www.heavy-r.com/video/270318/Anal_Tickling/
172.67.20.237301 Moved Permanently 0 B URL HTTP/1.1 www.heavy-r.com/video/270318/Anal_Tickling/
IP 172.67.20.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/270318/Anal_Tickling/ HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 16:04:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 17:04:57 GMT
Location: https://www.heavy-r.com/video/270318/Anal_Tickling/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776efac35da7b4f9-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10225
Expires: Fri, 09 Dec 2022 18:55:22 GMT
Date: Fri, 09 Dec 2022 16:04:57 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15983
Expires: Fri, 09 Dec 2022 20:31:20 GMT
Date: Fri, 09 Dec 2022 16:04:57 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 15:33:14 GMT
content-type: application/json
age: 1903
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19332
Expires: Fri, 09 Dec 2022 21:27:09 GMT
Date: Fri, 09 Dec 2022 16:04:57 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 4QNmLRlEzaUqn2MPnqhlXYV+kl3clGXHkLGccquE/vZWMQnJ/gKGWIn27949PLOo8zwJ+BtiMWc=
x-amz-request-id: 25DPZ0R1EH5VQJTC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 15:48:23 GMT
age: 994
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d806e072025103ce77bf52b7ee500c92
93ba62c4dd40e7d268545e59e8150ed5e727c211
c57833adc5a54f050c6f48dcf74c49987aead908a4fcb5122d2b3243eca20f59
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3959
Cache-Control: max-age=137252
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:57 GMT
Etag: "6392c256-118"
Expires: Sun, 11 Dec 2022 06:12:29 GMT
Last-Modified: Fri, 09 Dec 2022 05:06:30 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:04:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 15:33:13 GMT
age: 1905
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.heavy-r.com/images/icon-18plus.png
172.67.20.237200 OK 762 B URL HTTP/2 www.heavy-r.com/images/icon-18plus.png
IP 172.67.20.237:0
File type PNG image data, 20 x 20, 8-bit colormap, non-interlaced\012- data
Hash c3b73ffd4b590cf0cc315248d2c07604
bf96caf178253cfc594a8ca4af91c1f90fffbdca
7229145331769f34343478592a9350e1aa3b2f8ecf32503a5294dcc88933a7f4
GET /images/icon-18plus.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 762
etag: "171161295"
last-modified: Mon, 23 Aug 2021 18:38:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5611
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca182ab4f3-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/avt/61/e6/72/61e672f4434200a.jpg
172.67.20.237200 OK 5.1 kB URL HTTP/2 www.heavy-r.com/avt/61/e6/72/61e672f4434200a.jpg
IP 172.67.20.237:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 160x160, components 3\012- data
Hash d68183bef23cf9cb22e224bc51979d57
a5fb2de5ddff1b530c132377e905dc548059959e
0d1f912dba805380ca905d00c81a8ecce57c358dabc0f9c6f055384be1ec60ce
GET /avt/61/e6/72/61e672f4434200a.jpg HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/jpeg
content-length: 5055
cache-control: max-age=14400
cf-bgj: h2pri
etag: "916331967"
expires: Fri, 09 Dec 2022 17:04:38 GMT
last-modified: Tue, 15 Nov 2016 20:01:46 GMT
cf-cache-status: HIT
age: 20
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca283cb4f3-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/images/logo.png
172.67.20.237200 OK 7.4 kB URL HTTP/2 www.heavy-r.com/images/logo.png
IP 172.67.20.237:0
File type PNG image data, 326 x 42, 8-bit/color RGB, non-interlaced\012- data
Hash cc188f8c27675a71903e7a3a578a1acd
aa124dd5b8bba679286ec8374056cb0e5b1cf842
cac915c8725b45afc5014696e53d1729aa6e50c53a96d65108575c75d89dcedb
GET /images/logo.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 7418
etag: "3973454358"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4647
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca182cb4f3-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/images/webcam_icon.png
172.67.20.237200 OK 1.6 kB URL HTTP/2 www.heavy-r.com/images/webcam_icon.png
IP 172.67.20.237:0
File type PNG image data, 32 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 01acd986d961deda3c41a1590dee9bfa
53c6ffdf0b7a39713c2b6fa0316ec9e1ee0582e4
2077396192a1a8c0f7d1989d510981b028b8ef377c88046fab36325923ae40c5
GET /images/webcam_icon.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 1560
etag: "2564103060"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4716
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca1825b4f3-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1353
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:58 GMT
Etag: "6392faaf-1d7"
Last-Modified: Fri, 09 Dec 2022 15:42:25 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471
www.heavy-r.com/images/gaming-18px.png
172.67.20.237200 OK 4.4 kB URL HTTP/2 www.heavy-r.com/images/gaming-18px.png
IP 172.67.20.237:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 660e7bbdc5a9c33d380552e5e34b81e3
548728b5396ba5d09ec5269d19f2532fff14350b
7519fc6f16182f95e41d1c02daf8847acfac88a626d565aa7daa536f2709af1b
GET /images/gaming-18px.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 4363
etag: "1603733009"
last-modified: Fri, 23 Aug 2019 17:51:03 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3637
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca1827b4f3-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/avt/default.jpg
172.67.20.237200 OK 2.4 kB URL HTTP/2 www.heavy-r.com/avt/default.jpg
IP 172.67.20.237:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 90x90, components 3\012- data
Hash 378b483ae669b86c0e9e0ec8f10bf355
5d5deca0111d5f2a4fc67a6e319e08e5a485c190
f42376e7c67d06cd513cbba0c860288e6d434d2ce63aa6eb609ea8819ef7b4f4
GET /avt/default.jpg HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/jpeg
content-length: 2440
cache-control: max-age=14400
cf-bgj: h2pri
etag: "743611457"
expires: Fri, 09 Dec 2022 16:48:12 GMT
last-modified: Tue, 15 Nov 2016 20:01:56 GMT
cf-cache-status: HIT
age: 1006
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca283fb4f3-OSL
X-Firefox-Spdy: h2
dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738
143.204.42.156200 OK 36 kB URL HTTP/2 dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738
IP 143.204.42.156:0
File type ASCII text, with very long lines (5919)
Hash 4fbd32d78abad9e0febff0f5700254e8
b836574d71e351e328bda45349c04a9d0826245e
fedfdf2f885aa91d0c8754e2997e149f1b70e7d02b284df7e94a988b16107293
GET /?dnzmd=894738 HTTP/1.1
Host: dmz3nd5oywtsw.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 35939
date: Fri, 09 Dec 2022 16:04:38 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yUbysvSLQ4DkxJ24JX_RgGi7VuSKUxVlJtKaeiBYTcYO0qduhNfq8g==
age: 20
X-Firefox-Spdy: h2
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
205.185.216.10200 OK 47 kB URL HTTP/1.1 cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (62751)
Hash a600a1d5894852aa5e6f4a063a491bc2
45290012903acf8301dc95e20610ab6f76a154b3
4b6168065d3487bc14b0ce3b81212293a5bb0108ac4a24857298e2095be742ca
GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:04:58 GMT
Connection: Keep-Alive
ETag: "1666105328"
Cache-Control: max-age=7206
Content-Encoding: gzip
Content-Length: 46959
Content-Type: application/javascript
Last-Modified: Tue, 18 Oct 2022 15:02:08 GMT
Accept-Ranges: bytes
X-HW: 1670601898.dop227.sk1.t,1670601898.cds234.sk1.shn,1670601898.dop227.sk1.t,1670601898.cds253.sk1.c
www.heavy-r.com/js/jquery.form.js
172.67.20.237200 OK 7.3 kB URL HTTP/2 www.heavy-r.com/js/jquery.form.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (529)
Hash a85110b29f5fc3e9797c3d1ab3964234
0105457812eab16a05985576c03b55da281d9985
7ca99eedc68690ad2a144e11cf176bd41e0d4e72f66d29fb3ef62bbd2e4d2e84
GET /js/jquery.form.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=45171
etag: W/"1000751821"
expires: Wed, 31 Aug 2022 16:30:49 GMT
last-modified: Sun, 19 Jul 2020 07:12:41 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efac9fffdb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
216.58.207.234200 OK 34 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32038)
Hash 103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe
GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 13:49:02 GMT
expires: Wed, 06 Dec 2023 13:49:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 267356
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
142.250.74.164200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (909), with no line terminators
Hash ec941e5d30fc3bb1d1aaa543ae406681
2c61a6ebfa4f2e36b59c773ef8f3d35378b6959b
6e32c0dc483787dcfab84cdc891c1865104738de265e3f2ae1331a7c8d6013bf
GET /recaptcha/api.js?onload=onloadCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 09 Dec 2022 16:04:58 GMT
date: Fri, 09 Dec 2022 16:04:58 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.163.49.154101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.163.49.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BrpDTWPZO2benFmY7AN1bQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PNMaAy3o17I4eLgxryDzWx6hdwY=
www.heavy-r.com/js/bootstrap.min.js
172.67.20.237200 OK 12 kB URL HTTP/2 www.heavy-r.com/js/bootstrap.min.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (32025)
Hash 3cdc3f5284a96135ba6b8c2819791caa
bea81dce7c3f6fc3adb3900786ced2b2a75c8a3f
3f45a1122f8145cc73c98a1f137779f88102ef2091577410cb03452aac3e1a50
GET /js/bootstrap.min.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 19 Aug 2020 22:21:31 GMT
etag: W/"2596413615"
expires: Mon, 06 Jun 2022 23:13:46 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6632
server: cloudflare
cf-ray: 776efacb0985b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash 7ab99ad4aef71d58b608d98e3a38e85b
392fcb545e92528911b28c4a4aaa7f0c67a9e483
87dcbd918f624f405fac0866bfc847dc50348700b7573f4527f4811e69a31b6a
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:55:06 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "392fcb545e92528911b28c4a4aaa7f0c67a9e483"
Last-Modified: Thu, 08 Dec 2022 20:55:07 GMT
X-Proxy-Cache: HIT
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash 3f4119d8dc9f312f3ef0d53387487e97
f2bd90a2e4cd3f6cb8602ac5e47107f704337dec
9be404e0f5f162e7c667db3050b01f09d44d35295bfd23d3b69dc2d0bc80a61a
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:56:53 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "f2bd90a2e4cd3f6cb8602ac5e47107f704337dec"
Last-Modified: Thu, 08 Dec 2022 20:56:54 GMT
X-Proxy-Cache: HIT
www.heavy-r.com/fonts/fontawesome-webfont.woff2?v=4.3.0
172.67.20.237200 OK 57 kB URL HTTP/2 www.heavy-r.com/fonts/fontawesome-webfont.woff2?v=4.3.0
IP 172.67.20.237:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.heavy-r.com/css/style.css?b3
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/octet-stream
content-length: 56780
cache-control: max-age=14400
cf-cache-status: HIT
age: 1743
last-modified: Fri, 09 Dec 2022 15:35:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efacc5b57b4f3-OSL
X-Firefox-Spdy: h2
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash 6d2293fbb44ea4b11715767c4b9f4d51
e920f93dc511dc0044c579c3627c3743256fe481
fdcdacdfce6e9c626ec7a2bba7dfabcb8f18edd03bf399969ae029fc36188d59
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:53:11 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "e920f93dc511dc0044c579c3627c3743256fe481"
Last-Modified: Thu, 08 Dec 2022 20:53:12 GMT
X-Proxy-Cache: HIT
ocsps.ssl.com/
52.6.97.148200 OK 1.8 kB IP 52.6.97.148:0
Hash 5a6438c6a9ca94d37eebfcb780d36ea7
723b35eb6cbdfa63d1b88947ae44b4f296bb7f6d
6dd4a19254aff66220d4f10b78eb8074c2eede2c49752ffc0554b2d93178a060
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:54:56 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "723b35eb6cbdfa63d1b88947ae44b4f296bb7f6d"
Last-Modified: Thu, 08 Dec 2022 20:54:57 GMT
X-Proxy-Cache: HIT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.heavy-r.com/scr/5c/03/b8/5c03b8330a1fd8a_3.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/5c/03/b8/5c03b8330a1fd8a_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash 7fa5a8ef96be93e7ef38e3a85d936a36
cf3be8539f963c6b58eedf15dacac001c79045d2
26a43888018b6ce4b251f4f968a8868949f9bdc97ca6a5eba68856ac786303b9
GET /scr/5c/03/b8/5c03b8330a1fd8a_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:58 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2540708318"
Last-Modified: Thu, 25 May 2017 22:16:21 GMT
Content-Length: 10958
Date: Fri, 09 Dec 2022 16:04:58 GMT
Server: lighttpd/1.4.28
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash f093305b75b4555bd839c905940c0652
4aa29e875c64526c97a4bcd43c976e14e7f612e0
1acc2ec5e43d39152289f2475df395065a761c712d0bd7aa7d36f3d322e9bd9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1ACC2EC5E43D39152289F2475DF395065A761C712D0BD7AA7D36F3D322E9BD9F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15180
Expires: Fri, 09 Dec 2022 20:17:59 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive
www.heavy-r.com/js/general.js
172.67.20.237200 OK 11 kB URL HTTP/2 www.heavy-r.com/js/general.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (436)
Hash 2a0d0df6c4a60b4396759515c10bb1fe
d6b3ddd4acc87fbc0831e9204a5fdfb5c8e2e7b0
af235305760d68bff8c18a0a74a404fcad2bf44d488cee0670f005af53e34010
GET /js/general.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=1980
etag: W/"3710786616"
expires: Wed, 31 Aug 2022 16:30:49 GMT
last-modified: Tue, 13 Jun 2017 03:52:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6632
server: cloudflare
cf-ray: 776efaca1820b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/members.css?b
172.67.20.237200 OK 13 kB URL HTTP/2 www.heavy-r.com/css/members.css?b
IP 172.67.20.237:0
File type ASCII text, with very long lines (3829)
Hash 644bc4e0e1c0b810bf6883568a4bb5b7
9adec3ec8d951b00ceb542e3baa60c49ce248e32
2d70433324c0f02ed47d6f9cfbd9881eb0cf788e6fc7505e90db9050d0645014
GET /css/members.css?b HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4762
etag: W/"2172495735"
last-modified: Fri, 10 Nov 2017 12:19:51 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6726
server: cloudflare
cf-ray: 776efac9efe2b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/bootstrap.min.css
172.67.20.237200 OK 36 kB URL HTTP/2 www.heavy-r.com/css/bootstrap.min.css
IP 172.67.20.237:0
File type ASCII text, with very long lines (65371)
Hash dcaacb52b3a30f00626a23bfa5fb7e34
0239f23b180d6c4b76f6b08fcc3777316d751eb4
1196d15e35ee5803d2dbc2b051e1acaa59272e11ee7abab1584096e29c8ffa37
GET /css/bootstrap.min.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 09 Apr 2017 14:40:35 GMT
etag: W/"908251226"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5612
server: cloudflare
cf-ray: 776efac9efd2b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/video/270318/Anal_Tickling/
172.67.20.237200 OK 28 kB URL HTTP/2 www.heavy-r.com/video/270318/Anal_Tickling/
IP 172.67.20.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3435), with CRLF, LF line terminators
Hash ddee98e69cbe9970fd42952060a6d658
40ebca51fbb47649d77e3b4227973bd1f4437bf4
0c5f7c16cc6334859e9dbe7b05ab1d68e0fd244c0f137be6dbc5b787a3742883
GET /video/270318/Anal_Tickling/ HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/html; charset=utf-8
set-cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
access-control-allow-origin: *
cache-control: max-age=60
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 776efac5aab5b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/style.css?b3
172.67.20.237200 OK 22 kB URL HTTP/2 www.heavy-r.com/css/style.css?b3
IP 172.67.20.237:0
File type ASCII text, with very long lines (51729)
Hash 322832b2915d24ba0d8ecddc46a26855
c4450e0ce254b23ef63361c033290f9dce2961d0
1301efc2aa2e214a33efb9268ae3cdd2ee1efb09c641d61feb918229c1d91c63
GET /css/style.css?b3 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=53476
etag: W/"2283685840"
last-modified: Fri, 16 Apr 2021 20:21:53 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4517
server: cloudflare
cf-ray: 776efac9efdeb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP 142.250.74.131:0
Hash c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda
POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e7efae8c02a7bfd37e99c01d137efe07
49d8ea118a67d3454ec359efa23556491db3ab77
76574d099eeec39041ae687663a2dad5a0ffdf966333a2a66682535a9fb24a3e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "76574D099EEEC39041AE687663A2DAD5A0FFDF966333A2A66682535A9FB24A3E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8032
Expires: Fri, 09 Dec 2022 18:18:51 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 13d6b59c1f183e91933d789636a71df3
eee7f5c7fa9f7504d71a87c46f9effb68e3a4a3e
94867a233c2f88cc3f1d51d094b8ef1245b138e395ab39410820e7465ec1e59f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 317
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Etag: "63923729-118"
Last-Modified: Fri, 09 Dec 2022 15:59:42 GMT
Server: ECS (amb/6BA3)
X-Cache: HIT
Content-Length: 280
static.heavy-r.com/scr/f1/38/e9/f138e95911edc5d_3.jpg
37.48.81.1200 OK 16 kB URL HTTP/1.1 static.heavy-r.com/scr/f1/38/e9/f138e95911edc5d_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d33768ab979baa88f63804bc28842f73
5b7790db019982c740ce0cfa5484774a18db3840
dd498bf45afa4819c468e12e05bf597ef62a1dd13e3db70faba00da524434678
GET /scr/f1/38/e9/f138e95911edc5d_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3929761214"
Last-Modified: Sun, 04 Dec 2022 16:35:26 GMT
Content-Length: 16273
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/images/bar-img.png
172.67.20.237200 OK 6.3 kB URL HTTP/2 www.heavy-r.com/images/bar-img.png
IP 172.67.20.237:0
File type PNG image data, 132 x 85, 8-bit/color RGB, non-interlaced\012- data
Hash 05105644aff11674ccbc3fec136b190a
c22c02169cfec49d4ee442f861cbbb30d4e23c09
8d6470ae2f8fcfbd7b59ae592c503524ef1149567d0b7c63d63dec874dd826fb
GET /images/bar-img.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/png
content-length: 6286
etag: "2077235802"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3389
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efacd2c54b4f3-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/css/myaccount.css
172.67.20.237200 OK 18 kB URL HTTP/2 www.heavy-r.com/css/myaccount.css
IP 172.67.20.237:0
File type ASCII text, with very long lines (1756), with no line terminators
Hash ed625200e411018c5c9f4a809dceac5d
02e40861c6cfa4ef3fe182ed5939ba609449f0cd
040e022c8e04f44f2aa533f2bdadb8d7ebaa784748ff7387ae5112b5bc96080b
GET /css/myaccount.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2264
etag: W/"2986297702"
last-modified: Tue, 15 Nov 2016 20:03:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4517
server: cloudflare
cf-ray: 776efac9ffecb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/98/fc/8b/98fc8be91b92e7c_1.jpg
37.48.81.1200 OK 13 kB URL HTTP/1.1 static.heavy-r.com/scr/98/fc/8b/98fc8be91b92e7c_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash 45cb2177aefe0936b6b93fab0d11b0c3
7778db0dc29cbfb29094330f2e1975d12bfbc367
da5cc94eea7289a68176a685d7aeb31cd74bd53b953169ce010498a0eec45f2a
GET /scr/98/fc/8b/98fc8be91b92e7c_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2784705288"
Last-Modified: Wed, 07 Dec 2022 16:49:57 GMT
Content-Length: 13003
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/js/jquery.jcarousel.pack2.js
172.67.20.237200 OK 16 kB URL HTTP/2 www.heavy-r.com/js/jquery.jcarousel.pack2.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (8487), with no line terminators
Hash c6f115f4a593a7a6fe722622433d6e70
0b71f7cd63c2435166c5be9596696fa3f1a545ee
2130e9a614c37b70092be33086c9dd2c1538a65c5f8bd6a978c12599d2c2a46e
GET /js/jquery.jcarousel.pack2.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=8882
etag: W/"975768959"
expires: Mon, 06 Jun 2022 23:55:06 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efaca0809b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/75/bf/99/75bf99d7f376f78_4.jpg
37.48.81.1200 OK 15 kB URL HTTP/1.1 static.heavy-r.com/scr/75/bf/99/75bf99d7f376f78_4.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash ac5cad644214482f4fb49952c7f62e21
6ed9831c6b43166b16cadcecdbc8f4b708732850
ed46e009f6291fb4bdce47156ac97c5045d0eb9017856c3307c15c6e733f90e7
GET /scr/75/bf/99/75bf99d7f376f78_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2054653385"
Last-Modified: Tue, 29 Nov 2022 19:07:32 GMT
Content-Length: 14782
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/1c/dc/4a/1cdc4ac0dca2538_2.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/1c/dc/4a/1cdc4ac0dca2538_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 189x136, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 75654fcdf63cdcbeb2308eb966b00c37
c6089e743949c2b1e0d6dffbe83c5247c1ea3c9a
9d4f1c9f470aa174f879e8a7231302ba2dc4fe6357bfbd960a988e065271aeb8
GET /scr/1c/dc/4a/1cdc4ac0dca2538_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4157560007"
Last-Modified: Tue, 29 Nov 2022 16:36:54 GMT
Content-Length: 11223
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/99/a5/5d/99a55d7c08ab471_3.jpg
37.48.81.1200 OK 8.7 kB URL HTTP/1.1 static.heavy-r.com/scr/99/a5/5d/99a55d7c08ab471_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 44456931a8cc0b4942edbdfa71c98f46
c172950113917bcb62f71a8c042d8f6a65453a00
c30c32033c2a9e0afe5b68a1c29d2575f74f7633e60ceb8f6c5c1fc185c9c60d
GET /scr/99/a5/5d/99a55d7c08ab471_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2087751802"
Last-Modified: Wed, 30 Nov 2022 14:59:37 GMT
Content-Length: 8692
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/15/4c/86/154c866da718b1b_1.jpg
37.48.81.1200 OK 17 kB URL HTTP/1.1 static.heavy-r.com/scr/15/4c/86/154c866da718b1b_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d88ff5ef619d0dec56d06ded8e73a367
68eac85a80b1ea8e914278b2c57516e436e30280
220625342d0e29aeed59342e0c769e9b3fb6c0aab74f1b5d4ff0bb1c14aef7e1
GET /scr/15/4c/86/154c866da718b1b_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4105057063"
Last-Modified: Tue, 29 Nov 2022 13:36:55 GMT
Content-Length: 17225
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/ac/39/3c/ac393c5d47640fc_6.jpg
37.48.81.1200 OK 16 kB URL HTTP/1.1 static.heavy-r.com/scr/ac/39/3c/ac393c5d47640fc_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 84b6385e7ce4d9db21b22fc4a04f161b
7ba574933aa922322082593310ad85e880f9ddab
36d3ff22e71b813f0654a30fa13e6a579e8197b7ab696b2bd1dec98348e1271d
GET /scr/ac/39/3c/ac393c5d47640fc_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "68563147"
Last-Modified: Mon, 28 Nov 2022 17:58:16 GMT
Content-Length: 15671
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/d4/55/f8/d455f85b4dbe974_2.jpg
37.48.81.1200 OK 9.9 kB URL HTTP/1.1 static.heavy-r.com/scr/d4/55/f8/d455f85b4dbe974_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density -22352x28205, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash f85a25dfbcef08acb442539518389b8a
842030fd8caf4dafa787b242d99ad9953883e2b2
7c23e0551ff9a8cb51ed3df0ca2fd410c541ade9223c121cfac51a19a38a3028
GET /scr/d4/55/f8/d455f85b4dbe974_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1888409758"
Last-Modified: Mon, 28 Nov 2022 17:09:19 GMT
Content-Length: 9920
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/bf/4a/79/bf4a7941bc429ff_5.jpg
37.48.81.1200 OK 21 kB URL HTTP/1.1 static.heavy-r.com/scr/bf/4a/79/bf4a7941bc429ff_5.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 4c023bc6d3be02f1bb169ae70b451d0f
43551fa238b7a464e36cf3a585e5bfd3224765bb
bf0d05d24927d143e4db2a5b1f4a95c15e11d9d478dc7ec007a4fdaf6c4647a5
GET /scr/bf/4a/79/bf4a7941bc429ff_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3167889058"
Last-Modified: Wed, 07 Dec 2022 16:40:00 GMT
Content-Length: 20618
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/a3/58/0d/a3580dde6b4bb0c_1.jpg
37.48.81.1200 OK 10 kB URL HTTP/1.1 static.heavy-r.com/scr/a3/58/0d/a3580dde6b4bb0c_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, density -4336x32075, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 579dc559f0101ac6ae4054a9226e54e7
84b17e7c2d44161177d1179e59bbd9b52f101d09
4e31c7971d6ca61dc7e24691f01f87dec65076a37028067c9dc8c818c5e2a001
GET /scr/a3/58/0d/a3580dde6b4bb0c_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2660481737"
Last-Modified: Tue, 06 Dec 2022 16:11:43 GMT
Content-Length: 10201
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/af/11/7c/af117cd48488187_4.jpg
37.48.81.1200 OK 15 kB URL HTTP/1.1 static.heavy-r.com/scr/af/11/7c/af117cd48488187_4.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash 2a68b3c4ad4196e92ef80f3115c17f76
2753cb58580907d05918e7ee5c38bd1458de71d8
bfee8118f3df2597f34f523c857f74c31fa45183c458d1b5d013a3cfa127aaa1
GET /scr/af/11/7c/af117cd48488187_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "483979248"
Last-Modified: Wed, 07 Dec 2022 05:36:58 GMT
Content-Length: 15236
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/11/fd/93/11fd9373eb9dd2d_5.jpg
37.48.81.1200 OK 14 kB URL HTTP/1.1 static.heavy-r.com/scr/11/fd/93/11fd9373eb9dd2d_5.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash c3653ac2ab3f8f5f437313af788fa66d
f6a8e1c2938527a0222de29ec435094286f90710
6d067ab15b622281bf405867bfd8a4430064620f6a8d326f91ddc5142635594a
GET /scr/11/fd/93/11fd9373eb9dd2d_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2944595111"
Last-Modified: Tue, 06 Dec 2022 15:23:13 GMT
Content-Length: 14503
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/5d/6d/60/5d6d603ceaa4a6f_4.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/5d/6d/60/5d6d603ceaa4a6f_4.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 8297e2b50edfb2e041d9fe60cd52deb6
27a12cbeb7a963cfd3c1e34c5c3a676bcc60aed1
784bc9c20c672230471cd520f258ae6957063d9328c6231433631d523a8ff2f1
GET /scr/5d/6d/60/5d6d603ceaa4a6f_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3071194341"
Last-Modified: Tue, 06 Dec 2022 15:07:27 GMT
Content-Length: 10603
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/f5/02/55/f5025571862ce43_2.jpg
37.48.81.1200 OK 13 kB URL HTTP/1.1 static.heavy-r.com/scr/f5/02/55/f5025571862ce43_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash dff70fc236a19b4df347cb542cc64d62
90556ffe4b57dae17cf5c749af9a2f50a5bf3476
67db2e6c4a7de97014023f5202427c9337a290cb64738f0431cba50e7dfc56c8
GET /scr/f5/02/55/f5025571862ce43_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3603404830"
Last-Modified: Tue, 06 Dec 2022 12:30:05 GMT
Content-Length: 13261
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/0d/15/22/0d1522333da05e9_1.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/0d/15/22/0d1522333da05e9_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash 4990c38aa21be206868b7c362d916205
938ce97d514654938d9822dd6b57e927bceca63e
90e8da191fa0689693e91765683675e33c197ba6bdf7f7bda2c113ff00f1fd55
GET /scr/0d/15/22/0d1522333da05e9_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4048268505"
Last-Modified: Wed, 30 Nov 2022 01:40:05 GMT
Content-Length: 11527
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/css/myfav.css
172.67.20.237200 OK 12 kB URL HTTP/2 www.heavy-r.com/css/myfav.css
IP 172.67.20.237:0
File type ASCII text, with very long lines (3571), with no line terminators
Hash 05f337442f1383e32ea5d80ca7fb5e28
4d38a82f22d887c7c14b2bbd1d1ea072ab0a3193
f6e6ab83a955aa47533a64b35b74b22ca5e4aab4b68671e8272948ae8b3ebf82
GET /css/myfav.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4664
etag: W/"2717861221"
last-modified: Tue, 15 Nov 2016 20:03:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 686
server: cloudflare
cf-ray: 776efac9ffe7b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/b2/ea/8b/b2ea8b3b3d563b2_7.jpg
37.48.81.1200 OK 16 kB URL HTTP/1.1 static.heavy-r.com/scr/b2/ea/8b/b2ea8b3b3d563b2_7.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash c8af817c8eced887a16af92cbc6c03ba
ad7245b6a30e9d1e04ccedcc27f6dc36757409ca
2f93b8e48511c962079afae30400440e3ff7d8aed21ea2cd45cde7f042560793
GET /scr/b2/ea/8b/b2ea8b3b3d563b2_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3176838850"
Last-Modified: Wed, 30 Nov 2022 18:18:09 GMT
Content-Length: 15560
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP 142.250.74.131:0
Hash c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda
POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.heavy-r.com/js/date.js
172.67.20.237200 OK 17 kB URL HTTP/2 www.heavy-r.com/js/date.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (2977)
Hash 5fba8c85fe989b15816887af42ef765b
9ba4db33a59d4afa6d3fe91e9763d59b487d6101
c971d55c54905c7af2f201b711add631d8be53f4b6e084bc77c79e9d1d1a8f28
GET /js/date.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=6956
etag: W/"2653494852"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Sun, 23 Aug 2020 06:54:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 686
server: cloudflare
cf-ray: 776efaca0811b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/sw.js
172.67.20.237200 OK 51 kB IP 172.67.20.237:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ee9258a2301b705bb0daf71500dbf0ee
503b016e432ff67d9c69bc2b4f3d5e96ff95cc8b
2d895f01dd23c9e2aa26f121844fa69355f6d4b4dbfdb81095242242b722772a
Analyzer Verdict Alert fortinet Malware
GET /sw.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/video/270318/Anal_Tickling/
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=103032
etag: W/"118614824"
last-modified: Wed, 30 Nov 2022 18:16:55 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 7123
server: cloudflare
cf-ray: 776efac9efccb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js//jquery.tools.min.js
172.67.20.237200 OK 15 kB URL HTTP/2 www.heavy-r.com/js//jquery.tools.min.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (4051)
Hash 6574c96f119fc2c34ef920d7532237f4
a0e5a6a511e7c845e5551593aab568246ce2bfb7
b60777b76de22aacafab346d5933fbb932c137b9216e71a38433676839954147
GET /js//jquery.tools.min.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 May 2018 12:20:18 GMT
etag: W/"14602103"
expires: Mon, 17 Oct 2022 18:22:47 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efac9fff9b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/8e/b5/b9/8eb5b9f67ddc82e_1.jpg
37.48.81.1200 OK 14 kB URL HTTP/1.1 static.heavy-r.com/scr/8e/b5/b9/8eb5b9f67ddc82e_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash a6a28679be7f4ca71f61292bc50837eb
b81b3e7ef38cb4eeb073099f6f1cd70e31e04c82
0992032ae88a391404bc64008137d806ef5926cb3f7d3e1fb72349717f04992e
GET /scr/8e/b5/b9/8eb5b9f67ddc82e_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3476094344"
Last-Modified: Sat, 03 Dec 2022 13:45:37 GMT
Content-Length: 14244
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/js/zxml.js
172.67.20.237200 OK 13 kB URL HTTP/2 www.heavy-r.com/js/zxml.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (6479), with no line terminators
Hash 4fddfe15ba2e46166897c39fb6f82797
abfacd4555895978e5227df8feec3b08ce720ea0
63f95bda257067409d71bfdab70171bb50063fae1a9a8811430bb2ace18a4ce4
GET /js/zxml.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=6483
etag: W/"170460536"
expires: Mon, 04 Jul 2022 18:35:40 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5612
server: cloudflare
cf-ray: 776efaca1821b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.faster-trk.com/oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0
104.21.70.227200 OK 4.5 kB URL HTTP/2 a.faster-trk.com/oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0
IP 104.21.70.227:0
File type ASCII text, with very long lines (12697), with no line terminators
Hash 9fa137045b20ed2e9d284059e8e8a316
65488893efefe2c9114c394e042d695fb3c79de5
e78e6eb2e1c748040646ef3db618dd59f030c8ef39f525d7a5318845410491b5
GET /oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0 HTTP/1.1
Host: a.faster-trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
referer: a.faster-trk.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3sAVylRlvQnnXvuBNQwfHrdZDMblBod%2Fqb8nkVbITZlcNtZvUGfu9xvbl8jZQY4ebElzr2eWiQIRVkB3kM3bVeym0ahJ0qkiaDMBYzMF%2BRrBTU596rbqC9MeN4HmfdeXnr%2Bz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efacd6cd9b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.heavy-r.com/scr/f1/66/59/f166592c1009dc3_2.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/f1/66/59/f166592c1009dc3_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 730e6e2e0522bea25ca7611cd129c362
b46ad8ecf86cc6a509d14f934d8081724fa29a0e
8dac8bbc59d5011a5722360c27325a5bea3dfa496bc5cd338cb10655d656fd30
GET /scr/f1/66/59/f166592c1009dc3_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2430744632"
Last-Modified: Sat, 03 Dec 2022 10:07:13 GMT
Content-Length: 12228
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/4a/25/e0/4a25e0bd696552f_2.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/4a/25/e0/4a25e0bd696552f_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash fd9ecb2d4fd07448e5761b76265ae522
b87e734ee1db348ea670a13824e7fc4522242fb2
9f32a4055c0a14a8a528b62b5899f27052cd2654fdc702629f176be1df7d4c77
GET /scr/4a/25/e0/4a25e0bd696552f_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2603842249"
Last-Modified: Sat, 03 Dec 2022 07:42:22 GMT
Content-Length: 12204
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/da/58/aa/da58aa3201f61c3_4.jpg
37.48.81.1200 OK 13 kB URL HTTP/1.1 static.heavy-r.com/scr/da/58/aa/da58aa3201f61c3_4.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 4a84c304f7830f0dac75d0f75315f468
7c4d1850330cd63ce3849e3463b0e7c1b3c76fb9
0fdaa94bd4bc01fdf078ffd1a557ea876d6ea85707f5b526ba477fe8c4438b5d
GET /scr/da/58/aa/da58aa3201f61c3_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2342183579"
Last-Modified: Fri, 02 Dec 2022 17:29:34 GMT
Content-Length: 12826
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/2d/ed/a1/2deda1f9b55e232_4.jpg
37.48.81.1200 OK 14 kB URL HTTP/1.1 static.heavy-r.com/scr/2d/ed/a1/2deda1f9b55e232_4.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash f2a122394f53c2b9e6fbd530b6a72ca3
90aa15845f649f5e8af1802967369270b66b6cdd
3a9f73a86078d09d657c2ad8e6f695ece21871f1ae09222793fb9a936e823631
GET /scr/2d/ed/a1/2deda1f9b55e232_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1377072852"
Last-Modified: Wed, 30 Nov 2022 14:26:33 GMT
Content-Length: 14014
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/js/CH_VideoView.js
172.67.20.237200 OK 14 kB URL HTTP/2 www.heavy-r.com/js/CH_VideoView.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (700)
Hash a792175515e07733ba9e6ce122d66f5a
dd6432294270f737f12f2ad76374f12501dc39d0
7840a8e67cabebc790da47401456d77790c16947b566d28c5107cc5625dd04d6
GET /js/CH_VideoView.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=3122
etag: W/"2674444154"
expires: Mon, 18 Apr 2022 22:49:50 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4425
server: cloudflare
cf-ray: 776efaca1823b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/7b/37/a0/7b37a05e039a407_5.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/7b/37/a0/7b37a05e039a407_5.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 135x101, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 431d2eeb94c36ef3da98944fe99ec30c
6cd140140c629b0acaac6a3613f746d834c19b5d
8583b94ba6f026cfdda185f2a6b8c8b945e8609209bd6ed48144e741ebd68bea
GET /scr/7b/37/a0/7b37a05e039a407_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2387316822"
Last-Modified: Fri, 02 Dec 2022 08:49:06 GMT
Content-Length: 11250
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/0e/cd/ee/0ecdee04c9c251b_4.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/0e/cd/ee/0ecdee04c9c251b_4.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash b94e24db8ce62a2ded845a27a1e6fb5e
bd3f0d5011360bdc9abd96000c0dec437b808c98
f05b9f6d6aa8d50543bb84e3a6a7c1c0b4cb5d93b49c0ccd23f1ea11b1a0d46f
GET /scr/0e/cd/ee/0ecdee04c9c251b_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3054530754"
Last-Modified: Fri, 02 Dec 2022 08:42:05 GMT
Content-Length: 11148
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/js/c.js
172.67.20.237200 OK 7.5 kB IP 172.67.20.237:0
Hash 304f851ee57d0ebcd65a3e26c2e56d2c
705f5640da0f71763b116ee925c05127e2e1cdd7
e526e5c5d1898e60efd27d344dd074e0779e0ebb282d0a384680f565824f488b
GET /js/c.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=634
etag: W/"116253543"
expires: Mon, 18 Apr 2022 22:49:50 GMT
last-modified: Wed, 17 Mar 2021 19:52:01 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 7057
server: cloudflare
cf-ray: 776efaca183bb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/CH_Ajax.js
172.67.20.237200 OK 15 kB URL HTTP/2 www.heavy-r.com/js/CH_Ajax.js
IP 172.67.20.237:0
File type HTML document, ASCII text, with very long lines (571)
Hash 37d9a50bdf38ce13c7dc289a2f8ed540
ccc03e96442c025b0e9482f7022c510b59bfb550
f3f257a13ff75f3ba8f8ef61211d0d71bd19b9bbcf19854b1f425d55a525b754
GET /js/CH_Ajax.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=4539
etag: W/"902188345"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Wed, 18 Oct 2017 04:28:37 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6632
server: cloudflare
cf-ray: 776efaca0817b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/e4/f5/c0/e4f5c06db32095e_7.jpg
37.48.81.1200 OK 15 kB URL HTTP/1.1 static.heavy-r.com/scr/e4/f5/c0/e4f5c06db32095e_7.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 4aa8b3b9eea9a0aa9dde3d40f164417e
c05506c998441a30daabbae873ff48e64789c07a
4738c41ebe3648da5135da156e6a7dadfe8243992988cb0d4507219da57eba4e
GET /scr/e4/f5/c0/e4f5c06db32095e_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1777346898"
Last-Modified: Thu, 01 Dec 2022 20:30:18 GMT
Content-Length: 14796
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/b3/45/0a/b3450ad9c9b0b66_5.jpg
37.48.81.1200 OK 10 kB URL HTTP/1.1 static.heavy-r.com/scr/b3/45/0a/b3450ad9c9b0b66_5.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 699x658, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 5750a2b52ffb334b7edb1bff94ed72c8
11bdc66ecd92c341541176821fa64b4bc491a734
ece9421b1c3bd0c26f69ca2c4003c39e93e20698369e6f3d8e6ab5ea919a4006
GET /scr/b3/45/0a/b3450ad9c9b0b66_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1523809380"
Last-Modified: Thu, 01 Dec 2022 16:15:48 GMT
Content-Length: 10428
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/js/mobile3.js?v=8
172.67.20.237200 OK 12 kB URL HTTP/2 www.heavy-r.com/js/mobile3.js?v=8
IP 172.67.20.237:0
File type ASCII text, with very long lines (2116)
Hash 86f5db33d82618d3338632ff187dc520
06ae1a03bd40d9a588e7372645f4255a0b4b162b
d9bfd97ba44f0f9d1d4843eea0bc1c9d419cfbba0a93aae45344ad7db9275c8b
GET /js/mobile3.js?v=8 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=5428
etag: W/"761676667"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Tue, 06 Apr 2021 20:20:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5612
server: cloudflare
cf-ray: 776efaca182db4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/comm.css?e
172.67.20.237200 OK 14 kB URL HTTP/2 www.heavy-r.com/css/comm.css?e
IP 172.67.20.237:0
File type ASCII text, with very long lines (4872), with no line terminators
Hash e905e7fd1716306b29459d58597b67ad
ece7647de12a3a3f0328df822345588f4a8abb27
3c0209fce5f41143bbd1d976167f6544a72d62122bfa70585638a21821ee5b12
GET /css/comm.css?e HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=5463
etag: W/"448465228"
last-modified: Mon, 27 Nov 2017 17:41:08 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 686
server: cloudflare
cf-ray: 776efac9ffedb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
static.heavy-r.com/scr/46/34/df/4634dff87882978_3.jpg
37.48.81.1200 OK 15 kB URL HTTP/1.1 static.heavy-r.com/scr/46/34/df/4634dff87882978_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash bb00a6ee74fd8f28ba6ca79df35aeaf9
5a49da82c4db8371d05aab24e093fcb961e264c0
bd589ac117c3a338870b4b86d7464bd41633edc6423b919bab21608661c22c51
GET /scr/46/34/df/4634dff87882978_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2326408128"
Last-Modified: Thu, 01 Dec 2022 13:28:23 GMT
Content-Length: 15161
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
a.faster-trk.com/r?tid=5f218e16-7ff0-4c66-a255-e494273b775c&cf=afg0f0ahii
104.21.70.227200 OK 60 B URL HTTP/2 a.faster-trk.com/r?tid=5f218e16-7ff0-4c66-a255-e494273b775c&cf=afg0f0ahii
IP 104.21.70.227:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /r?tid=5f218e16-7ff0-4c66-a255-e494273b775c&cf=afg0f0ahii HTTP/1.1
Host: a.faster-trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKEBoDSOrLktWerosYXPRNeAOawD13cEJNKopOu8ehDB9QyTzmSxeW%2BGiuriZba0w6opsvfwrwfBhuB8Fz2gkwveTdExTvfYBUGq%2FeAOxfQrkD%2BSvs5tiZsUyLLHxk9Y3LuH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efacebe0eb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.heavy-r.com/scr/f6/b4/b2/f6b4b218a6445ff_6.jpg
37.48.81.1200 OK 9.9 kB URL HTTP/1.1 static.heavy-r.com/scr/f6/b4/b2/f6b4b218a6445ff_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash c31cb15b9dccf815f97c0ba66dc2258e
1ca03dff08d8d57b37c90c958b25acd911514166
4e1f7931ab931c18ef3c6c17dee076864f3bbed0faf581d8551a271c7af073b6
GET /scr/f6/b4/b2/f6b4b218a6445ff_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3175447507"
Last-Modified: Thu, 01 Dec 2022 06:59:56 GMT
Content-Length: 9858
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/7e/95/e6/7e95e6fa2d3a34d_1.jpg
37.48.81.1200 OK 10 kB URL HTTP/1.1 static.heavy-r.com/scr/7e/95/e6/7e95e6fa2d3a34d_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 2673x5365, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash fd4609483011ee56e815e25d750cefc2
a4e1b88d7c25e6e68ece2fa459f370dbabd3a22c
4e9b53a3b204a584dcdc8b916ca75fe02d1f737e1286f65eadba7db6955b9b20
GET /scr/7e/95/e6/7e95e6fa2d3a34d_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1659395534"
Last-Modified: Wed, 30 Nov 2022 16:48:18 GMT
Content-Length: 10186
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/14/e7/c3/14e7c36d06c3bba_7.jpg
37.48.81.1200 OK 13 kB URL HTTP/1.1 static.heavy-r.com/scr/14/e7/c3/14e7c36d06c3bba_7.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash 96bb2ca74afd7dbc1bfe3f62805d6f20
395a3ace3e138cd79e858355a280b29b0b00359d
8c65241e2d2154a40f77759c09bd3f6a6e76c1ced2a29d342880c3057fd47dc1
GET /scr/14/e7/c3/14e7c36d06c3bba_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "219311704"
Last-Modified: Wed, 30 Nov 2022 05:01:57 GMT
Content-Length: 12775
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
a.faster-trk.com/r?tid=9b59f0bd-17e5-4815-b384-5415139395d9&cf=afg0f0ahii
104.21.70.227200 OK 60 B URL HTTP/2 a.faster-trk.com/r?tid=9b59f0bd-17e5-4815-b384-5415139395d9&cf=afg0f0ahii
IP 104.21.70.227:0
File type ASCII text, with no line terminators
Hash cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154
GET /r?tid=9b59f0bd-17e5-4815-b384-5415139395d9&cf=afg0f0ahii HTTP/1.1
Host: a.faster-trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWDZ%2F1cuXOusfmCAT2Nqd7J1zvHJuYBmkZ2zWbXYZjs2z%2BhGUF%2Bqvv2IRAS%2BWQApF6MldonmFMF9iVE0MbuzI7ijYeStWGXWYcupj214K2EsdGETSY5YG%2FocT%2FhYl42a5pKO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efaceee3cb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.heavy-r.com/scr/0e/a8/19/0ea819e799024ec_2.jpg
37.48.81.1200 OK 15 kB URL HTTP/1.1 static.heavy-r.com/scr/0e/a8/19/0ea819e799024ec_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d48608f6558b9db2127eb78e98c9ee91
ceeac55c24de1a999dbd190ff59de619099af8e1
f8eb9d8013954e3e6cced75702e00e4801b4dc0c6c7f5cc65b9a9fad4482be2a
GET /scr/0e/a8/19/0ea819e799024ec_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2768813427"
Last-Modified: Tue, 29 Nov 2022 18:40:20 GMT
Content-Length: 15176
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/63/d4/2e/63d42e2e7141aab_1.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/63/d4/2e/63d42e2e7141aab_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 480x337, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash e8997f5a9b2c3e4c5c550c6ab12f3162
d32ef56e6dca56904776ce9cc66d4c4af5a641b6
1778dd046ab7ebbb5b58016541e5f709eb0ba9167bb2fcc100ffdbd925981408
GET /scr/63/d4/2e/63d42e2e7141aab_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2492612566"
Last-Modified: Tue, 29 Nov 2022 14:14:50 GMT
Content-Length: 11975
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28
e1.o.lencr.org/
23.33.119.27200 OK 346 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e7efae8c02a7bfd37e99c01d137efe07
49d8ea118a67d3454ec359efa23556491db3ab77
76574d099eeec39041ae687663a2dad5a0ffdf966333a2a66682535a9fb24a3e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "76574D099EEEC39041AE687663A2DAD5A0FFDF966333A2A66682535A9FB24A3E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8032
Expires: Fri, 09 Dec 2022 18:18:51 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 6705a52b14a33d01cf10849fa0daef61
ace88e145b2247ea5f23b65cdb71a5f34841ab4a
c8212fe89f75ec225decabc9e23cf64005db104a64100300b8aad9b37e3c1b72
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8212FE89F75EC225DECABC9E23CF64005DB104A64100300B8AAD9B37E3C1B72"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8603
Expires: Fri, 09 Dec 2022 18:28:22 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive
ocsp.r2m02.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m02.amazontrust.com/
IP 54.230.80.227:0
Hash ee7ee298edf551e8675d52050308139c
418f5e165fde7edab12697d941083dcbab67e9c1
c37a9f91ac25203162e05d96e7e97820b2fe2f89d61bd2fac8a1b25147bc1247
POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100389
Date: Fri, 09 Dec 2022 16:04:59 GMT
Etag: "63922bee-1d7"
Expires: Sat, 10 Dec 2022 19:58:08 GMT
Last-Modified: Thu, 08 Dec 2022 18:24:46 GMT
Server: ECS (dcb/7F81)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: umSZlMpraHHOgmGPPeaYdfLZkLuCGfGnwSMbMmMfOb4UU3JV8ZcmIQ==
Age: 5602
www.heavy-r.com/js/script.js
172.67.20.237200 OK 43 kB URL HTTP/2 www.heavy-r.com/js/script.js
IP 172.67.20.237:0
File type HTML document, ASCII text, with very long lines (648)
Hash 356338a2e3004ef7c5558499991f1a70
9821c437ceec39a7bb2f9e76b01435b7b907bf44
577105ad32f8b502bb6bbd06c31a2f416bb03e328b2a6883c624c41c7846f014
GET /js/script.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=5441
etag: W/"2453276531"
expires: Wed, 31 Aug 2022 16:31:08 GMT
last-modified: Fri, 18 May 2018 11:48:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4425
server: cloudflare
cf-ray: 776efacb1989b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 89a3a8de067ca28d9aecfbddc680ad57
b66c5b98f83b494cf0f0ff3537f77f35eac83c86
1926e5957d1edc08c84ad342b72ba426bae6981340424e095cef82d3fb742270
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 08 Dec 2022 21:16:19 GMT
Expires: Fri, 09 Dec 2022 21:16:19 GMT
ETag: "b66c5b98f83b494cf0f0ff3537f77f35eac83c86"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.heavy-r.com/css/images/bx_loader.gif
172.67.20.237200 OK 8.6 kB URL HTTP/2 www.heavy-r.com/css/images/bx_loader.gif
IP 172.67.20.237:0
File type GIF image data, version 89a, 32 x 32\012- data
Hash 931bdb6b50816b03206c66921760b246
f67f91dafbe0f846c8f8f67a005497d8bdea188a
6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a
GET /css/images/bx_loader.gif HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/css/jquery.bxslider-v4.1.2.css
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
content-length: 8581
etag: "486933588"
last-modified: Thu, 20 Oct 2022 20:34:19 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3250
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efad0f945b4f3-OSL
X-Firefox-Spdy: h2
oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
167.99.122.29200 OK 699 B URL HTTP/1.1 oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
IP 167.99.122.29:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document, ASCII text, with very long lines (777)
Hash 0a80645a8ea763e0e2cf2140326d4e4c
5dccb4ca31a0d2c538a53882355c3f7678a650c8
38ab1889a516531f445603ea8aec7cafc15d80ccf6bc6725d5d6050c6ce8ef85
GET /servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69 HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: AVPUID=e198675d9eb47cdd315bbfe43a6399dc; Expires=Sat, 09-Dec-2023 16:04:59 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101
167.99.122.29200 OK 702 B URL HTTP/1.1 oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101
IP 167.99.122.29:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document, ASCII text, with very long lines (785)
Hash 5e8181d4a00893b4d975bd7eebb3aed0
c0468b6d7eab6c55ed63b6731788bac3c6e79778
4852b641db00a5c23b7068c8ef1e91a5b1161fa28dd332ca2eb6907921ae4845
GET /servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101 HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: AVPUID=4c212a2e9ab03a41c9dbe9f15b0651b2; Expires=Sat, 09-Dec-2023 16:04:59 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
mbledeparatea.com/utx?tid=763904&top=www.heavy-r.com&cb=KPcJUJKLSXTm
108.157.214.49204 No Content 0 B URL HTTP/2 mbledeparatea.com/utx?tid=763904&top=www.heavy-r.com&cb=KPcJUJKLSXTm
IP 108.157.214.49:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?tid=763904&top=www.heavy-r.com&cb=KPcJUJKLSXTm HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 16:04:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 09 Dec 2022 16:05:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fLW-wMcVWbHvgyjJ2BMOE8EO2fuvjRjhRnZs9NsBIP83zoZe-Gc-sQ==
X-Firefox-Spdy: h2
a.pierlinks.com/loader?a=101&s=10&t=2&p=5
172.67.140.204200 OK 329 B URL HTTP/2 a.pierlinks.com/loader?a=101&s=10&t=2&p=5
IP 172.67.140.204:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7d4a56aed2a733e0ac137389734c4245
ef479b1c46978cdd27c242799315b6012cfb1c8f
24b91941e50fc50b279d86aa1600e28a877e0898e9226bd2724e2a448c75f114
GET /loader?a=101&s=10&t=2&p=5 HTTP/1.1
Host: a.pierlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvuNvPb7G3i73ZD%2BQH8bMjD7Wz4POSqnFn4dk9NPlmq%2FBW5SiEqoc8FccdnLRWVDSaNpVhwYi47%2FjY0tVlzBYIJNLIvYImiaL%2FswWi%2FqbY9bntuN5N7x4bz8FVekXyi5XHA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efacd6c06b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oceanicmb.advertserve.com/js/interactive2.js
167.99.122.29200 OK 2.7 kB URL HTTP/1.1 oceanicmb.advertserve.com/js/interactive2.js
IP 167.99.122.29:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (11195), with no line terminators
Hash 3aab9ab80248895ff925b5906764597e
0fc31983fe85d422bb46bf29e52f65eb7bc5a469
e280705d04639ecfec0dfb05b495ffbbb4138cd34c955c9925286a06b02efea3
GET /js/interactive2.js HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=86400
Expires: Sat, 10 Dec 2022 16:04:59 GMT
Vary: Accept-Encoding, Accept-Encoding
Last-Modified: Wed, 15 Jun 2022 14:49:44 GMT
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.google-analytics.com/ga.js
216.58.207.232200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 216.58.207.232:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Fri, 09 Dec 2022 15:33:17 GMT
expires: Fri, 09 Dec 2022 17:33:17 GMT
cache-control: public, max-age=7200
age: 1902
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.3200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.3:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 13:40:02 GMT
expires: Thu, 07 Dec 2023 13:40:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 181497
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/208
205.185.216.10200 OK 78 kB URL HTTP/1.1 cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/208
IP 205.185.216.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 900x250, components 3\012- data
Hash a7661f7362c571ec46dc8f40b012610d
3fc4f46af5cac4e356fab221dfd9d01ae0861038
85b8f5301467593d9e8ae00457319d09c80888f6fe87585768d6aafe9f8a3106
GET /images/oceanicmb.advertserve.com/servlet/files/208 HTTP/1.1
Host: cdn.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: Keep-Alive
ETag: "978263999"
Cache-Control: public, max-age=2592000
Content-Length: 77765
Content-Type: image/jpeg
Last-Modified: Sun, 31 Dec 2000 11:59:59 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-HW: 1670601899.dop208.sk1.t,1670601899.cds242.sk1.shn,1670601900.dop208.sk1.t,1670601900.cds210.sk1.c
everefor.buzz/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heavy-r.com
Content-Length: 346
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/73
205.185.216.10200 OK 472 B URL HTTP/1.1 cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/73
IP 205.185.216.10:0
Hash c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196
GET /images/oceanicmb.advertserve.com/servlet/files/73 HTTP/1.1
Host: cdn.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: Keep-Alive
ETag: "978263999"
Cache-Control: public, max-age=2592000
Content-Length: 78255
Content-Type: image/gif
Last-Modified: Sun, 31 Dec 2000 11:59:59 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-HW: 1670601899.dop012.sk1.t,1670601899.cds253.sk1.shn,1670601899.dop012.sk1.t,1670601900.cds206.sk1.c
bulrev.com/resources/slider.min.js
51.161.119.209200 OK 286 kB URL HTTP/1.1 bulrev.com/resources/slider.min.js
IP 51.161.119.209:0
File type Unicode text, UTF-8 text, with very long lines (65495)
Size 286 kB (286387 bytes)
Hash cf775612adf422f3fe51f965034e7ae1
64dced5942aae5418c3fe53c904c940b55c4e9e0
4a96a924377aeb8d1258633369426f160671c09cdcc075cbb0aba447c9053349
GET /resources/slider.min.js HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 12:09:33 GMT
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
eventhenherthisi.com/SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4
13.225.131.67200 OK 1.2 kB URL HTTP/2 eventhenherthisi.com/SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4
IP 13.225.131.67:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Hash fced61dd3b35edd77a300c488e231a74
9908cafd2adfed49c5e87b19f396bc7bd2bb6616
f25e050aec52b4e6d8eeca1bf4ed4fefcf8ca1b4c025bfdf5287d7f1edcd3be0
GET /SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Fri, 09 Dec 2022 16:04:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 76d034664d0e2c2126caf9bca7adbdc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: NNbOXtsutXPO0Bboes42xn5lsUj6crkIAJzNnIIN31K4SbO_P2TBHA==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 43073
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 83036
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 45033
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 44594
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:44:29 GMT
age: 30031
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Xi-bshsYa4LlKbJgAt0h-lPnB_5uQbqln5JGBRE8io2Fp1y41cS9xg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:08:48 GMT
age: 42972
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b6cf83fdaa8b5e98ca6e779cdce54c2d
3458b755fec9e58628ae84796e1cf30e668cf48a
abbd693c4423ea2266f14767180132fff643cabdd39ad127074cac208d52aeb4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABBD693C4423EA2266F14767180132FFF643CABDD39AD127074CAC208D52AEB4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Fri, 09 Dec 2022 17:59:33 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b6cf83fdaa8b5e98ca6e779cdce54c2d
3458b755fec9e58628ae84796e1cf30e668cf48a
abbd693c4423ea2266f14767180132fff643cabdd39ad127074cac208d52aeb4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABBD693C4423EA2266F14767180132FFF643CABDD39AD127074CAC208D52AEB4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Fri, 09 Dec 2022 17:59:33 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive
cdn.snowmiracles.com/845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 45 kB URL HTTP/2 cdn.snowmiracles.com/845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 5bfe2dce02570dbb81c7a7acb2ff1628
adf3afb548f7716d4334ccb0fd25f0fd69eb159d
eea911c3c7091b5c6f165e0eafecf42b77647f15f550756516e5f4edfe1641bc
GET /845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 45040
last-modified: Wed, 09 Sep 2020 15:43:39 GMT
etag: "5f58f82b-aff0"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:28+00:00
x-id: sto5-up-gc12
accept-ranges: bytes
X-Firefox-Spdy: h2
everefor.buzz/
54.162.51.18200 OK 0 B IP 54.162.51.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heavy-r.com
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.snowmiracles.com/845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 36 kB URL HTTP/2 cdn.snowmiracles.com/845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 282c5320642a33db7306164a506b77a3
973a5f396e144dbc066fd4868ffe769e04a207b8
21c5457b823e0a6a02c71dc7f55ace99c95d8f3b3f1c43963ecddf6367a342e6
GET /845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 36429
last-modified: Wed, 09 Sep 2020 15:27:32 GMT
etag: "5f58f464-8e4d"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:22+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.snowmiracles.com/845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 51 kB URL HTTP/2 cdn.snowmiracles.com/845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash cf688d39a1418b90b52abe0298f4b143
a2a0b43eb3f224bd7a07d6ef37b21b253df6a8cd
a61d5df3a5cec95099b797fff73b9e58fbda92ddc67403a65dd2e4d46a9f1e4f
GET /845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 50898
last-modified: Wed, 09 Sep 2020 15:40:20 GMT
etag: "5f58f764-c6d2"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:19+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.snowmiracles.com/845/02b4618f-f2b0-11ea-94ea-6c46ac15be61.jpg
92.223.97.97200 OK 55 kB URL HTTP/2 cdn.snowmiracles.com/845/02b4618f-f2b0-11ea-94ea-6c46ac15be61.jpg
IP 92.223.97.97:0
ASN #199524 G-Core Labs S.A.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash f8240034e45d9dc558ff789c58b4643c
b9ed8524c281827c53c62f8d323044fe23a7ec37
4887cb5ac08f3d14e9a009d3de8a02f89dc3b928025b852ec951b5cf4ea9a63c
GET /845/02b4618f-f2b0-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 55447
last-modified: Wed, 09 Sep 2020 15:20:36 GMT
etag: "5f58f2c4-d897"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:41+00:00
x-id: sto5-up-gc13
accept-ranges: bytes
X-Firefox-Spdy: h2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWurjnJUQwQ1fXWEjTWHXYNZpYbzdELaEtQp0GaHlx0VUiMfYCXGGglGz1rKpJ5EWB-FBBVlF_GimROpK5kCRM3Y7PXKhTD4TXd-fq_2zmLPig34dt5Thb800kiQOwNHn_52Ncl_HMysWU6NsAX9Y9KgD2uNNNiWRY_YU_N-hdvt8Hd39UKpjPBDYBrXOjPOb8HeAmALx7Gp5gpPSrAKjEt92JZ7loYVf0AdJJ88oTRc-zoDiqVWittAhehVWNfLbJWz4OraluGCjA38vBrvLdxtzYRwz6EEOsdm8l3j_kGVwwWFY-v17C-OCYEiX0jH7W8n4EFqWCqiOW5iwRIhMJHnoCszqXtoD42wssmW-3rcLsVWdYtOJsgxLFfrwqdvAW0U5jN7Ypuv5-rboZ8950ULKilkq3-zHM-LcmFj4a19J7B9fY-bajYeJt2DuZQDjlUbxK6VF-rUICjtx2JHa0EvdrHECI5ueqyYSMqLR5jdc4B5PvCfDujmU1IuJr6lUmkEmbdCzZiIUO_zl7WhboljaYRy8yhoQEoJlrgy0YzQq6J2nlWX4UNymQhuoCd3JrRktWky5M4GMoPp8xFtNvIYmopue5Z8Id4uF0rdTwvBuKWL0VLLhS_HL1Mrw2Yjps1cbcsBfstooQJNSKuELJ3IhoKuF-3syXTi22O6QI_BdmwjG1lhtExaG1o06YZtIH8NiGXNIcA2CKwfG1lFsNuEFf31X-iL7goOhJlLYpboR9mB_AzOXh7-TjChEUPwh8Fm71-12xMOiTJwTg4oqA4aRjtyltSz__bFneI6OYmwOkIZes-XckpS6hU6-N3faMeU5RmWE8e4dNt62XeWDqH1JIGGvXZZGWOfe0ULFcmod-HRYNc05QrgeHiJbGBnPPPlrHNoytAWFszDlVlcNmXyOFtA_oNYWnVqPwqKM0wBQfmRzyNl52aRtglgqpGhfZV4nha5ovzcfaySCvbijjTqVqwWuiTe8pvT2Ar7ahmgCZ_Y7PwlS1fFhjBISOvFEd-WgEjNAVJtB6Nh1r_S-shcT0_fdF9wELZHajt4Gfu9Rir54oPvcBKHjGTKPbMw4R0cBGHxbbkOgORm5nnfv7bWu5I93xpgSw_CYQPcrVEaPYszerXOEsGa_vLEyCSK6fhNeluWYqk3FFJurULXVxoPGfWI7COZ6qO9w
88.208.59.103200 OK 68 B URL HTTP/2 22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWurjnJUQwQ1fXWEjTWHXYNZpYbzdELaEtQp0GaHlx0VUiMfYCXGGglGz1rKpJ5EWB-FBBVlF_GimROpK5kCRM3Y7PXKhTD4TXd-fq_2zmLPig34dt5Thb800kiQOwNHn_52Ncl_HMysWU6NsAX9Y9KgD2uNNNiWRY_YU_N-hdvt8Hd39UKpjPBDYBrXOjPOb8HeAmALx7Gp5gpPSrAKjEt92JZ7loYVf0AdJJ88oTRc-zoDiqVWittAhehVWNfLbJWz4OraluGCjA38vBrvLdxtzYRwz6EEOsdm8l3j_kGVwwWFY-v17C-OCYEiX0jH7W8n4EFqWCqiOW5iwRIhMJHnoCszqXtoD42wssmW-3rcLsVWdYtOJsgxLFfrwqdvAW0U5jN7Ypuv5-rboZ8950ULKilkq3-zHM-LcmFj4a19J7B9fY-bajYeJt2DuZQDjlUbxK6VF-rUICjtx2JHa0EvdrHECI5ueqyYSMqLR5jdc4B5PvCfDujmU1IuJr6lUmkEmbdCzZiIUO_zl7WhboljaYRy8yhoQEoJlrgy0YzQq6J2nlWX4UNymQhuoCd3JrRktWky5M4GMoPp8xFtNvIYmopue5Z8Id4uF0rdTwvBuKWL0VLLhS_HL1Mrw2Yjps1cbcsBfstooQJNSKuELJ3IhoKuF-3syXTi22O6QI_BdmwjG1lhtExaG1o06YZtIH8NiGXNIcA2CKwfG1lFsNuEFf31X-iL7goOhJlLYpboR9mB_AzOXh7-TjChEUPwh8Fm71-12xMOiTJwTg4oqA4aRjtyltSz__bFneI6OYmwOkIZes-XckpS6hU6-N3faMeU5RmWE8e4dNt62XeWDqH1JIGGvXZZGWOfe0ULFcmod-HRYNc05QrgeHiJbGBnPPPlrHNoytAWFszDlVlcNmXyOFtA_oNYWnVqPwqKM0wBQfmRzyNl52aRtglgqpGhfZV4nha5ovzcfaySCvbijjTqVqwWuiTe8pvT2Ar7ahmgCZ_Y7PwlS1fFhjBISOvFEd-WgEjNAVJtB6Nh1r_S-shcT0_fdF9wELZHajt4Gfu9Rir54oPvcBKHjGTKPbMw4R0cBGHxbbkOgORm5nnfv7bWu5I93xpgSw_CYQPcrVEaPYszerXOEsGa_vLEyCSK6fhNeluWYqk3FFJurULXVxoPGfWI7COZ6qO9w
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPe9JWurjnJUQwQ1fXWEjTWHXYNZpYbzdELaEtQp0GaHlx0VUiMfYCXGGglGz1rKpJ5EWB-FBBVlF_GimROpK5kCRM3Y7PXKhTD4TXd-fq_2zmLPig34dt5Thb800kiQOwNHn_52Ncl_HMysWU6NsAX9Y9KgD2uNNNiWRY_YU_N-hdvt8Hd39UKpjPBDYBrXOjPOb8HeAmALx7Gp5gpPSrAKjEt92JZ7loYVf0AdJJ88oTRc-zoDiqVWittAhehVWNfLbJWz4OraluGCjA38vBrvLdxtzYRwz6EEOsdm8l3j_kGVwwWFY-v17C-OCYEiX0jH7W8n4EFqWCqiOW5iwRIhMJHnoCszqXtoD42wssmW-3rcLsVWdYtOJsgxLFfrwqdvAW0U5jN7Ypuv5-rboZ8950ULKilkq3-zHM-LcmFj4a19J7B9fY-bajYeJt2DuZQDjlUbxK6VF-rUICjtx2JHa0EvdrHECI5ueqyYSMqLR5jdc4B5PvCfDujmU1IuJr6lUmkEmbdCzZiIUO_zl7WhboljaYRy8yhoQEoJlrgy0YzQq6J2nlWX4UNymQhuoCd3JrRktWky5M4GMoPp8xFtNvIYmopue5Z8Id4uF0rdTwvBuKWL0VLLhS_HL1Mrw2Yjps1cbcsBfstooQJNSKuELJ3IhoKuF-3syXTi22O6QI_BdmwjG1lhtExaG1o06YZtIH8NiGXNIcA2CKwfG1lFsNuEFf31X-iL7goOhJlLYpboR9mB_AzOXh7-TjChEUPwh8Fm71-12xMOiTJwTg4oqA4aRjtyltSz__bFneI6OYmwOkIZes-XckpS6hU6-N3faMeU5RmWE8e4dNt62XeWDqH1JIGGvXZZGWOfe0ULFcmod-HRYNc05QrgeHiJbGBnPPPlrHNoytAWFszDlVlcNmXyOFtA_oNYWnVqPwqKM0wBQfmRzyNl52aRtglgqpGhfZV4nha5ovzcfaySCvbijjTqVqwWuiTe8pvT2Ar7ahmgCZ_Y7PwlS1fFhjBISOvFEd-WgEjNAVJtB6Nh1r_S-shcT0_fdF9wELZHajt4Gfu9Rir54oPvcBKHjGTKPbMw4R0cBGHxbbkOgORm5nnfv7bWu5I93xpgSw_CYQPcrVEaPYszerXOEsGa_vLEyCSK6fhNeluWYqk3FFJurULXVxoPGfWI7COZ6qO9w HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
eventhenherthisi.com/utx?cb=HbQFhsnc2uae&top=www.heavy-r.com&tid=894738
13.225.131.67204 No Content 0 B URL HTTP/2 eventhenherthisi.com/utx?cb=HbQFhsnc2uae&top=www.heavy-r.com&tid=894738
IP 13.225.131.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=HbQFhsnc2uae&top=www.heavy-r.com&tid=894738 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Fri, 09 Dec 2022 16:05:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 09 Dec 2022 16:06:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 76d034664d0e2c2126caf9bca7adbdc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: 7KeS5e3O3CQ2Pcq303iM8O_TNUpMDvzXsRpE3Zl3GAiFTBGowdoq7A==
X-Firefox-Spdy: h2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nAGV0St9NNwPdYgig6CXilebVOjVI3SBXJp85NprcgwvehsE3JjfbbeGV55xb11ppODVytbJXVSoS7B89OQhgbINe1Lbyeco_pndl1fYOfMHJXU59BBVEt2sHjihPZRZObBbXv6O9Oz95Jjko5uu2IcRIKfMxcN8pD21s1oHC7uBvxZ7j_txa56-teD-6Jrj2u6qMGdoL3slJK_sBrd1EYck6rfAJA-MqP3uszSvqgX9lwO2_piSR8NYN9_K5kP52pvwU4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wss6r6tnEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W15uXp2ARocSdR4ujsmO-ClFvIdT0rJGeGd_Wr-N
88.208.59.103200 OK 68 B URL HTTP/2 22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nAGV0St9NNwPdYgig6CXilebVOjVI3SBXJp85NprcgwvehsE3JjfbbeGV55xb11ppODVytbJXVSoS7B89OQhgbINe1Lbyeco_pndl1fYOfMHJXU59BBVEt2sHjihPZRZObBbXv6O9Oz95Jjko5uu2IcRIKfMxcN8pD21s1oHC7uBvxZ7j_txa56-teD-6Jrj2u6qMGdoL3slJK_sBrd1EYck6rfAJA-MqP3uszSvqgX9lwO2_piSR8NYN9_K5kP52pvwU4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wss6r6tnEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W15uXp2ARocSdR4ujsmO-ClFvIdT0rJGeGd_Wr-N
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPe9JWmrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nAGV0St9NNwPdYgig6CXilebVOjVI3SBXJp85NprcgwvehsE3JjfbbeGV55xb11ppODVytbJXVSoS7B89OQhgbINe1Lbyeco_pndl1fYOfMHJXU59BBVEt2sHjihPZRZObBbXv6O9Oz95Jjko5uu2IcRIKfMxcN8pD21s1oHC7uBvxZ7j_txa56-teD-6Jrj2u6qMGdoL3slJK_sBrd1EYck6rfAJA-MqP3uszSvqgX9lwO2_piSR8NYN9_K5kP52pvwU4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wss6r6tnEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W15uXp2ARocSdR4ujsmO-ClFvIdT0rJGeGd_Wr-N HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjn5kQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nLH6HneCMNs6YavYHsotfUALx7-wjHNhhtJJaC1gXfFnXEWBuCTidgq-PWLbJauCtXYVp9v3rXOiqbnYOxRlM4pdaJKUKjPDVuunBgEZFeWzkSLkdTueKGxcOiTJgQggzoub5ojRmABLT8QLLmzsaz2H3wvWSXAjAdbsFruC7eSVtswgRi_nqC73AQGqtMfs05v5SQC8JGA6eghZ-2glh3ldLMUeVekbm_WJg3qno9Ct2l51hfRGxHnj8bxp7_yCGD06m4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wktRrW9jEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W17GQJ0wEMtyYQSYp9gsjSUHqXMjIV9l41nclzpH
88.208.59.103200 OK 68 B URL HTTP/2 22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjn5kQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nLH6HneCMNs6YavYHsotfUALx7-wjHNhhtJJaC1gXfFnXEWBuCTidgq-PWLbJauCtXYVp9v3rXOiqbnYOxRlM4pdaJKUKjPDVuunBgEZFeWzkSLkdTueKGxcOiTJgQggzoub5ojRmABLT8QLLmzsaz2H3wvWSXAjAdbsFruC7eSVtswgRi_nqC73AQGqtMfs05v5SQC8JGA6eghZ-2glh3ldLMUeVekbm_WJg3qno9Ct2l51hfRGxHnj8bxp7_yCGD06m4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wktRrW9jEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W17GQJ0wEMtyYQSYp9gsjSUHqXMjIV9l41nclzpH
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPe9JWmrjn5kQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nLH6HneCMNs6YavYHsotfUALx7-wjHNhhtJJaC1gXfFnXEWBuCTidgq-PWLbJauCtXYVp9v3rXOiqbnYOxRlM4pdaJKUKjPDVuunBgEZFeWzkSLkdTueKGxcOiTJgQggzoub5ojRmABLT8QLLmzsaz2H3wvWSXAjAdbsFruC7eSVtswgRi_nqC73AQGqtMfs05v5SQC8JGA6eghZ-2glh3ldLMUeVekbm_WJg3qno9Ct2l51hfRGxHnj8bxp7_yCGD06m4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wktRrW9jEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W17GQJ0wEMtyYQSYp9gsjSUHqXMjIV9l41nclzpH HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWWrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDXgOCRzDtzC_mzv86aiyAgIwhh7hT7cUZ7QmQB49hDHMbnYJFcAExZn5zOuu3zKyJH0HSUzHpe1bDph9j9grzxq_LB9tegUUl5HsfTdGvA44x_atn6lHs7pJyWmfj8NPTkGkg2zug2-ZNIzLHUOqotW7NZT_7BPSFwrKY3cgMuoKVlu47H1N65qLsXY-mfYGx6vMhzCQlaT24sq3WP-6uh8ZL7YrBAFkdQlP98so9_LA6zhPFAQI4gKt6zhAPuxgYfQ4brRJ0iNd3h1oTk24nuLl1GEHUCMcyeRAwsyCSvjQuREzJ7JDNKNi-Up8s4wvqWIwthI5bl4XzYNPl34FqGcifGK16csqtR5y9APXpDNIBZUuai-aRbE51SHH2B7eMwJNOxYlRvbChUm9g0rKwKndDISjKQmC3F8u8VOobzmkcNMJdtE_I0blznSeS8BmkkqPfJK8kzNfy6Dsm6wR08pVOgR64M4nQq_UBifPrRbnaQBWa4rApC-JoH1jHz9iVVFe35FJD0o4e7wJK3NsnEPSZD9htQynpunlMZ75NkyPW9lbPSeEIH4kpIGxP8LDyyD0Mg0MKWFqft6URGxJjBcA0392Ms-DJMULodFL3qOb_2W7dDoyoewuSKvSEox3XjUMGgd2sjwGjh1eRJNc8-QNcsU9T699t3UiuEif_eQSWIhicp0FooKI7ivMdKxpZ1foN6mkIEyVZBhPQH79kgj-m_8MxT3PdhAIxrBqfe2eQRFQr85K1IYiraoDZ9rW_QiRY76kYIfFy7MThmRkGHBReiDzbpcQtQp23OP97AN30wbJzIwkyY57d-TWBw7NrCsJ_MZ3E-3_mgCbX6YWoQQT1mFfbOzejQcwNG9F0wn-OVFgSC4R_vUsrLTk677nCixQzZaGHmDW8FcByqZ0tHRAeHWeiRndYmgmDxwd635vEdtOAcHdfYGBU6BiP2XrTU
88.208.59.103200 OK 68 B URL HTTP/2 22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWWrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDXgOCRzDtzC_mzv86aiyAgIwhh7hT7cUZ7QmQB49hDHMbnYJFcAExZn5zOuu3zKyJH0HSUzHpe1bDph9j9grzxq_LB9tegUUl5HsfTdGvA44x_atn6lHs7pJyWmfj8NPTkGkg2zug2-ZNIzLHUOqotW7NZT_7BPSFwrKY3cgMuoKVlu47H1N65qLsXY-mfYGx6vMhzCQlaT24sq3WP-6uh8ZL7YrBAFkdQlP98so9_LA6zhPFAQI4gKt6zhAPuxgYfQ4brRJ0iNd3h1oTk24nuLl1GEHUCMcyeRAwsyCSvjQuREzJ7JDNKNi-Up8s4wvqWIwthI5bl4XzYNPl34FqGcifGK16csqtR5y9APXpDNIBZUuai-aRbE51SHH2B7eMwJNOxYlRvbChUm9g0rKwKndDISjKQmC3F8u8VOobzmkcNMJdtE_I0blznSeS8BmkkqPfJK8kzNfy6Dsm6wR08pVOgR64M4nQq_UBifPrRbnaQBWa4rApC-JoH1jHz9iVVFe35FJD0o4e7wJK3NsnEPSZD9htQynpunlMZ75NkyPW9lbPSeEIH4kpIGxP8LDyyD0Mg0MKWFqft6URGxJjBcA0392Ms-DJMULodFL3qOb_2W7dDoyoewuSKvSEox3XjUMGgd2sjwGjh1eRJNc8-QNcsU9T699t3UiuEif_eQSWIhicp0FooKI7ivMdKxpZ1foN6mkIEyVZBhPQH79kgj-m_8MxT3PdhAIxrBqfe2eQRFQr85K1IYiraoDZ9rW_QiRY76kYIfFy7MThmRkGHBReiDzbpcQtQp23OP97AN30wbJzIwkyY57d-TWBw7NrCsJ_MZ3E-3_mgCbX6YWoQQT1mFfbOzejQcwNG9F0wn-OVFgSC4R_vUsrLTk677nCixQzZaGHmDW8FcByqZ0tHRAeHWeiRndYmgmDxwd635vEdtOAcHdfYGBU6BiP2XrTU
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPe9JWWrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDXgOCRzDtzC_mzv86aiyAgIwhh7hT7cUZ7QmQB49hDHMbnYJFcAExZn5zOuu3zKyJH0HSUzHpe1bDph9j9grzxq_LB9tegUUl5HsfTdGvA44x_atn6lHs7pJyWmfj8NPTkGkg2zug2-ZNIzLHUOqotW7NZT_7BPSFwrKY3cgMuoKVlu47H1N65qLsXY-mfYGx6vMhzCQlaT24sq3WP-6uh8ZL7YrBAFkdQlP98so9_LA6zhPFAQI4gKt6zhAPuxgYfQ4brRJ0iNd3h1oTk24nuLl1GEHUCMcyeRAwsyCSvjQuREzJ7JDNKNi-Up8s4wvqWIwthI5bl4XzYNPl34FqGcifGK16csqtR5y9APXpDNIBZUuai-aRbE51SHH2B7eMwJNOxYlRvbChUm9g0rKwKndDISjKQmC3F8u8VOobzmkcNMJdtE_I0blznSeS8BmkkqPfJK8kzNfy6Dsm6wR08pVOgR64M4nQq_UBifPrRbnaQBWa4rApC-JoH1jHz9iVVFe35FJD0o4e7wJK3NsnEPSZD9htQynpunlMZ75NkyPW9lbPSeEIH4kpIGxP8LDyyD0Mg0MKWFqft6URGxJjBcA0392Ms-DJMULodFL3qOb_2W7dDoyoewuSKvSEox3XjUMGgd2sjwGjh1eRJNc8-QNcsU9T699t3UiuEif_eQSWIhicp0FooKI7ivMdKxpZ1foN6mkIEyVZBhPQH79kgj-m_8MxT3PdhAIxrBqfe2eQRFQr85K1IYiraoDZ9rW_QiRY76kYIfFy7MThmRkGHBReiDzbpcQtQp23OP97AN30wbJzIwkyY57d-TWBw7NrCsJ_MZ3E-3_mgCbX6YWoQQT1mFfbOzejQcwNG9F0wn-OVFgSC4R_vUsrLTk677nCixQzZaGHmDW8FcByqZ0tHRAeHWeiRndYmgmDxwd635vEdtOAcHdfYGBU6BiP2XrTU HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
dmz3nd5oywtsw.cloudfront.net/6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ
143.204.42.156200 OK 332 B URL HTTP/2 dmz3nd5oywtsw.cloudfront.net/6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ
IP 143.204.42.156:0
File type ASCII text, with very long lines (422), with no line terminators
Hash 8208c300de81a81ca5f34a8050eb1156
50bcb676c33cedc4b871304578ef01d017967424
4bd48a7776d28299ef9a6b48c254d181b8cab1aa7007e4472780f410d254a921
GET /6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ HTTP/1.1
Host: dmz3nd5oywtsw.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eventhenherthisi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 332
date: Fri, 09 Dec 2022 16:05:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: T9Iy-aL7qxQpd3_Z5lWQN8oqIBbDWtJmLTOZ6fdLKgpCpa-RrpE-xA==
X-Firefox-Spdy: h2
bulrev.com/resources/slider.min.css
51.161.119.209200 OK 3.0 kB URL HTTP/1.1 bulrev.com/resources/slider.min.css
IP 51.161.119.209:0
File type ASCII text, with very long lines (6167), with no line terminators
Hash a52b157905731a3d1394be0dec6ea5a0
dfe049bf64be4d793c3c9ae5fe40cbe8f025e214
db0b04b9a399c6b8d9caf0e562fec1c1b07b228089afc5301c59696e7e9bdaab
GET /resources/slider.min.css HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:47 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 12:09:33 GMT
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
cloudlogobox.com/rtbfeed.php?1418776e8a5b
78.128.113.86200 OK 6.9 kB URL HTTP/1.1 cloudlogobox.com/rtbfeed.php?1418776e8a5b
IP 78.128.113.86:0
ASN #209160 Miti 2000 EOOD
File type PNG image data, 53 x 53, 8-bit/color RGB, non-interlaced\012- data
Hash 3641c017bc96d86728c2975f641927f6
46c4c07d2275e338ad63bf453687458291bcfd5f
03b2ac763f624662bfa6bf554bdced988183efc4b430bb4b63735cc2f5b1fb9c
GET /rtbfeed.php?1418776e8a5b HTTP/1.1
Host: cloudlogobox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:05:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
bulrev.com/placements/settings?scid=538
51.161.119.209200 OK 265 B URL HTTP/1.1 bulrev.com/placements/settings?scid=538
IP 51.161.119.209:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5a5ba359a55b35f99f9594c2fb2e3a2f
df0a616d91c008a18f37b351aa1ea138ec4d5179
4dc04e88d2a0c1615e3e5742c79385815a161810956c2f1d15ba3d1dee82dca2
GET /placements/settings?scid=538 HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:47 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Set-Cookie: orbit_uuid=59206cb3-a02c-4747-8f05-c2b423836ac0; expires=Sat, 09 Dec 2023 16:05:00 GMT; path=/; secure; SameSite=None
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:48:03 GMT
expires: Fri, 08 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 65817
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
eventhenherthisi.com/floater?tid=894738&red=1&cs=MXlQaUgATmIPelNAY1ssAR9lXXgB&abt=0&v=0.5.54.0&sm=83&k=with%20girl%20teasing%20friend%20asshole%20feather%20anal%20tickling&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_L6dI=1670601898170&crc=1
13.225.131.67200 OK 1.5 kB URL HTTP/2 eventhenherthisi.com/floater?tid=894738&red=1&cs=MXlQaUgATmIPelNAY1ssAR9lXXgB&abt=0&v=0.5.54.0&sm=83&k=with%20girl%20teasing%20friend%20asshole%20feather%20anal%20tickling&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_L6dI=1670601898170&crc=1
IP 13.225.131.67:0
File type ASCII text, with very long lines (2171), with no line terminators
Hash 6684fbc17010eb8e37152a45ad80f10d
bd2b431e3229ece1310ceb95ca3c228b7a77afcd
2057ad8fb5c14adfd370980070f03f820dcb6ee861c88e515a74072f498654be
GET /floater?tid=894738&red=1&cs=MXlQaUgATmIPelNAY1ssAR9lXXgB&abt=0&v=0.5.54.0&sm=83&k=with%20girl%20teasing%20friend%20asshole%20feather%20anal%20tickling&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_L6dI=1670601898170&crc=1 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1512
date: Fri, 09 Dec 2022 16:05:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d479bf0f-a737-47e7-b882-4ca654637d9c
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 76d034664d0e2c2126caf9bca7adbdc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: FTdjVIyJfQjig_VBbrufwP_eqnRkCEJvixLYsBYnzz8NLGjN0GwvCw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cloudlogobox.com/logo.php?a3k9MTQxODc3NmU4YTViXzExJmZ0PVFWUm9RMWFCMWhVVjdkZGRBQUFBQVNVVk9SSzVDWUlJJmZwPTllYmNiMjYwMzI4ZjhjMDYxMDZhY2U3ODY1NjE0MTUyOTZiODYxMWQmYmw9ZW4tVVMsZW4mcGc9JmZjPWZ1bmN0aW9uIGFsZXJ0KCkgeyAgICBbbmF0aXZlIGNvZGVdfX5mdW5jdGlvbiBwcmludCgpIHsgICAgW25hdGl2ZSBjb2RlXX1+ZnVuY3Rpb24gZXZhbCgpIHsgICAgW25hdGl2ZSBjb2RlXX0mdHo9MCZ1Zz1Nb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCZkcj0mbnA9TGludXggeDg2XzY0JmN0PWZhbHNlJmFiPSZicj1jcltmYWxzZV0sZmZbdHJ1ZV0sc2FmW2ZhbHNlXSxvb1tmYWxzZV0saWVbZmFsc2VdLGVkZ1tmYWxzZV0ma3M9MCZyZW49VHlwZUVycm9yOiBjYW4ndCBhY2Nlc3MgcHJvcGVydHkgImdldEV4dGVuc2lvbiIsIGdsIGlzIG51bGwmdmVuPSZ0aGY9aHR0cHM6Ly93d3cuaGVhdnktci5jb20vdmlkZW8vMjcwMzE4L0FuYWxfVGlja2xpbmcvJmhyPTExMjAmZGc9bmFuJm1mPW5hbg==
78.128.113.86200 OK 106 B URL HTTP/1.1 cloudlogobox.com/logo.php?a3k9MTQxODc3NmU4YTViXzExJmZ0PVFWUm9RMWFCMWhVVjdkZGRBQUFBQVNVVk9SSzVDWUlJJmZwPTllYmNiMjYwMzI4ZjhjMDYxMDZhY2U3ODY1NjE0MTUyOTZiODYxMWQmYmw9ZW4tVVMsZW4mcGc9JmZjPWZ1bmN0aW9uIGFsZXJ0KCkgeyAgICBbbmF0aXZlIGNvZGVdfX5mdW5jdGlvbiBwcmludCgpIHsgICAgW25hdGl2ZSBjb2RlXX1+ZnVuY3Rpb24gZXZhbCgpIHsgICAgW25hdGl2ZSBjb2RlXX0mdHo9MCZ1Zz1Nb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCZkcj0mbnA9TGludXggeDg2XzY0JmN0PWZhbHNlJmFiPSZicj1jcltmYWxzZV0sZmZbdHJ1ZV0sc2FmW2ZhbHNlXSxvb1tmYWxzZV0saWVbZmFsc2VdLGVkZ1tmYWxzZV0ma3M9MCZyZW49VHlwZUVycm9yOiBjYW4ndCBhY2Nlc3MgcHJvcGVydHkgImdldEV4dGVuc2lvbiIsIGdsIGlzIG51bGwmdmVuPSZ0aGY9aHR0cHM6Ly93d3cuaGVhdnktci5jb20vdmlkZW8vMjcwMzE4L0FuYWxfVGlja2xpbmcvJmhyPTExMjAmZGc9bmFuJm1mPW5hbg==
IP 78.128.113.86:0
ASN #209160 Miti 2000 EOOD
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 45519216be3b413c13c1bd623990d1b8
f374f2578e498a536085b57c41d3d2299fa84f5e
4742175aa9e5530bd227e6d0ca2e5d2be4aa5b46ec7ee4a7c8f81c74d7d7884c
GET /logo.php?a3k9MTQxODc3NmU4YTViXzExJmZ0PVFWUm9RMWFCMWhVVjdkZGRBQUFBQVNVVk9SSzVDWUlJJmZwPTllYmNiMjYwMzI4ZjhjMDYxMDZhY2U3ODY1NjE0MTUyOTZiODYxMWQmYmw9ZW4tVVMsZW4mcGc9JmZjPWZ1bmN0aW9uIGFsZXJ0KCkgeyAgICBbbmF0aXZlIGNvZGVdfX5mdW5jdGlvbiBwcmludCgpIHsgICAgW25hdGl2ZSBjb2RlXX1+ZnVuY3Rpb24gZXZhbCgpIHsgICAgW25hdGl2ZSBjb2RlXX0mdHo9MCZ1Zz1Nb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCZkcj0mbnA9TGludXggeDg2XzY0JmN0PWZhbHNlJmFiPSZicj1jcltmYWxzZV0sZmZbdHJ1ZV0sc2FmW2ZhbHNlXSxvb1tmYWxzZV0saWVbZmFsc2VdLGVkZ1tmYWxzZV0ma3M9MCZyZW49VHlwZUVycm9yOiBjYW4ndCBhY2Nlc3MgcHJvcGVydHkgImdldEV4dGVuc2lvbiIsIGdsIGlzIG51bGwmdmVuPSZ0aGY9aHR0cHM6Ly93d3cuaGVhdnktci5jb20vdmlkZW8vMjcwMzE4L0FuYWxfVGlja2xpbmcvJmhyPTExMjAmZGc9bmFuJm1mPW5hbg== HTTP/1.1
Host: cloudlogobox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:05:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
bulrev.com/show/std?scid=538
51.161.119.209200 OK 20 kB URL HTTP/1.1 bulrev.com/show/std?scid=538
IP 51.161.119.209:0
File type XML 1.0 document text\012- XML document, ASCII text
Hash 1565cd451aa656696852c69fde0b2e22
75f9eb036a56916e68c99786d62ccb2aa3bc3e9b
c883a9d4951208890deff85b4f48c605147d7adda34ba2ea1f377e4aa41732c0
GET /show/std?scid=538 HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Cookie: orbit_uuid=59206cb3-a02c-4747-8f05-c2b423836ac0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:47 GMT
Content-Type: text/xml
Content-Length: 19765
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavy-r.com
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 167e7939c40581e5498c97d52773e21b
e2d25f4494bebc939f7b1c3f2df4a6a0c1872d71
3ca29eeb08a34d195d06f293b9ace45d05febc0c98cf7cc179ec3fc7f406bc14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Etag: "6392ec9a-117"
Expires: Sun, 11 Dec 2022 08:06:50 GMT
Last-Modified: Fri, 09 Dec 2022 08:06:50 GMT
Server: nginx
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 167e7939c40581e5498c97d52773e21b
e2d25f4494bebc939f7b1c3f2df4a6a0c1872d71
3ca29eeb08a34d195d06f293b9ace45d05febc0c98cf7cc179ec3fc7f406bc14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Etag: "6392ec9a-117"
Expires: Sun, 11 Dec 2022 08:06:50 GMT
Last-Modified: Fri, 09 Dec 2022 08:06:50 GMT
Server: nginx
Content-Length: 279
9u1r1.xyz/images/campaigns/creativity-1964832-16527063614108.png
104.21.92.124200 OK 47 kB URL HTTP/2 9u1r1.xyz/images/campaigns/creativity-1964832-16527063614108.png
IP 104.21.92.124:0
File type PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Hash 58be065cb97a1d8f6c350a13d60946f0
27de845302f713574ad184b4a29662496961f632
51228a586c5bdd2b65ddbc381d29bf14b6555b1712cc12a733b5077ecbf5df53
GET /images/campaigns/creativity-1964832-16527063614108.png HTTP/1.1
Host: 9u1r1.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:05:01 GMT
content-type: image/png
content-length: 47324
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "62824c39-b8dc"
last-modified: Mon, 16 May 2022 13:06:01 GMT
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/16/2022 13:11:23
cdn-edgestorageid: 755
cdn-status: 200
cdn-requestid: 0ca210c7c3dc78ae478ef3797e650080
cdn-cache: HIT
cf-cache-status: HIT
age: 16307535
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQD0BlDzqDa7kM9MqgSUOLDiVqiHJ2Bp2DEarvKSqcNXD8mTY3eT5K5YIiJDOk6C4rPBMePBJfADquY%2BYxT8Z2m5eFT5Q9ZcxbrkN5QaQR8uxTrYNVQegfz3MjU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efad9b8950b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 167e7939c40581e5498c97d52773e21b
e2d25f4494bebc939f7b1c3f2df4a6a0c1872d71
3ca29eeb08a34d195d06f293b9ace45d05febc0c98cf7cc179ec3fc7f406bc14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=144110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "6392ec9a-117"
Expires: Sun, 11 Dec 2022 08:06:51 GMT
Last-Modified: Fri, 09 Dec 2022 08:06:50 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 529cab52441013ee34ed00785cc83d04
eb6be6a208cd4676d21aafbbf65d23821eeddce2
d3baf0a35aae1128a02248e2bb94dcf12a971464fc7fdcddc02f4e0bca15a225
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3BAF0A35AAE1128A02248E2BB94DCF12A971464FC7FDCDDC02F4E0BCA15A225"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6043
Expires: Fri, 09 Dec 2022 17:45:44 GMT
Date: Fri, 09 Dec 2022 16:05:01 GMT
Connection: keep-alive
ads.bullionyield.com/vast?scid=538&adid=3952
51.161.119.209200 OK 7.2 kB URL HTTP/1.1 ads.bullionyield.com/vast?scid=538&adid=3952
IP 51.161.119.209:0
File type ASCII text, with very long lines (7207), with no line terminators
Hash a1aa27a8f3c575919da192613654cf3d
53ea41636d600a83806aec2fdd9ff7886d771254
e54ce5cf6ed82d3b53e8ba09384a23a81389ed19fbd151da0f6eaf4ad6cd272d
GET /vast?scid=538&adid=3952 HTTP/1.1
Host: ads.bullionyield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:48 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 7207
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Set-Cookie: orbit_uuid=e98e628d-1b19-459a-b6d2-d327e43ebe2f; expires=Sat, 09 Dec 2023 16:05:01 GMT; path=/; secure; SameSite=None
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d0aab51eac226773d45430d44b055d01
7c7684d79b05fc9c7f58a9d7ae5a201eb4f28230
b6d56699bea0de400256de276b2edacf77ca410167bfa522e957d6639a95c3d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5773
Cache-Control: max-age=108844
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63924c4c-118"
Expires: Sat, 10 Dec 2022 22:19:05 GMT
Last-Modified: Thu, 08 Dec 2022 20:42:52 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
go.xlviirdr.com/smartpop/84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=a0d731c9-9514-43e0-9311-918cb6089011&sourceId=bullion.media%20slider&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&contentType=video/mp4&trackOff=1
104.18.59.150302 Found 0 B URL HTTP/2 go.xlviirdr.com/smartpop/84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=a0d731c9-9514-43e0-9311-918cb6089011&sourceId=bullion.media%20slider&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&contentType=video/mp4&trackOff=1
IP 104.18.59.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=a0d731c9-9514-43e0-9311-918cb6089011&sourceId=bullion.media%20slider&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&contentType=video/mp4&trackOff=1 HTTP/1.1
Host: go.xlviirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 09 Dec 2022 16:05:01 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://www.heavy-r.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=2060628.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8BjSdYnrc8pHa; SameSite=None; Secure; path=/; expires=Sat, 10-Dec-22 15:05:01 GMT; HttpOnly
server: cloudflare
cf-ray: 776efaddb9a0b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d0aab51eac226773d45430d44b055d01
7c7684d79b05fc9c7f58a9d7ae5a201eb4f28230
b6d56699bea0de400256de276b2edacf77ca410167bfa522e957d6639a95c3d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5773
Cache-Control: max-age=108844
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63924c4c-118"
Expires: Sat, 10 Dec 2022 22:19:05 GMT
Last-Modified: Thu, 08 Dec 2022 20:42:52 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 361aa366131208557ffe6dc24f3ab55c
eede2130a586e197687fa44991862c359b4c61fc
d87017c6d67f1fe3130df85a4df5d9c0899fa9a1c52fefdc30f95c4aa13771ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6490
Cache-Control: max-age=93726
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63920e71-116"
Expires: Sat, 10 Dec 2022 18:07:07 GMT
Last-Modified: Thu, 08 Dec 2022 16:18:57 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 361aa366131208557ffe6dc24f3ab55c
eede2130a586e197687fa44991862c359b4c61fc
d87017c6d67f1fe3130df85a4df5d9c0899fa9a1c52fefdc30f95c4aa13771ac
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6592
Cache-Control: max-age=93828
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63920e71-116"
Expires: Sat, 10 Dec 2022 18:08:49 GMT
Last-Modified: Thu, 08 Dec 2022 16:18:57 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278
go.xlivrdr.com/api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11
104.18.59.150200 OK 0 B URL HTTP/2 go.xlivrdr.com/api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11
IP 104.18.59.150:0
GET /api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:05:01 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCddNhqGgfsRfgxdZCJATP6LwDJnG; SameSite=None; Secure; path=/; expires=Sat, 10-Dec-22 15:05:01 GMT; HttpOnly
server: cloudflare
cf-ray: 776efade2dcbb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.heavy-r.com/css/restyle.css
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/restyle.css
IP 172.67.20.237:0
GET /css/restyle.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=9425
etag: W/"2296612473"
last-modified: Tue, 26 May 2020 15:01:33 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3048
server: cloudflare
cf-ray: 776efac9ffefb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
hecherthepar.com/popunder.gif
188.114.96.1200 OK 0 B URL HTTP/2 hecherthepar.com/popunder.gif
IP 188.114.96.1:0
GET /popunder.gif HTTP/1.1
Host: hecherthepar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 43135
last-modified: Fri, 09 Dec 2022 04:06:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6f3T74YhUOSlaJKC7Rha0JTkRdQxL85fywKzfy9xPbj9BZjWChw7yMqeI0Y8XX8HjFXIHGWMkdZt%2FNQYhuRGUVap4A27JoblbSmbOw1g%2FdfEeudZLxpA2KHNsoVtjE066BQ2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efacd6d62b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
22658.bestwinterclck.name/v2/a/na/157670?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&referer=&av=1&abl=0&kws=anal%2Ctickling&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Dec%2009%202022%2016%3A04%3A58%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
88.208.59.103200 OK 0 B URL HTTP/2 22658.bestwinterclck.name/v2/a/na/157670?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&referer=&av=1&abl=0&kws=anal%2Ctickling&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Dec%2009%202022%2016%3A04%3A58%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/157670?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&referer=&av=1&abl=0&kws=anal%2Ctickling&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Dec%2009%202022%2016%3A04%3A58%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.heavy-r.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 09 Dec 2022 16:04:59 UTC
expires: Fri, 09 Dec 2022 16:04:59 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
everefor.buzz/c2ZXNTQoRGADB0pWYxcYUUR7FwUQVWNWBUtWegFVRgJ6AVVLB3pXDEFVelZWFV9hVgNDUGZXAFFKdQFWSlU1BAYQSzIAUkRLY1BRQktuVgARS28BUkQHZlMNRVZiBxZfRCRCFl9EMkNRAQMxWkZdBCJPTlFKdQQEXVN1GVISCiRQGBUHO0ZRXwA2WUcWOw
54.162.51.18200 OK 0 B URL HTTP/2 everefor.buzz/c2ZXNTQoRGADB0pWYxcYUUR7FwUQVWNWBUtWegFVRgJ6AVVLB3pXDEFVelZWFV9hVgNDUGZXAFFKdQFWSlU1BAYQSzIAUkRLY1BRQktuVgARS28BUkQHZlMNRVZiBxZfRCRCFl9EMkNRAQMxWkZdBCJPTlFKdQQEXVN1GVISCiRQGBUHO0ZRXwA2WUcWOw
IP 54.162.51.18:0
GET /c2ZXNTQoRGADB0pWYxcYUUR7FwUQVWNWBUtWegFVRgJ6AVVLB3pXDEFVelZWFV9hVgNDUGZXAFFKdQFWSlU1BAYQSzIAUkRLY1BRQktuVgARS28BUkQHZlMNRVZiBxZfRCRCFl9EMkNRAQMxWkZdBCJPTlFKdQQEXVN1GVISCiRQGBUHO0ZRXwA2WUcWOw HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: cb81bc75a915df40dd17185bbad9a284=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8442-I3ywmyBDmyaZrqYZyiPRMZt4Alg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
22658.bestwinterclck.name/v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850
88.208.59.103200 OK 0 B URL HTTP/2 22658.bestwinterclck.name/v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850 HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
a-cdn.heavy-r.com/vid/1e/b4/5f/1eb45ff385a3065.mp4
205.185.216.10206 Partial Content 0 B URL HTTP/1.1 a-cdn.heavy-r.com/vid/1e/b4/5f/1eb45ff385a3065.mp4
IP 205.185.216.10:0
GET /vid/1e/b4/5f/1eb45ff385a3065.mp4 HTTP/1.1
Host: a-cdn.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://www.heavy-r.com/
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 206 Partial Content
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1495751130"
Cache-Control: max-age=86390
Content-Length: 18260242
Content-Range: bytes 0-18260241/18260242
Content-Type: video/mp4
X-HW: 1670601899.dop208.sk1.t,1670601899.cds066.sk1.shn,1670601899.dop208.sk1.t,1670601880.cds010.sk1.p
Last-Modified: Thu, 25 May 2017 22:25:30 GMT
www.heavy-r.com/js/CH_ThumbsPreview.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/CH_ThumbsPreview.js
IP 172.67.20.237:0
GET /js/CH_ThumbsPreview.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=2817
etag: W/"3247923509"
expires: Mon, 04 Jul 2022 18:35:40 GMT
last-modified: Fri, 11 Feb 2022 20:21:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efaca0819b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/favicon.ico
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/favicon.ico
IP 172.67.20.237:0
GET /favicon.ico HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/vnd.microsoft.icon
etag: W/"4080963554"
last-modified: Mon, 11 Dec 2017 19:49:52 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6609
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efad26b4bb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/jquery.bxslider.min.js?v1
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/jquery.bxslider.min.js?v1
IP 172.67.20.237:0
GET /js/jquery.bxslider.min.js?v1 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 19 Oct 2022 22:54:57 GMT
etag: W/"2811880859"
expires: Wed, 19 Oct 2022 23:55:51 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3048
server: cloudflare
cf-ray: 776efacb0987b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
everefor.buzz/RWhsdzM%2BSh8AbDAaAFUJZwAYA0M2UkNYRDIfQh9WJB4VWkFrCwMaHDYfQh1AZ0ROBF4jSlZGH2cbAQERf0pYWQBnRE4DUiI3BRMRf0pbQQB8WFhVH2cbGRVsLAxeVQlnWQ9EByZZVEcecQlZEx5xCVQWHidQXkQeJgoKTgUmX1xBAidcTgo
54.162.51.18502 Bad Gateway 0 B URL HTTP/2 everefor.buzz/RWhsdzM%2BSh8AbDAaAFUJZwAYA0M2UkNYRDIfQh9WJB4VWkFrCwMaHDYfQh1AZ0ROBF4jSlZGH2cbAQERf0pYWQBnRE4DUiI3BRMRf0pbQQB8WFhVH2cbGRVsLAxeVQlnWQ9EByZZVEcecQlZEx5xCVQWHidQXkQeJgoKTgUmX1xBAidcTgo
IP 54.162.51.18:0
GET /RWhsdzM%2BSh8AbDAaAFUJZwAYA0M2UkNYRDIfQh9WJB4VWkFrCwMaHDYfQh1AZ0ROBF4jSlZGH2cbAQERf0pYWQBnRE4DUiI3BRMRf0pbQQB8WFhVH2cbGRVsLAxeVQlnWQ9EByZZVEcecQlZEx5xCVQWHidQXkQeJgoKTgUmX1xBAidcTgo HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
set-cookie: ca22a441e733706aabc3ae4e26fab7b4=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2