Report - www.heavy-r.com/video/270318/Anal

Report Overview

Submitted URL
www.heavy-r.com/video/270318/Anal_Tickling/
IP
104.22.4.193
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-09 16:05:09
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
a.pierlinks.com	344310	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	489 B	1.0 kB	172.67.140.204
ssl.google-analytics.com	275	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	365 B	18 kB	216.58.207.232
ads.bullionyield.com	111755	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	7.6 kB	51.161.119.209
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	7.0 kB	142.250.74.131
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	6.1 kB	93.184.220.29
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	392 B	35 kB	216.58.207.234
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.163.49.154
cdn.snowmiracles.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	189 kB	92.223.97.97
hecherthepar.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385 B	723 B	188.114.96.1
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	35.241.9.150
cloudlogobox.com	136307	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	7.7 kB	78.128.113.86
oceanicmb.advertserve.com	476384	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	5.5 kB	167.99.122.29
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	391 B	34.117.237.239
dmz3nd5oywtsw.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	37 kB	143.204.42.156
ocsps.ssl.com	14517	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	8.8 kB	52.6.97.148
ocsp.r2m02.amazontrust.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	54.230.80.227
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	340 B	2.3 kB	192.124.249.22
mbledeparatea.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	432 B	678 B	108.157.214.49
www.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	164 kB	142.250.74.3
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.4 kB	12 kB	23.33.119.27
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	472 B	16 kB	142.250.74.35
22658.bestwinterclck.name	703243	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.2 kB	3.6 kB	88.208.59.103
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.5 kB	23.33.119.27
everefor.buzz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	875 B	54.162.51.18
eventhenherthisi.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	4.7 kB	13.225.131.67
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	52 kB	34.120.237.76
go.xlivrdr.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	971 B	577 B	104.18.59.150
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
static.heavy-r.com	264439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	13 kB	427 kB	37.48.81.1
a.faster-trk.com	412108	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	6.8 kB	104.21.70.227
bulrev.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	311 kB	51.161.119.209
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	1.2 kB	142.250.74.164
cdn.fluidplayer.com	33284	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	384 B	47 kB	205.185.216.10
cdn.advertserve.com	51187	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	869 B	79 kB	205.185.216.10
9u1r1.xyz	142020	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	385 B	48 kB	104.21.92.124
go.xlviirdr.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	685 B	1.3 kB	104.18.59.150
a-cdn.heavy-r.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	407 B	205.185.216.10
www.heavy-r.com	196916	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	15 kB	482 kB	172.67.20.237

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-09	medium	www.heavy-r.com/sw.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (55)

	URL	Size	First Seen	Last Seen
	www.heavy-r.com/js/mobile3.js?v=8	5.4 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/mobile3.js?v=8 IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:58 Times Seen41 Hash f0fc9c134769efd63b605d1cefe43ded e035c5f860e23662041bb35192faa3c750f614f4 9f39620ccdde11ccb247a9efac8d4d48409f25022558574d8ccaa5a1c3a566af Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	473 B	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen31 Hash c0f2475cf9a857185ab1d0950c8d7d90 79b63ee8f5c1e0d8dbd70c9fed2680479f1f0bd7 4da0c21ab5e19c31af991cf326e0a26b6dc385d37e6355d8d089172fe6590d38 Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	1.8 kB	2023-03-09	2023-11-14
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:40 Last Seen2023-11-14 21:21:52 Times Seen14 Hash 52c77a97e22001fac431de12a75a3d57 adcdbfe5abefa40b3cd7d117b59ec78d8282d6f3 71912a1789962244fe51e9609c5ad7f5518f7516bda592371ab72335ff39c676 Loading...

	bulrev.com/resources/slider.min.js	908 kB	2023-03-07	2023-03-29
Pretty URL bulrev.com/resources/slider.min.js IP 51.161.119.209 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:11:03 Last Seen2023-03-29 23:14:35 Times Seen7 Hash 1d28bdad2de6e332bb6c010ac83cd77b 92d352655e48f28e4dac143c2a667744d75e9a2e cc7ee3512c2aef2d7cb5320d4df593467aee8e48a5a20d1ad536281772ea24ea Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 142.250.74.3 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

	oceanicmb.advertserve.com/js/interactive2.js	11 kB	2023-03-07	2024-02-13
Pretty URL oceanicmb.advertserve.com/js/interactive2.js IP 167.99.122.29 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-13 19:24:34 Times Seen103 Hash 905f3ddae4774c92242e4813407cdbd5 f698ad7ba5a4a0d2093d6def137d55bca54bd030 94a16af23f5b8c309dc7fa05d0ea2de49f6da7de105159b46241a046e407e056 Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	143 B	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:56 Times Seen31 Hash de5d25925b220c26d48503a30d26184f 7488c4efbb4508e9cfd80b5aa931119739569fbb 477ac9cf41592dd238ba041b1f2ed87392686437d76ea76ba77229b6bbf9b6dc Loading...

	www.heavy-r.com/js/date.js	5.8 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/date.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:59 Times Seen41 Hash 8204d6ec2a8b2d1178c4867cb1742016 244eef1f6e9af6dd5354b763cf867d49a4b2aa35 f6f1d5bc844220283ca5d81a861c5f2266c12ec563b69bd513ab857d59bc482e Loading...

	unknown	0 B	2023-03-07	2024-05-09
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-09 02:21:32 Times Seen37455518 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	201 B	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen31 Hash fc9c176a799045fbb71b61403845c880 f6ede6a0eaa9bd33cf6ad3cd064085fecc3fb454 b12ed68324fe26fc04aadac465e88c24d48a11da2db56978fbe75663677220df Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	1.3 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen31 Hash b6cfaba8bf6e79322beaca650d23a2a1 9ed243ed7ea9aad4762ddc805477ad785e6d350a 340a096869f7187e314fb76f342a487c7af063b8729a3a23123b33ec9c5a0019 Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	238 B	2023-03-09	2023-11-14
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-11-14 21:21:52 Times Seen13 Hash 2db6dac660ba9e7f9a26cf5d7039519d b9ccf08d03b5dce10cacde3d9a602215c04a7b70 ab2cbdf9a0564b73342a72c305777f167ec9ce854ef404dd5bafba3f8ad53b59 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc1MQMTAAAAAAAHqsy3VgdHvjaTg2kpPEk3LTvC&co=aHR0cHM6Ly93d3cuaGVhdnktci5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=normal&cb=fqwcmra45n5w	36 kB	2023-03-09	2023-03-09
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc1MQMTAAAAAAAHqsy3VgdHvjaTg2kpPEk3LTvC&co=aHR0cHM6Ly93d3cuaGVhdnktci5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=normal&cb=fqwcmra45n5w IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash a1d4bbde0922e21ed66ec66b9ff9f852 80b6ce5d01283b65b7c804e72df3f9e925fe0565 153b88448dc5ce3559f2488fb22c99a8ff9244eb5882ae032ef1ec3201dd4038 Loading...

	www.heavy-r.com/js/zxml.js	6.5 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/zxml.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen39 Hash 31d577688e4130a0eeb57ba980544b43 2715131b66a0fe49c2cf3a46aaf832327427d060 89cb55a7a76f1ecaa4ae390abbfc25e2510a52faa4af1322ceacddeff93f1bb7 Loading...

	www.heavy-r.com/js//jquery.tools.min.js	8.6 kB	2023-03-09	2023-03-29
Pretty URL www.heavy-r.com/js//jquery.tools.min.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-29 20:58:17 Times Seen4 Hash dd25c296883b8469e205c3fd6579ddf7 9e5465834b2207e4de4a665f63af320d5c298b14 81b04019783e5c128ac130c1a614456e1a5e29c486a21f8f11858fa8833109c9 Loading...

	www.heavy-r.com/js/jquery.jcarousel.pack2.js	8.5 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/jquery.jcarousel.pack2.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:59 Times Seen40 Hash f35768a47b2420da93cc3a949eef1d81 2c2c2cf821bd319c04751b8d8ac332fd3b97a0ea ebd77058e8567a2ba19ffefbcce06c181a7d6d1575575e5e7a7acb5e0c29fd8f Loading...

	www.heavy-r.com/js/c.js	492 B	2023-03-09	2023-11-14
Pretty URL www.heavy-r.com/js/c.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-11-14 21:21:51 Times Seen17 Hash ef5a103025b76134b385ada50a029d06 e436eaa6d9a3a6fc18140e024bc76766c72ab412 2217ce87a615f808f0702a41fb52c955190fd6278f852b431b26653170fbff50 Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	2.3 kB	2023-03-09	2023-03-09
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash 6f22efd8aaa984979fd1dca98565e1a3 4b4945c66094b38a6f964a27c7df78387e9746ae b42393145e0e86fe647b91fdc4d597faf0dec2246de1e23517358d2ca86122b2 Loading...

	www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit	909 B	2023-03-08	2023-03-11
Pretty URL www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit IP 142.250.74.164 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:34:45 Last Seen2023-03-11 23:40:41 Times Seen1 Hash e2c1b0e2b367f95689b815c29e52302c 0e9607e05a850888e4c6aa558e8c8b3a2b43255d 961995925172473c4d0225d712b4c4344d97cad422cab90e26ee494aeed1db72 Loading...

	dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738	100 kB	2023-03-09	2023-03-09
Pretty URL dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738 IP 143.204.42.156 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash b32c1fd34aced962957f37409c446a74 1acf204b57912aec544429afa6b9de76f86cd6ad 219b953bf23ae6ef8db819e958f778548dfdbd600b5d85a6c21efdd784836e0a Loading...

	www.heavy-r.com/js/CH_VideoView.js	2.6 kB	2023-03-09	2023-11-14
Pretty URL www.heavy-r.com/js/CH_VideoView.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-11-14 21:21:51 Times Seen21 Hash 850c64a197ab75ddf648293e0683ee04 fcff715cd5dcc5e9b457a283614d32e5d7a91acf 49e87be14fc3ca51f50915fa084f3eeb988a065684a4972447eb82ffc450b74d Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	53 B	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen31 Hash 1015c283171ce639f7672404e2db65a5 57112dbaa2d45ece2ec8b6285b70c11cbdc94de0 312d095052c011b7af8dd8f69503bd6c90a4fa6c7073875e483bc8068d5f65af Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	517 B	2023-03-09	2023-03-09
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash 98ebcc4991bd6b037a0acd9265939fc3 13367cf3f298e257284587df80ab95cc7ea628b5 d6a0feb458edcd375605750415d5f0ae663f550bfd6691a922dc64fc2f01d2bf Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	1.7 kB	2023-03-09	2023-11-14
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-11-14 21:21:52 Times Seen13 Hash c145895d014ad61bea82a421fe88e761 45d7de863d1a6818888a5be475d62e880d874d4c c46d775afcd2a0d02695e2b9f1cf480dc95f2a787813176031bd7541a7b88841 Loading...

	www.google.com/recaptcha/api2/bframe?hl=en&v=Km9gKuG06He-isPsP6saG8cn&k=6Lc1MQMTAAAAAAAHqsy3VgdHvjaTg2kpPEk3LTvC	178 B	2023-03-09	2023-03-09
Pretty URL www.google.com/recaptcha/api2/bframe?hl=en&v=Km9gKuG06He-isPsP6saG8cn&k=6Lc1MQMTAAAAAAAHqsy3VgdHvjaTg2kpPEk3LTvC IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash be58b379986c5ab2a9e33a060d9db1f8 02bda045faa588908b96f13d2b9deb48220b33e0 79ba3747e4a7043a34223af41a36e8f958a03b58108272824ddc047b7444a456 Loading...

	www.heavy-r.com/js/jquery.form.js	20 kB	2023-03-07	2024-03-09
Pretty URL www.heavy-r.com/js/jquery.form.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-03-09 17:32:11 Times Seen106 Hash 4e72012ca4af38140f56f7c4c3d5b0ff a4535b789710781c47a3ce14d7433fb357c5964e 5f6f37cf3ef5dc8e8afd01a30fcd944e5b7fc20e52d6ddcd762ef9fab3820939 Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	55 B	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:56 Times Seen31 Hash 974d410f7c21910db60520d9221fc8e6 d2bd41066fad46a4b7f8ae72c0cd1da0a5b07584 ec8a746dd4503ea307e17a02a6930db57f8d94900f258b2ba7fe5c9bf488dcba Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	1.3 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen30 Hash d5acbeced0a87d323e0f341ffeef00f3 1b618b154d3dfae57c03e06413f2283224dd66f5 c0be3191b2177bbb07c6103b640da76544d5360583469ae24430e1971d3ed10b Loading...

	oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101	766 B	2023-03-09	2023-03-09
Pretty URL oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101 IP 167.99.122.29 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash 5b2dfd2004242e6c336e5821a941a1a2 3320ffe073d213ad77c2ce4e6cb5e127c180b3a0 37f3999911f718e92ce0ff535e9d73a29723b93742b744e247cae24d26dc0844 Loading...

	ssl.google-analytics.com/ga.js	46 kB	2023-03-07	2024-04-16
Pretty URL ssl.google-analytics.com/ga.js IP 216.58.207.232 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-16 23:24:27 Times Seen3495 Hash e9372f0ebbcf71f851e3d321ef2a8e5a 2c7d19d1af7d97085c977d1b69dcb8b84483d87c 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Loading...

	eventhenherthisi.com/SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4	3.0 kB	2023-03-09	2023-03-09
Pretty URL eventhenherthisi.com/SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4 IP 13.225.131.67 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash 3c79e8afe778b28e26f1cea0cbabb18a 0d1d4459e5657fdbc940f6443c7c5b7e7017b42d 15f47fc6e012e892013a1675944c9f457cc425e39859d2c63079625a32bc351b Loading...

	www.heavy-r.com/js/CH_ThumbsPreview.js	2.3 kB	2023-03-07	2023-03-12
Pretty URL www.heavy-r.com/js/CH_ThumbsPreview.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2023-03-12 11:02:56 Times Seen1 Hash bbe5c06acdf04f548f8e2f65d6e7086c d72fc1110d7745bc86bf0ea4bdd6c8aaba97024d a6e415a8964d05ce1add8cb51a1df8514bc5dcb1add853bf01c5bd2e82d084dd Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	843 B	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:57 Times Seen30 Hash 775ec83531bd18f6c6ecacd27f73e750 c45dc2b22cc7f7bc3ed4c2e0fb3ab530f010cd77 3f01e5bb682790b9d20e21339b25c5c8c388e0f6aae604a2e6eac0ab4571097f Loading...

	a.faster-trk.com/oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0	13 kB	2023-03-07	2024-02-22
Pretty URL a.faster-trk.com/oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0 IP 104.21.70.227 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:10:04 Times Seen55 Hash 05549be4b9bafd23c8ae92b21b8448f9 35b2b785c559afdd90b385b69b82396d7651b249 3f552e2e83d7360e73744db5ef7bc25f8b53e544ec9b12d6a1e9b2dd15a3be85 Loading...

	22658.bestwinterclck.name/v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850	139 kB	2023-03-09	2023-03-11
Pretty URL 22658.bestwinterclck.name/v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850 IP 88.208.59.103 ASN #39572 DataWeb Global Group B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-11 21:27:34 Times Seen1 Hash 16a94c2f4d673467483e553973018edb 2ed381317a2ecba6852f45e2e8115b9a02193a81 2fdb0f985b14c5ef0d0f08fb17a19a63ff5ca6d08c33c4e22bd0e55823c597bd Loading...

	dmz3nd5oywtsw.cloudfront.net/6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ	422 B	2023-03-09	2023-03-09
Pretty URL dmz3nd5oywtsw.cloudfront.net/6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ IP 143.204.42.156 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash 1cb8e1602510f4bf4c71e4e4d6355347 d86d9a149edc0f5769f3a1375c9b2eb748ebfb34 b95b27e6d47f1dfb1e8f9394a688b47fbce2dbbdc05b3b57b97d89ccb558a4cb Loading...

	www.heavy-r.com/sw.js	101 kB	2023-03-09	2024-02-22
Pretty URL www.heavy-r.com/sw.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2024-02-22 23:10:04 Times Seen57 Hash 31920aa1c4978310d33e5282371e60d0 442f1b41a0c3ed0b6d36828b3fdbf12b9f54e0a9 0ad4e2fae0d65592d8af9bc9132053519dad7c0b57cb10082d0565303ab3fb00 Loading...

	oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69	766 B	2023-03-09	2023-03-09
Pretty URL oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69 IP 167.99.122.29 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-09 00:06:41 Times Seen1 Hash f5fd1386b213c42766cb489a94d01c6e effcb8f95974c91171b801bea1d422974b7cc2ea 2698ad05947bcf1184653efbcd0a3fc022a3e57f6c24360ab7664451afad4b6b Loading...

	www.heavy-r.com/js/script.js	4.6 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/script.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:56 Times Seen39 Hash fee3ade47303566f923c9b7d01825382 7efb2c3cc393aeab2b497f8315e87ee7b70180c8 62f5f8c7b9e83fef8ca79c9641df897546b9e70c9ce3c2eb957d2b2a169d1411 Loading...

	www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc1MQMTAAAAAAAHqsy3VgdHvjaTg2kpPEk3LTvC&co=aHR0cHM6Ly93d3cuaGVhdnktci5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=normal&cb=fqwcmra45n5w	69 B	2023-03-07	2024-05-09
Pretty URL www.google.com/recaptcha/api2/anchor?ar=1&k=6Lc1MQMTAAAAAAAHqsy3VgdHvjaTg2kpPEk3LTvC&co=aHR0cHM6Ly93d3cuaGVhdnktci5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=normal&cb=fqwcmra45n5w IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:05 Last Seen2024-05-09 02:10:45 Times Seen101161 Hash 45ecf7458f42da80ac248ad42d610372 a5b3edf8328769bc754e6e616a957ceed4fdadd7 75867e75b209895995014b43c3d711476e3437481e5fbec91a4da674302558bf Loading...

	cdn.fluidplayer.com/v3/current/fluidplayer.min.js	212 kB	2023-03-08	2023-03-13
Pretty URL cdn.fluidplayer.com/v3/current/fluidplayer.min.js IP 205.185.216.10 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:21 Last Seen2023-03-13 11:31:13 Times Seen1 Hash b4cde2ae5b5475d452c59f7529e4b902 534228ae814e7d03ecf6b9a832070f51052834f5 b83502578973445215224ff63bd22daf060682863ba8822518fbb0a795068efd Loading...

	www.heavy-r.com/js/bootstrap.min.js	36 kB	2023-03-07	2024-05-08
Pretty URL www.heavy-r.com/js/bootstrap.min.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-05-08 22:40:33 Times Seen7863 Hash 8c237312864d2e4c4f03544cd4f9b195 253711c6d825de55a8360552573be950da180614 d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8 Loading...

	www.heavy-r.com/js/jquery.bxslider.min.js?v1	20 kB	2023-03-09	2023-03-29
Pretty URL www.heavy-r.com/js/jquery.bxslider.min.js?v1 IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-29 20:58:17 Times Seen4 Hash fff261d29d13c9216fef57adaf496f20 1fa32bc68b4ac9705ecae9b06725e19b5e0fa06e 8f84acf5bc43384f393553c5e4ee5711fd3afc7058aa0428cf983d5c9f36b342 Loading...

	www.heavy-r.com/js/CH_Ajax.js	3.3 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/CH_Ajax.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:59 Times Seen42 Hash fa5a64e36f433b37a75c75c77609add2 0297b28c71ed5a4d600a7da111589e2dffa58d44 75daff3fe998659367e10c8ce1ef83b3cd9b68222d040204979d896b469bc5e2 Loading...

	www.heavy-r.com/js/general.js	1.2 kB	2023-03-07	2024-02-22
Pretty URL www.heavy-r.com/js/general.js IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:59 Times Seen42 Hash 92892f14d00d478506b7deb161cef234 08c3c2b97e1679c1f60ac827fbb6c6a6008a19af 341db967c47ce56037fbe2d04883b664833ca1bc6dabbfb232529d1c6f2c35da Loading...

	www.heavy-r.com/video/270318/Anal_Tickling/	400 B	2023-03-09	2023-11-14
Pretty URL www.heavy-r.com/video/270318/Anal_Tickling/ IP 172.67.20.237 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 00:06:41 Last Seen2023-11-14 21:21:51 Times Seen14 Hash a9e28fc816792a2f297c6ae5c95d695e 5352203369be9e44b0f5ebcce97bf032ca7b5608 58e23138cc803e7c99d67bb0d537d7b8223717b23e9c4c7e741114f41f4940e1 Loading...

		Size	First Seen	Last Seen
	#1 Eval - c9257e927ccf8069f3dcfb01c9234d09	22 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash c9257e927ccf8069f3dcfb01c9234d09 921955c8df691f30a12542510f33856a4cb972cb 9bb0c662c12831d4a6a9d504b2534e28f08b91591da1303a05ad2b3e12a6e49e Loading...

	#2 Eval - 8c8cd677b9e79b9b2436bbb6eed7de3c	8.2 kB	2023-03-09	2023-03-25
Pretty Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-25 23:33:45 Times Seen2 Hash 8c8cd677b9e79b9b2436bbb6eed7de3c 8312df17cddcbd764648321a64014481550d5a25 61e2f2596be771562e165d9d7fc15361be7048c37fb7e749092519f1266af961 Loading...

	#3 Eval - 0d2fca76a746941a17fa7dcf80dfc0c2	22 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash 0d2fca76a746941a17fa7dcf80dfc0c2 a4d2a22237d8b10b7b611764266911ef1933bbd7 2ed176c7f9d5b3c8ca6ccdb0e994b6ddc34944c41fc4db7451fd7a3d27fed6f1 Loading...

	#4 Eval - 628631f07321b22d8c176c200c855e1b	3 B	2023-03-07	2024-05-05
Pretty Observations First Seen2023-03-07 01:06:52 Last Seen2024-05-05 18:41:23 Times Seen432 Hash 628631f07321b22d8c176c200c855e1b 088fb1a4ab057f4fcf7d487006499060c7fe5773 0aad7da77d2ed59c396c99a74e49f3a4524dcdbcb5163251b1433d640247aeb4 Loading...

	#5 Eval - 5947df841950f8414c3bd6acac546fce	14 kB	2023-03-07	2024-05-06
Pretty Observations First Seen2023-03-07 14:24:24 Last Seen2024-05-06 07:16:13 Times Seen71 Hash 5947df841950f8414c3bd6acac546fce b0258885c42ef20f9d453ca4db10608845b4a01a dfc345b6cad198260a705753a84befbc76b7165b873a406bf927c27e6f337052 Loading...

	#6 Eval - 5bd210fff45cf96ffcf0bb9123070d51	16 kB	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash 5bd210fff45cf96ffcf0bb9123070d51 09f3615c3096b1c7b413dbe39439be8f82d1eeef 0d4559ba47020dfb3d3229a79fae241152a0337f86a9c8a01bd5add41c1753b7 Loading...

	#7 Eval - af4cec413d9817b5c305b143d6387c26	21 kB	2023-03-09	2023-03-12
Pretty Observations First Seen2023-03-09 00:06:41 Last Seen2023-03-12 20:08:36 Times Seen1 Hash af4cec413d9817b5c305b143d6387c26 3e3105234079fb2337641d99cb9e39bdb36fa9fe eac28d16e77fbf40205f26b6c4c2feda6136b9007b531e6cb80d41d63cc039bb Loading...

	#8 Eval - a67bad065c725f1d42d6eb83f626f676	64 B	2023-03-08	2023-11-04
Pretty Observations First Seen2023-03-08 14:33:54 Last Seen2023-11-04 16:55:45 Times Seen3 Hash a67bad065c725f1d42d6eb83f626f676 ecd1fed4bbaacbf771ba634b4616d2bebcba57cb cc158dc49db31ac40a09769c14f1e96ce12d8ee44ddb54a5321c32cd0536ef78 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2f427d1b8afefd4041c4169a1d613df1	322 B	2023-03-07	2024-02-22
Pretty Observations First Seen2023-03-07 14:24:24 Last Seen2024-02-22 23:09:58 Times Seen31 Hash 2f427d1b8afefd4041c4169a1d613df1 e0ebb0c339d54a10ec11123a69c945b066b8c631 a13697fea39ee4f73184ec77384ae236a3f9dbb6142e03e41406be1cab41a7e7 Loading...

HTTP Transactions (165)

URL IP Response Size

www.heavy-r.com/video/270318/Anal_Tickling/

172.67.20.237

301 Moved Permanently

0 B

URL HTTP/1.1
www.heavy-r.com/video/270318/Anal_Tickling/
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /video/270318/Anal_Tickling/ HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Fri, 09 Dec 2022 16:04:57 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 09 Dec 2022 17:04:57 GMT
Location: https://www.heavy-r.com/video/270318/Anal_Tickling/
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776efac35da7b4f9-OSL

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10225
Expires: Fri, 09 Dec 2022 18:55:22 GMT
Date: Fri, 09 Dec 2022 16:04:57 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15983
Expires: Fri, 09 Dec 2022 20:31:20 GMT
Date: Fri, 09 Dec 2022 16:04:57 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 15:33:14 GMT
content-type: application/json
age: 1903
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19332
Expires: Fri, 09 Dec 2022 21:27:09 GMT
Date: Fri, 09 Dec 2022 16:04:57 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 4QNmLRlEzaUqn2MPnqhlXYV+kl3clGXHkLGccquE/vZWMQnJ/gKGWIn27949PLOo8zwJ+BtiMWc=
x-amz-request-id: 25DPZ0R1EH5VQJTC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 15:48:23 GMT
age: 994
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
d806e072025103ce77bf52b7ee500c92
93ba62c4dd40e7d268545e59e8150ed5e727c211
c57833adc5a54f050c6f48dcf74c49987aead908a4fcb5122d2b3243eca20f59

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3959
Cache-Control: max-age=137252
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:57 GMT
Etag: "6392c256-118"
Expires: Sun, 11 Dec 2022 06:12:29 GMT
Last-Modified: Fri, 09 Dec 2022 05:06:30 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:04:57 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 15:33:13 GMT
age: 1905
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

www.heavy-r.com/images/icon-18plus.png

172.67.20.237

200 OK

762 B

URL HTTP/2
www.heavy-r.com/images/icon-18plus.png
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 20 x 20, 8-bit colormap, non-interlaced\012- data
Size
762 B (762 bytes)
Hash
c3b73ffd4b590cf0cc315248d2c07604
bf96caf178253cfc594a8ca4af91c1f90fffbdca
7229145331769f34343478592a9350e1aa3b2f8ecf32503a5294dcc88933a7f4

HTTP Headers

GET /images/icon-18plus.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 762
etag: "171161295"
last-modified: Mon, 23 Aug 2021 18:38:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5611
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca182ab4f3-OSL
X-Firefox-Spdy: h2

www.heavy-r.com/avt/61/e6/72/61e672f4434200a.jpg

172.67.20.237

200 OK

5.1 kB

URL HTTP/2
www.heavy-r.com/avt/61/e6/72/61e672f4434200a.jpg
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), default quality", baseline, precision 8, 160x160, components 3\012- data
Size
5.1 kB (5055 bytes)
Hash
d68183bef23cf9cb22e224bc51979d57
a5fb2de5ddff1b530c132377e905dc548059959e
0d1f912dba805380ca905d00c81a8ecce57c358dabc0f9c6f055384be1ec60ce

HTTP Headers

GET /avt/61/e6/72/61e672f4434200a.jpg HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/jpeg
content-length: 5055
cache-control: max-age=14400
cf-bgj: h2pri
etag: "916331967"
expires: Fri, 09 Dec 2022 17:04:38 GMT
last-modified: Tue, 15 Nov 2016 20:01:46 GMT
cf-cache-status: HIT
age: 20
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca283cb4f3-OSL
X-Firefox-Spdy: h2

www.heavy-r.com/images/logo.png

172.67.20.237

200 OK

7.4 kB

URL HTTP/2
www.heavy-r.com/images/logo.png
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 326 x 42, 8-bit/color RGB, non-interlaced\012- data
Size
7.4 kB (7418 bytes)
Hash
cc188f8c27675a71903e7a3a578a1acd
aa124dd5b8bba679286ec8374056cb0e5b1cf842
cac915c8725b45afc5014696e53d1729aa6e50c53a96d65108575c75d89dcedb

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 7418
etag: "3973454358"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4647
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca182cb4f3-OSL
X-Firefox-Spdy: h2

www.heavy-r.com/images/webcam_icon.png

172.67.20.237

200 OK

1.6 kB

URL HTTP/2
www.heavy-r.com/images/webcam_icon.png
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 32 x 34, 8-bit/color RGBA, non-interlaced\012- data
Size
1.6 kB (1560 bytes)
Hash
01acd986d961deda3c41a1590dee9bfa
53c6ffdf0b7a39713c2b6fa0316ec9e1ee0582e4
2077396192a1a8c0f7d1989d510981b028b8ef377c88046fab36325923ae40c5

HTTP Headers

GET /images/webcam_icon.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 1560
etag: "2564103060"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4716
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca1825b4f3-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1353
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:58 GMT
Etag: "6392faaf-1d7"
Last-Modified: Fri, 09 Dec 2022 15:42:25 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 471

www.heavy-r.com/images/gaming-18px.png

172.67.20.237

200 OK

4.4 kB

URL HTTP/2
www.heavy-r.com/images/gaming-18px.png
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Size
4.4 kB (4363 bytes)
Hash
660e7bbdc5a9c33d380552e5e34b81e3
548728b5396ba5d09ec5269d19f2532fff14350b
7519fc6f16182f95e41d1c02daf8847acfac88a626d565aa7daa536f2709af1b

HTTP Headers

GET /images/gaming-18px.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/png
content-length: 4363
etag: "1603733009"
last-modified: Fri, 23 Aug 2019 17:51:03 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3637
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca1827b4f3-OSL
X-Firefox-Spdy: h2

www.heavy-r.com/avt/default.jpg

172.67.20.237

200 OK

2.4 kB

URL HTTP/2
www.heavy-r.com/avt/default.jpg
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 90x90, components 3\012- data
Size
2.4 kB (2440 bytes)
Hash
378b483ae669b86c0e9e0ec8f10bf355
5d5deca0111d5f2a4fc67a6e319e08e5a485c190
f42376e7c67d06cd513cbba0c860288e6d434d2ce63aa6eb609ea8819ef7b4f4

HTTP Headers

GET /avt/default.jpg HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: image/jpeg
content-length: 2440
cache-control: max-age=14400
cf-bgj: h2pri
etag: "743611457"
expires: Fri, 09 Dec 2022 16:48:12 GMT
last-modified: Tue, 15 Nov 2016 20:01:56 GMT
cf-cache-status: HIT
age: 1006
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efaca283fb4f3-OSL
X-Firefox-Spdy: h2

dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738

143.204.42.156

200 OK

36 kB

URL HTTP/2
dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (5919)
Size
36 kB (35939 bytes)
Hash
4fbd32d78abad9e0febff0f5700254e8
b836574d71e351e328bda45349c04a9d0826245e
fedfdf2f885aa91d0c8754e2997e149f1b70e7d02b284df7e94a988b16107293

HTTP Headers

GET /?dnzmd=894738 HTTP/1.1
Host: dmz3nd5oywtsw.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 35939
date: Fri, 09 Dec 2022 16:04:38 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Hit from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yUbysvSLQ4DkxJ24JX_RgGi7VuSKUxVlJtKaeiBYTcYO0qduhNfq8g==
age: 20
X-Firefox-Spdy: h2

cdn.fluidplayer.com/v3/current/fluidplayer.min.js

205.185.216.10

200 OK

47 kB

URL HTTP/1.1
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text, with very long lines (62751)
Size
47 kB (46959 bytes)
Hash
a600a1d5894852aa5e6f4a063a491bc2
45290012903acf8301dc95e20610ab6f76a154b3
4b6168065d3487bc14b0ce3b81212293a5bb0108ac4a24857298e2095be742ca

HTTP Headers

GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:04:58 GMT
Connection: Keep-Alive
ETag: "1666105328"
Cache-Control: max-age=7206
Content-Encoding: gzip
Content-Length: 46959
Content-Type: application/javascript
Last-Modified: Tue, 18 Oct 2022 15:02:08 GMT
Accept-Ranges: bytes
X-HW: 1670601898.dop227.sk1.t,1670601898.cds234.sk1.shn,1670601898.dop227.sk1.t,1670601898.cds253.sk1.c

www.heavy-r.com/js/jquery.form.js

172.67.20.237

200 OK

7.3 kB

URL HTTP/2
www.heavy-r.com/js/jquery.form.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (529)
Size
7.3 kB (7291 bytes)
Hash
a85110b29f5fc3e9797c3d1ab3964234
0105457812eab16a05985576c03b55da281d9985
7ca99eedc68690ad2a144e11cf176bd41e0d4e72f66d29fb3ef62bbd2e4d2e84

HTTP Headers

GET /js/jquery.form.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=45171
etag: W/"1000751821"
expires: Wed, 31 Aug 2022 16:30:49 GMT
last-modified: Sun, 19 Jul 2020 07:12:41 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efac9fffdb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b5cba4e1962a1fe17c9021f3e418975a
01293d7e4084011451f7d17936ab2427504cdb1a
ecfe30d3abc32ca9f933303d75b2055642d3c7c8197af08fe2c314394699594b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

216.58.207.234

200 OK

34 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32038)
Size
34 kB (33507 bytes)
Hash
103708790db3586027df27ded660f8ef
d3f58fbe6e02cb4b8b34c6fd510e011cb325bc70
fdba876856bb6c2783df94cacb0f17b53fe33f1907135539272c0127b4270ffe

HTTP Headers

GET /ajax/libs/jquery/1.11.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33507
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 06 Dec 2022 13:49:02 GMT
expires: Wed, 06 Dec 2023 13:49:02 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 267356
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit

142.250.74.164

200 OK

578 B

URL HTTP/2
www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (909), with no line terminators
Size
578 B (578 bytes)
Hash
ec941e5d30fc3bb1d1aaa543ae406681
2c61a6ebfa4f2e36b59c773ef8f3d35378b6959b
6e32c0dc483787dcfab84cdc891c1865104738de265e3f2ae1331a7c8d6013bf

HTTP Headers

GET /recaptcha/api.js?onload=onloadCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Fri, 09 Dec 2022 16:04:58 GMT
date: Fri, 09 Dec 2022 16:04:58 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

push.services.mozilla.com/

35.163.49.154

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.163.49.154:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BrpDTWPZO2benFmY7AN1bQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PNMaAy3o17I4eLgxryDzWx6hdwY=

www.heavy-r.com/js/bootstrap.min.js

172.67.20.237

200 OK

12 kB

URL HTTP/2
www.heavy-r.com/js/bootstrap.min.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32025)
Size
12 kB (11701 bytes)
Hash
3cdc3f5284a96135ba6b8c2819791caa
bea81dce7c3f6fc3adb3900786ced2b2a75c8a3f
3f45a1122f8145cc73c98a1f137779f88102ef2091577410cb03452aac3e1a50

HTTP Headers

GET /js/bootstrap.min.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 19 Aug 2020 22:21:31 GMT
etag: W/"2596413615"
expires: Mon, 06 Jun 2022 23:13:46 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6632
server: cloudflare
cf-ray: 776efacb0985b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
7ab99ad4aef71d58b608d98e3a38e85b
392fcb545e92528911b28c4a4aaa7f0c67a9e483
87dcbd918f624f405fac0866bfc847dc50348700b7573f4527f4811e69a31b6a

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:55:06 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "392fcb545e92528911b28c4a4aaa7f0c67a9e483"
Last-Modified: Thu, 08 Dec 2022 20:55:07 GMT
X-Proxy-Cache: HIT

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
3f4119d8dc9f312f3ef0d53387487e97
f2bd90a2e4cd3f6cb8602ac5e47107f704337dec
9be404e0f5f162e7c667db3050b01f09d44d35295bfd23d3b69dc2d0bc80a61a

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:56:53 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "f2bd90a2e4cd3f6cb8602ac5e47107f704337dec"
Last-Modified: Thu, 08 Dec 2022 20:56:54 GMT
X-Proxy-Cache: HIT

www.heavy-r.com/fonts/fontawesome-webfont.woff2?v=4.3.0

172.67.20.237

200 OK

57 kB

URL HTTP/2
www.heavy-r.com/fonts/fontawesome-webfont.woff2?v=4.3.0
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Size
57 kB (56780 bytes)
Hash
97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

HTTP Headers

GET /fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.heavy-r.com/css/style.css?b3
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/octet-stream
content-length: 56780
cache-control: max-age=14400
cf-cache-status: HIT
age: 1743
last-modified: Fri, 09 Dec 2022 15:35:55 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efacc5b57b4f3-OSL
X-Firefox-Spdy: h2

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
6d2293fbb44ea4b11715767c4b9f4d51
e920f93dc511dc0044c579c3627c3743256fe481
fdcdacdfce6e9c626ec7a2bba7dfabcb8f18edd03bf399969ae029fc36188d59

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:53:11 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "e920f93dc511dc0044c579c3627c3743256fe481"
Last-Modified: Thu, 08 Dec 2022 20:53:12 GMT
X-Proxy-Cache: HIT

ocsps.ssl.com/

52.6.97.148

200 OK

1.8 kB

URL HTTP/1.1
ocsps.ssl.com/
IP
52.6.97.148:0
ASN
#14618 AMAZON-AES

File type
data
Size
1.8 kB (1810 bytes)
Hash
5a6438c6a9ca94d37eebfcb780d36ea7
723b35eb6cbdfa63d1b88947ae44b4f296bb7f6d
6dd4a19254aff66220d4f10b78eb8074c2eede2c49752ffc0554b2d93178a060

HTTP Headers

POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Thu, 15 Dec 2022 20:54:56 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "723b35eb6cbdfa63d1b88947ae44b4f296bb7f6d"
Last-Modified: Thu, 08 Dec 2022 20:54:57 GMT
X-Proxy-Cache: HIT

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d61883097c47c0fcb4a15cafc5bdbdfc
54411aba43093cafd1cb2acea7c2b4c69184611f
0aef2b974544f530bd591dd0201909a9c2a6b3f4451c69288bafc126d9a37e2c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.heavy-r.com/scr/5c/03/b8/5c03b8330a1fd8a_3.jpg

37.48.81.1

200 OK

11 kB

URL HTTP/1.1
static.heavy-r.com/scr/5c/03/b8/5c03b8330a1fd8a_3.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Size
11 kB (10958 bytes)
Hash
7fa5a8ef96be93e7ef38e3a85d936a36
cf3be8539f963c6b58eedf15dacac001c79045d2
26a43888018b6ce4b251f4f968a8868949f9bdc97ca6a5eba68856ac786303b9

HTTP Headers

GET /scr/5c/03/b8/5c03b8330a1fd8a_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:58 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2540708318"
Last-Modified: Thu, 25 May 2017 22:16:21 GMT
Content-Length: 10958
Date: Fri, 09 Dec 2022 16:04:58 GMT
Server: lighttpd/1.4.28

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f093305b75b4555bd839c905940c0652
4aa29e875c64526c97a4bcd43c976e14e7f612e0
1acc2ec5e43d39152289f2475df395065a761c712d0bd7aa7d36f3d322e9bd9f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1ACC2EC5E43D39152289F2475DF395065A761C712D0BD7AA7D36F3D322E9BD9F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15180
Expires: Fri, 09 Dec 2022 20:17:59 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive

www.heavy-r.com/js/general.js

172.67.20.237

200 OK

11 kB

URL HTTP/2
www.heavy-r.com/js/general.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (436)
Size
11 kB (11354 bytes)
Hash
2a0d0df6c4a60b4396759515c10bb1fe
d6b3ddd4acc87fbc0831e9204a5fdfb5c8e2e7b0
af235305760d68bff8c18a0a74a404fcad2bf44d488cee0670f005af53e34010

HTTP Headers

GET /js/general.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=1980
etag: W/"3710786616"
expires: Wed, 31 Aug 2022 16:30:49 GMT
last-modified: Tue, 13 Jun 2017 03:52:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6632
server: cloudflare
cf-ray: 776efaca1820b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/css/members.css?b

172.67.20.237

200 OK

13 kB

URL HTTP/2
www.heavy-r.com/css/members.css?b
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3829)
Size
13 kB (13285 bytes)
Hash
644bc4e0e1c0b810bf6883568a4bb5b7
9adec3ec8d951b00ceb542e3baa60c49ce248e32
2d70433324c0f02ed47d6f9cfbd9881eb0cf788e6fc7505e90db9050d0645014

HTTP Headers

GET /css/members.css?b HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4762
etag: W/"2172495735"
last-modified: Fri, 10 Nov 2017 12:19:51 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6726
server: cloudflare
cf-ray: 776efac9efe2b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/css/bootstrap.min.css

172.67.20.237

200 OK

36 kB

URL HTTP/2
www.heavy-r.com/css/bootstrap.min.css
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65371)
Size
36 kB (36351 bytes)
Hash
dcaacb52b3a30f00626a23bfa5fb7e34
0239f23b180d6c4b76f6b08fcc3777316d751eb4
1196d15e35ee5803d2dbc2b051e1acaa59272e11ee7abab1584096e29c8ffa37

HTTP Headers

GET /css/bootstrap.min.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 09 Apr 2017 14:40:35 GMT
etag: W/"908251226"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5612
server: cloudflare
cf-ray: 776efac9efd2b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/video/270318/Anal_Tickling/

172.67.20.237

200 OK

28 kB

URL HTTP/2
www.heavy-r.com/video/270318/Anal_Tickling/
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (3435), with CRLF, LF line terminators
Size
28 kB (27563 bytes)
Hash
ddee98e69cbe9970fd42952060a6d658
40ebca51fbb47649d77e3b4227973bd1f4437bf4
0c5f7c16cc6334859e9dbe7b05ab1d68e0fd244c0f137be6dbc5b787a3742883

HTTP Headers

GET /video/270318/Anal_Tickling/ HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/html; charset=utf-8
set-cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
access-control-allow-origin: *
cache-control: max-age=60
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 776efac5aab5b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/css/style.css?b3

172.67.20.237

200 OK

22 kB

URL HTTP/2
www.heavy-r.com/css/style.css?b3
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (51729)
Size
22 kB (22451 bytes)
Hash
322832b2915d24ba0d8ecddc46a26855
c4450e0ce254b23ef63361c033290f9dce2961d0
1301efc2aa2e214a33efb9268ae3cdd2ee1efb09c641d61feb918229c1d91c63

HTTP Headers

GET /css/style.css?b3 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=53476
etag: W/"2283685840"
last-modified: Fri, 16 Apr 2021 20:21:53 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4517
server: cloudflare
cf-ray: 776efac9efdeb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/s/gts1p5/PIudMIVwldY

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda

HTTP Headers

POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
e7efae8c02a7bfd37e99c01d137efe07
49d8ea118a67d3454ec359efa23556491db3ab77
76574d099eeec39041ae687663a2dad5a0ffdf966333a2a66682535a9fb24a3e

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "76574D099EEEC39041AE687663A2DAD5A0FFDF966333A2A66682535A9FB24A3E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8032
Expires: Fri, 09 Dec 2022 18:18:51 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
13d6b59c1f183e91933d789636a71df3
eee7f5c7fa9f7504d71a87c46f9effb68e3a4a3e
94867a233c2f88cc3f1d51d094b8ef1245b138e395ab39410820e7465ec1e59f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 317
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Etag: "63923729-118"
Last-Modified: Fri, 09 Dec 2022 15:59:42 GMT
Server: ECS (amb/6BA3)
X-Cache: HIT
Content-Length: 280

static.heavy-r.com/scr/f1/38/e9/f138e95911edc5d_3.jpg

37.48.81.1

200 OK

16 kB

URL HTTP/1.1
static.heavy-r.com/scr/f1/38/e9/f138e95911edc5d_3.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
16 kB (16273 bytes)
Hash
d33768ab979baa88f63804bc28842f73
5b7790db019982c740ce0cfa5484774a18db3840
dd498bf45afa4819c468e12e05bf597ef62a1dd13e3db70faba00da524434678

HTTP Headers

GET /scr/f1/38/e9/f138e95911edc5d_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3929761214"
Last-Modified: Sun, 04 Dec 2022 16:35:26 GMT
Content-Length: 16273
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/images/bar-img.png

172.67.20.237

200 OK

6.3 kB

URL HTTP/2
www.heavy-r.com/images/bar-img.png
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 132 x 85, 8-bit/color RGB, non-interlaced\012- data
Size
6.3 kB (6286 bytes)
Hash
05105644aff11674ccbc3fec136b190a
c22c02169cfec49d4ee442f861cbbb30d4e23c09
8d6470ae2f8fcfbd7b59ae592c503524ef1149567d0b7c63d63dec874dd826fb

HTTP Headers

GET /images/bar-img.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/png
content-length: 6286
etag: "2077235802"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3389
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efacd2c54b4f3-OSL
X-Firefox-Spdy: h2

www.heavy-r.com/css/myaccount.css

172.67.20.237

200 OK

18 kB

URL HTTP/2
www.heavy-r.com/css/myaccount.css
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1756), with no line terminators
Size
18 kB (17487 bytes)
Hash
ed625200e411018c5c9f4a809dceac5d
02e40861c6cfa4ef3fe182ed5939ba609449f0cd
040e022c8e04f44f2aa533f2bdadb8d7ebaa784748ff7387ae5112b5bc96080b

HTTP Headers

GET /css/myaccount.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2264
etag: W/"2986297702"
last-modified: Tue, 15 Nov 2016 20:03:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 4517
server: cloudflare
cf-ray: 776efac9ffecb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/98/fc/8b/98fc8be91b92e7c_1.jpg

37.48.81.1

200 OK

13 kB

URL HTTP/1.1
static.heavy-r.com/scr/98/fc/8b/98fc8be91b92e7c_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Size
13 kB (13003 bytes)
Hash
45cb2177aefe0936b6b93fab0d11b0c3
7778db0dc29cbfb29094330f2e1975d12bfbc367
da5cc94eea7289a68176a685d7aeb31cd74bd53b953169ce010498a0eec45f2a

HTTP Headers

GET /scr/98/fc/8b/98fc8be91b92e7c_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2784705288"
Last-Modified: Wed, 07 Dec 2022 16:49:57 GMT
Content-Length: 13003
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/js/jquery.jcarousel.pack2.js

172.67.20.237

200 OK

16 kB

URL HTTP/2
www.heavy-r.com/js/jquery.jcarousel.pack2.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (8487), with no line terminators
Size
16 kB (16034 bytes)
Hash
c6f115f4a593a7a6fe722622433d6e70
0b71f7cd63c2435166c5be9596696fa3f1a545ee
2130e9a614c37b70092be33086c9dd2c1538a65c5f8bd6a978c12599d2c2a46e

HTTP Headers

GET /js/jquery.jcarousel.pack2.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=8882
etag: W/"975768959"
expires: Mon, 06 Jun 2022 23:55:06 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efaca0809b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/75/bf/99/75bf99d7f376f78_4.jpg

37.48.81.1

200 OK

15 kB

URL HTTP/1.1
static.heavy-r.com/scr/75/bf/99/75bf99d7f376f78_4.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
15 kB (14782 bytes)
Hash
ac5cad644214482f4fb49952c7f62e21
6ed9831c6b43166b16cadcecdbc8f4b708732850
ed46e009f6291fb4bdce47156ac97c5045d0eb9017856c3307c15c6e733f90e7

HTTP Headers

GET /scr/75/bf/99/75bf99d7f376f78_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2054653385"
Last-Modified: Tue, 29 Nov 2022 19:07:32 GMT
Content-Length: 14782
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/1c/dc/4a/1cdc4ac0dca2538_2.jpg

37.48.81.1

200 OK

11 kB

URL HTTP/1.1
static.heavy-r.com/scr/1c/dc/4a/1cdc4ac0dca2538_2.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 189x136, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
11 kB (11223 bytes)
Hash
75654fcdf63cdcbeb2308eb966b00c37
c6089e743949c2b1e0d6dffbe83c5247c1ea3c9a
9d4f1c9f470aa174f879e8a7231302ba2dc4fe6357bfbd960a988e065271aeb8

HTTP Headers

GET /scr/1c/dc/4a/1cdc4ac0dca2538_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4157560007"
Last-Modified: Tue, 29 Nov 2022 16:36:54 GMT
Content-Length: 11223
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/99/a5/5d/99a55d7c08ab471_3.jpg

37.48.81.1

200 OK

8.7 kB

URL HTTP/1.1
static.heavy-r.com/scr/99/a5/5d/99a55d7c08ab471_3.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
8.7 kB (8692 bytes)
Hash
44456931a8cc0b4942edbdfa71c98f46
c172950113917bcb62f71a8c042d8f6a65453a00
c30c32033c2a9e0afe5b68a1c29d2575f74f7633e60ceb8f6c5c1fc185c9c60d

HTTP Headers

GET /scr/99/a5/5d/99a55d7c08ab471_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2087751802"
Last-Modified: Wed, 30 Nov 2022 14:59:37 GMT
Content-Length: 8692
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/15/4c/86/154c866da718b1b_1.jpg

37.48.81.1

200 OK

17 kB

URL HTTP/1.1
static.heavy-r.com/scr/15/4c/86/154c866da718b1b_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
17 kB (17225 bytes)
Hash
d88ff5ef619d0dec56d06ded8e73a367
68eac85a80b1ea8e914278b2c57516e436e30280
220625342d0e29aeed59342e0c769e9b3fb6c0aab74f1b5d4ff0bb1c14aef7e1

HTTP Headers

GET /scr/15/4c/86/154c866da718b1b_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4105057063"
Last-Modified: Tue, 29 Nov 2022 13:36:55 GMT
Content-Length: 17225
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/ac/39/3c/ac393c5d47640fc_6.jpg

37.48.81.1

200 OK

16 kB

URL HTTP/1.1
static.heavy-r.com/scr/ac/39/3c/ac393c5d47640fc_6.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
16 kB (15671 bytes)
Hash
84b6385e7ce4d9db21b22fc4a04f161b
7ba574933aa922322082593310ad85e880f9ddab
36d3ff22e71b813f0654a30fa13e6a579e8197b7ab696b2bd1dec98348e1271d

HTTP Headers

GET /scr/ac/39/3c/ac393c5d47640fc_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "68563147"
Last-Modified: Mon, 28 Nov 2022 17:58:16 GMT
Content-Length: 15671
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/d4/55/f8/d455f85b4dbe974_2.jpg

37.48.81.1

200 OK

9.9 kB

URL HTTP/1.1
static.heavy-r.com/scr/d4/55/f8/d455f85b4dbe974_2.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, resolution (DPI), density -22352x28205, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
9.9 kB (9920 bytes)
Hash
f85a25dfbcef08acb442539518389b8a
842030fd8caf4dafa787b242d99ad9953883e2b2
7c23e0551ff9a8cb51ed3df0ca2fd410c541ade9223c121cfac51a19a38a3028

HTTP Headers

GET /scr/d4/55/f8/d455f85b4dbe974_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1888409758"
Last-Modified: Mon, 28 Nov 2022 17:09:19 GMT
Content-Length: 9920
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/bf/4a/79/bf4a7941bc429ff_5.jpg

37.48.81.1

200 OK

21 kB

URL HTTP/1.1
static.heavy-r.com/scr/bf/4a/79/bf4a7941bc429ff_5.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
21 kB (20618 bytes)
Hash
4c023bc6d3be02f1bb169ae70b451d0f
43551fa238b7a464e36cf3a585e5bfd3224765bb
bf0d05d24927d143e4db2a5b1f4a95c15e11d9d478dc7ec007a4fdaf6c4647a5

HTTP Headers

GET /scr/bf/4a/79/bf4a7941bc429ff_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3167889058"
Last-Modified: Wed, 07 Dec 2022 16:40:00 GMT
Content-Length: 20618
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/a3/58/0d/a3580dde6b4bb0c_1.jpg

37.48.81.1

200 OK

10 kB

URL HTTP/1.1
static.heavy-r.com/scr/a3/58/0d/a3580dde6b4bb0c_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, density -4336x32075, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
10 kB (10201 bytes)
Hash
579dc559f0101ac6ae4054a9226e54e7
84b17e7c2d44161177d1179e59bbd9b52f101d09
4e31c7971d6ca61dc7e24691f01f87dec65076a37028067c9dc8c818c5e2a001

HTTP Headers

GET /scr/a3/58/0d/a3580dde6b4bb0c_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2660481737"
Last-Modified: Tue, 06 Dec 2022 16:11:43 GMT
Content-Length: 10201
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/af/11/7c/af117cd48488187_4.jpg

37.48.81.1

200 OK

15 kB

URL HTTP/1.1
static.heavy-r.com/scr/af/11/7c/af117cd48488187_4.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Size
15 kB (15236 bytes)
Hash
2a68b3c4ad4196e92ef80f3115c17f76
2753cb58580907d05918e7ee5c38bd1458de71d8
bfee8118f3df2597f34f523c857f74c31fa45183c458d1b5d013a3cfa127aaa1

HTTP Headers

GET /scr/af/11/7c/af117cd48488187_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "483979248"
Last-Modified: Wed, 07 Dec 2022 05:36:58 GMT
Content-Length: 15236
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/11/fd/93/11fd9373eb9dd2d_5.jpg

37.48.81.1

200 OK

14 kB

URL HTTP/1.1
static.heavy-r.com/scr/11/fd/93/11fd9373eb9dd2d_5.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
14 kB (14503 bytes)
Hash
c3653ac2ab3f8f5f437313af788fa66d
f6a8e1c2938527a0222de29ec435094286f90710
6d067ab15b622281bf405867bfd8a4430064620f6a8d326f91ddc5142635594a

HTTP Headers

GET /scr/11/fd/93/11fd9373eb9dd2d_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2944595111"
Last-Modified: Tue, 06 Dec 2022 15:23:13 GMT
Content-Length: 14503
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/5d/6d/60/5d6d603ceaa4a6f_4.jpg

37.48.81.1

200 OK

11 kB

URL HTTP/1.1
static.heavy-r.com/scr/5d/6d/60/5d6d603ceaa4a6f_4.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
11 kB (10603 bytes)
Hash
8297e2b50edfb2e041d9fe60cd52deb6
27a12cbeb7a963cfd3c1e34c5c3a676bcc60aed1
784bc9c20c672230471cd520f258ae6957063d9328c6231433631d523a8ff2f1

HTTP Headers

GET /scr/5d/6d/60/5d6d603ceaa4a6f_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3071194341"
Last-Modified: Tue, 06 Dec 2022 15:07:27 GMT
Content-Length: 10603
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/f5/02/55/f5025571862ce43_2.jpg

37.48.81.1

200 OK

13 kB

URL HTTP/1.1
static.heavy-r.com/scr/f5/02/55/f5025571862ce43_2.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
13 kB (13261 bytes)
Hash
dff70fc236a19b4df347cb542cc64d62
90556ffe4b57dae17cf5c749af9a2f50a5bf3476
67db2e6c4a7de97014023f5202427c9337a290cb64738f0431cba50e7dfc56c8

HTTP Headers

GET /scr/f5/02/55/f5025571862ce43_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3603404830"
Last-Modified: Tue, 06 Dec 2022 12:30:05 GMT
Content-Length: 13261
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/0d/15/22/0d1522333da05e9_1.jpg

37.48.81.1

200 OK

12 kB

URL HTTP/1.1
static.heavy-r.com/scr/0d/15/22/0d1522333da05e9_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Size
12 kB (11527 bytes)
Hash
4990c38aa21be206868b7c362d916205
938ce97d514654938d9822dd6b57e927bceca63e
90e8da191fa0689693e91765683675e33c197ba6bdf7f7bda2c113ff00f1fd55

HTTP Headers

GET /scr/0d/15/22/0d1522333da05e9_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4048268505"
Last-Modified: Wed, 30 Nov 2022 01:40:05 GMT
Content-Length: 11527
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/css/myfav.css

172.67.20.237

200 OK

12 kB

URL HTTP/2
www.heavy-r.com/css/myfav.css
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (3571), with no line terminators
Size
12 kB (11782 bytes)
Hash
05f337442f1383e32ea5d80ca7fb5e28
4d38a82f22d887c7c14b2bbd1d1ea072ab0a3193
f6e6ab83a955aa47533a64b35b74b22ca5e4aab4b68671e8272948ae8b3ebf82

HTTP Headers

GET /css/myfav.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4664
etag: W/"2717861221"
last-modified: Tue, 15 Nov 2016 20:03:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 686
server: cloudflare
cf-ray: 776efac9ffe7b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/b2/ea/8b/b2ea8b3b3d563b2_7.jpg

37.48.81.1

200 OK

16 kB

URL HTTP/1.1
static.heavy-r.com/scr/b2/ea/8b/b2ea8b3b3d563b2_7.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
16 kB (15560 bytes)
Hash
c8af817c8eced887a16af92cbc6c03ba
ad7245b6a30e9d1e04ccedcc27f6dc36757409ca
2f93b8e48511c962079afae30400440e3ff7d8aed21ea2cd45cde7f042560793

HTTP Headers

GET /scr/b2/ea/8b/b2ea8b3b3d563b2_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3176838850"
Last-Modified: Wed, 30 Nov 2022 18:18:09 GMT
Content-Length: 15560
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

ocsp.pki.goog/s/gts1p5/PIudMIVwldY

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/PIudMIVwldY
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
c1b3f456e3c84e3a2a9fd33d890e16ed
6a71d809023415957c45984ecd3f91fbcb35af56
dd9c0c8d710ab033bdba40995ffcc3aa294d8b110c134a4e7b81fc5ef5dc2dda

HTTP Headers

POST /s/gts1p5/PIudMIVwldY HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.heavy-r.com/js/date.js

172.67.20.237

200 OK

17 kB

URL HTTP/2
www.heavy-r.com/js/date.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2977)
Size
17 kB (16882 bytes)
Hash
5fba8c85fe989b15816887af42ef765b
9ba4db33a59d4afa6d3fe91e9763d59b487d6101
c971d55c54905c7af2f201b711add631d8be53f4b6e084bc77c79e9d1d1a8f28

HTTP Headers

GET /js/date.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=6956
etag: W/"2653494852"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Sun, 23 Aug 2020 06:54:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 686
server: cloudflare
cf-ray: 776efaca0811b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/sw.js

172.67.20.237

200 OK

51 kB

URL HTTP/2
www.heavy-r.com/sw.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (65536), with no line terminators
Size
51 kB (50818 bytes)
Hash
ee9258a2301b705bb0daf71500dbf0ee
503b016e432ff67d9c69bc2b4f3d5e96ff95cc8b
2d895f01dd23c9e2aa26f121844fa69355f6d4b4dbfdb81095242242b722772a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /sw.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/video/270318/Anal_Tickling/
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=103032
etag: W/"118614824"
last-modified: Wed, 30 Nov 2022 18:16:55 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 7123
server: cloudflare
cf-ray: 776efac9efccb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/js//jquery.tools.min.js

172.67.20.237

200 OK

15 kB

URL HTTP/2
www.heavy-r.com/js//jquery.tools.min.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4051)
Size
15 kB (15325 bytes)
Hash
6574c96f119fc2c34ef920d7532237f4
a0e5a6a511e7c845e5551593aab568246ce2bfb7
b60777b76de22aacafab346d5933fbb932c137b9216e71a38433676839954147

HTTP Headers

GET /js//jquery.tools.min.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 May 2018 12:20:18 GMT
etag: W/"14602103"
expires: Mon, 17 Oct 2022 18:22:47 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efac9fff9b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/8e/b5/b9/8eb5b9f67ddc82e_1.jpg

37.48.81.1

200 OK

14 kB

URL HTTP/1.1
static.heavy-r.com/scr/8e/b5/b9/8eb5b9f67ddc82e_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
14 kB (14244 bytes)
Hash
a6a28679be7f4ca71f61292bc50837eb
b81b3e7ef38cb4eeb073099f6f1cd70e31e04c82
0992032ae88a391404bc64008137d806ef5926cb3f7d3e1fb72349717f04992e

HTTP Headers

GET /scr/8e/b5/b9/8eb5b9f67ddc82e_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3476094344"
Last-Modified: Sat, 03 Dec 2022 13:45:37 GMT
Content-Length: 14244
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/js/zxml.js

172.67.20.237

200 OK

13 kB

URL HTTP/2
www.heavy-r.com/js/zxml.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6479), with no line terminators
Size
13 kB (12842 bytes)
Hash
4fddfe15ba2e46166897c39fb6f82797
abfacd4555895978e5227df8feec3b08ce720ea0
63f95bda257067409d71bfdab70171bb50063fae1a9a8811430bb2ace18a4ce4

HTTP Headers

GET /js/zxml.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=6483
etag: W/"170460536"
expires: Mon, 04 Jul 2022 18:35:40 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5612
server: cloudflare
cf-ray: 776efaca1821b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

a.faster-trk.com/oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0

104.21.70.227

200 OK

4.5 kB

URL HTTP/2
a.faster-trk.com/oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0
IP
104.21.70.227:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (12697), with no line terminators
Size
4.5 kB (4511 bytes)
Hash
9fa137045b20ed2e9d284059e8e8a316
65488893efefe2c9114c394e042d695fb3c79de5
e78e6eb2e1c748040646ef3db618dd59f030c8ef39f525d7a5318845410491b5

HTTP Headers

GET /oauth2?id=146&r=84212&exctl=pagination,hd-barz,main-menu,side-nav,cat-menu,header,video-file_fluid_initial_play,footer&fcv=1&fcp=8&bts=0 HTTP/1.1
Host: a.faster-trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: application/javascript; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
referer: a.faster-trk.com
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3sAVylRlvQnnXvuBNQwfHrdZDMblBod%2Fqb8nkVbITZlcNtZvUGfu9xvbl8jZQY4ebElzr2eWiQIRVkB3kM3bVeym0ahJ0qkiaDMBYzMF%2BRrBTU596rbqC9MeN4HmfdeXnr%2Bz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efacd6cd9b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.heavy-r.com/scr/f1/66/59/f166592c1009dc3_2.jpg

37.48.81.1

200 OK

12 kB

URL HTTP/1.1
static.heavy-r.com/scr/f1/66/59/f166592c1009dc3_2.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
12 kB (12228 bytes)
Hash
730e6e2e0522bea25ca7611cd129c362
b46ad8ecf86cc6a509d14f934d8081724fa29a0e
8dac8bbc59d5011a5722360c27325a5bea3dfa496bc5cd338cb10655d656fd30

HTTP Headers

GET /scr/f1/66/59/f166592c1009dc3_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2430744632"
Last-Modified: Sat, 03 Dec 2022 10:07:13 GMT
Content-Length: 12228
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/4a/25/e0/4a25e0bd696552f_2.jpg

37.48.81.1

200 OK

12 kB

URL HTTP/1.1
static.heavy-r.com/scr/4a/25/e0/4a25e0bd696552f_2.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
12 kB (12204 bytes)
Hash
fd9ecb2d4fd07448e5761b76265ae522
b87e734ee1db348ea670a13824e7fc4522242fb2
9f32a4055c0a14a8a528b62b5899f27052cd2654fdc702629f176be1df7d4c77

HTTP Headers

GET /scr/4a/25/e0/4a25e0bd696552f_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2603842249"
Last-Modified: Sat, 03 Dec 2022 07:42:22 GMT
Content-Length: 12204
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/da/58/aa/da58aa3201f61c3_4.jpg

37.48.81.1

200 OK

13 kB

URL HTTP/1.1
static.heavy-r.com/scr/da/58/aa/da58aa3201f61c3_4.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
13 kB (12826 bytes)
Hash
4a84c304f7830f0dac75d0f75315f468
7c4d1850330cd63ce3849e3463b0e7c1b3c76fb9
0fdaa94bd4bc01fdf078ffd1a557ea876d6ea85707f5b526ba477fe8c4438b5d

HTTP Headers

GET /scr/da/58/aa/da58aa3201f61c3_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2342183579"
Last-Modified: Fri, 02 Dec 2022 17:29:34 GMT
Content-Length: 12826
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/2d/ed/a1/2deda1f9b55e232_4.jpg

37.48.81.1

200 OK

14 kB

URL HTTP/1.1
static.heavy-r.com/scr/2d/ed/a1/2deda1f9b55e232_4.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
14 kB (14014 bytes)
Hash
f2a122394f53c2b9e6fbd530b6a72ca3
90aa15845f649f5e8af1802967369270b66b6cdd
3a9f73a86078d09d657c2ad8e6f695ece21871f1ae09222793fb9a936e823631

HTTP Headers

GET /scr/2d/ed/a1/2deda1f9b55e232_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1377072852"
Last-Modified: Wed, 30 Nov 2022 14:26:33 GMT
Content-Length: 14014
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/js/CH_VideoView.js

172.67.20.237

200 OK

14 kB

URL HTTP/2
www.heavy-r.com/js/CH_VideoView.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (700)
Size
14 kB (13704 bytes)
Hash
a792175515e07733ba9e6ce122d66f5a
dd6432294270f737f12f2ad76374f12501dc39d0
7840a8e67cabebc790da47401456d77790c16947b566d28c5107cc5625dd04d6

HTTP Headers

GET /js/CH_VideoView.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=3122
etag: W/"2674444154"
expires: Mon, 18 Apr 2022 22:49:50 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4425
server: cloudflare
cf-ray: 776efaca1823b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/7b/37/a0/7b37a05e039a407_5.jpg

37.48.81.1

200 OK

11 kB

URL HTTP/1.1
static.heavy-r.com/scr/7b/37/a0/7b37a05e039a407_5.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 135x101, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
11 kB (11250 bytes)
Hash
431d2eeb94c36ef3da98944fe99ec30c
6cd140140c629b0acaac6a3613f746d834c19b5d
8583b94ba6f026cfdda185f2a6b8c8b945e8609209bd6ed48144e741ebd68bea

HTTP Headers

GET /scr/7b/37/a0/7b37a05e039a407_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2387316822"
Last-Modified: Fri, 02 Dec 2022 08:49:06 GMT
Content-Length: 11250
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/0e/cd/ee/0ecdee04c9c251b_4.jpg

37.48.81.1

200 OK

11 kB

URL HTTP/1.1
static.heavy-r.com/scr/0e/cd/ee/0ecdee04c9c251b_4.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
11 kB (11148 bytes)
Hash
b94e24db8ce62a2ded845a27a1e6fb5e
bd3f0d5011360bdc9abd96000c0dec437b808c98
f05b9f6d6aa8d50543bb84e3a6a7c1c0b4cb5d93b49c0ccd23f1ea11b1a0d46f

HTTP Headers

GET /scr/0e/cd/ee/0ecdee04c9c251b_4.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3054530754"
Last-Modified: Fri, 02 Dec 2022 08:42:05 GMT
Content-Length: 11148
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/js/c.js

172.67.20.237

200 OK

7.5 kB

URL HTTP/2
www.heavy-r.com/js/c.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
7.5 kB (7485 bytes)
Hash
304f851ee57d0ebcd65a3e26c2e56d2c
705f5640da0f71763b116ee925c05127e2e1cdd7
e526e5c5d1898e60efd27d344dd074e0779e0ebb282d0a384680f565824f488b

HTTP Headers

GET /js/c.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=634
etag: W/"116253543"
expires: Mon, 18 Apr 2022 22:49:50 GMT
last-modified: Wed, 17 Mar 2021 19:52:01 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 7057
server: cloudflare
cf-ray: 776efaca183bb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/js/CH_Ajax.js

172.67.20.237

200 OK

15 kB

URL HTTP/2
www.heavy-r.com/js/CH_Ajax.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (571)
Size
15 kB (15333 bytes)
Hash
37d9a50bdf38ce13c7dc289a2f8ed540
ccc03e96442c025b0e9482f7022c510b59bfb550
f3f257a13ff75f3ba8f8ef61211d0d71bd19b9bbcf19854b1f425d55a525b754

HTTP Headers

GET /js/CH_Ajax.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=4539
etag: W/"902188345"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Wed, 18 Oct 2017 04:28:37 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6632
server: cloudflare
cf-ray: 776efaca0817b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/e4/f5/c0/e4f5c06db32095e_7.jpg

37.48.81.1

200 OK

15 kB

URL HTTP/1.1
static.heavy-r.com/scr/e4/f5/c0/e4f5c06db32095e_7.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
15 kB (14796 bytes)
Hash
4aa8b3b9eea9a0aa9dde3d40f164417e
c05506c998441a30daabbae873ff48e64789c07a
4738c41ebe3648da5135da156e6a7dadfe8243992988cb0d4507219da57eba4e

HTTP Headers

GET /scr/e4/f5/c0/e4f5c06db32095e_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1777346898"
Last-Modified: Thu, 01 Dec 2022 20:30:18 GMT
Content-Length: 14796
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/b3/45/0a/b3450ad9c9b0b66_5.jpg

37.48.81.1

200 OK

10 kB

URL HTTP/1.1
static.heavy-r.com/scr/b3/45/0a/b3450ad9c9b0b66_5.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 699x658, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
10 kB (10428 bytes)
Hash
5750a2b52ffb334b7edb1bff94ed72c8
11bdc66ecd92c341541176821fa64b4bc491a734
ece9421b1c3bd0c26f69ca2c4003c39e93e20698369e6f3d8e6ab5ea919a4006

HTTP Headers

GET /scr/b3/45/0a/b3450ad9c9b0b66_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1523809380"
Last-Modified: Thu, 01 Dec 2022 16:15:48 GMT
Content-Length: 10428
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

www.heavy-r.com/js/mobile3.js?v=8

172.67.20.237

200 OK

12 kB

URL HTTP/2
www.heavy-r.com/js/mobile3.js?v=8
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (2116)
Size
12 kB (11673 bytes)
Hash
86f5db33d82618d3338632ff187dc520
06ae1a03bd40d9a588e7372645f4255a0b4b162b
d9bfd97ba44f0f9d1d4843eea0bc1c9d419cfbba0a93aae45344ad7db9275c8b

HTTP Headers

GET /js/mobile3.js?v=8 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=5428
etag: W/"761676667"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Tue, 06 Apr 2021 20:20:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5612
server: cloudflare
cf-ray: 776efaca182db4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/css/comm.css?e

172.67.20.237

200 OK

14 kB

URL HTTP/2
www.heavy-r.com/css/comm.css?e
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (4872), with no line terminators
Size
14 kB (13699 bytes)
Hash
e905e7fd1716306b29459d58597b67ad
ece7647de12a3a3f0328df822345588f4a8abb27
3c0209fce5f41143bbd1d976167f6544a72d62122bfa70585638a21821ee5b12

HTTP Headers

GET /css/comm.css?e HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=5463
etag: W/"448465228"
last-modified: Mon, 27 Nov 2017 17:41:08 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 686
server: cloudflare
cf-ray: 776efac9ffedb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

static.heavy-r.com/scr/46/34/df/4634dff87882978_3.jpg

37.48.81.1

200 OK

15 kB

URL HTTP/1.1
static.heavy-r.com/scr/46/34/df/4634dff87882978_3.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Size
15 kB (15161 bytes)
Hash
bb00a6ee74fd8f28ba6ca79df35aeaf9
5a49da82c4db8371d05aab24e093fcb961e264c0
bd589ac117c3a338870b4b86d7464bd41633edc6423b919bab21608661c22c51

HTTP Headers

GET /scr/46/34/df/4634dff87882978_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2326408128"
Last-Modified: Thu, 01 Dec 2022 13:28:23 GMT
Content-Length: 15161
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

a.faster-trk.com/r?tid=5f218e16-7ff0-4c66-a255-e494273b775c&cf=afg0f0ahii

104.21.70.227

200 OK

60 B

URL HTTP/2
a.faster-trk.com/r?tid=5f218e16-7ff0-4c66-a255-e494273b775c&cf=afg0f0ahii
IP
104.21.70.227:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
60 B (60 bytes)
Hash
cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154

HTTP Headers

GET /r?tid=5f218e16-7ff0-4c66-a255-e494273b775c&cf=afg0f0ahii HTTP/1.1
Host: a.faster-trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VKEBoDSOrLktWerosYXPRNeAOawD13cEJNKopOu8ehDB9QyTzmSxeW%2BGiuriZba0w6opsvfwrwfBhuB8Fz2gkwveTdExTvfYBUGq%2FeAOxfQrkD%2BSvs5tiZsUyLLHxk9Y3LuH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efacebe0eb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.heavy-r.com/scr/f6/b4/b2/f6b4b218a6445ff_6.jpg

37.48.81.1

200 OK

9.9 kB

URL HTTP/1.1
static.heavy-r.com/scr/f6/b4/b2/f6b4b218a6445ff_6.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
9.9 kB (9858 bytes)
Hash
c31cb15b9dccf815f97c0ba66dc2258e
1ca03dff08d8d57b37c90c958b25acd911514166
4e1f7931ab931c18ef3c6c17dee076864f3bbed0faf581d8551a271c7af073b6

HTTP Headers

GET /scr/f6/b4/b2/f6b4b218a6445ff_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3175447507"
Last-Modified: Thu, 01 Dec 2022 06:59:56 GMT
Content-Length: 9858
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/7e/95/e6/7e95e6fa2d3a34d_1.jpg

37.48.81.1

200 OK

10 kB

URL HTTP/1.1
static.heavy-r.com/scr/7e/95/e6/7e95e6fa2d3a34d_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 2673x5365, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
10 kB (10186 bytes)
Hash
fd4609483011ee56e815e25d750cefc2
a4e1b88d7c25e6e68ece2fa459f370dbabd3a22c
4e9b53a3b204a584dcdc8b916ca75fe02d1f737e1286f65eadba7db6955b9b20

HTTP Headers

GET /scr/7e/95/e6/7e95e6fa2d3a34d_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1659395534"
Last-Modified: Wed, 30 Nov 2022 16:48:18 GMT
Content-Length: 10186
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/14/e7/c3/14e7c36d06c3bba_7.jpg

37.48.81.1

200 OK

13 kB

URL HTTP/1.1
static.heavy-r.com/scr/14/e7/c3/14e7c36d06c3bba_7.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Size
13 kB (12775 bytes)
Hash
96bb2ca74afd7dbc1bfe3f62805d6f20
395a3ace3e138cd79e858355a280b29b0b00359d
8c65241e2d2154a40f77759c09bd3f6a6e76c1ced2a29d342880c3057fd47dc1

HTTP Headers

GET /scr/14/e7/c3/14e7c36d06c3bba_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "219311704"
Last-Modified: Wed, 30 Nov 2022 05:01:57 GMT
Content-Length: 12775
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

a.faster-trk.com/r?tid=9b59f0bd-17e5-4815-b384-5415139395d9&cf=afg0f0ahii

104.21.70.227

200 OK

60 B

URL HTTP/2
a.faster-trk.com/r?tid=9b59f0bd-17e5-4815-b384-5415139395d9&cf=afg0f0ahii
IP
104.21.70.227:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
60 B (60 bytes)
Hash
cea81d6017b53c6c7bd076407db21a0a
063acf4f87ec5b0c7f9631779c264ee045945c52
1665c0045c0d9a05857431f46362283793d0b844d9e157692079bcbc69ff6154

HTTP Headers

GET /r?tid=9b59f0bd-17e5-4815-b384-5415139395d9&cf=afg0f0ahii HTTP/1.1
Host: a.faster-trk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
content-length: 60
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AWDZ%2F1cuXOusfmCAT2Nqd7J1zvHJuYBmkZ2zWbXYZjs2z%2BhGUF%2Bqvv2IRAS%2BWQApF6MldonmFMF9iVE0MbuzI7ijYeStWGXWYcupj214K2EsdGETSY5YG%2FocT%2FhYl42a5pKO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efaceee3cb52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

static.heavy-r.com/scr/0e/a8/19/0ea819e799024ec_2.jpg

37.48.81.1

200 OK

15 kB

URL HTTP/1.1
static.heavy-r.com/scr/0e/a8/19/0ea819e799024ec_2.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
15 kB (15176 bytes)
Hash
d48608f6558b9db2127eb78e98c9ee91
ceeac55c24de1a999dbd190ff59de619099af8e1
f8eb9d8013954e3e6cced75702e00e4801b4dc0c6c7f5cc65b9a9fad4482be2a

HTTP Headers

GET /scr/0e/a8/19/0ea819e799024ec_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2768813427"
Last-Modified: Tue, 29 Nov 2022 18:40:20 GMT
Content-Length: 15176
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

static.heavy-r.com/scr/63/d4/2e/63d42e2e7141aab_1.jpg

37.48.81.1

200 OK

12 kB

URL HTTP/1.1
static.heavy-r.com/scr/63/d4/2e/63d42e2e7141aab_1.jpg
IP
37.48.81.1:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 480x337, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Size
12 kB (11975 bytes)
Hash
e8997f5a9b2c3e4c5c550c6ab12f3162
d32ef56e6dca56904776ce9cc66d4c4af5a641b6
1778dd046ab7ebbb5b58016541e5f709eb0ba9167bb2fcc100ffdbd925981408

HTTP Headers

GET /scr/63/d4/2e/63d42e2e7141aab_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Expires: Sat, 09 Dec 2023 16:04:59 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2492612566"
Last-Modified: Tue, 29 Nov 2022 14:14:50 GMT
Content-Length: 11975
Date: Fri, 09 Dec 2022 16:04:59 GMT
Server: lighttpd/1.4.28

e1.o.lencr.org/

23.33.119.27

200 OK

346 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
346 B (346 bytes)
Hash
e7efae8c02a7bfd37e99c01d137efe07
49d8ea118a67d3454ec359efa23556491db3ab77
76574d099eeec39041ae687663a2dad5a0ffdf966333a2a66682535a9fb24a3e

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "76574D099EEEC39041AE687663A2DAD5A0FFDF966333A2A66682535A9FB24A3E"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8032
Expires: Fri, 09 Dec 2022 18:18:51 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6705a52b14a33d01cf10849fa0daef61
ace88e145b2247ea5f23b65cdb71a5f34841ab4a
c8212fe89f75ec225decabc9e23cf64005db104a64100300b8aad9b37e3c1b72

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8212FE89F75EC225DECABC9E23CF64005DB104A64100300B8AAD9B37E3C1B72"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8603
Expires: Fri, 09 Dec 2022 18:28:22 GMT
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: keep-alive

ocsp.r2m02.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
ee7ee298edf551e8675d52050308139c
418f5e165fde7edab12697d941083dcbab67e9c1
c37a9f91ac25203162e05d96e7e97820b2fe2f89d61bd2fac8a1b25147bc1247

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100389
Date: Fri, 09 Dec 2022 16:04:59 GMT
Etag: "63922bee-1d7"
Expires: Sat, 10 Dec 2022 19:58:08 GMT
Last-Modified: Thu, 08 Dec 2022 18:24:46 GMT
Server: ECS (dcb/7F81)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: umSZlMpraHHOgmGPPeaYdfLZkLuCGfGnwSMbMmMfOb4UU3JV8ZcmIQ==
Age: 5602

www.heavy-r.com/js/script.js

172.67.20.237

200 OK

43 kB

URL HTTP/2
www.heavy-r.com/js/script.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (648)
Size
43 kB (42806 bytes)
Hash
356338a2e3004ef7c5558499991f1a70
9821c437ceec39a7bb2f9e76b01435b7b907bf44
577105ad32f8b502bb6bbd06c31a2f416bb03e328b2a6883c624c41c7846f014

HTTP Headers

GET /js/script.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=5441
etag: W/"2453276531"
expires: Wed, 31 Aug 2022 16:31:08 GMT
last-modified: Fri, 18 May 2018 11:48:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4425
server: cloudflare
cf-ray: 776efacb1989b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.22

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.22:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
89a3a8de067ca28d9aecfbddc680ad57
b66c5b98f83b494cf0f0ff3537f77f35eac83c86
1926e5957d1edc08c84ad342b72ba426bae6981340424e095cef82d3fb742270

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 08 Dec 2022 21:16:19 GMT
Expires: Fri, 09 Dec 2022 21:16:19 GMT
ETag: "b66c5b98f83b494cf0f0ff3537f77f35eac83c86"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.heavy-r.com/css/images/bx_loader.gif

172.67.20.237

200 OK

8.6 kB

URL HTTP/2
www.heavy-r.com/css/images/bx_loader.gif
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 32 x 32\012- data
Size
8.6 kB (8581 bytes)
Hash
931bdb6b50816b03206c66921760b246
f67f91dafbe0f846c8f8f67a005497d8bdea188a
6d46e2cf165a5a0584afba7bc9663da292ee08c97cfc7613de6013ed05be892a

HTTP Headers

GET /css/images/bx_loader.gif HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/css/jquery.bxslider-v4.1.2.css
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
content-length: 8581
etag: "486933588"
last-modified: Thu, 20 Oct 2022 20:34:19 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3250
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efad0f945b4f3-OSL
X-Firefox-Spdy: h2

oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69

167.99.122.29

200 OK

699 B

URL HTTP/1.1
oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
IP
167.99.122.29:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document, ASCII text, with very long lines (777)
Size
699 B (699 bytes)
Hash
0a80645a8ea763e0e2cf2140326d4e4c
5dccb4ca31a0d2c538a53882355c3f7678a650c8
38ab1889a516531f445603ea8aec7cafc15d80ccf6bc6725d5d6050c6ce8ef85

HTTP Headers

GET /servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69 HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: AVPUID=e198675d9eb47cdd315bbfe43a6399dc; Expires=Sat, 09-Dec-2023 16:04:59 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip

oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101

167.99.122.29

200 OK

702 B

URL HTTP/1.1
oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101
IP
167.99.122.29:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document, ASCII text, with very long lines (785)
Size
702 B (702 bytes)
Hash
5e8181d4a00893b4d975bd7eebb3aed0
c0468b6d7eab6c55ed63b6731788bac3c6e79778
4852b641db00a5c23b7068c8ef1e91a5b1161fa28dd332ca2eb6907921ae4845

HTTP Headers

GET /servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101 HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: AVPUID=4c212a2e9ab03a41c9dbe9f15b0651b2; Expires=Sat, 09-Dec-2023 16:04:59 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip

mbledeparatea.com/utx?tid=763904&top=www.heavy-r.com&cb=KPcJUJKLSXTm

108.157.214.49

204 No Content

0 B

URL HTTP/2
mbledeparatea.com/utx?tid=763904&top=www.heavy-r.com&cb=KPcJUJKLSXTm
IP
108.157.214.49:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?tid=763904&top=www.heavy-r.com&cb=KPcJUJKLSXTm HTTP/1.1
Host: mbledeparatea.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Fri, 09 Dec 2022 16:04:59 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 09 Dec 2022 16:05:59 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 4838101f07e2dfcd1db4abc88031f082.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P1
x-amz-cf-id: fLW-wMcVWbHvgyjJ2BMOE8EO2fuvjRjhRnZs9NsBIP83zoZe-Gc-sQ==
X-Firefox-Spdy: h2

a.pierlinks.com/loader?a=101&s=10&t=2&p=5

172.67.140.204

200 OK

329 B

URL HTTP/2
a.pierlinks.com/loader?a=101&s=10&t=2&p=5
IP
172.67.140.204:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
329 B (329 bytes)
Hash
7d4a56aed2a733e0ac137389734c4245
ef479b1c46978cdd27c242799315b6012cfb1c8f
24b91941e50fc50b279d86aa1600e28a877e0898e9226bd2724e2a448c75f114

HTTP Headers

GET /loader?a=101&s=10&t=2&p=5 HTTP/1.1
Host: a.pierlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvuNvPb7G3i73ZD%2BQH8bMjD7Wz4POSqnFn4dk9NPlmq%2FBW5SiEqoc8FccdnLRWVDSaNpVhwYi47%2FjY0tVlzBYIJNLIvYImiaL%2FswWi%2FqbY9bntuN5N7x4bz8FVekXyi5XHA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776efacd6c06b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

oceanicmb.advertserve.com/js/interactive2.js

167.99.122.29

200 OK

2.7 kB

URL HTTP/1.1
oceanicmb.advertserve.com/js/interactive2.js
IP
167.99.122.29:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (11195), with no line terminators
Size
2.7 kB (2739 bytes)
Hash
3aab9ab80248895ff925b5906764597e
0fc31983fe85d422bb46bf29e52f65eb7bc5a469
e280705d04639ecfec0dfb05b495ffbbb4138cd34c955c9925286a06b02efea3

HTTP Headers

GET /js/interactive2.js HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:04:59 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=86400
Expires: Sat, 10 Dec 2022 16:04:59 GMT
Vary: Accept-Encoding, Accept-Encoding
Last-Modified: Wed, 15 Jun 2022 14:49:44 GMT
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:04:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ssl.google-analytics.com/ga.js

216.58.207.232

200 OK

17 kB

URL HTTP/2
ssl.google-analytics.com/ga.js
IP
216.58.207.232:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1305)
Size
17 kB (17168 bytes)
Hash
01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

HTTP Headers

GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Fri, 09 Dec 2022 15:33:17 GMT
expires: Fri, 09 Dec 2022 17:33:17 GMT
cache-control: public, max-age=7200
age: 1902
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js

142.250.74.3

200 OK

163 kB

URL HTTP/2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (730)
Size
163 kB (162976 bytes)
Hash
79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6

HTTP Headers

GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 13:40:02 GMT
expires: Thu, 07 Dec 2023 13:40:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 181497
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/208

205.185.216.10

200 OK

78 kB

URL HTTP/1.1
cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/208
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 900x250, components 3\012- data
Size
78 kB (77765 bytes)
Hash
a7661f7362c571ec46dc8f40b012610d
3fc4f46af5cac4e356fab221dfd9d01ae0861038
85b8f5301467593d9e8ae00457319d09c80888f6fe87585768d6aafe9f8a3106

HTTP Headers

GET /images/oceanicmb.advertserve.com/servlet/files/208 HTTP/1.1
Host: cdn.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: Keep-Alive
ETag: "978263999"
Cache-Control: public, max-age=2592000
Content-Length: 77765
Content-Type: image/jpeg
Last-Modified: Sun, 31 Dec 2000 11:59:59 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-HW: 1670601899.dop208.sk1.t,1670601899.cds242.sk1.shn,1670601900.dop208.sk1.t,1670601900.cds210.sk1.c

everefor.buzz/

54.162.51.18

200 OK

0 B

URL HTTP/2
everefor.buzz/
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heavy-r.com
Content-Length: 346
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/73

205.185.216.10

200 OK

472 B

URL HTTP/1.1
cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/73
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type
data
Size
472 B (472 bytes)
Hash
c9208747f2926b414bae65ed0e18fac5
3b25f459b1fe1a63689880699450305a8aee8b77
2c5333a23ade630e8dd8242aa59e371fa2208e265c58916e6fa799683d53f196

HTTP Headers

GET /images/oceanicmb.advertserve.com/servlet/files/73 HTTP/1.1
Host: cdn.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: Keep-Alive
ETag: "978263999"
Cache-Control: public, max-age=2592000
Content-Length: 78255
Content-Type: image/gif
Last-Modified: Sun, 31 Dec 2000 11:59:59 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-HW: 1670601899.dop012.sk1.t,1670601899.cds253.sk1.shn,1670601899.dop012.sk1.t,1670601900.cds206.sk1.c

bulrev.com/resources/slider.min.js

51.161.119.209

200 OK

286 kB

URL HTTP/1.1
bulrev.com/resources/slider.min.js
IP
51.161.119.209:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (65495)
Size
286 kB (286387 bytes)
Hash
cf775612adf422f3fe51f965034e7ae1
64dced5942aae5418c3fe53c904c940b55c4e9e0
4a96a924377aeb8d1258633369426f160671c09cdcc075cbb0aba447c9053349

HTTP Headers

GET /resources/slider.min.js HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 12:09:33 GMT
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

eventhenherthisi.com/SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4

13.225.131.67

200 OK

1.2 kB

URL HTTP/2
eventhenherthisi.com/SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4
IP
13.225.131.67:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3034), with no line terminators
Size
1.2 kB (1185 bytes)
Hash
fced61dd3b35edd77a300c488e231a74
9908cafd2adfed49c5e87b19f396bc7bd2bb6616
f25e050aec52b4e6d8eeca1bf4ed4fefcf8ca1b4c025bfdf5287d7f1edcd3be0

HTTP Headers

GET /SUxjaWIoLgAEXShxAU8XOyBeTFAPaVEvBiQ2UAcGfCMaHhY6O00KDiY5Bw8QJiIXRwwsOEZbJH8ZNjs3BBgmECkzPDstCxw4LigVAy0rKwgIKw9aLiAoBjEbD3kiP1csBgkjCxh+MgMoJwYlOhgfeTkrBi0BIAYYDQ4AWSkjLy4oKiogLi8vBBY0IAUYGldfBxoKBT82GCUzP1scAjQgChwNFFEpMHk6MTZ5IAA4LHoWJBkJDw0tAQAKAjoxGBw+KlkrHBVQOFQbHjEDBg4ZISFQDyQ5Wi8cFVA4CB4KWgcBAQkgClEbfjksCQEWNC8MKjQxAwYKYTkhJA4FJTMzDAkFWjBwCiInCgA2JTo1I3kLMwwqCDoxNCINMisKLRQmLSMdLxcjDhsUMwMaMQ1QDQUtCyYPIxEvGwgzbyYQBgw5cTYGDT46VRs3Oy4 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/html
content-length: 1185
date: Fri, 09 Dec 2022 16:04:59 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 76d034664d0e2c2126caf9bca7adbdc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: NNbOXtsutXPO0Bboes42xn5lsUj6crkIAJzNnIIN31K4SbO_P2TBHA==
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17951
Expires: Fri, 09 Dec 2022 21:04:11 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7557 bytes)
Hash
5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 43073
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5188 bytes)
Hash
fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 17:01:04 GMT
age: 83036
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.6 kB (6578 bytes)
Hash
8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 45033
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.9 kB (7897 bytes)
Hash
8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 44594
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12748 bytes)
Hash
730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:44:29 GMT
age: 30031
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.2 kB (5169 bytes)
Hash
06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Xi-bshsYa4LlKbJgAt0h-lPnB_5uQbqln5JGBRE8io2Fp1y41cS9xg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:08:48 GMT
age: 42972
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b6cf83fdaa8b5e98ca6e779cdce54c2d
3458b755fec9e58628ae84796e1cf30e668cf48a
abbd693c4423ea2266f14767180132fff643cabdd39ad127074cac208d52aeb4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABBD693C4423EA2266F14767180132FFF643CABDD39AD127074CAC208D52AEB4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Fri, 09 Dec 2022 17:59:33 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b6cf83fdaa8b5e98ca6e779cdce54c2d
3458b755fec9e58628ae84796e1cf30e668cf48a
abbd693c4423ea2266f14767180132fff643cabdd39ad127074cac208d52aeb4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABBD693C4423EA2266F14767180132FFF643CABDD39AD127074CAC208D52AEB4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6873
Expires: Fri, 09 Dec 2022 17:59:33 GMT
Date: Fri, 09 Dec 2022 16:05:00 GMT
Connection: keep-alive

cdn.snowmiracles.com/845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg

92.223.97.97

200 OK

45 kB

URL HTTP/2
cdn.snowmiracles.com/845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg
IP
92.223.97.97:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Size
45 kB (45040 bytes)
Hash
5bfe2dce02570dbb81c7a7acb2ff1628
adf3afb548f7716d4334ccb0fd25f0fd69eb159d
eea911c3c7091b5c6f165e0eafecf42b77647f15f550756516e5f4edfe1641bc

HTTP Headers

GET /845/3b2353ca-f2b3-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 45040
last-modified: Wed, 09 Sep 2020 15:43:39 GMT
etag: "5f58f82b-aff0"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:28+00:00
x-id: sto5-up-gc12
accept-ranges: bytes
X-Firefox-Spdy: h2

everefor.buzz/

54.162.51.18

200 OK

0 B

URL HTTP/2
everefor.buzz/
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heavy-r.com
Content-Length: 350
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2

cdn.snowmiracles.com/845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg

92.223.97.97

200 OK

36 kB

URL HTTP/2
cdn.snowmiracles.com/845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg
IP
92.223.97.97:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Size
36 kB (36429 bytes)
Hash
282c5320642a33db7306164a506b77a3
973a5f396e144dbc066fd4868ffe769e04a207b8
21c5457b823e0a6a02c71dc7f55ace99c95d8f3b3f1c43963ecddf6367a342e6

HTTP Headers

GET /845/fabaf23d-f2b0-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 36429
last-modified: Wed, 09 Sep 2020 15:27:32 GMT
etag: "5f58f464-8e4d"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:22+00:00
x-id: sto5-up-gc10
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.snowmiracles.com/845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg

92.223.97.97

200 OK

51 kB

URL HTTP/2
cdn.snowmiracles.com/845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg
IP
92.223.97.97:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Size
51 kB (50898 bytes)
Hash
cf688d39a1418b90b52abe0298f4b143
a2a0b43eb3f224bd7a07d6ef37b21b253df6a8cd
a61d5df3a5cec95099b797fff73b9e58fbda92ddc67403a65dd2e4d46a9f1e4f

HTTP Headers

GET /845/c4cee646-f2b2-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 50898
last-modified: Wed, 09 Sep 2020 15:40:20 GMT
etag: "5f58f764-c6d2"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:19+00:00
x-id: sto5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.snowmiracles.com/845/02b4618f-f2b0-11ea-94ea-6c46ac15be61.jpg

92.223.97.97

200 OK

55 kB

URL HTTP/2
cdn.snowmiracles.com/845/02b4618f-f2b0-11ea-94ea-6c46ac15be61.jpg
IP
92.223.97.97:0
ASN
#199524 G-Core Labs S.A.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Size
55 kB (55447 bytes)
Hash
f8240034e45d9dc558ff789c58b4643c
b9ed8524c281827c53c62f8d323044fe23a7ec37
4887cb5ac08f3d14e9a009d3de8a02f89dc3b928025b852ec951b5cf4ea9a63c

HTTP Headers

GET /845/02b4618f-f2b0-11ea-94ea-6c46ac15be61.jpg HTTP/1.1
Host: cdn.snowmiracles.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/jpeg
content-length: 55447
last-modified: Wed, 09 Sep 2020 15:20:36 GMT
etag: "5f58f2c4-d897"
expires: Sun, 08 Jan 2023 16:05:00 GMT
cache-control: max-age=2592000
cache: HIT
x-cached-since: 2022-12-06T14:30:41+00:00
x-id: sto5-up-gc13
accept-ranges: bytes
X-Firefox-Spdy: h2

22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWurjnJUQwQ1fXWEjTWHXYNZpYbzdELaEtQp0GaHlx0VUiMfYCXGGglGz1rKpJ5EWB-FBBVlF_GimROpK5kCRM3Y7PXKhTD4TXd-fq_2zmLPig34dt5Thb800kiQOwNHn_52Ncl_HMysWU6NsAX9Y9KgD2uNNNiWRY_YU_N-hdvt8Hd39UKpjPBDYBrXOjPOb8HeAmALx7Gp5gpPSrAKjEt92JZ7loYVf0AdJJ88oTRc-zoDiqVWittAhehVWNfLbJWz4OraluGCjA38vBrvLdxtzYRwz6EEOsdm8l3j_kGVwwWFY-v17C-OCYEiX0jH7W8n4EFqWCqiOW5iwRIhMJHnoCszqXtoD42wssmW-3rcLsVWdYtOJsgxLFfrwqdvAW0U5jN7Ypuv5-rboZ8950ULKilkq3-zHM-LcmFj4a19J7B9fY-bajYeJt2DuZQDjlUbxK6VF-rUICjtx2JHa0EvdrHECI5ueqyYSMqLR5jdc4B5PvCfDujmU1IuJr6lUmkEmbdCzZiIUO_zl7WhboljaYRy8yhoQEoJlrgy0YzQq6J2nlWX4UNymQhuoCd3JrRktWky5M4GMoPp8xFtNvIYmopue5Z8Id4uF0rdTwvBuKWL0VLLhS_HL1Mrw2Yjps1cbcsBfstooQJNSKuELJ3IhoKuF-3syXTi22O6QI_BdmwjG1lhtExaG1o06YZtIH8NiGXNIcA2CKwfG1lFsNuEFf31X-iL7goOhJlLYpboR9mB_AzOXh7-TjChEUPwh8Fm71-12xMOiTJwTg4oqA4aRjtyltSz__bFneI6OYmwOkIZes-XckpS6hU6-N3faMeU5RmWE8e4dNt62XeWDqH1JIGGvXZZGWOfe0ULFcmod-HRYNc05QrgeHiJbGBnPPPlrHNoytAWFszDlVlcNmXyOFtA_oNYWnVqPwqKM0wBQfmRzyNl52aRtglgqpGhfZV4nha5ovzcfaySCvbijjTqVqwWuiTe8pvT2Ar7ahmgCZ_Y7PwlS1fFhjBISOvFEd-WgEjNAVJtB6Nh1r_S-shcT0_fdF9wELZHajt4Gfu9Rir54oPvcBKHjGTKPbMw4R0cBGHxbbkOgORm5nnfv7bWu5I93xpgSw_CYQPcrVEaPYszerXOEsGa_vLEyCSK6fhNeluWYqk3FFJurULXVxoPGfWI7COZ6qO9w

88.208.59.103

200 OK

68 B

URL HTTP/2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWurjnJUQwQ1fXWEjTWHXYNZpYbzdELaEtQp0GaHlx0VUiMfYCXGGglGz1rKpJ5EWB-FBBVlF_GimROpK5kCRM3Y7PXKhTD4TXd-fq_2zmLPig34dt5Thb800kiQOwNHn_52Ncl_HMysWU6NsAX9Y9KgD2uNNNiWRY_YU_N-hdvt8Hd39UKpjPBDYBrXOjPOb8HeAmALx7Gp5gpPSrAKjEt92JZ7loYVf0AdJJ88oTRc-zoDiqVWittAhehVWNfLbJWz4OraluGCjA38vBrvLdxtzYRwz6EEOsdm8l3j_kGVwwWFY-v17C-OCYEiX0jH7W8n4EFqWCqiOW5iwRIhMJHnoCszqXtoD42wssmW-3rcLsVWdYtOJsgxLFfrwqdvAW0U5jN7Ypuv5-rboZ8950ULKilkq3-zHM-LcmFj4a19J7B9fY-bajYeJt2DuZQDjlUbxK6VF-rUICjtx2JHa0EvdrHECI5ueqyYSMqLR5jdc4B5PvCfDujmU1IuJr6lUmkEmbdCzZiIUO_zl7WhboljaYRy8yhoQEoJlrgy0YzQq6J2nlWX4UNymQhuoCd3JrRktWky5M4GMoPp8xFtNvIYmopue5Z8Id4uF0rdTwvBuKWL0VLLhS_HL1Mrw2Yjps1cbcsBfstooQJNSKuELJ3IhoKuF-3syXTi22O6QI_BdmwjG1lhtExaG1o06YZtIH8NiGXNIcA2CKwfG1lFsNuEFf31X-iL7goOhJlLYpboR9mB_AzOXh7-TjChEUPwh8Fm71-12xMOiTJwTg4oqA4aRjtyltSz__bFneI6OYmwOkIZes-XckpS6hU6-N3faMeU5RmWE8e4dNt62XeWDqH1JIGGvXZZGWOfe0ULFcmod-HRYNc05QrgeHiJbGBnPPPlrHNoytAWFszDlVlcNmXyOFtA_oNYWnVqPwqKM0wBQfmRzyNl52aRtglgqpGhfZV4nha5ovzcfaySCvbijjTqVqwWuiTe8pvT2Ar7ahmgCZ_Y7PwlS1fFhjBISOvFEd-WgEjNAVJtB6Nh1r_S-shcT0_fdF9wELZHajt4Gfu9Rir54oPvcBKHjGTKPbMw4R0cBGHxbbkOgORm5nnfv7bWu5I93xpgSw_CYQPcrVEaPYszerXOEsGa_vLEyCSK6fhNeluWYqk3FFJurULXVxoPGfWI7COZ6qO9w
IP
88.208.59.103:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

GET /v2/a/na/image?d=BQ5qQHPe9JWurjnJUQwQ1fXWEjTWHXYNZpYbzdELaEtQp0GaHlx0VUiMfYCXGGglGz1rKpJ5EWB-FBBVlF_GimROpK5kCRM3Y7PXKhTD4TXd-fq_2zmLPig34dt5Thb800kiQOwNHn_52Ncl_HMysWU6NsAX9Y9KgD2uNNNiWRY_YU_N-hdvt8Hd39UKpjPBDYBrXOjPOb8HeAmALx7Gp5gpPSrAKjEt92JZ7loYVf0AdJJ88oTRc-zoDiqVWittAhehVWNfLbJWz4OraluGCjA38vBrvLdxtzYRwz6EEOsdm8l3j_kGVwwWFY-v17C-OCYEiX0jH7W8n4EFqWCqiOW5iwRIhMJHnoCszqXtoD42wssmW-3rcLsVWdYtOJsgxLFfrwqdvAW0U5jN7Ypuv5-rboZ8950ULKilkq3-zHM-LcmFj4a19J7B9fY-bajYeJt2DuZQDjlUbxK6VF-rUICjtx2JHa0EvdrHECI5ueqyYSMqLR5jdc4B5PvCfDujmU1IuJr6lUmkEmbdCzZiIUO_zl7WhboljaYRy8yhoQEoJlrgy0YzQq6J2nlWX4UNymQhuoCd3JrRktWky5M4GMoPp8xFtNvIYmopue5Z8Id4uF0rdTwvBuKWL0VLLhS_HL1Mrw2Yjps1cbcsBfstooQJNSKuELJ3IhoKuF-3syXTi22O6QI_BdmwjG1lhtExaG1o06YZtIH8NiGXNIcA2CKwfG1lFsNuEFf31X-iL7goOhJlLYpboR9mB_AzOXh7-TjChEUPwh8Fm71-12xMOiTJwTg4oqA4aRjtyltSz__bFneI6OYmwOkIZes-XckpS6hU6-N3faMeU5RmWE8e4dNt62XeWDqH1JIGGvXZZGWOfe0ULFcmod-HRYNc05QrgeHiJbGBnPPPlrHNoytAWFszDlVlcNmXyOFtA_oNYWnVqPwqKM0wBQfmRzyNl52aRtglgqpGhfZV4nha5ovzcfaySCvbijjTqVqwWuiTe8pvT2Ar7ahmgCZ_Y7PwlS1fFhjBISOvFEd-WgEjNAVJtB6Nh1r_S-shcT0_fdF9wELZHajt4Gfu9Rir54oPvcBKHjGTKPbMw4R0cBGHxbbkOgORm5nnfv7bWu5I93xpgSw_CYQPcrVEaPYszerXOEsGa_vLEyCSK6fhNeluWYqk3FFJurULXVxoPGfWI7COZ6qO9w HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

eventhenherthisi.com/utx?cb=HbQFhsnc2uae&top=www.heavy-r.com&tid=894738

13.225.131.67

204 No Content

0 B

URL HTTP/2
eventhenherthisi.com/utx?cb=HbQFhsnc2uae&top=www.heavy-r.com&tid=894738
IP
13.225.131.67:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=HbQFhsnc2uae&top=www.heavy-r.com&tid=894738 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Fri, 09 Dec 2022 16:05:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Fri, 09 Dec 2022 16:06:00 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 76d034664d0e2c2126caf9bca7adbdc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: 7KeS5e3O3CQ2Pcq303iM8O_TNUpMDvzXsRpE3Zl3GAiFTBGowdoq7A==
X-Firefox-Spdy: h2

22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nAGV0St9NNwPdYgig6CXilebVOjVI3SBXJp85NprcgwvehsE3JjfbbeGV55xb11ppODVytbJXVSoS7B89OQhgbINe1Lbyeco_pndl1fYOfMHJXU59BBVEt2sHjihPZRZObBbXv6O9Oz95Jjko5uu2IcRIKfMxcN8pD21s1oHC7uBvxZ7j_txa56-teD-6Jrj2u6qMGdoL3slJK_sBrd1EYck6rfAJA-MqP3uszSvqgX9lwO2_piSR8NYN9_K5kP52pvwU4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wss6r6tnEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W15uXp2ARocSdR4ujsmO-ClFvIdT0rJGeGd_Wr-N

88.208.59.103

200 OK

68 B

URL HTTP/2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nAGV0St9NNwPdYgig6CXilebVOjVI3SBXJp85NprcgwvehsE3JjfbbeGV55xb11ppODVytbJXVSoS7B89OQhgbINe1Lbyeco_pndl1fYOfMHJXU59BBVEt2sHjihPZRZObBbXv6O9Oz95Jjko5uu2IcRIKfMxcN8pD21s1oHC7uBvxZ7j_txa56-teD-6Jrj2u6qMGdoL3slJK_sBrd1EYck6rfAJA-MqP3uszSvqgX9lwO2_piSR8NYN9_K5kP52pvwU4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wss6r6tnEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W15uXp2ARocSdR4ujsmO-ClFvIdT0rJGeGd_Wr-N
IP
88.208.59.103:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

GET /v2/a/na/image?d=BQ5qQHPe9JWmrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nAGV0St9NNwPdYgig6CXilebVOjVI3SBXJp85NprcgwvehsE3JjfbbeGV55xb11ppODVytbJXVSoS7B89OQhgbINe1Lbyeco_pndl1fYOfMHJXU59BBVEt2sHjihPZRZObBbXv6O9Oz95Jjko5uu2IcRIKfMxcN8pD21s1oHC7uBvxZ7j_txa56-teD-6Jrj2u6qMGdoL3slJK_sBrd1EYck6rfAJA-MqP3uszSvqgX9lwO2_piSR8NYN9_K5kP52pvwU4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wss6r6tnEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W15uXp2ARocSdR4ujsmO-ClFvIdT0rJGeGd_Wr-N HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjn5kQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nLH6HneCMNs6YavYHsotfUALx7-wjHNhhtJJaC1gXfFnXEWBuCTidgq-PWLbJauCtXYVp9v3rXOiqbnYOxRlM4pdaJKUKjPDVuunBgEZFeWzkSLkdTueKGxcOiTJgQggzoub5ojRmABLT8QLLmzsaz2H3wvWSXAjAdbsFruC7eSVtswgRi_nqC73AQGqtMfs05v5SQC8JGA6eghZ-2glh3ldLMUeVekbm_WJg3qno9Ct2l51hfRGxHnj8bxp7_yCGD06m4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wktRrW9jEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W17GQJ0wEMtyYQSYp9gsjSUHqXMjIV9l41nclzpH

88.208.59.103

200 OK

68 B

URL HTTP/2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWmrjn5kQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nLH6HneCMNs6YavYHsotfUALx7-wjHNhhtJJaC1gXfFnXEWBuCTidgq-PWLbJauCtXYVp9v3rXOiqbnYOxRlM4pdaJKUKjPDVuunBgEZFeWzkSLkdTueKGxcOiTJgQggzoub5ojRmABLT8QLLmzsaz2H3wvWSXAjAdbsFruC7eSVtswgRi_nqC73AQGqtMfs05v5SQC8JGA6eghZ-2glh3ldLMUeVekbm_WJg3qno9Ct2l51hfRGxHnj8bxp7_yCGD06m4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wktRrW9jEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W17GQJ0wEMtyYQSYp9gsjSUHqXMjIV9l41nclzpH
IP
88.208.59.103:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

GET /v2/a/na/image?d=BQ5qQHPe9JWmrjn5kQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDUr8ojBi7K3wk3dA2c2-Kt5KbG2uwoI3osXw2ycvkUCZ_OwOMHW6kx7OP-EkbSlXqpHz9lopk76wokhLWwwVvzu70eMlh-p0MOcWNQwfMUMjg0YEGaPecGd5CykcvLnuM-CohnDsvW5YnrsIkksQEu23upzzdPyb_Yrz-mMAzKUuo7m5E38_O9J1ol0O1tKMusNzsX2QD4EFe273DGlex_vLp1fup1Lt9-ZRNPLWEGsNRyNHO3Evsr3kkM9ueq6YSMqrS6hba995Pvi2zq4EV5UGd4fDQjYgabR6c2VP9v-UnxSSObl3exCFLehwXCqS28ncs-diip7rBqeydcFylghsoCVi7OpZyESwEwAJsoPp84FtEvhqTyA08RK-gLKYTkZ4m7mQiWhWJ5WzRf9PLXMjxWZDIpJjk8xsaFAzLoWYw-4nLH6HneCMNs6YavYHsotfUALx7-wjHNhhtJJaC1gXfFnXEWBuCTidgq-PWLbJauCtXYVp9v3rXOiqbnYOxRlM4pdaJKUKjPDVuunBgEZFeWzkSLkdTueKGxcOiTJgQggzoub5ojRmABLT8QLLmzsaz2H3wvWSXAjAdbsFruC7eSVtswgRi_nqC73AQGqtMfs05v5SQC8JGA6eghZ-2glh3ldLMUeVekbm_WJg3qno9Ct2l51hfRGxHnj8bxp7_yCGD06m4UKI7hPcC6apZ1foN6mkIEyVZAhPAH79kijC8NowzL3vdhAIhrTqfe2cwRFQr85K1IYjraozw1PrdLzJA_3Dx_3adqHAIwu00Z_fCnIyHuiNvkE4v2RjMakR2jgE_cwAPjSjba0zZCA4BvzQcytlkkl7qrRIlJQI--EXLAPV9I5jHumsQqWcm2wktRrW9jEoMYbS83aKtG0h3b47_cD42JdKUwM0DT-GoT4W17GQJ0wEMtyYQSYp9gsjSUHqXMjIV9l41nclzpH HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWWrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDXgOCRzDtzC_mzv86aiyAgIwhh7hT7cUZ7QmQB49hDHMbnYJFcAExZn5zOuu3zKyJH0HSUzHpe1bDph9j9grzxq_LB9tegUUl5HsfTdGvA44x_atn6lHs7pJyWmfj8NPTkGkg2zug2-ZNIzLHUOqotW7NZT_7BPSFwrKY3cgMuoKVlu47H1N65qLsXY-mfYGx6vMhzCQlaT24sq3WP-6uh8ZL7YrBAFkdQlP98so9_LA6zhPFAQI4gKt6zhAPuxgYfQ4brRJ0iNd3h1oTk24nuLl1GEHUCMcyeRAwsyCSvjQuREzJ7JDNKNi-Up8s4wvqWIwthI5bl4XzYNPl34FqGcifGK16csqtR5y9APXpDNIBZUuai-aRbE51SHH2B7eMwJNOxYlRvbChUm9g0rKwKndDISjKQmC3F8u8VOobzmkcNMJdtE_I0blznSeS8BmkkqPfJK8kzNfy6Dsm6wR08pVOgR64M4nQq_UBifPrRbnaQBWa4rApC-JoH1jHz9iVVFe35FJD0o4e7wJK3NsnEPSZD9htQynpunlMZ75NkyPW9lbPSeEIH4kpIGxP8LDyyD0Mg0MKWFqft6URGxJjBcA0392Ms-DJMULodFL3qOb_2W7dDoyoewuSKvSEox3XjUMGgd2sjwGjh1eRJNc8-QNcsU9T699t3UiuEif_eQSWIhicp0FooKI7ivMdKxpZ1foN6mkIEyVZBhPQH79kgj-m_8MxT3PdhAIxrBqfe2eQRFQr85K1IYiraoDZ9rW_QiRY76kYIfFy7MThmRkGHBReiDzbpcQtQp23OP97AN30wbJzIwkyY57d-TWBw7NrCsJ_MZ3E-3_mgCbX6YWoQQT1mFfbOzejQcwNG9F0wn-OVFgSC4R_vUsrLTk677nCixQzZaGHmDW8FcByqZ0tHRAeHWeiRndYmgmDxwd635vEdtOAcHdfYGBU6BiP2XrTU

88.208.59.103

200 OK

68 B

URL HTTP/2
22658.bestwinterclck.name/v2/a/na/image?d=BQ5qQHPe9JWWrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDXgOCRzDtzC_mzv86aiyAgIwhh7hT7cUZ7QmQB49hDHMbnYJFcAExZn5zOuu3zKyJH0HSUzHpe1bDph9j9grzxq_LB9tegUUl5HsfTdGvA44x_atn6lHs7pJyWmfj8NPTkGkg2zug2-ZNIzLHUOqotW7NZT_7BPSFwrKY3cgMuoKVlu47H1N65qLsXY-mfYGx6vMhzCQlaT24sq3WP-6uh8ZL7YrBAFkdQlP98so9_LA6zhPFAQI4gKt6zhAPuxgYfQ4brRJ0iNd3h1oTk24nuLl1GEHUCMcyeRAwsyCSvjQuREzJ7JDNKNi-Up8s4wvqWIwthI5bl4XzYNPl34FqGcifGK16csqtR5y9APXpDNIBZUuai-aRbE51SHH2B7eMwJNOxYlRvbChUm9g0rKwKndDISjKQmC3F8u8VOobzmkcNMJdtE_I0blznSeS8BmkkqPfJK8kzNfy6Dsm6wR08pVOgR64M4nQq_UBifPrRbnaQBWa4rApC-JoH1jHz9iVVFe35FJD0o4e7wJK3NsnEPSZD9htQynpunlMZ75NkyPW9lbPSeEIH4kpIGxP8LDyyD0Mg0MKWFqft6URGxJjBcA0392Ms-DJMULodFL3qOb_2W7dDoyoewuSKvSEox3XjUMGgd2sjwGjh1eRJNc8-QNcsU9T699t3UiuEif_eQSWIhicp0FooKI7ivMdKxpZ1foN6mkIEyVZBhPQH79kgj-m_8MxT3PdhAIxrBqfe2eQRFQr85K1IYiraoDZ9rW_QiRY76kYIfFy7MThmRkGHBReiDzbpcQtQp23OP97AN30wbJzIwkyY57d-TWBw7NrCsJ_MZ3E-3_mgCbX6YWoQQT1mFfbOzejQcwNG9F0wn-OVFgSC4R_vUsrLTk677nCixQzZaGHmDW8FcByqZ0tHRAeHWeiRndYmgmDxwd635vEdtOAcHdfYGBU6BiP2XrTU
IP
88.208.59.103:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

GET /v2/a/na/image?d=BQ5qQHPe9JWWrjnpkQ0Q5dXYEjSvxAUEPe8lFD1Evs_u6_T3BqdiRGtgW7axwjUjNdehRGd7EVAaEbFjuusYyRPmx10Cm1IXU7OXKpTiyj2xMyGDGzmDvkgH4dv50uE1POdwQewNHv_5ONYlHXhMgeG6dSAW9Y9FgH7sFB8Nxk1OZLUaSLvCinGbwRaKn_OhmU87DtaZKJ679B9-pV8S38A19wt-f_yEWwHuF9Z7OXZeGDXgOCRzDtzC_mzv86aiyAgIwhh7hT7cUZ7QmQB49hDHMbnYJFcAExZn5zOuu3zKyJH0HSUzHpe1bDph9j9grzxq_LB9tegUUl5HsfTdGvA44x_atn6lHs7pJyWmfj8NPTkGkg2zug2-ZNIzLHUOqotW7NZT_7BPSFwrKY3cgMuoKVlu47H1N65qLsXY-mfYGx6vMhzCQlaT24sq3WP-6uh8ZL7YrBAFkdQlP98so9_LA6zhPFAQI4gKt6zhAPuxgYfQ4brRJ0iNd3h1oTk24nuLl1GEHUCMcyeRAwsyCSvjQuREzJ7JDNKNi-Up8s4wvqWIwthI5bl4XzYNPl34FqGcifGK16csqtR5y9APXpDNIBZUuai-aRbE51SHH2B7eMwJNOxYlRvbChUm9g0rKwKndDISjKQmC3F8u8VOobzmkcNMJdtE_I0blznSeS8BmkkqPfJK8kzNfy6Dsm6wR08pVOgR64M4nQq_UBifPrRbnaQBWa4rApC-JoH1jHz9iVVFe35FJD0o4e7wJK3NsnEPSZD9htQynpunlMZ75NkyPW9lbPSeEIH4kpIGxP8LDyyD0Mg0MKWFqft6URGxJjBcA0392Ms-DJMULodFL3qOb_2W7dDoyoewuSKvSEox3XjUMGgd2sjwGjh1eRJNc8-QNcsU9T699t3UiuEif_eQSWIhicp0FooKI7ivMdKxpZ1foN6mkIEyVZBhPQH79kgj-m_8MxT3PdhAIxrBqfe2eQRFQr85K1IYiraoDZ9rW_QiRY76kYIfFy7MThmRkGHBReiDzbpcQtQp23OP97AN30wbJzIwkyY57d-TWBw7NrCsJ_MZ3E-3_mgCbX6YWoQQT1mFfbOzejQcwNG9F0wn-OVFgSC4R_vUsrLTk677nCixQzZaGHmDW8FcByqZ0tHRAeHWeiRndYmgmDxwd635vEdtOAcHdfYGBU6BiP2XrTU HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:05:00 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2

dmz3nd5oywtsw.cloudfront.net/6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ

143.204.42.156

200 OK

332 B

URL HTTP/2
dmz3nd5oywtsw.cloudfront.net/6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (422), with no line terminators
Size
332 B (332 bytes)
Hash
8208c300de81a81ca5f34a8050eb1156
50bcb676c33cedc4b871304578ef01d017967424
4bd48a7776d28299ef9a6b48c254d181b8cab1aa7007e4472780f410d254a921

HTTP Headers

GET /6UURUMTEyKzpXDiUtMAwJaHBjAgl3LideXyF5AV5eJjJiQ2QjJnJFSzV5ZBddMCozDBc0KjcMAHclMFMMZWIgQV46eSFfVTQiPV9UNWIhUAw8Ky5YXT0lcQN3ZGpkFANhbCNYXzUrI0IUY3Q6RRRjdGUBH2FhZ3MUY3QjWF9ncHECc3R2ZEkHZWFncxRjdC-ZHFGIFZQEEf3R9FANhIzFSWj5hZncDYXVkAQBhdXEDATctJlRXPjxxA3dgdGEfAXcxaQ HTTP/1.1
Host: dmz3nd5oywtsw.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eventhenherthisi.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-length: 332
date: Fri, 09 Dec 2022 16:05:00 GMT
access-control-allow-origin: *
cache-control: max-age=31556926
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: T9Iy-aL7qxQpd3_Z5lWQN8oqIBbDWtJmLTOZ6fdLKgpCpa-RrpE-xA==
X-Firefox-Spdy: h2

bulrev.com/resources/slider.min.css

51.161.119.209

200 OK

3.0 kB

URL HTTP/1.1
bulrev.com/resources/slider.min.css
IP
51.161.119.209:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (6167), with no line terminators
Size
3.0 kB (3033 bytes)
Hash
a52b157905731a3d1394be0dec6ea5a0
dfe049bf64be4d793c3c9ae5fe40cbe8f025e214
db0b04b9a399c6b8d9caf0e562fec1c1b07b228089afc5301c59696e7e9bdaab

HTTP Headers

GET /resources/slider.min.css HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:47 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 22 Jul 2022 12:09:33 GMT
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip

cloudlogobox.com/rtbfeed.php?1418776e8a5b

78.128.113.86

200 OK

6.9 kB

URL HTTP/1.1
cloudlogobox.com/rtbfeed.php?1418776e8a5b
IP
78.128.113.86:0
ASN
#209160 Miti 2000 EOOD

File type
PNG image data, 53 x 53, 8-bit/color RGB, non-interlaced\012- data
Size
6.9 kB (6857 bytes)
Hash
3641c017bc96d86728c2975f641927f6
46c4c07d2275e338ad63bf453687458291bcfd5f
03b2ac763f624662bfa6bf554bdced988183efc4b430bb4b63735cc2f5b1fb9c

HTTP Headers

GET /rtbfeed.php?1418776e8a5b HTTP/1.1
Host: cloudlogobox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:05:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

bulrev.com/placements/settings?scid=538

51.161.119.209

200 OK

265 B

URL HTTP/1.1
bulrev.com/placements/settings?scid=538
IP
51.161.119.209:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
5a5ba359a55b35f99f9594c2fb2e3a2f
df0a616d91c008a18f37b351aa1ea138ec4d5179
4dc04e88d2a0c1615e3e5742c79385815a161810956c2f1d15ba3d1dee82dca2

HTTP Headers

GET /placements/settings?scid=538 HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:47 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Set-Cookie: orbit_uuid=59206cb3-a02c-4747-8f05-c2b423836ac0; expires=Sat, 09 Dec 2023 16:05:00 GMT; path=/; secure; SameSite=None

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:48:03 GMT
expires: Fri, 08 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 65817
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

eventhenherthisi.com/floater?tid=894738&red=1&cs=MXlQaUgATmIPelNAY1ssAR9lXXgB&abt=0&v=0.5.54.0&sm=83&k=with%20girl%20teasing%20friend%20asshole%20feather%20anal%20tickling&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_L6dI=1670601898170&crc=1

13.225.131.67

200 OK

1.5 kB

URL HTTP/2
eventhenherthisi.com/floater?tid=894738&red=1&cs=MXlQaUgATmIPelNAY1ssAR9lXXgB&abt=0&v=0.5.54.0&sm=83&k=with%20girl%20teasing%20friend%20asshole%20feather%20anal%20tickling&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_L6dI=1670601898170&crc=1
IP
13.225.131.67:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (2171), with no line terminators
Size
1.5 kB (1512 bytes)
Hash
6684fbc17010eb8e37152a45ad80f10d
bd2b431e3229ece1310ceb95ca3c228b7a77afcd
2057ad8fb5c14adfd370980070f03f820dcb6ee861c88e515a74072f498654be

HTTP Headers

GET /floater?tid=894738&red=1&cs=MXlQaUgATmIPelNAY1ssAR9lXXgB&abt=0&v=0.5.54.0&sm=83&k=with%20girl%20teasing%20friend%20asshole%20feather%20anal%20tickling&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_L6dI=1670601898170&crc=1 HTTP/1.1
Host: eventhenherthisi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/plain
content-length: 1512
date: Fri, 09 Dec 2022 16:05:00 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d479bf0f-a737-47e7-b882-4ca654637d9c
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 76d034664d0e2c2126caf9bca7adbdc8.cloudfront.net (CloudFront)
x-amz-cf-pop: ICN54-C2
x-amz-cf-id: FTdjVIyJfQjig_VBbrufwP_eqnRkCEJvixLYsBYnzz8NLGjN0GwvCw==
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cloudlogobox.com/logo.php?a3k9MTQxODc3NmU4YTViXzExJmZ0PVFWUm9RMWFCMWhVVjdkZGRBQUFBQVNVVk9SSzVDWUlJJmZwPTllYmNiMjYwMzI4ZjhjMDYxMDZhY2U3ODY1NjE0MTUyOTZiODYxMWQmYmw9ZW4tVVMsZW4mcGc9JmZjPWZ1bmN0aW9uIGFsZXJ0KCkgeyAgICBbbmF0aXZlIGNvZGVdfX5mdW5jdGlvbiBwcmludCgpIHsgICAgW25hdGl2ZSBjb2RlXX1+ZnVuY3Rpb24gZXZhbCgpIHsgICAgW25hdGl2ZSBjb2RlXX0mdHo9MCZ1Zz1Nb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCZkcj0mbnA9TGludXggeDg2XzY0JmN0PWZhbHNlJmFiPSZicj1jcltmYWxzZV0sZmZbdHJ1ZV0sc2FmW2ZhbHNlXSxvb1tmYWxzZV0saWVbZmFsc2VdLGVkZ1tmYWxzZV0ma3M9MCZyZW49VHlwZUVycm9yOiBjYW4ndCBhY2Nlc3MgcHJvcGVydHkgImdldEV4dGVuc2lvbiIsIGdsIGlzIG51bGwmdmVuPSZ0aGY9aHR0cHM6Ly93d3cuaGVhdnktci5jb20vdmlkZW8vMjcwMzE4L0FuYWxfVGlja2xpbmcvJmhyPTExMjAmZGc9bmFuJm1mPW5hbg==

78.128.113.86

200 OK

106 B

URL HTTP/1.1
cloudlogobox.com/logo.php?a3k9MTQxODc3NmU4YTViXzExJmZ0PVFWUm9RMWFCMWhVVjdkZGRBQUFBQVNVVk9SSzVDWUlJJmZwPTllYmNiMjYwMzI4ZjhjMDYxMDZhY2U3ODY1NjE0MTUyOTZiODYxMWQmYmw9ZW4tVVMsZW4mcGc9JmZjPWZ1bmN0aW9uIGFsZXJ0KCkgeyAgICBbbmF0aXZlIGNvZGVdfX5mdW5jdGlvbiBwcmludCgpIHsgICAgW25hdGl2ZSBjb2RlXX1+ZnVuY3Rpb24gZXZhbCgpIHsgICAgW25hdGl2ZSBjb2RlXX0mdHo9MCZ1Zz1Nb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCZkcj0mbnA9TGludXggeDg2XzY0JmN0PWZhbHNlJmFiPSZicj1jcltmYWxzZV0sZmZbdHJ1ZV0sc2FmW2ZhbHNlXSxvb1tmYWxzZV0saWVbZmFsc2VdLGVkZ1tmYWxzZV0ma3M9MCZyZW49VHlwZUVycm9yOiBjYW4ndCBhY2Nlc3MgcHJvcGVydHkgImdldEV4dGVuc2lvbiIsIGdsIGlzIG51bGwmdmVuPSZ0aGY9aHR0cHM6Ly93d3cuaGVhdnktci5jb20vdmlkZW8vMjcwMzE4L0FuYWxfVGlja2xpbmcvJmhyPTExMjAmZGc9bmFuJm1mPW5hbg==
IP
78.128.113.86:0
ASN
#209160 Miti 2000 EOOD

File type
PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size
106 B (106 bytes)
Hash
45519216be3b413c13c1bd623990d1b8
f374f2578e498a536085b57c41d3d2299fa84f5e
4742175aa9e5530bd227e6d0ca2e5d2be4aa5b46ec7ee4a7c8f81c74d7d7884c

HTTP Headers

GET /logo.php?a3k9MTQxODc3NmU4YTViXzExJmZ0PVFWUm9RMWFCMWhVVjdkZGRBQUFBQVNVVk9SSzVDWUlJJmZwPTllYmNiMjYwMzI4ZjhjMDYxMDZhY2U3ODY1NjE0MTUyOTZiODYxMWQmYmw9ZW4tVVMsZW4mcGc9JmZjPWZ1bmN0aW9uIGFsZXJ0KCkgeyAgICBbbmF0aXZlIGNvZGVdfX5mdW5jdGlvbiBwcmludCgpIHsgICAgW25hdGl2ZSBjb2RlXX1+ZnVuY3Rpb24gZXZhbCgpIHsgICAgW25hdGl2ZSBjb2RlXX0mdHo9MCZ1Zz1Nb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCZkcj0mbnA9TGludXggeDg2XzY0JmN0PWZhbHNlJmFiPSZicj1jcltmYWxzZV0sZmZbdHJ1ZV0sc2FmW2ZhbHNlXSxvb1tmYWxzZV0saWVbZmFsc2VdLGVkZ1tmYWxzZV0ma3M9MCZyZW49VHlwZUVycm9yOiBjYW4ndCBhY2Nlc3MgcHJvcGVydHkgImdldEV4dGVuc2lvbiIsIGdsIGlzIG51bGwmdmVuPSZ0aGY9aHR0cHM6Ly93d3cuaGVhdnktci5jb20vdmlkZW8vMjcwMzE4L0FuYWxfVGlja2xpbmcvJmhyPTExMjAmZGc9bmFuJm1mPW5hbg== HTTP/1.1
Host: cloudlogobox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 16:05:00 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma: no-cache
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

bulrev.com/show/std?scid=538

51.161.119.209

200 OK

20 kB

URL HTTP/1.1
bulrev.com/show/std?scid=538
IP
51.161.119.209:0
ASN
#16276 OVH SAS

File type
XML 1.0 document text\012- XML document, ASCII text
Size
20 kB (19765 bytes)
Hash
1565cd451aa656696852c69fde0b2e22
75f9eb036a56916e68c99786d62ccb2aa3bc3e9b
c883a9d4951208890deff85b4f48c605147d7adda34ba2ea1f377e4aa41732c0

HTTP Headers

GET /show/std?scid=538 HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Cookie: orbit_uuid=59206cb3-a02c-4747-8f05-c2b423836ac0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:47 GMT
Content-Type: text/xml
Content-Length: 19765
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavy-r.com

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
167e7939c40581e5498c97d52773e21b
e2d25f4494bebc939f7b1c3f2df4a6a0c1872d71
3ca29eeb08a34d195d06f293b9ace45d05febc0c98cf7cc179ec3fc7f406bc14

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Etag: "6392ec9a-117"
Expires: Sun, 11 Dec 2022 08:06:50 GMT
Last-Modified: Fri, 09 Dec 2022 08:06:50 GMT
Server: nginx
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
167e7939c40581e5498c97d52773e21b
e2d25f4494bebc939f7b1c3f2df4a6a0c1872d71
3ca29eeb08a34d195d06f293b9ace45d05febc0c98cf7cc179ec3fc7f406bc14

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=144110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:00 GMT
Etag: "6392ec9a-117"
Expires: Sun, 11 Dec 2022 08:06:50 GMT
Last-Modified: Fri, 09 Dec 2022 08:06:50 GMT
Server: nginx
Content-Length: 279

9u1r1.xyz/images/campaigns/creativity-1964832-16527063614108.png

104.21.92.124

200 OK

47 kB

URL HTTP/2
9u1r1.xyz/images/campaigns/creativity-1964832-16527063614108.png
IP
104.21.92.124:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 300 x 300, 8-bit colormap, non-interlaced\012- data
Size
47 kB (47324 bytes)
Hash
58be065cb97a1d8f6c350a13d60946f0
27de845302f713574ad184b4a29662496961f632
51228a586c5bdd2b65ddbc381d29bf14b6555b1712cc12a733b5077ecbf5df53

HTTP Headers

GET /images/campaigns/creativity-1964832-16527063614108.png HTTP/1.1
Host: 9u1r1.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:05:01 GMT
content-type: image/png
content-length: 47324
cdn-pullzone: 283898
cdn-uid: 10270df6-3a78-4ee3-9e7e-62f57a8521e8
cdn-requestcountrycode: NO
cache-control: public, max-age=31919000
etag: "62824c39-b8dc"
last-modified: Mon, 16 May 2022 13:06:01 GMT
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 05/16/2022 13:11:23
cdn-edgestorageid: 755
cdn-status: 200
cdn-requestid: 0ca210c7c3dc78ae478ef3797e650080
cdn-cache: HIT
cf-cache-status: HIT
age: 16307535
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cQD0BlDzqDa7kM9MqgSUOLDiVqiHJ2Bp2DEarvKSqcNXD8mTY3eT5K5YIiJDOk6C4rPBMePBJfADquY%2BYxT8Z2m5eFT5Q9ZcxbrkN5QaQR8uxTrYNVQegfz3MjU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efad9b8950b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
167e7939c40581e5498c97d52773e21b
e2d25f4494bebc939f7b1c3f2df4a6a0c1872d71
3ca29eeb08a34d195d06f293b9ace45d05febc0c98cf7cc179ec3fc7f406bc14

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=144110
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "6392ec9a-117"
Expires: Sun, 11 Dec 2022 08:06:51 GMT
Last-Modified: Fri, 09 Dec 2022 08:06:50 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 279

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
529cab52441013ee34ed00785cc83d04
eb6be6a208cd4676d21aafbbf65d23821eeddce2
d3baf0a35aae1128a02248e2bb94dcf12a971464fc7fdcddc02f4e0bca15a225

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3BAF0A35AAE1128A02248E2BB94DCF12A971464FC7FDCDDC02F4E0BCA15A225"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6043
Expires: Fri, 09 Dec 2022 17:45:44 GMT
Date: Fri, 09 Dec 2022 16:05:01 GMT
Connection: keep-alive

ads.bullionyield.com/vast?scid=538&adid=3952

51.161.119.209

200 OK

7.2 kB

URL HTTP/1.1
ads.bullionyield.com/vast?scid=538&adid=3952
IP
51.161.119.209:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (7207), with no line terminators
Size
7.2 kB (7207 bytes)
Hash
a1aa27a8f3c575919da192613654cf3d
53ea41636d600a83806aec2fdd9ff7886d771254
e54ce5cf6ed82d3b53e8ba09384a23a81389ed19fbd151da0f6eaf4ad6cd272d

HTTP Headers

GET /vast?scid=538&adid=3952 HTTP/1.1
Host: ads.bullionyield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 09 Dec 2022 16:04:48 GMT
Content-Type: text/xml; charset=UTF-8
Content-Length: 7207
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Set-Cookie: orbit_uuid=e98e628d-1b19-459a-b6d2-d327e43ebe2f; expires=Sat, 09 Dec 2023 16:05:01 GMT; path=/; secure; SameSite=None

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
d0aab51eac226773d45430d44b055d01
7c7684d79b05fc9c7f58a9d7ae5a201eb4f28230
b6d56699bea0de400256de276b2edacf77ca410167bfa522e957d6639a95c3d5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5773
Cache-Control: max-age=108844
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63924c4c-118"
Expires: Sat, 10 Dec 2022 22:19:05 GMT
Last-Modified: Thu, 08 Dec 2022 20:42:52 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280

go.xlviirdr.com/smartpop/84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=a0d731c9-9514-43e0-9311-918cb6089011&sourceId=bullion.media%20slider&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&contentType=video/mp4&trackOff=1

104.18.59.150

302 Found

0 B

URL HTTP/2
go.xlviirdr.com/smartpop/84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=a0d731c9-9514-43e0-9311-918cb6089011&sourceId=bullion.media%20slider&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&contentType=video/mp4&trackOff=1
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /smartpop/84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3?userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&memberId=a0d731c9-9514-43e0-9311-918cb6089011&sourceId=bullion.media%20slider&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&contentType=video/mp4&trackOff=1 HTTP/1.1
Host: go.xlviirdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 09 Dec 2022 16:05:01 GMT
content-length: 0
location: https://go.xlivrdr.com/api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11
access-control-allow-origin: https://www.heavy-r.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=2060628.29475; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCg3Rc4wrBy1LXpo8BjSdYnrc8pHa; SameSite=None; Secure; path=/; expires=Sat, 10-Dec-22 15:05:01 GMT; HttpOnly
server: cloudflare
cf-ray: 776efaddb9a0b4eb-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
d0aab51eac226773d45430d44b055d01
7c7684d79b05fc9c7f58a9d7ae5a201eb4f28230
b6d56699bea0de400256de276b2edacf77ca410167bfa522e957d6639a95c3d5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5773
Cache-Control: max-age=108844
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63924c4c-118"
Expires: Sat, 10 Dec 2022 22:19:05 GMT
Last-Modified: Thu, 08 Dec 2022 20:42:52 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
361aa366131208557ffe6dc24f3ab55c
eede2130a586e197687fa44991862c359b4c61fc
d87017c6d67f1fe3130df85a4df5d9c0899fa9a1c52fefdc30f95c4aa13771ac

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6490
Cache-Control: max-age=93726
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63920e71-116"
Expires: Sat, 10 Dec 2022 18:07:07 GMT
Last-Modified: Thu, 08 Dec 2022 16:18:57 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
361aa366131208557ffe6dc24f3ab55c
eede2130a586e197687fa44991862c359b4c61fc
d87017c6d67f1fe3130df85a4df5d9c0899fa9a1c52fefdc30f95c4aa13771ac

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6592
Cache-Control: max-age=93828
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 16:05:01 GMT
Etag: "63920e71-116"
Expires: Sat, 10 Dec 2022 18:08:49 GMT
Last-Modified: Thu, 08 Dec 2022 16:18:57 GMT
Server: ECS (ska/F713)
X-Cache: HIT
Content-Length: 278

go.xlivrdr.com/api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11

104.18.59.150

200 OK

0 B

URL HTTP/2
go.xlivrdr.com/api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11
IP
104.18.59.150:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /api/models/vast?campaignId=84f9fffa4fd637bf33957d45272600a4692c0cf2a0d5fa89a1a4ad8213c940e3&campaignType=smartpop&contentType=video%2Fmp4&creativeId=b1e02e2720203f684f246d97afe36747c347d0383f37e85772df9f975015b451&duration=00%3A00%3A30&endpoint=room&iterationId=257099&masterSmartpopId=2683&memberId=a0d731c9-9514-43e0-9311-918cb6089011&p1=VAST_DESK_STR8_WIN_T1&p2=49526&p3=103033&ruleId=157&skipOffset=00%3A00%3A05&smartpopId=3031&sourceId=bullion.media%20slider&tag=-girls%2Findian&trackOff=1&userId=0d0cdc753eed23068b893e6a636a40ccaadc69dc4a5ec7ee080ed62b15816646&variationId=29475&videosList=oil-show11 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:05:01 GMT
content-type: text/xml; charset=utf-8
access-control-allow-origin: null
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: __cflb=02DiuDfsBaY2bRYJiCddNhqGgfsRfgxdZCJATP6LwDJnG; SameSite=None; Secure; path=/; expires=Sat, 10-Dec-22 15:05:01 GMT; HttpOnly
server: cloudflare
cf-ray: 776efade2dcbb512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.heavy-r.com/css/restyle.css

172.67.20.237

200 OK

0 B

URL HTTP/2
www.heavy-r.com/css/restyle.css
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/restyle.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=9425
etag: W/"2296612473"
last-modified: Tue, 26 May 2020 15:01:33 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 3048
server: cloudflare
cf-ray: 776efac9ffefb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

hecherthepar.com/popunder.gif

188.114.96.1

200 OK

0 B

URL HTTP/2
hecherthepar.com/popunder.gif
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: hecherthepar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 43135
last-modified: Fri, 09 Dec 2022 04:06:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6f3T74YhUOSlaJKC7Rha0JTkRdQxL85fywKzfy9xPbj9BZjWChw7yMqeI0Y8XX8HjFXIHGWMkdZt%2FNQYhuRGUVap4A27JoblbSmbOw1g%2FdfEeudZLxpA2KHNsoVtjE066BQ2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efacd6d62b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

22658.bestwinterclck.name/v2/a/na/157670?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&referer=&av=1&abl=0&kws=anal%2Ctickling&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Dec%2009%202022%2016%3A04%3A58%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D

88.208.59.103

200 OK

0 B

URL HTTP/2
22658.bestwinterclck.name/v2/a/na/157670?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&referer=&av=1&abl=0&kws=anal%2Ctickling&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Dec%2009%202022%2016%3A04%3A58%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D
IP
88.208.59.103:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v2/a/na/157670?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fvideo%2F270318%2FAnal_Tickling%2F&referer=&av=1&abl=0&kws=anal%2Ctickling&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Fri%20Dec%2009%202022%2016%3A04%3A58%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.heavy-r.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Fri, 09 Dec 2022 16:04:59 UTC
expires: Fri, 09 Dec 2022 16:04:59 UTC
content-encoding: gzip
X-Firefox-Spdy: h2

everefor.buzz/c2ZXNTQoRGADB0pWYxcYUUR7FwUQVWNWBUtWegFVRgJ6AVVLB3pXDEFVelZWFV9hVgNDUGZXAFFKdQFWSlU1BAYQSzIAUkRLY1BRQktuVgARS28BUkQHZlMNRVZiBxZfRCRCFl9EMkNRAQMxWkZdBCJPTlFKdQQEXVN1GVISCiRQGBUHO0ZRXwA2WUcWOw

54.162.51.18

200 OK

0 B

URL HTTP/2
everefor.buzz/c2ZXNTQoRGADB0pWYxcYUUR7FwUQVWNWBUtWegFVRgJ6AVVLB3pXDEFVelZWFV9hVgNDUGZXAFFKdQFWSlU1BAYQSzIAUkRLY1BRQktuVgARS28BUkQHZlMNRVZiBxZfRCRCFl9EMkNRAQMxWkZdBCJPTlFKdQQEXVN1GVISCiRQGBUHO0ZRXwA2WUcWOw
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c2ZXNTQoRGADB0pWYxcYUUR7FwUQVWNWBUtWegFVRgJ6AVVLB3pXDEFVelZWFV9hVgNDUGZXAFFKdQFWSlU1BAYQSzIAUkRLY1BRQktuVgARS28BUkQHZlMNRVZiBxZfRCRCFl9EMkNRAQMxWkZdBCJPTlFKdQQEXVN1GVISCiRQGBUHO0ZRXwA2WUcWOw HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: cb81bc75a915df40dd17185bbad9a284=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8442-I3ywmyBDmyaZrqYZyiPRMZt4Alg"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2

22658.bestwinterclck.name/v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850

88.208.59.103

200 OK

0 B

URL HTTP/2
22658.bestwinterclck.name/v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850
IP
88.208.59.103:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /v2/a/na/js/157670?container=clck_ntv&tburl=https%3A%2F%2Fheavy-r.hdmembersvault.com%2Fnative%2Findex.php%3Fsze%3DD&_=1670601897850 HTTP/1.1
Host: 22658.bestwinterclck.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2

a-cdn.heavy-r.com/vid/1e/b4/5f/1eb45ff385a3065.mp4

205.185.216.10

206 Partial Content

0 B

URL HTTP/1.1
a-cdn.heavy-r.com/vid/1e/b4/5f/1eb45ff385a3065.mp4
IP
205.185.216.10:0
ASN
#20446 STACKPATH-CDN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /vid/1e/b4/5f/1eb45ff385a3065.mp4 HTTP/1.1
Host: a-cdn.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Referer: https://www.heavy-r.com/
Range: bytes=0-
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/1.1 206 Partial Content
Date: Fri, 09 Dec 2022 16:04:59 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: "1495751130"
Cache-Control: max-age=86390
Content-Length: 18260242
Content-Range: bytes 0-18260241/18260242
Content-Type: video/mp4
X-HW: 1670601899.dop208.sk1.t,1670601899.cds066.sk1.shn,1670601899.dop208.sk1.t,1670601880.cds010.sk1.p
Last-Modified: Thu, 25 May 2017 22:25:30 GMT

www.heavy-r.com/js/CH_ThumbsPreview.js

172.67.20.237

200 OK

0 B

URL HTTP/2
www.heavy-r.com/js/CH_ThumbsPreview.js
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/CH_ThumbsPreview.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=2817
etag: W/"3247923509"
expires: Mon, 04 Jul 2022 18:35:40 GMT
last-modified: Fri, 11 Feb 2022 20:21:14 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4717
server: cloudflare
cf-ray: 776efaca0819b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/favicon.ico

172.67.20.237

200 OK

0 B

URL HTTP/2
www.heavy-r.com/favicon.ico
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617; xtag=32c499b8ae7bfc1f98b7a1b9826f4b02d819a60c7146
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:59 GMT
content-type: image/vnd.microsoft.icon
etag: W/"4080963554"
last-modified: Mon, 11 Dec 2017 19:49:52 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6609
vary: Accept-Encoding
server: cloudflare
cf-ray: 776efad26b4bb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.heavy-r.com/js/jquery.bxslider.min.js?v1

172.67.20.237

200 OK

0 B

URL HTTP/2
www.heavy-r.com/js/jquery.bxslider.min.js?v1
IP
172.67.20.237:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/jquery.bxslider.min.js?v1 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Cookie: PHPSESSID=76krap1senchuuupk4fgk9g617
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 09 Dec 2022 16:04:58 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 19 Oct 2022 22:54:57 GMT
etag: W/"2811880859"
expires: Wed, 19 Oct 2022 23:55:51 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3048
server: cloudflare
cf-ray: 776efacb0987b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

everefor.buzz/RWhsdzM%2BSh8AbDAaAFUJZwAYA0M2UkNYRDIfQh9WJB4VWkFrCwMaHDYfQh1AZ0ROBF4jSlZGH2cbAQERf0pYWQBnRE4DUiI3BRMRf0pbQQB8WFhVH2cbGRVsLAxeVQlnWQ9EByZZVEcecQlZEx5xCVQWHidQXkQeJgoKTgUmX1xBAidcTgo

54.162.51.18

502 Bad Gateway

0 B

URL HTTP/2
everefor.buzz/RWhsdzM%2BSh8AbDAaAFUJZwAYA0M2UkNYRDIfQh9WJB4VWkFrCwMaHDYfQh1AZ0ROBF4jSlZGH2cbAQERf0pYWQBnRE4DUiI3BRMRf0pbQQB8WFhVH2cbGRVsLAxeVQlnWQ9EByZZVEcecQlZEx5xCVQWHidQXkQeJgoKTgUmX1xBAidcTgo
IP
54.162.51.18:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /RWhsdzM%2BSh8AbDAaAFUJZwAYA0M2UkNYRDIfQh9WJB4VWkFrCwMaHDYfQh1AZ0ROBF4jSlZGH2cbAQERf0pYWQBnRE4DUiI3BRMRf0pbQQB8WFhVH2cbGRVsLAxeVQlnWQ9EByZZVEcecQlZEx5xCVQWHidQXkQeJgoKTgUmX1xBAidcTgo HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 502 Bad Gateway
set-cookie: ca22a441e733706aabc3ae4e26fab7b4=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (55)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations