-3b70" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cGrw3uZzKsdAP96kry8Ew5SCQ6zgVhj8tXXteHkW8KpHy%2F8xov7rCfOULgktOSY8LKFbdTGFJScNOtm4761w94H7xsXOiQcsJEo%2B%2BXSxG9ZmGUrpWsbwpr3ZKjubmi9h%2F68pYyWFGw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d090b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/Mahjong%20Ways-min.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/Mahjong%20Ways-min.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (15292 bytes) Hash 32060d121da4aa566775678e623c7ecf d55072daedfe72e38b7d9bbff90b9c2a14bf6d29 56a31791925de7b572334f737149dda45d08727f91d433ef230fe227424a30b1 HTTP Headers `GET /idnsmedia/is/slots-v3/pgsoft/Mahjong%20Ways-min.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/webp content-length: 15292 last-modified: Wed, 16 Sep 2020 04:56:59 GMT etag: "5f619b1b-3bbc" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t3JrpPVuv6VX18bEPgV0KR3X6TAuxiEgWdM1D1CPDUmtleTeDV7T1WHlu8Y7CL4N%2Fe9jdCdom3vP0IeSDhna%2FRFIB6Aj%2FQFHKBfj%2BvThJeh9xCCpz2OwbyJEZyrb1EN86PweHYHP2A%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d030b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Sweet-Bonanza.webp?v=7.0	104.21.233.199	200 OK	5.2 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Sweet-Bonanza.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 5.2 kB (5190 bytes) Hash 1d0fc0d6fc0871dec635ebf490e64516 140a937c7687cd50cc7248362d3418cb1c454259 9099779f5a8fbcd041012bdfb50b9b4f82230687642b85a64e390a4ea2f9f304 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Sweet-Bonanza.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/webp content-length: 5190 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-1446" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FJQG7glI0nZleDP1HK3gCwuspeUemt%2FtlIdnE4SPog89lTR5X0k8o1XGlLgpE%2BKlt3WQ4Ri2kEQAQxuAV7c%2FSETc0S%2ByZWRm73upH6%2BCg3uEUlegDejF9NN2buYqJr9spIbmR5utEA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c77d430b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	air168-rtp.click/20230130023250.png	188.114.97.1	200 OK	4.9 kB
URL GET HTTP/3 air168-rtp.click/20230130023250.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data Size 4.9 kB (4869 bytes) Hash 722a2575e4987b55712435e5adc7c13c 8410b0ae490da7d65fe6e2505b8d5cb6519de1b2 4b988596b60aa57af5aea4a1a1abda348bb4f5b49c5acdead8f7768a1fe410e9 HTTP Headers `GET /20230130023250.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 4869 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWSaoHvs6urCKEKmz%2Ba7DiASh5Y7VFWa4hScXsJcSqH05ZaV3SYgIue038mqthHZQuLWAVY6AzQJ6prLMdPoUGBD3CvzhAOGR8N1oucpCeIVtujEAw5aS875Aeg%2BMWHx7ht5"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c7d93bb524-OSL alt-svc: h3=":443"; ma=86400

	i.ibb.co/JC4BgyX/freebet-air168-home-20235338175338-1.jpg	162.19.58.160	200 OK	75 kB
URL GET HTTP/2 i.ibb.co/JC4BgyX/freebet-air168-home-20235338175338-1.jpg IP 162.19.58.160:443 ASN #16276 OVH SAS Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectibb.co FingerprintCC:72:96:95:90:7F:15:8E:AC:C5:40:3A:D2:6F:83:A3:DF:5E:72:56 ValidityMon, 09 Oct 2023 14:39:49 GMT - Sun, 07 Jan 2024 14:39:48 GMT File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 640x192, components 3\012- data Size 75 kB (74987 bytes) Hash df8b3ba35c0b9d35847c29a1c189e373 600c348f6df9079cebdb7f6b79c0dc5700896042 7bbe649cf5f75f61da373fa98996a8e946ff4c6f9fe125f7ed5e042d89d3568c HTTP Headers `GET /JC4BgyX/freebet-air168-home-20235338175338-1.jpg HTTP/1.1 Host: i.ibb.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/jpeg content-length: 74987 last-modified: Thu, 19 Oct 2023 09:27:25 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * access-control-allow-methods: GET, OPTIONS accept-ranges: bytes X-Firefox-Spdy: h2`

	i.ibb.co/vD5wKHM/Logo-air-final-20235706175706.png	162.19.58.160	200 OK	170 kB
URL GET HTTP/2 i.ibb.co/vD5wKHM/Logo-air-final-20235706175706.png IP 162.19.58.160:443 ASN #16276 OVH SAS Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectibb.co FingerprintCC:72:96:95:90:7F:15:8E:AC:C5:40:3A:D2:6F:83:A3:DF:5E:72:56 ValidityMon, 09 Oct 2023 14:39:49 GMT - Sun, 07 Jan 2024 14:39:48 GMT File type PNG image data, 600 x 180, 8-bit/color RGBA, non-interlaced\012- data Size 170 kB (170054 bytes) Hash 2b08b626ae7c55d687b01f293abcf509 adef798de89583e20d9d915aa8db646c91cb3405 70814d30161ad3b47d14ea5bc775b8945057613d58e0fdc19f209bace4d65ba3 HTTP Headers `GET /vD5wKHM/Logo-air-final-20235706175706.png HTTP/1.1 Host: i.ibb.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 170054 last-modified: Wed, 18 Oct 2023 10:44:27 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * access-control-allow-methods: GET, OPTIONS accept-ranges: bytes X-Firefox-Spdy: h2`

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/5lionsmegawaty.webp?v=7.0	104.21.233.199	200 OK	14 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/5lionsmegawaty.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 14 kB (14378 bytes) Hash 9804d206aeb83f70b8cbb254d1a1f323 6c7b971f85fb7dff8a84ce19ae2e7a1738876086 901c76f61b724dc998607895e19fdb605113b183703a9df492141e713f9989f4 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/5lionsmegawaty.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 14378 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-382a" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fQBuvC7v%2B032LejGxryGfOfqOCGTKVd1WLipgLVSMBJ7KdHeX0KsDULPyax68SuS5uKtKB6jkKTT1IVmc0KKbxHbsk1PmFIFl56TinFGovcwMl%2BAY7B5TvLJfySnCODNFX%2BLiTuvg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c75d0e0b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/fruitparty2.webp?v=7.0	104.21.233.199	200 OK	13 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/fruitparty2.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 13 kB (12688 bytes) Hash 2abaa2f80bcd5f9aca18a31519c39616 a54a111d800a8d9ac353a3f5cea26dcd709ce346 b1bb46b2277212544371928220f8c1d7e56b14308e239f619ff9c09ca8b589d0 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/fruitparty2.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 12688 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-3190" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jgLWUy70Mk6QqAClRdvKdDRRJqkwhG8ryejuenoFinrVD6AamJF1hB3LUxNr%2F2zS76OXvkpE1ousgshzeVebTOvFKGjMGSkDD4Ps5povJ90q%2BI1ZeahEqQsPH0ZME0q%2FZWDMwDM%2BjA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d040b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Pyramid%20Bonanza.webp?v=7.0	104.21.233.199	200 OK	9.2 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Pyramid%20Bonanza.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image\012- data Size 9.2 kB (9184 bytes) Hash 75dd00392104cf904a9566e93d6a6f58 4b60901571165f4a62a60cea94dae9b52f4fd3ee 5f9f441c90fd8a69f889dc23ac0d64e4d52f496ab3401e0ebdbfd2c2ef1d2f62 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Pyramid%20Bonanza.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 9184 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-23e0" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pqpx1PfiRGKUjpm2rzD17ew%2FGqh7UFxz4XOOTIoOJZUXO0TDhQpxS5JotUutF6IMc0sd%2F5coWoCMuUJEsWpno2bCncnF8S%2B7uY2sxC2GTVDqM5n%2BPRidVUCwHJURDMaXrJ3T0MV%2BjQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c76d270b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Jade-Butterfly.webp?v=7.0	104.21.233.199	200 OK	6.1 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Jade-Butterfly.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 6.1 kB (6062 bytes) Hash e6b208947f7bdd0f8424bcdd4fb93a72 43ed8d9e300830eb8c1ba0fbb7a49875ecf0b1cd 968e4aa44168b9ef6bf58d69cf6f20b1789aee368a716b676894c29df0e99eca HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Jade-Butterfly.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 6062 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-17ae" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DH%2B3HUyNnUTMrw0t9ho2bBxC%2Bp0GHSj1MjRakFwsofycPOvXRs%2Bsw0lNgJVqrNRCvEwQFXqAIU0fzeiBkNm%2F%2BM8g9xmldTadByv%2B7tRskrYxg9I1Fgasn%2F8qwUWavSrt%2FPEG73Wpw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c75d0f0b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Journey-to-the-West.webp?v=7.0	104.21.233.199	200 OK	4.5 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Journey-to-the-West.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 4.5 kB (4528 bytes) Hash 386990fe570abdb4144c24abbe944c84 a99755a55f3a4ca1bb76b27938ee3327de8575c7 8cc96556cc9800ec750b221a2ab6fc24d3c3d9d031607907c50ac860fb913df1 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Journey-to-the-West.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 4528 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-11b0" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jqFWyunAzyATIhOGmnYdE6Yga62Yu9DTHdCO20ab0jhbgmpOxBdbZkalz6QS72FGKXZm8MvWRG6Y%2B%2BcX8Rxna%2BGrseUlOZH9CgACxnc4db7GzooSHs833S29lzNGytbuqQA9bMlofA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d050b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Cowboys%20Gold-min.webp?v=7.0	104.21.233.199	200 OK	12 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Cowboys%20Gold-min.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 12 kB (12448 bytes) Hash 63918c89f2aaaf91366b2963a80c4f02 d2f8f0f17ca94607240418bfc019d6b39d816f76 163666ac481e8e6badb5f4433e22c63c8b2521e7fbbe6b7bf0db2decb1dbd8f6 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Cowboys%20Gold-min.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 12448 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-30a0" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TaCFqjRBVauZ35a%2FkGkNzi%2FZWs9xhRLcbvZaBsHuAv3m0XRaT380yko0W8LgTuUWTqjgDSHR0dwvtN116e7FsTy%2F8a%2FYYafmwNlId%2BKswKxkzlpbrSVckhDVS7Koy3Uv047FM6miWQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c76d210b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/r3r23rGates-of-Olympus.webp?v=7.0	104.21.233.199	200 OK	5.0 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/r3r23rGates-of-Olympus.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 5.0 kB (4972 bytes) Hash 1e4b79afb2405cac9b4f0382a49c2fd7 0100ff7717bef115e13dc1d11ee0d960de4b78da 27231200d7320918c013a0aa68d51a74535f1283d80676c99a1e2a5f30b190b5 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/r3r23rGates-of-Olympus.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 4972 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-136c" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UBPzIC7G21GQ1Kwc9aH4tmE6zhm4s%2F1su3FmIGY4ED%2FOkIcSpOG4aQHUaaPNfwYKJapgkA0lEiu8AkH00Bloq%2FbQOne%2BsPfUjNOnnscQX3ryY5XbLAig3%2BCJ547q9LwAtinXqjQ5LQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d0a0b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/Lucky%20Neko.webp?v=7.0	104.21.233.199	200 OK	14 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/Lucky%20Neko.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image\012- data Size 14 kB (13702 bytes) Hash 77bcf904ce5eb80145b2f51f8436d960 5a932a2057504364bc93d7ef604976404144e332 13d98e65005694b00eff831516feea10096d38e8e20517f345e4a43c58e4d825 HTTP Headers `GET /idnsmedia/is/slots-v3/pgsoft/Lucky%20Neko.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 13702 last-modified: Mon, 07 Dec 2020 06:07:17 GMT etag: "5fcdc695-3586" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVYxl2GwZnZ0vlxhOoZBcOfgXQsHZelUc8jJQMUNrjXP5bDVgEouQYAURpsscdX9IKeZX7dzgAk4cbZHk7llisTcvs9h10Fu1HZcQz4wPfonaePXZeHRk9mFKlXymIZArJpQ18gdNw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c76d200b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/wildbantido.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/wildbantido.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (14902 bytes) Hash 1b57ea0b35870d2d323ebeca556e8f52 3a0b228e895109f5635262dc2771abdaa6fa552f 2199bbe2aa6a145ad8798b9461f125861060730273f64c4222054d347a48f813 HTTP Headers `GET /idnsmedia/is/slots-v3/pgsoft/wildbantido.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 14902 last-modified: Fri, 21 May 2021 04:42:54 GMT etag: "60a73a4e-3a36" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4dYR%2Fr%2B5vgkUEfSggLzUJfuyLSfe5u%2Be6kl%2FNShTJzcbEpEKf1nU20YcMr9eOkzhuenZYL8vG9n1L2OCc%2Fvye7VZ77yOhnUcvObx0stS5YTylpCTPxwZV2fDuVOLXv3vNZL7hhOQXw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c77d3f0b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	air168-rtp.click/	188.114.97.1	200 OK	183 kB
URL User Request GET HTTP/2 air168-rtp.click/ IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (63543) Size 183 kB (183131 bytes) Hash 7b0865aad26f310b8dfe8b513f7871a8 f98956f1332a8c0830097b606ec0e711435aede7 b7186b40fcc1596b88d5da7e1d0ea1547331fc9994b5a58bcbb2372924446574 HTTP Headers `GET / HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:47 GMT content-type: text/html last-modified: Tue, 28 Nov 2023 18:04:31 GMT vary: Accept-Encoding cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FEyruWVf5wArZh78ThZPsfLEaIeVamevuG1J7yvE03de13JS7JfsO4o8jaTx88qNHfmfu4bnXc1VanH%2B%2BAGEJXYc5XnWFVGAhGc3RqEC99yYQMK5I%2Fi4ow%2FJe4%2FwUBuDns8"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 82fd85b9be7556a2-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Dragon%20Kingdom%20Eyes%20of%20Fire-min.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Dragon%20Kingdom%20Eyes%20of%20Fire-min.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (14986 bytes) Hash 62116f2dcfef248e4f207f84493b93a5 c20968e59cca439a9a71365de6ff7cf6c4f1346c 3bd1b71d2d6095ffdec09ce1f9e54b561f2272cf07a1c58da15f208f1d95c593 HTTP Headers GET /idnsmedia/is/slots-v3/pragmatic-direct/Dragon%20Kingdom%20Eyes%20of%20Fire-min.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 14986 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-3a8a" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DiYAdlj2t8kQ9sPTU4Sd2E%2BYLrlpEOySN3OioxffXHPOaIwUy4wO8tUAxaHCtQx%2B7p%2BaJDnb8v9zYS4EReqvTGodmNWNDJUO3p37SEs5dbzB4D%2FLMd%2B0pK86wj27bmlSTWsJ0n29Ag%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c75d140b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Sweet%20Bonanza%20Xmas.webp?v=7.0	104.21.233.199	200 OK	5.0 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Sweet%20Bonanza%20Xmas.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 188x125, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 5.0 kB (5016 bytes) Hash 4f65c6c986c312ad0c689250f92747ce b3df3936ab1d939cebee2fa2ffed60b7a2676b73 a089f539d19106159c776ef51f8a7523c9cbce5ad025eeea3cefaeea73889583 HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Sweet%20Bonanza%20Xmas.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 5016 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-1398" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pjjK2TLAWdHUG4MmLf6kNLD5v%2Fl%2FyPgihVSQJ2HSaa7XP%2FArtJBvrZk7GjgKqRJjwOG3oTeDpI9%2BeP2tTFvD4pvyu0y2HVvqCkdyFk1XuMrrcN6FEmOlLb8IcV5%2Fs450KUxI21OcVg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d060b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/Mahjong%20Ways%202-min.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/Mahjong%20Ways%202-min.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (15082 bytes) Hash f66a61a7572492511e76ab7493c7685b 75d5c2bb8b05e5e4a238361ce5747ebf928f9b4a d2ac70c549bcd0db7e43a205debe7204937f6cacb76ce959d5551858442282bb HTTP Headers `GET /idnsmedia/is/slots-v3/pgsoft/Mahjong%20Ways%202-min.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 15082 last-modified: Wed, 16 Sep 2020 04:55:56 GMT etag: "5f619adc-3aea" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a05T4Bbfii5KqoN9FR3Du8e83GIRf40A2mGQXPKsAqPxoM7%2BWZpvoNG1smaN12LwWcplerMhWLMsiFuwhUkSWDpGEbHy17pqda%2F94QTFm8O%2FkkouafDoBtqVPDGANmD86%2BHubQi3pQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c78d600b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Eye%20of%20Storm-min.webp?v=7.0	104.21.233.199	200 OK	18 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Eye%20of%20Storm-min.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 18 kB (18056 bytes) Hash c6e01c3c55164db15e1a24426e5463a7 873c56b78c12986e2f4500dc79ea62cd6f4c0e2f ec4b980e5c789ca45bb4bc593d4ab7b776905ccd20c6ff3e0a2b47140321855b HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/Eye%20of%20Storm-min.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 18056 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-4688" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7zClYl7EdRBwwDBxLuaYSYlRSxiZkIMcj%2BdieqlhtRKwJ%2FWqebgqWk3gz5rM1fd%2B9aHXufmo7wU7S26LjxpuMZAfaj8YX%2F1f7JKfRKoEmjqE7VO%2FRJXHS9dNj5GhpvdukYK5rJ7jWw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c78d650b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	air168-rtp.click/livechat.png	188.114.97.1	200 OK	2.8 kB
URL GET HTTP/3 air168-rtp.click/livechat.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 128 x 128, 8-bit gray+alpha, non-interlaced\012- data Size 2.8 kB (2842 bytes) Hash 5553406956578b9db2aa23079f1c0259 79f7db923646dac18ee998a932ed36c734000811 aaae9de5bce315729b0cc99fa70675b74b1896916c4334bf7997afcf80513b70 HTTP Headers `GET /livechat.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 2842 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9jF6pz6wHELk26wwpdIJmEq4BNsau1hkwOUlk6c%2BsTNE6sNEGCrvbKKgvh%2BPOCSAHn2mEwupLa1AZQ5B9l9R7T6Sg9gRXofDmlUFytVVEBz7ouSUVnO1FVyRUTqSCmwiaAGE"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c58daeb524-OSL alt-svc: h3=":443"; ma=86400

	media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/waysoftheqilin.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pgsoft/waysoftheqilin.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (14810 bytes) Hash 0fdd3532c61e3b983cb2792479c85548 6197cf1490396e1ef54fd4f90f6245348b5cdf15 3ebd347b8dfc1a1034e75c9122d4ca0a4b3f9fcd6cbc3b3d7bbc5d2a4a3dd3a7 HTTP Headers `GET /idnsmedia/is/slots-v3/pgsoft/waysoftheqilin.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 14810 last-modified: Tue, 15 Jun 2021 09:09:29 GMT etag: "60c86e49-39da" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6yPSQIC%2FNfki4kfMod3EMDydCY2AAEpocvvl8DPO9%2F8doF24tR6QSgQaxwHPPKqWwtVHn8Dm0iA%2FKrsMrOfrUEmpbT9wuHJyiXvgpaFG1t8R44y8LRSF5YkaCivl1w8NggUdQAqGg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c7ad7f0b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Gates%20of%20Gatot%20Kaca.webp?v=7.0	104.21.233.199	200 OK	14 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/Gates%20of%20Gatot%20Kaca.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 14 kB (14124 bytes) Hash 601086f39ec06aee80e2a689de40d273 ee8f8b15623b607f344413cc2a8b518199a1631d d9a4e011f3e6f33f8ec670742813b48643f5018cb054b44dc611b6394548996e HTTP Headers GET /idnsmedia/is/slots-v3/pragmatic-direct/Gates%20of%20Gatot%20Kaca.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 14124 last-modified: Sat, 03 Dec 2022 14:24:11 GMT etag: "638b5c0b-372c" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AgxWAGzm1bzMhbmezAOgnnAEDnTdySFCifzP57F439Y8xncuIuzor%2FRRW2elTW0AzjJ21FlxNZWK9QUUx0Ai1cuY8Btx5ezH%2F%2FYfedDsJtgX%2FQIFyv5Erdwqyx9j0vkUa4Xt1GPW9Q%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c74d080b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	air168-rtp.click/20230130023257.png	188.114.97.1	200 OK	3.3 kB
URL GET HTTP/3 air168-rtp.click/20230130023257.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced\012- data Size 3.3 kB (3282 bytes) Hash c5c7b8b2f7661ed746bb3d37bcf17d12 bcfe7a3cee22f0dfaefa20ef0e0f88e0ea66400a 698bbbd7a5d1a2861fcbfbf5560226fb9f8c2cf66d4b95c8e75fbf0b8ccc729d HTTP Headers `GET /20230130023257.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 3282 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fHOvwY4fhNvdpb68ALEor7N9szs66A5HYyobAwUxiOt8Pekf%2FPjVFscKX41Pc4Bcphda9f2YDvBcwzKRZOob05HXv7YsNIK5YebfwAAyMyiqzMxPRhOOu2qdbU2iEYHAsz2d"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c798dbb524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/20230130023242.png	188.114.97.1	200 OK	14 kB
URL GET HTTP/3 air168-rtp.click/20230130023242.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 2057 x 946, 8-bit/color RGBA, non-interlaced\012- data Size 14 kB (14004 bytes) Hash 93f06d3339ad9aba4283ec6ac1664cc5 fd9ca2d23dee5d06883e1b27d1d7fac035b18dd2 3a32db7cfc6b2a9832e0a78a451f19bc9aabfd101cbb3f7d0f7dbf3a1d3dd20f HTTP Headers `GET /20230130023242.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 14004 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xeh%2FSQwaMlObuXNwcsTLxYD8XD%2FpuV6PsWWZuV1caTO3Kbj7KADDI8AX%2FIy5WW1SraetT78Z4otkGyKfxPAZ34HMtduWL4UrqWcSU4Ix4Y8gBfoke5A5ctrrJdeVWlZcJIW8"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c778c0b524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/20230130023413.png	188.114.97.1	200 OK	7.4 kB
URL GET HTTP/3 air168-rtp.click/20230130023413.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 300 x 106, 8-bit/color RGBA, non-interlaced\012- data Size 7.4 kB (7393 bytes) Hash 7c3386942a12b5f9e730684cc278c098 d0a63f4412f6f79636ae35268010217d2b05e39f 4ef33cc98cdbcc5a681291db2bf58149fff46de427d008979ff668dd6c7578c4 HTTP Headers `GET /20230130023413.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 7393 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3UiEXPTfvB6Jlb3I%2BpaxBm%2BM2HMv2bnzUjHgXtSEqLYNRK5fCWrhIGWqzaMQRquFg3Dg6joA0bNkDFL1lQYIsDXyX0nUxQMX4gMSegI%2FX8KHKEbjvO5EcdBzjcjVOlnBObE"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c7a8f6b524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/20230130023713.png	188.114.97.1	200 OK	13 kB
URL GET HTTP/3 air168-rtp.click/20230130023713.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data Size 13 kB (13177 bytes) Hash c9fa1423f230e6e89b3ce1a6a18bc255 c8d4ece2d96e14f5b34772c092cfeec85e1273d1 11e8a3ecf434ae9fa110d2b03e02f74450c30e662eb2b7d2d1a7ee0847551e90 HTTP Headers `GET /20230130023713.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 13177 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uYS92ndFpUb9vrFTfQyeGD3zsiNq7b4XMIkXGThmfweb7OmsZPO%2FYFpBHLqFSWninkWzmmQapKZ6guo3zg41SuMXFuxEXIywH8fiVXbKk5X5CjwcF2bpIUMnYeq%2FtniP84lW"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c778beb524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/20230130023729.png	188.114.97.1	200 OK	2.6 kB
URL GET HTTP/3 air168-rtp.click/20230130023729.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data Size 2.6 kB (2561 bytes) Hash 57740303925ade324528d10d4aab8317 668382062b34adfc976f35cc2e4eee80be33921a b217ad9459e15aa78cb865230d8aad2dde351a5f329be35db007dc7b50e992a4 HTTP Headers `GET /20230130023729.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 2561 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnTYt6qPgDYifYwu3oX4s40muPkhYszVdUKKcpDYtzWnJKXNO3XNho1cX%2BDiNiDk3Aiwk05EvJi%2BtA9EDldUgg89q%2FmN0gb4ciWpSCvP8pBmdoelDJLNDrVVA57EKJn1NkpX"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c7d93fb524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/20230130023514.png	188.114.97.1	200 OK	12 kB
URL GET HTTP/3 air168-rtp.click/20230130023514.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 229 x 255, 8-bit/color RGBA, non-interlaced\012- data Size 12 kB (12270 bytes) Hash b3257e9400c2e853dca2ca6558a18ff8 5c93d57268df071f78de49d11366326fad83909c c1aeeb27270d3a56e661aa9fd8c4c610801abb2c68453c22febb2b1b0ff0d6bc HTTP Headers `GET /20230130023514.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 12270 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xi9mkgE18fMuHPQVH998ZF5VOwBSKjUMxcTx97E7j6MOipc7wUmVu%2Bdy7PDmVv8Z3nBH%2Bx61itdLBEx5VMqocmngrcS8ujDJxS44PYFDBayQPlkXRudQnEOZFiFiwudy6mrf"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c7e944b524-OSL alt-svc: h3=":443"; ma=86400

	air168-rtp.click/20230130023214.png	188.114.97.1	200 OK	24 kB
URL GET HTTP/3 air168-rtp.click/20230130023214.png IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type PNG image data, 466 x 665, 8-bit/color RGBA, non-interlaced\012- data Size 24 kB (23587 bytes) Hash 7aeed7d5971ed924c44a8b2864c0d560 63900b427080879504eb4a1f4168add61de8f343 af70dd6eccb09e6590067b1f39aa2197af80f5abd6b50c300ee87baadc3d3c75 HTTP Headers `GET /20230130023214.png HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 23587 last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KGesqEKaXy8tYoeqIVQ4RQdl%2B%2FUjzqRVg2YQeASzPt06fEh4%2FzcDWkU2DMuBgQbUvMVs84CfDXY7wJwMz98HVhUV7pDq1jBp22V6nApid8cAQrWrC5B7Ma%2B6eAsUgir6RUKU"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c778b7b524-OSL alt-svc: h3=":443"; ma=86400

	i.ibb.co/cvJHmJm/air168icon.png	162.19.58.160	200 OK	3.4 kB
URL GET HTTP/2 i.ibb.co/cvJHmJm/air168icon.png IP 162.19.58.160:443 ASN #16276 OVH SAS Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectibb.co FingerprintCC:72:96:95:90:7F:15:8E:AC:C5:40:3A:D2:6F:83:A3:DF:5E:72:56 ValidityMon, 09 Oct 2023 14:39:49 GMT - Sun, 07 Jan 2024 14:39:48 GMT File type PNG image data, 32 x 32, 8-bit colormap, non-interlaced\012- data Size 3.4 kB (3412 bytes) Hash 2d2a208518fc5e6dade1bef247309680 ea5a355439ea18feafa1d21594188d3ec1f5349c 88493d6ee8f86739ebe59071f14f5b91df14f8ed4dd7de100eb588ed939ec021 HTTP Headers `GET /cvJHmJm/air168icon.png HTTP/1.1 Host: i.ibb.co User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK server: nginx date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/png content-length: 3412 last-modified: Wed, 25 Oct 2023 07:34:10 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT cache-control: max-age=315360000, public access-control-allow-origin: * access-control-allow-methods: GET, OPTIONS accept-ranges: bytes X-Firefox-Spdy: h2`

	air168-rtp.click/icon-pengumuman.svg	188.114.97.1	200 OK	580 B
URL GET HTTP/3 air168-rtp.click/icon-pengumuman.svg IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (600), with no line terminators Size 580 B (580 bytes) Hash 6eb843fa8e73d77e2e847b5bc48e5859 8566caa924b88fd3886e98de16aa53a04036cf7b 181222a3ca1d19eaf0f6ae64417b32aa2df7b6e4101493245914a12c924045b1 HTTP Headers `GET /icon-pengumuman.svg HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/svg+xml last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dL7TEHP7YTYruFi3zxAERD9aRWynt34bAII8dJJA%2Fw9o06CcfxepOgY7UrVlXmrzCrTBCk8ShMvmahhoI%2FmqTtaGHenVOCMefsvSBivVf0ftKaJPehxO8L2V1kr44grAvmaF"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c56d63b524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	rtpair168gg.click/	172.67.160.212	301 Moved Permanently	4.9 MB
URL User Request GET HTTP/2 rtpair168gg.click/ IP 172.67.160.212:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectrtpair168gg.click Fingerprint07:AF:C7:CB:AC:2F:12:12:3B:00:78:04:CC:18:2B:93:4C:99:0D:FC ValidityFri, 01 Dec 2023 15:20:56 GMT - Thu, 29 Feb 2024 15:20:55 GMT File type Size 4.9 MB (4878769 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET / HTTP/1.1 Host: rtpair168gg.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 301 Moved Permanently date: Sun, 03 Dec 2023 17:27:47 GMT location: https://air168-rtp.click/ cache-control: max-age=3600 expires: Sun, 03 Dec 2023 18:27:47 GMT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZaaRmiXyvA1rAIVMF5HbMyeLZf3dsz8AHDWm9oy2UFaHeW10Al4nCEfomqnQAw4qeMmW5isaPmd%2FV2ejohLAPREi96AotRaLRseK8yOOkK6aBaYB8iXH%2Fute23aTvYKhegwnw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85b91db056a2-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/starlightprincess1.webp?v=7.0	104.21.233.199	200 OK	15 kB
URL GET HTTP/2 media.fastchecker.us/idnsmedia/is/slots-v3/pragmatic-direct/starlightprincess1.webp?v=7.0 IP 104.21.233.199:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectfastchecker.us FingerprintF6:15:6F:60:D6:9E:67:BC:FA:17:C9:24:C4:9D:C9:7C:B9:0E:F1:6E ValidityThu, 05 Oct 2023 14:40:19 GMT - Wed, 03 Jan 2024 14:40:18 GMT File type RIFF (little-endian) data, Web/P image, VP8 encoding, 376x250, Scaling: [none]x[none], YUV color, decoders should clamp\012- data Size 15 kB (14832 bytes) Hash 798093df66475ebbc4002c2aafc46803 8406a4f2e4b89ec4b94b2f8a41be3f0700f2383b fc2f22192b1231263eeadf133ef98a088f7b2d7f18d4beac812ba5e85e78435d HTTP Headers `GET /idnsmedia/is/slots-v3/pragmatic-direct/starlightprincess1.webp?v=7.0 HTTP/1.1 Host: media.fastchecker.us User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/webp content-length: 14832 last-modified: Tue, 31 May 2022 05:30:38 GMT etag: "6295a7fe-39f0" x-xss-protection: 1; mode=block strict-transport-security: max-age=31536000;includeSubDomains access-control-allow-origin: * x-frame-options: SAMEORIGIN cache-control: max-age=31536000 cf-cache-status: REVALIDATED accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vElSFugVvpz5kT%2B7ABpxRoHN9Qb%2BAUWaJ5QZfVPTj87ksd2SKvBwo%2B9ZmkuO9S69bFMI9Rx9x4AxtZiPLZrgpo3o4DSVzSmLpdBCm9QCVqgbQaJ81sniKaDGfO95XDNnB7UANgHwTQ%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c77d460b51-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	air168-rtp.click/hot.svg	188.114.97.1	200 OK	3.9 kB
URL GET HTTP/3 air168-rtp.click/hot.svg IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type SVG Scalable Vector Graphics image\012- SVG XML document\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (4029), with no line terminators Size 3.9 kB (3936 bytes) Hash 6c7df4032e860105df3e42ecc3ce6c8f 50f6650e16328c133f21162ed5e37df7d8f45162 d63c95590a70545d197564af918cbb87b12ffe37f2691b38d851ba2281b5d0ea HTTP Headers `GET /hot.svg HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/svg+xml last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xQrFAYmwxVYX%2Bpxz8JghV1E87M4a%2FsFQj7%2FGgRwBu2hoRzouJi73Tp2UnNkl91Q9DaP4S8wSpWMQjmreTG4pB9JpWdMi%2FF4XMlpNtrw90RYegRUD1R3guIUaGLUrBfbqZ4AW"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c768abb524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	air168-rtp.click/calender.svg	188.114.97.1	200 OK	323 B
URL GET HTTP/3 air168-rtp.click/calender.svg IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (340), with no line terminators Size 323 B (323 bytes) Hash a5c4fd5f89850f274cb1564a6eca90e2 11bb4646fdd927af5ede97deab6bc653d3c0768c c73a4e89d7ce2aeb16b2d0b2083da0c87c258489dac6b60d372fdfa8bc345267 HTTP Headers `GET /calender.svg HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/svg+xml last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Qvw%2BwD8w5zyq1UnaFkSkEDak6NuCiC7K6h%2ByVZeXja4eTzYILLd6gKg%2B9Le5MRipKV1Vb2tbzzdkEgkZbbiWsPGI2Ciw47wJa5R6uo5WqHvsiuioB5udG9RLYlKfWyg8iTT"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c55d39b524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	air168-rtp.click/edit.svg	188.114.97.1	200 OK	2.0 kB
URL GET HTTP/3 air168-rtp.click/edit.svg IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type SVG Scalable Vector Graphics image\012- XML document, ASCII text, with very long lines (2114), with no line terminators Size 2.0 kB (1980 bytes) Hash 8d756fe3683f9c54cf858abcb9eb2ccd f9a2ac68b5bd1dfe855bab0b580cd6a6e8a4ffe7 1500696967803fcb76ad363949e8c0529a422c2f77584b4f408261726418429b HTTP Headers `GET /edit.svg HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: image/svg+xml last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dIJl59NX1K6gWZtr7YCEBpTCKVb6C2Iwq27cqSnrkjsZ8MJjkkyw9fS905FnyAcEdicy7skThTJ7lA8bGPmYdRuvyjls2dYiXKqrOYUsc7OkAUhV1SVq7N%2FTd404Im99XXh2"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c58daab524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	air168-rtp.click/giftbox.svg	188.114.97.1	200 OK	3.5 kB
URL GET HTTP/3 air168-rtp.click/giftbox.svg IP 188.114.97.1:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerLet's Encrypt Subjectair168-rtp.click Fingerprint64:D9:6B:DE:B1:24:95:76:12:C7:8B:CF:42:A9:CC:2A:97:06:D4:81 ValidityTue, 28 Nov 2023 16:24:27 GMT - Mon, 26 Feb 2024 16:24:26 GMT File type SVG Scalable Vector Graphics image\012- XML document text\012- exported SGML document, ASCII text, with very long lines (3766), with no line terminators Size 3.5 kB (3474 bytes) Hash fe9b2bc0b778965d13a7ad399edc71f7 f9f73b92edec04483985315d9fae1d4fc5b60e95 1f7b38cd48ed6e51804c199a6fddd3519115ae1a250c8bd687f1741988f4a748 HTTP Headers `GET /giftbox.svg HTTP/1.1 Host: air168-rtp.click User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://air168-rtp.click/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:50 GMT content-type: image/svg+xml last-modified: Sun, 01 Oct 2023 17:39:42 GMT cache-control: max-age=14400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GH5MN98tBszpBlEpIkqKFsmOoeSeSyPFrnQyqPMZTbVL7h3rJ2wOe1ioZKP%2Fr0iTAwE%2BIYOWxWmYWspoAye4UgBJx93d3DR56X8P76PTXgk6wJAIfFCpvirV0FKw4cs8xX6Q"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 82fd85c58d9bb524-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0	104.17.25.14	200 OK	77 kB
URL GET HTTP/3 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 IP 104.17.25.14:443 ASN #13335 CLOUDFLARENET Requested by https://air168-rtp.click/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com Fingerprint7A:EA:B9:09:71:70:6C:87:C9:D3:82:74:8A:7B:B4:60:E5:40:2D:8D ValidityMon, 03 Jul 2023 00:00:00 GMT - Tue, 02 Jul 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 77160, version 4.459\012- data Size 77 kB (77160 bytes) Hash af7ae505a9eed503f8b8e6982036873e d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe HTTP Headers GET /ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1 Host: cdnjs.cloudflare.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://air168-rtp.click DNT: 1 Connection: keep-alive Referer: https://cdnjs.cloudflare.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sun, 03 Dec 2023 17:27:49 GMT content-type: application/octet-stream; charset=utf-8 content-length: 77160 access-control-allow-origin: * cache-control: public, max-age=30672000 etag: "5eb03e5f-12d68" last-modified: Mon, 04 May 2020 16:10:07 GMT cf-cdnjs-via: cfworker/kv cross-origin-resource-policy: cross-origin timing-allow-origin: * x-content-type-options: nosniff vary: Accept-Encoding cf-cache-status: HIT age: 485613 expires: Fri, 22 Nov 2024 17:27:49 GMT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8pnQnVba%2FIzA3EPt6faJyWm77UZ8NN0MK71l6X6LEqulZhowD%2BWs02MXYJ7ANPb9ivNTyPDZM4rr2u0YQHfTmN1PQzA9D%2BshWUUxsLHRq47ky%2BCUegwPOIX4UoPWhVl1IJ2CtE3P"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security: max-age=15780000 server: cloudflare cf-ray: 82fd85c84f8856b7-OSL alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (17)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN