www.heavy-r.com/wp-login.php
104.22.5.193301 Moved Permanently 0 B URL HTTP/1.1 www.heavy-r.com/wp-login.php
IP 104.22.5.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-login.php HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 23 Mar 2023 11:33:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 23 Mar 2023 12:33:34 GMT
Location: https://www.heavy-r.com/wp-login.php
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7ac65c396ecf1c12-OSL
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bea3185dd820a31c1981317f37c3456d
1a548a5d27270fc11df9011837a7149571cedd78
469b97bf9f57401b3c9571039483589f2815f4794212b75c7c85cfefe0ae71e9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "469B97BF9F57401B3C9571039483589F2815F4794212B75C7C85CFEFE0AE71E9"
Last-Modified: Wed, 22 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13839
Expires: Thu, 23 Mar 2023 15:24:13 GMT
Date: Thu, 23 Mar 2023 11:33:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 65fc860bc043f3fb83bdc3debdcd322d
418010755deae099ef1284e402813c5837a10f42
d93d50c523c7f735987aba09db628259441eb75efe713a2df3c214e1fb8b5171
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D93D50C523C7F735987ABA09DB628259441EB75EFE713A2DF3C214E1FB8B5171"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21388
Expires: Thu, 23 Mar 2023 17:30:02 GMT
Date: Thu, 23 Mar 2023 11:33:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 51a5d4696a6090c295850554508b51ce
c44e143c2223546e64b19f543b8101aaf3b11e97
8794223d5e8d4d276c35e2fdcc24bf99694240634dd749cd9b5bf874dec055cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8794223D5E8D4D276C35E2FDCC24BF99694240634DD749CD9B5BF874DEC055CF"
Last-Modified: Wed, 22 Mar 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19392
Expires: Thu, 23 Mar 2023 16:56:46 GMT
Date: Thu, 23 Mar 2023 11:33:34 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 23 Mar 2023 11:15:05 GMT
content-type: application/json
age: 1109
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zKXPJl60t2Qkgft5P+24AplJh6HSufJFJkvpPp2sGq1ntf76wNsFnWymPcSHuY6mH+wMJUuRIwM=
x-amz-request-id: 6GQAFJR9Q1MXK6RA
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 23 Mar 2023 10:54:01 GMT
age: 2373
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
www.heavy-r.com/images/webcam_icon.png
172.67.20.237200 OK 1.6 kB URL HTTP/2 www.heavy-r.com/images/webcam_icon.png
IP 172.67.20.237:0
File type PNG image data, 32 x 34, 8-bit/color RGBA, non-interlaced\012- data
Hash 01acd986d961deda3c41a1590dee9bfa
53c6ffdf0b7a39713c2b6fa0316ec9e1ee0582e4
2077396192a1a8c0f7d1989d510981b028b8ef377c88046fab36325923ae40c5
GET /images/webcam_icon.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: image/png
content-length: 1560
etag: "2564103060"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4272
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c3bebd91bfa-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/images/gaming-18px.png
172.67.20.237200 OK 4.4 kB URL HTTP/2 www.heavy-r.com/images/gaming-18px.png
IP 172.67.20.237:0
File type PNG image data, 512 x 512, 8-bit/color RGBA, non-interlaced\012- data
Hash 660e7bbdc5a9c33d380552e5e34b81e3
548728b5396ba5d09ec5269d19f2532fff14350b
7519fc6f16182f95e41d1c02daf8847acfac88a626d565aa7daa536f2709af1b
GET /images/gaming-18px.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: image/png
content-length: 4363
etag: "1603733009"
last-modified: Fri, 23 Aug 2019 17:51:03 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2597
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c3bebde1bfa-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/images/icon-18plus.png
172.67.20.237200 OK 762 B URL HTTP/2 www.heavy-r.com/images/icon-18plus.png
IP 172.67.20.237:0
File type PNG image data, 20 x 20, 8-bit colormap, non-interlaced\012- data
Hash c3b73ffd4b590cf0cc315248d2c07604
bf96caf178253cfc594a8ca4af91c1f90fffbdca
7229145331769f34343478592a9350e1aa3b2f8ecf32503a5294dcc88933a7f4
GET /images/icon-18plus.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: image/png
content-length: 762
etag: "171161295"
last-modified: Mon, 23 Aug 2021 18:38:04 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6142
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c3bebdf1bfa-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/images/logo.png
172.67.20.237200 OK 7.4 kB URL HTTP/2 www.heavy-r.com/images/logo.png
IP 172.67.20.237:0
File type PNG image data, 326 x 42, 8-bit/color RGB, non-interlaced\012- data
Hash cc188f8c27675a71903e7a3a578a1acd
aa124dd5b8bba679286ec8374056cb0e5b1cf842
cac915c8725b45afc5014696e53d1729aa6e50c53a96d65108575c75d89dcedb
GET /images/logo.png HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: image/png
content-length: 7418
etag: "3973454358"
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6142
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c3bebe01bfa-OSL
X-Firefox-Spdy: h2
www.heavy-r.com/css/restyle.css
172.67.20.237200 OK 1.7 kB URL HTTP/2 www.heavy-r.com/css/restyle.css
IP 172.67.20.237:0
File type ASCII text, with very long lines (3697), with no line terminators
Hash da8222491faa373cddd4e88cc909036e
353ef422e41ae918dd2f28e0f9efe9006986cb98
ac4a9f88c64d4570067b034edf709cfb8fde196a6ff9acee8a91271777522e7b
GET /css/restyle.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=9425
etag: W/"2296612473"
last-modified: Tue, 26 May 2020 15:01:33 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3bcbb51bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.fluidplayer.com/v3/current/fluidplayer.min.js
205.185.216.10200 OK 48 kB URL HTTP/1.1 cdn.fluidplayer.com/v3/current/fluidplayer.min.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (65463)
Hash 325030344a1e1bab55c53b83684a8b72
a7f62e92e75247ed2b657063d469f3bfca741fab
9d8b77173c5032ea4128a6a495d5df1fa14920a70e7804624a1ba7894cd9c0c2
GET /v3/current/fluidplayer.min.js HTTP/1.1
Host: cdn.fluidplayer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:33:34 GMT
Connection: Keep-Alive
ETag: "1678438490"
Cache-Control: max-age=39334
Content-Encoding: gzip
Content-Length: 48070
Content-Type: application/javascript
Last-Modified: Fri, 10 Mar 2023 08:54:50 GMT
Accept-Ranges: bytes
X-HW: 1679571214.dop229.sk1.t,1679571214.cds209.sk1.shn,1679571214.cds209.sk1.c
www.heavy-r.com/wp-login.php
172.67.20.237404 Not Found 42 kB URL HTTP/2 www.heavy-r.com/wp-login.php
IP 172.67.20.237:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (5292)
Hash b81f7b4db0669ecca3ac2d02f9bc5b2e
8eaa07843fe97b8d215c5cd47a3d7ce270c6d344
508d313c9acf4232a219e2920c6f60ec6cc287b2c84a717af96801506b01fc6a
GET /wp-login.php HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 404 Not Found
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=600
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7ac65c3a7a351bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/script.js
172.67.20.237200 OK 1.6 kB URL HTTP/2 www.heavy-r.com/js/script.js
IP 172.67.20.237:0
File type HTML document, ASCII text, with very long lines (648)
Hash 058053cd51e364d9cfc335810de78981
f3778cc10b75f955cfa80e01b45ba91adef1872f
590ea8cd0436dcfb6112815454f6ac1a62e08c01e3a9b8bd94f0eaeaa6d878a9
GET /js/script.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=5441
etag: W/"2453276531"
expires: Wed, 31 Aug 2022 16:31:08 GMT
last-modified: Fri, 18 May 2018 11:48:15 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3c0c0c1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
2348.thomasbarlowpro.com/v2/a/na/js/136226?container=clck_ntv
88.208.59.103200 OK 38 kB URL HTTP/2 2348.thomasbarlowpro.com/v2/a/na/js/136226?container=clck_ntv
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash e501ff4d8e2786bec2bbd234a959f655
a6ff374fb62cc4840776a3de1b3a3bdffac1c3e6
ed61187a5f5869999766820633cd0dbdf16493e993ef515c78e30f71fa9e3945
GET /v2/a/na/js/136226?container=clck_ntv HTTP/1.1
Host: 2348.thomasbarlowpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript; charset=UTF-8
content-length: 38448
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738
54.230.245.44200 OK 36 kB URL HTTP/2 dmz3nd5oywtsw.cloudfront.net/?dnzmd=894738
IP 54.230.245.44:0
File type ASCII text, with very long lines (5919)
Hash b905158b1d6f59dd6ef5bc484ca368cf
e7a4b03dee7e94ea0fe3fc0f6ea7ff56915c4bf3
2c14a5df9e6a6346c27bd2a455fbbe88cbd2939d65c7a4451a8f394ae22b0adb
GET /?dnzmd=894738 HTTP/1.1
Host: dmz3nd5oywtsw.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 35945
date: Thu, 23 Mar 2023 11:33:34 GMT
access-control-allow-origin: *
cache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
content-encoding: gzip
pragma: no-cache
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h-p3_RVxXdc9Q7357pe-JM0D3pB9aWEKeQ7hLSiN2f8pcqzybCFQmQ==
X-Firefox-Spdy: h2
2348.thomasbarlowpro.com/v2/a/na/js/136227?container=clck_ntv2
88.208.59.103200 OK 38 kB URL HTTP/2 2348.thomasbarlowpro.com/v2/a/na/js/136227?container=clck_ntv2
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Hash e12014287723e17e08d2074d941ae37a
f0964c78c5bfabf66762de7b6c499be096d4b9e7
3958405f0e254779507e24bd0f93440166839821bbea069b14bce8fd059ca8c5
GET /v2/a/na/js/136227?container=clck_ntv2 HTTP/1.1
Host: 2348.thomasbarlowpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript; charset=UTF-8
content-length: 38442
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
ocsps.ssl.com/
100.24.223.135200 OK 1.8 kB IP 100.24.223.135:0
Hash be5d0eb89fdba243096ea761824251da
a007fd527dfee289c0309e0c4b0d4adc2556a1db
d24ee125ec3c5ee37f8f830d9e782cfd590d2c3deea7b349c397f4a1a54bcff6
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Wed, 29 Mar 2023 21:01:18 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "a007fd527dfee289c0309e0c4b0d4adc2556a1db"
Last-Modified: Wed, 22 Mar 2023 21:01:19 GMT
X-Proxy-Cache: HIT
ocsps.ssl.com/
100.24.223.135200 OK 1.8 kB IP 100.24.223.135:0
Hash f304fc3bb1a9ef74469959cb565a7397
12b3dc3bab00ff83df4a428be720facb6fae1666
1c796de67190d5e8032c43e3e5ea3ad7177111e338ec0c7a7d1603ac421ee092
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Wed, 29 Mar 2023 21:00:26 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "12b3dc3bab00ff83df4a428be720facb6fae1666"
Last-Modified: Wed, 22 Mar 2023 21:00:27 GMT
X-Proxy-Cache: HIT
ocsps.ssl.com/
100.24.223.135200 OK 1.8 kB IP 100.24.223.135:0
Hash f304fc3bb1a9ef74469959cb565a7397
12b3dc3bab00ff83df4a428be720facb6fae1666
1c796de67190d5e8032c43e3e5ea3ad7177111e338ec0c7a7d1603ac421ee092
POST / HTTP/1.1
Host: ocsps.ssl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1810
Connection: keep-alive
Expires: Wed, 29 Mar 2023 21:00:26 GMT
Cache-Control: max-age=86400,public,no-transform,must-revalidate
ETag: "12b3dc3bab00ff83df4a428be720facb6fae1666"
Last-Modified: Wed, 22 Mar 2023 21:00:27 GMT
X-Proxy-Cache: HIT
static.heavy-r.com/scr/79/c4/df/79c4df3d0b806c2_2.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/79/c4/df/79c4df3d0b806c2_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 5e6d63a93db1e65af47dc3b12dd7f8b8
665dd1a4b991ec6401ef884ac8ed79e216a29233
c9309669e76215025448f76965fba84851ffa0d1824e249d8031f668734f7c00
GET /scr/79/c4/df/79c4df3d0b806c2_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2612772427"
Last-Modified: Tue, 21 Mar 2023 13:57:27 GMT
Content-Length: 11967
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/28/ee/53/28ee53151130a2e_6.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/28/ee/53/28ee53151130a2e_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 0cb019a7f05fd7a8df3f82c7887d3dc8
fca17ee9aa354f24018c34221222aecaaa297bd1
f0afb746bafbcb6f2977e1ea40e7394686828039dc4103dc60cfd57a246ca901
GET /scr/28/ee/53/28ee53151130a2e_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4052424498"
Last-Modified: Tue, 21 Mar 2023 15:53:09 GMT
Content-Length: 12221
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/e9/87/51/e98751bd94a717b_2.jpg
37.48.81.1200 OK 14 kB URL HTTP/1.1 static.heavy-r.com/scr/e9/87/51/e98751bd94a717b_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1149x760, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash dff4e4c207c62ba7d94a50ca4ff0bfe1
16af66c9ab2fc422eb3a8f823105bf1e70b3f413
83ab4fec77ed186a84b5dcdfc39111eb406c7e214d8368a1905bf65bede395a1
GET /scr/e9/87/51/e98751bd94a717b_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "657143262"
Last-Modified: Sun, 19 Mar 2023 18:40:13 GMT
Content-Length: 14046
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash cc2413420173e0a2fa0761080bb40c42
0175ba0683a7e5a9389cf29ca9c760f082567772
43e0a988a7de7f6f05a9ae5ebca5c3ff77a80e5da4828d0791cced36c9f26396
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43E0A988A7DE7F6F05A9AE5EBCA5C3FF77A80E5DA4828D0791CCED36C9F26396"
Last-Modified: Wed, 22 Mar 2023 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7541
Expires: Thu, 23 Mar 2023 13:39:16 GMT
Date: Thu, 23 Mar 2023 11:33:35 GMT
Connection: keep-alive
static.heavy-r.com/scr/bb/2f/6b/bb2f6b40a517cdb_1.jpg
37.48.81.1200 OK 16 kB URL HTTP/1.1 static.heavy-r.com/scr/bb/2f/6b/bb2f6b40a517cdb_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d4f5cad5943349866e76ba228d798506
7528c0e18daa6d2717ebf2b2bff219133b8ae8a6
7d098adba9c764707fb1a5365a584b2f5cbf3c48e1467a99ad4810e1f100aa4c
GET /scr/bb/2f/6b/bb2f6b40a517cdb_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2243540826"
Last-Modified: Wed, 22 Mar 2023 13:57:58 GMT
Content-Length: 15658
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
www.heavy-r.com/fonts/fontawesome-webfont.woff2?v=4.3.0
172.67.20.237200 OK 57 kB URL HTTP/2 www.heavy-r.com/fonts/fontawesome-webfont.woff2?v=4.3.0
IP 172.67.20.237:0
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.heavy-r.com/css/style.css?b3
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: application/octet-stream
content-length: 56780
cache-control: max-age=14400
cf-cache-status: HIT
age: 543
last-modified: Thu, 23 Mar 2023 11:24:32 GMT
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c3e1de21bfa-OSL
X-Firefox-Spdy: h2
static.heavy-r.com/scr/1f/58/e9/1f58e95ce6b7d34_6.jpg
37.48.81.1200 OK 22 kB URL HTTP/1.1 static.heavy-r.com/scr/1f/58/e9/1f58e95ce6b7d34_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash b4a14cedfb0c02e9d8db6de8793af3af
c5db0265e9d87e4e04cad4c2bce2ecc25327d3b5
96df750c4c5c4f2fc9e3e4086be82548dc6372061590c226d579c07773596194
GET /scr/1f/58/e9/1f58e95ce6b7d34_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3629360745"
Last-Modified: Sun, 19 Mar 2023 10:51:19 GMT
Content-Length: 21720
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/07/0e/26/070e2643de99815_7.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/07/0e/26/070e2643de99815_7.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash abb256a40c64747407511b9fb94208ad
30fcf3db6cdc624054820a5e2e44e6d200c20629
c14260dc4450b7534547c6dc63732345caf81ce93a2639412ffd8a1ad9c11bec
GET /scr/07/0e/26/070e2643de99815_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3454565645"
Last-Modified: Sun, 19 Mar 2023 17:18:03 GMT
Content-Length: 12100
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/ca/87/10/ca8710ce8fecb16_6.jpg
37.48.81.1200 OK 14 kB URL HTTP/1.1 static.heavy-r.com/scr/ca/87/10/ca8710ce8fecb16_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 6556c8f2d1f358e9ef09b1857f57c50e
36f7cedaea040726b305e580d8d3b4f60c7fcd9b
abafc50886bfb03592a9f75bc39f576e5dc50a02710576af7c4983ea9e9d852c
GET /scr/ca/87/10/ca8710ce8fecb16_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3161158242"
Last-Modified: Mon, 20 Mar 2023 16:50:17 GMT
Content-Length: 13576
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/52/1b/52/521b522cd35446f_2.jpg
37.48.81.1200 OK 18 kB URL HTTP/1.1 static.heavy-r.com/scr/52/1b/52/521b522cd35446f_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 135x101, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d1d3b38c73766072cc095c474e00be7b
e402bfad6302333b6d0f00dca60e3014eb84a88e
48e3f67e48c4130c228d0131ead905afd4cd29c5228aa4456f87c99acdb5781e
GET /scr/52/1b/52/521b522cd35446f_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1840259602"
Last-Modified: Wed, 22 Mar 2023 15:54:39 GMT
Content-Length: 18316
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/4f/fc/de/4ffcde7f2b58a50_7.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/4f/fc/de/4ffcde7f2b58a50_7.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 70c4007cfd93959a6e1567701b29234d
4e08c0b9b369db49dfe4e52ecef0366f2b920723
4d824228c7d1132d9d6b322ea21d93329fb6b25f48ba8be3713a1ccac6e98d81
GET /scr/4f/fc/de/4ffcde7f2b58a50_7.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "308854208"
Last-Modified: Tue, 21 Mar 2023 16:44:43 GMT
Content-Length: 10774
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/a8/4b/5b/a84b5ba0c2e89b5_1.jpg
37.48.81.1200 OK 8.7 kB URL HTTP/1.1 static.heavy-r.com/scr/a8/4b/5b/a84b5ba0c2e89b5_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 9001a4da05f4d0b390162e583922cf7f
905bce00b6d77e43736a467080cb5740b2cbff9d
528a84771b8c3faaba1fbbb03f2eacf809aa38778281bd0fe4f5f8699af7d791
GET /scr/a8/4b/5b/a84b5ba0c2e89b5_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2136785944"
Last-Modified: Sun, 19 Mar 2023 10:11:09 GMT
Content-Length: 8685
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/f5/ae/78/f5ae7822ed9b5ef_3.jpg
37.48.81.1200 OK 16 kB URL HTTP/1.1 static.heavy-r.com/scr/f5/ae/78/f5ae7822ed9b5ef_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 6x5, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 7e908c45778533a3e683d697472993a5
2eec60ce57eb462c4d7a13b6c55ced686909e80f
43fae39b724b3475326f6c73d3d44d58450678fa6844235433156fcee17440a8
GET /scr/f5/ae/78/f5ae7822ed9b5ef_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2537437894"
Last-Modified: Sun, 19 Mar 2023 09:48:19 GMT
Content-Length: 15967
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/cf/2d/f5/cf2df5df6a767ff_5.jpg
37.48.81.1200 OK 10 kB URL HTTP/1.1 static.heavy-r.com/scr/cf/2d/f5/cf2df5df6a767ff_5.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 906971f65987e231bc7045a2fd18a5fb
58b1380bb3caa6d1a6732e5ce266bbb7f5749437
c45318f0bd1c17b5d3683d80b89582ff66d0318958ad4771379a79490c15ed13
GET /scr/cf/2d/f5/cf2df5df6a767ff_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "206240492"
Last-Modified: Sat, 18 Mar 2023 15:10:36 GMT
Content-Length: 10367
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/ac/ba/1d/acba1d1f87fd9a2_5.jpg
37.48.81.1200 OK 13 kB URL HTTP/1.1 static.heavy-r.com/scr/ac/ba/1d/acba1d1f87fd9a2_5.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, baseline, precision 8, 400x300, components 3\012- data
Hash 9e182fb279745e6c9eba33c045178b97
c1943358f49441ee8fd062a893c856dfa49e7bd9
b86a576ad3a208019a014fc96afa0e2810bfb90474f5c7891e288cd2e58ba66e
GET /scr/ac/ba/1d/acba1d1f87fd9a2_5.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "1398938381"
Last-Modified: Fri, 17 Mar 2023 14:54:46 GMT
Content-Length: 13227
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/66/84/b2/6684b20ee9f1ec3_3.jpg
37.48.81.1200 OK 9.7 kB URL HTTP/1.1 static.heavy-r.com/scr/66/84/b2/6684b20ee9f1ec3_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d936a758979cfa9f442a189fd340904d
4cd182f63d171736cfd5e4ee811c64257bfd8c41
4c120ef63110c47e52366d28c7e3b39ff26af1725a2e8256c32c9d3be067cfab
GET /scr/66/84/b2/6684b20ee9f1ec3_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4196276868"
Last-Modified: Fri, 17 Mar 2023 14:25:03 GMT
Content-Length: 9706
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/2f/b3/37/2fb3375456bae67_6.jpg
37.48.81.1200 OK 11 kB URL HTTP/1.1 static.heavy-r.com/scr/2f/b3/37/2fb3375456bae67_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 282cf2dcf4b47ca0466ed77d658ae0f1
b4cb9bf79346887c31484ef1eecf7f4135ead5ad
8c4c52cec0811c327a841abfe33c81a203dd1373dfe1bba25221123f99e91185
GET /scr/2f/b3/37/2fb3375456bae67_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4164948633"
Last-Modified: Thu, 16 Mar 2023 11:58:36 GMT
Content-Length: 11075
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/3b/44/1d/3b441d60815c3ed_8.jpg
37.48.81.1200 OK 17 kB URL HTTP/1.1 static.heavy-r.com/scr/3b/44/1d/3b441d60815c3ed_8.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash a493bba6a00767c704b229bddd03c21c
4af58c89a1a1ddfefa4104c7c391641837bbd5c6
d4e84ca762d6360b34de2a03ce107e564acca8d12e7018cbfa29875f139f15ab
GET /scr/3b/44/1d/3b441d60815c3ed_8.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3756159861"
Last-Modified: Thu, 16 Mar 2023 16:30:06 GMT
Content-Length: 16550
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/54/4d/e9/544de9fe54cf50b_6.jpg
37.48.81.1200 OK 10 kB URL HTTP/1.1 static.heavy-r.com/scr/54/4d/e9/544de9fe54cf50b_6.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash a76f4ab25b723a6278f83ffebec2c7ac
6f8d0776b18efbe66efb225a4484f9d4f985abfc
73ea4fc749fab8a324e34f7f8a2762f3e3efbb0032b9c2bf1ae4cc6168a9dfa3
GET /scr/54/4d/e9/544de9fe54cf50b_6.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "2416994937"
Last-Modified: Wed, 22 Mar 2023 17:33:25 GMT
Content-Length: 10175
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/42/c6/a4/42c6a4a5c9ad1af_3.jpg
37.48.81.1200 OK 14 kB URL HTTP/1.1 static.heavy-r.com/scr/42/c6/a4/42c6a4a5c9ad1af_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash bb1d3f5679c982532d3f86c0ddb0ea41
8421906cf87911e0869e8367a2f936926c68e179
8f1761f232f2a6c8155a2f13e9f3e1c390a5ef3a7f4a0dc716247f0a15a45819
GET /scr/42/c6/a4/42c6a4a5c9ad1af_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "4058584722"
Last-Modified: Thu, 16 Mar 2023 11:09:11 GMT
Content-Length: 13746
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/d4/7b/20/d47b20b9e0998be_2.jpg
37.48.81.1200 OK 20 kB URL HTTP/1.1 static.heavy-r.com/scr/d4/7b/20/d47b20b9e0998be_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash da5bc538b542aa554ca2f61842f2680b
4cafad2613abe4b69cc682e369462188bd8b3094
80b2e3ef1aaeee2554b249e790afc8af391fe81b502281caa661a2dba0cdf169
GET /scr/d4/7b/20/d47b20b9e0998be_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "962728559"
Last-Modified: Sat, 18 Mar 2023 23:40:42 GMT
Content-Length: 19874
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/50/4b/0c/504b0ca273f3b9e_1.jpg
37.48.81.1200 OK 12 kB URL HTTP/1.1 static.heavy-r.com/scr/50/4b/0c/504b0ca273f3b9e_1.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 21942x-1461, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash d6dbb4652db4e85f3d2d5205693b6446
1f708bb27edfba324f15f75eead9a53e75fa72b0
65366cc9d01334e9875ba05f2ea3bdd661a1477f2695366fd1bdbd74e67f2366
GET /scr/50/4b/0c/504b0ca273f3b9e_1.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3840454536"
Last-Modified: Sat, 18 Mar 2023 19:29:57 GMT
Content-Length: 11994
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/9c/ee/61/9cee61f23da1e52_2.jpg
37.48.81.1200 OK 19 kB URL HTTP/1.1 static.heavy-r.com/scr/9c/ee/61/9cee61f23da1e52_2.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 4x3, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash 9e44d2d7795559fe4f94b9b00877df93
17d8d8c376e59178774a89b02d9f21fb5a15480d
c2d7e39ab16e9d54574c565f6b97315ab19b1f4e77870f35c538d7f295cd7532
GET /scr/9c/ee/61/9cee61f23da1e52_2.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3887204027"
Last-Modified: Sat, 18 Mar 2023 07:33:43 GMT
Content-Length: 19399
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
static.heavy-r.com/scr/eb/9b/72/eb9b727b4eb0406_3.jpg
37.48.81.1200 OK 8.8 kB URL HTTP/1.1 static.heavy-r.com/scr/eb/9b/72/eb9b727b4eb0406_3.jpg
IP 37.48.81.1:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 2556x1915, segment length 16, comment: "Lavc56.1.100", baseline, precision 8, 400x300, components 3\012- data
Hash de4d34f2b77f4990831fcc1f2bb82930
3e86f61b6b7a145e9ca12991b105fc0286753b78
3da5e8c9a96e0407ed292e08b758f52e2b208b1357ea6865e0637e9a28cec883
GET /scr/eb/9b/72/eb9b727b4eb0406_3.jpg HTTP/1.1
Host: static.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Expires: Fri, 22 Mar 2024 11:33:35 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "136106019"
Last-Modified: Fri, 17 Mar 2023 15:35:41 GMT
Content-Length: 8773
Date: Thu, 23 Mar 2023 11:33:35 GMT
Server: lighttpd/1.4.28
everefor.buzz/ZlBDMWsdcjBGNBMiLxNRRDg3RRsVamweHBEnbVkOByY6HBlIMyxcRBUnbVsYRHxhQgYAcnkAR0QjLkdJXHJ3H1hEfGFFCgEPKlVJXHJ0B1hfYHcTR0QjNlM0DzRxE1FEYSACXwVhewFGUjF2VUZSMXtQRgRocQJGBTIlCF0FZ3MHWgRkYUw
52.20.131.174502 Bad Gateway 503 B URL HTTP/2 everefor.buzz/ZlBDMWsdcjBGNBMiLxNRRDg3RRsVamweHBEnbVkOByY6HBlIMyxcRBUnbVsYRHxhQgYAcnkAR0QjLkdJXHJ3H1hEfGFFCgEPKlVJXHJ0B1hfYHcTR0QjNlM0DzRxE1FEYSACXwVhewFGUjF2VUZSMXtQRgRocQJGBTIlCF0FZ3MHWgRkYUw
IP 52.20.131.174:0
Hash ee06fd16570f564eaf5e74de3b18a906
5d8261b744fb7a944a4b9dfd0690993843676fed
62196321c6eb2a6071bc586e087460b2ba55ff77d6e67d682db024e176aba176
GET /ZlBDMWsdcjBGNBMiLxNRRDg3RRsVamweHBEnbVkOByY6HBlIMyxcRBUnbVsYRHxhQgYAcnkAR0QjLkdJXHJ3H1hEfGFFCgEPKlVJXHJ0B1hfYHcTR0QjNlM0DzRxE1FEYSACXwVhewFGUjF2VUZSMXtQRgRocQJGBTIlCF0FZ3MHWgRkYUw HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 502 Bad Gateway
set-cookie: a6b082c5fdd317a05608388e1e06a172=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 23 Mar 2023 11:17:23 GMT
age: 972
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
tanceteventu.com/Mjd0ZjdTVRcLCFMKFkBCQFtJQwV0EkYgU19NRwhTB1gNEUNBQFoFW11CEABFXVkASFlXQ1FUcXZTRyxwVl0lM39hUCUlQH9VPQ1Ef2MfPE9gZgw0cHZiLjFQVmc1JANxdjYkBHdaRBN5AXYgI1B/fj0NRHdiJlJZdXE6LWFxei0wB0JzLSRTY3EhX05ncjUuf2EGODdlWWA9HnVWcCYFXmdyMTFjS0QuMl8GUj8OVGBlIDRNZXYmNWZ6bRE3TwZUPQ5bdnUyAgdgWxsiYQFlMyRiVlQQCnp6eSICB2BcOQN/enU3I2JjQC1WZndzRDROZ0AXV2EBGiYhZVVxLAJjUXEmVlNdZRxXZGN/LTRiYGYuLWF/cDkzdQBlAzR/YwQuLnJnYTcvdQtwMQ5mQnMcIHF8fxAhdmRbNz92f31SDERdWQRbcVoBAwQGVm4tIwFX
108.157.229.68200 OK 1.2 kB URL HTTP/2 tanceteventu.com/Mjd0ZjdTVRcLCFMKFkBCQFtJQwV0EkYgU19NRwhTB1gNEUNBQFoFW11CEABFXVkASFlXQ1FUcXZTRyxwVl0lM39hUCUlQH9VPQ1Ef2MfPE9gZgw0cHZiLjFQVmc1JANxdjYkBHdaRBN5AXYgI1B/fj0NRHdiJlJZdXE6LWFxei0wB0JzLSRTY3EhX05ncjUuf2EGODdlWWA9HnVWcCYFXmdyMTFjS0QuMl8GUj8OVGBlIDRNZXYmNWZ6bRE3TwZUPQ5bdnUyAgdgWxsiYQFlMyRiVlQQCnp6eSICB2BcOQN/enU3I2JjQC1WZndzRDROZ0AXV2EBGiYhZVVxLAJjUXEmVlNdZRxXZGN/LTRiYGYuLWF/cDkzdQBlAzR/YwQuLnJnYTcvdQtwMQ5mQnMcIHF8fxAhdmRbNz92f31SDERdWQRbcVoBAwQGVm4tIwFX
IP 108.157.229.68:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3038), with no line terminators
Hash 248c6bba52581c852fee2508066dd490
ba6d23e683d4056f55eef2ccd56c191f5d358b6b
7a409f32443403ce09233aa0e75a7a0dd0032750432047be52822d342f4530dd
GET /Mjd0ZjdTVRcLCFMKFkBCQFtJQwV0EkYgU19NRwhTB1gNEUNBQFoFW11CEABFXVkASFlXQ1FUcXZTRyxwVl0lM39hUCUlQH9VPQ1Ef2MfPE9gZgw0cHZiLjFQVmc1JANxdjYkBHdaRBN5AXYgI1B/fj0NRHdiJlJZdXE6LWFxei0wB0JzLSRTY3EhX05ncjUuf2EGODdlWWA9HnVWcCYFXmdyMTFjS0QuMl8GUj8OVGBlIDRNZXYmNWZ6bRE3TwZUPQ5bdnUyAgdgWxsiYQFlMyRiVlQQCnp6eSICB2BcOQN/enU3I2JjQC1WZndzRDROZ0AXV2EBGiYhZVVxLAJjUXEmVlNdZRxXZGN/LTRiYGYuLWF/cDkzdQBlAzR/YwQuLnJnYTcvdQtwMQ5mQnMcIHF8fxAhdmRbNz92f31SDERdWQRbcVoBAwQGVm4tIwFX HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html
content-length: 1187
date: Thu, 23 Mar 2023 11:33:35 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: -byYuK1b2_Du8L53fijNtfoVyiEjNf1QFveGmM55Rk2VwcralzRG2g==
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 050ca4dc2182e0a27573b0d9f32b7834
bec14dc5af0d0b32210470673511acd8db404308
b6129b9d1848f75265dca4446c5399927bdaf15c7b49c083765847b0fe276eaf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B6129B9D1848F75265DCA4446C5399927BDAF15C7B49C083765847B0FE276EAF"
Last-Modified: Wed, 22 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15635
Expires: Thu, 23 Mar 2023 15:54:10 GMT
Date: Thu, 23 Mar 2023 11:33:35 GMT
Connection: keep-alive
a.pierlinks.com/loader?a=69&s=10&t=30&p=5
172.67.140.205200 OK 327 B URL HTTP/2 a.pierlinks.com/loader?a=69&s=10&t=30&p=5
IP 172.67.140.205:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 6d69550c242d662e99bd454a7314b369
1191742a683eae7df7108bba77d3d658a22aad1a
a863acd42cce9b7ac1784c7ef6f9baf001e6c651b0af3676309f6d6991baf49f
GET /loader?a=69&s=10&t=30&p=5 HTTP/1.1
Host: a.pierlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYxfMolsUzOTLtOZGv2xWDPKpK35xrwouJNK7Ng1p7vK3Zf2H%2Fval8Jk0uJXfScQEBrftzfllMUgXM3dQDQ%2F8TYfpQOEvaAsUyczMpDWyzhco8oHN%2FHBfWqOtutX%2BTGW95Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac65c3ef913b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.heavy-r.com/js/CH_ThumbsPreview.js
172.67.20.237200 OK 1.1 kB URL HTTP/2 www.heavy-r.com/js/CH_ThumbsPreview.js
IP 172.67.20.237:0
File type ASCII text, with very long lines (381)
Hash 1350a0d548ee88298aeb8969d54a76a0
237fc3135980f5da4dfca02e63556ae2bb741ae3
fbcc91ace0961a06da2e6a634b40518e48d3b797e5cf8eb10cf44ec4b50b0247
GET /js/CH_ThumbsPreview.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=2919
etag: W/"1846362972"
expires: Sun, 05 Mar 2023 22:57:26 GMT
last-modified: Mon, 09 Jan 2023 22:15:18 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2598
server: cloudflare
cf-ray: 7ac65c3bdbd11bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 5a1e4e9ab7e2427b58cf576e758e9334
8f31f1c9108895a259004cdaaface3d54c5ef7dd
c906bb53d7a39b5185d3a307e497382cf368950a3abc51edcb1967149ba62337
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:33:35 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 20 Mar 2023 17:56:25 GMT
Expires: Mon, 27 Mar 2023 17:56:24 GMT
Etag: "8f31f1c9108895a259004cdaaface3d54c5ef7dd"
Cache-Control: max-age=367968,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac65c42390db512-OSL
bcdn.clickaine.com/24450/4adc5ddb-100a-11ec-ba28-5f54dd64648d.jpg
185.244.209.62200 OK 40 kB URL HTTP/2 bcdn.clickaine.com/24450/4adc5ddb-100a-11ec-ba28-5f54dd64648d.jpg
IP 185.244.209.62:0
ASN #58286 Electric-IT Business S.R.L.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 548x360, components 3\012- data
Hash 195c5236cb86924b8d496aed8101e969
41a211ff2610292d0d5d50d1d18c1c0a1e46f5af
d14bca9af137539173fbbd7959b7d3d1bd3d9d5e5b18f857c79290590e23e6ea
GET /24450/4adc5ddb-100a-11ec-ba28-5f54dd64648d.jpg HTTP/1.1
Host: bcdn.clickaine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: image/jpeg
content-length: 40059
last-modified: Tue, 07 Sep 2021 18:34:53 GMT
etag: "6137b0cd-9c7b"
cache: HIT
x-cached-since: 2023-03-22T13:16:07+00:00
x-id: osix-up-gc4
x-nginx: nginx-be
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 28d7f7de9e8354a0b0b19ce208b82535
e289a96323d0d4d8610363163066b8484cad03cf
1889fc99b9bc5c3d57d1b5f74fb0a70cf38b87ebed1645fb13b0d86c83f69265
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 23 Mar 2023 11:33:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 23 Mar 2023 08:52:21 GMT
Expires: Fri, 24 Mar 2023 08:52:21 GMT
ETag: "e289a96323d0d4d8610363163066b8484cad03cf"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 28d7f7de9e8354a0b0b19ce208b82535
e289a96323d0d4d8610363163066b8484cad03cf
1889fc99b9bc5c3d57d1b5f74fb0a70cf38b87ebed1645fb13b0d86c83f69265
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 23 Mar 2023 11:33:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 23 Mar 2023 08:52:21 GMT
Expires: Fri, 24 Mar 2023 08:52:21 GMT
ETag: "e289a96323d0d4d8610363163066b8484cad03cf"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
2348.thomasbarlowpro.com/v2/a/na/image?d=BQ5qQHPeDpQurjmJ1goQ5ffWEhTS1kP2jSuVUvzHRF9qc5iKEZnA_BKA_pbliuChFnI1Fkd_E7AaEbGjuuoI2StOJIhaRS0UPaZQGefBFj_QsykFycqJwDb3dsV2ZJaJ3rY2yHM5RJ9iBZYDY8v72vUa5GMPE6rnRdt6rHXN1kQ48BFrW_GqFSDSBQUCwN_trpoOpoEdAsPO5N3GKa54Qvkv3zDwrY8dAvRYuGWWBjg9qJInVuAP3u10feLpPABDgP5ZEbEiju0y1hjVfpJNgLj3traBoQLWP5q4hakpkDJ0jCAUpJnbEkKTkseXWF5Q-gTK7d2igYq_OHUyGWsfCpVY89Tq002MNCFbVxXxIg_fni5sJw-UHm_FUio1-HITL9Re6EIrCvotENSo88Wo8IiQae73mNHax-KKpECtcuRcDYfq7DcXGBtw0jTvFt6eu_TrjogckvKPz775qKeZ-A-uaSaykpZRBe3fxoBTVS-578h7lO0rp4d9IrVM1gZ0U6UTzJ7tQoNgE-tsT0W7c0cmvEvVN8qoeKyiiaUzR6-5kKH328ni3WtgE5vtoZw_dAHLrInoVdSS4zSaNQwutwpO8qJ6WXISsTLeZEZuZsl0P_jhMUAkNdhHK5g5lcytRbm4D0F6Da468MfYTpKSsRRUso1aBb0icM6Euz1KeMpugRGvcrzGogZuKhWMqgXw1yvcWcVK4OT7Apm0dKIEPfG3n6zl_zLs7fzHEkOOuiKyAOCoKQgny1MQYKZ95xVhWWKRSr2jw69t8vE9N6yGI3CjJKww-lA1qIaY4dc124IKnYmDw7StS-bVTPKSuug7P81UuzPHNM8kkUGVHGIxVg7TkwQrzOk4CJwVk1009GhxKWzfCDwk0W-ADOyuTRtIPQYRWuq-vThJSMDh7ostuQCBR99NA7mzTYxxvju3C1E9DNEYYWWrSl9sptfZOm7uBSVZVIUcInVcVDOkuCatVQpt8XjIstJ7eyIQUzEj06hPczI7TCGKVVkWeB2yMYwp40EqH05qZL75JD9u7fXapS7Ziw_wEh8MFn5sPRjv-kSrnYfpLrW7Zx6rY18QhlmErBN7t4Mdv1kSWin-6yp_KuSXqXml4mhT4gLsaarWVYOjmLVQTpyZFOLS6-un4dSqWvw4LOlDKYVKKNi_fHDnAPOzNX2H8u0r2zFO0XCGu7HBVnv03O0Q01ovthPWXBQTFVg
88.208.59.103200 OK 68 B URL HTTP/2 2348.thomasbarlowpro.com/v2/a/na/image?d=BQ5qQHPeDpQurjmJ1goQ5ffWEhTS1kP2jSuVUvzHRF9qc5iKEZnA_BKA_pbliuChFnI1Fkd_E7AaEbGjuuoI2StOJIhaRS0UPaZQGefBFj_QsykFycqJwDb3dsV2ZJaJ3rY2yHM5RJ9iBZYDY8v72vUa5GMPE6rnRdt6rHXN1kQ48BFrW_GqFSDSBQUCwN_trpoOpoEdAsPO5N3GKa54Qvkv3zDwrY8dAvRYuGWWBjg9qJInVuAP3u10feLpPABDgP5ZEbEiju0y1hjVfpJNgLj3traBoQLWP5q4hakpkDJ0jCAUpJnbEkKTkseXWF5Q-gTK7d2igYq_OHUyGWsfCpVY89Tq002MNCFbVxXxIg_fni5sJw-UHm_FUio1-HITL9Re6EIrCvotENSo88Wo8IiQae73mNHax-KKpECtcuRcDYfq7DcXGBtw0jTvFt6eu_TrjogckvKPz775qKeZ-A-uaSaykpZRBe3fxoBTVS-578h7lO0rp4d9IrVM1gZ0U6UTzJ7tQoNgE-tsT0W7c0cmvEvVN8qoeKyiiaUzR6-5kKH328ni3WtgE5vtoZw_dAHLrInoVdSS4zSaNQwutwpO8qJ6WXISsTLeZEZuZsl0P_jhMUAkNdhHK5g5lcytRbm4D0F6Da468MfYTpKSsRRUso1aBb0icM6Euz1KeMpugRGvcrzGogZuKhWMqgXw1yvcWcVK4OT7Apm0dKIEPfG3n6zl_zLs7fzHEkOOuiKyAOCoKQgny1MQYKZ95xVhWWKRSr2jw69t8vE9N6yGI3CjJKww-lA1qIaY4dc124IKnYmDw7StS-bVTPKSuug7P81UuzPHNM8kkUGVHGIxVg7TkwQrzOk4CJwVk1009GhxKWzfCDwk0W-ADOyuTRtIPQYRWuq-vThJSMDh7ostuQCBR99NA7mzTYxxvju3C1E9DNEYYWWrSl9sptfZOm7uBSVZVIUcInVcVDOkuCatVQpt8XjIstJ7eyIQUzEj06hPczI7TCGKVVkWeB2yMYwp40EqH05qZL75JD9u7fXapS7Ziw_wEh8MFn5sPRjv-kSrnYfpLrW7Zx6rY18QhlmErBN7t4Mdv1kSWin-6yp_KuSXqXml4mhT4gLsaarWVYOjmLVQTpyZFOLS6-un4dSqWvw4LOlDKYVKKNi_fHDnAPOzNX2H8u0r2zFO0XCGu7HBVnv03O0Q01ovthPWXBQTFVg
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeDpQurjmJ1goQ5ffWEhTS1kP2jSuVUvzHRF9qc5iKEZnA_BKA_pbliuChFnI1Fkd_E7AaEbGjuuoI2StOJIhaRS0UPaZQGefBFj_QsykFycqJwDb3dsV2ZJaJ3rY2yHM5RJ9iBZYDY8v72vUa5GMPE6rnRdt6rHXN1kQ48BFrW_GqFSDSBQUCwN_trpoOpoEdAsPO5N3GKa54Qvkv3zDwrY8dAvRYuGWWBjg9qJInVuAP3u10feLpPABDgP5ZEbEiju0y1hjVfpJNgLj3traBoQLWP5q4hakpkDJ0jCAUpJnbEkKTkseXWF5Q-gTK7d2igYq_OHUyGWsfCpVY89Tq002MNCFbVxXxIg_fni5sJw-UHm_FUio1-HITL9Re6EIrCvotENSo88Wo8IiQae73mNHax-KKpECtcuRcDYfq7DcXGBtw0jTvFt6eu_TrjogckvKPz775qKeZ-A-uaSaykpZRBe3fxoBTVS-578h7lO0rp4d9IrVM1gZ0U6UTzJ7tQoNgE-tsT0W7c0cmvEvVN8qoeKyiiaUzR6-5kKH328ni3WtgE5vtoZw_dAHLrInoVdSS4zSaNQwutwpO8qJ6WXISsTLeZEZuZsl0P_jhMUAkNdhHK5g5lcytRbm4D0F6Da468MfYTpKSsRRUso1aBb0icM6Euz1KeMpugRGvcrzGogZuKhWMqgXw1yvcWcVK4OT7Apm0dKIEPfG3n6zl_zLs7fzHEkOOuiKyAOCoKQgny1MQYKZ95xVhWWKRSr2jw69t8vE9N6yGI3CjJKww-lA1qIaY4dc124IKnYmDw7StS-bVTPKSuug7P81UuzPHNM8kkUGVHGIxVg7TkwQrzOk4CJwVk1009GhxKWzfCDwk0W-ADOyuTRtIPQYRWuq-vThJSMDh7ostuQCBR99NA7mzTYxxvju3C1E9DNEYYWWrSl9sptfZOm7uBSVZVIUcInVcVDOkuCatVQpt8XjIstJ7eyIQUzEj06hPczI7TCGKVVkWeB2yMYwp40EqH05qZL75JD9u7fXapS7Ziw_wEh8MFn5sPRjv-kSrnYfpLrW7Zx6rY18QhlmErBN7t4Mdv1kSWin-6yp_KuSXqXml4mhT4gLsaarWVYOjmLVQTpyZFOLS6-un4dSqWvw4LOlDKYVKKNi_fHDnAPOzNX2H8u0r2zFO0XCGu7HBVnv03O0Q01ovthPWXBQTFVg HTTP/1.1
Host: 2348.thomasbarlowpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
2348.thomasbarlowpro.com/v2/a/na/image?d=BQ5qQHPeD5Qurjm51goQ5ffYEhDS7vmorqITdQVwddi_ZzQj7j3TdVbvjyXOQA5zRT0I44d5kwOpg-GYreD7eDrGpy7tnVVkvYZAGefRFli3lih3GHJOmSjzdoWayN4vR_8cN7klOC7U0w5NUKCWZM5L-g5xkCZuvmDako_NH3jFvbLQp87XdcTiuKE1LKZ3KRzpg0L3ruHfjsQqXt9Y56ndk8jxXfilQNN-fk02owu7dUTIjSp34Ndywe35V7QAwabHNCy4L4vOoczq-rwUf6bCEdrZJFcAklZ42Ifi55XkIBn7VkSSeYw3vPu4KLau1LbJydt0GQcQP9ZwpJrXFfrxGNXqw03MNL1dzD-aWk1P8B4aSvM23o_F4IWTW8Rb_XdW1zOlutytEj25XjJIMgd9k8mlo56GUEZIuerHIbb61I2PymqidG0oCjX9kmcMLtQ4jR-sBRo97nS1a-A_Ysno_Eb2UeYNG847PUAlp1_Z5kyrGOrWIzDI1cQrNNgbC7QUIutSsAEehLiqZt4goPrEdNW130fYJdjRAI1z8eT90d57v8O4Cx02hrguyPvFFwXrfzu9gBTSCahVWTBOkIwiO6w3BNCxjwoelDdiZ8h0PwD5NUA4tRknI5w55czdRZm4DzFmOKTfSXw3txw_jc-OQrQ8An0iR_3ldIGCuGzOMraiQ5vUFIi7XPoxz0hTK4_EGZuKqDNTycblGpF-_Gly-ZjCGOHn-x591QDjtjHl2Lwdh5iX8WcD0rYtYQe8oTwd1INUuwOem-nKnHd4CZHgG5iGqta7Thb9Una6IMgZY-KEE8cM8hO-nNyMURHfaL7xYXafsEGPYrvN8mRtupQuNXX67PBhWVh3VEP7QqLLMnP8dazGH87Cmw5WkI_SqkhfsTLcvLJI38OxuktRg2kzx15uWe0uLW_fJRlgOolufdFeYWWrSl9sptfZOm7uBSVZVIUcInVcVDOkuCatVQpt8XjIstJ7eyIQUzEj06hPczI7TCGKVVkWeB2yMYwp40EqH05qZL75JD9u7fXapS7Ziw_wEh8MFn5sPRjv-kSrnYfZLrW7Zx6rY18QhlmErBN7t4Mdv1kSWin-6yp_KuSXqXml4mhT4gLsaarWVYOjmLVQjpyZFOLS6-un4dSqWvw4LOlDKUVLKNi_fHDnAPOzNX2H8u0rZB_yYjB_BY_hcQs8je7IifUaoYMM7uQoJXc
88.208.59.103200 OK 68 B URL HTTP/2 2348.thomasbarlowpro.com/v2/a/na/image?d=BQ5qQHPeD5Qurjm51goQ5ffYEhDS7vmorqITdQVwddi_ZzQj7j3TdVbvjyXOQA5zRT0I44d5kwOpg-GYreD7eDrGpy7tnVVkvYZAGefRFli3lih3GHJOmSjzdoWayN4vR_8cN7klOC7U0w5NUKCWZM5L-g5xkCZuvmDako_NH3jFvbLQp87XdcTiuKE1LKZ3KRzpg0L3ruHfjsQqXt9Y56ndk8jxXfilQNN-fk02owu7dUTIjSp34Ndywe35V7QAwabHNCy4L4vOoczq-rwUf6bCEdrZJFcAklZ42Ifi55XkIBn7VkSSeYw3vPu4KLau1LbJydt0GQcQP9ZwpJrXFfrxGNXqw03MNL1dzD-aWk1P8B4aSvM23o_F4IWTW8Rb_XdW1zOlutytEj25XjJIMgd9k8mlo56GUEZIuerHIbb61I2PymqidG0oCjX9kmcMLtQ4jR-sBRo97nS1a-A_Ysno_Eb2UeYNG847PUAlp1_Z5kyrGOrWIzDI1cQrNNgbC7QUIutSsAEehLiqZt4goPrEdNW130fYJdjRAI1z8eT90d57v8O4Cx02hrguyPvFFwXrfzu9gBTSCahVWTBOkIwiO6w3BNCxjwoelDdiZ8h0PwD5NUA4tRknI5w55czdRZm4DzFmOKTfSXw3txw_jc-OQrQ8An0iR_3ldIGCuGzOMraiQ5vUFIi7XPoxz0hTK4_EGZuKqDNTycblGpF-_Gly-ZjCGOHn-x591QDjtjHl2Lwdh5iX8WcD0rYtYQe8oTwd1INUuwOem-nKnHd4CZHgG5iGqta7Thb9Una6IMgZY-KEE8cM8hO-nNyMURHfaL7xYXafsEGPYrvN8mRtupQuNXX67PBhWVh3VEP7QqLLMnP8dazGH87Cmw5WkI_SqkhfsTLcvLJI38OxuktRg2kzx15uWe0uLW_fJRlgOolufdFeYWWrSl9sptfZOm7uBSVZVIUcInVcVDOkuCatVQpt8XjIstJ7eyIQUzEj06hPczI7TCGKVVkWeB2yMYwp40EqH05qZL75JD9u7fXapS7Ziw_wEh8MFn5sPRjv-kSrnYfZLrW7Zx6rY18QhlmErBN7t4Mdv1kSWin-6yp_KuSXqXml4mhT4gLsaarWVYOjmLVQjpyZFOLS6-un4dSqWvw4LOlDKUVLKNi_fHDnAPOzNX2H8u0rZB_yYjB_BY_hcQs8je7IifUaoYMM7uQoJXc
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /v2/a/na/image?d=BQ5qQHPeD5Qurjm51goQ5ffYEhDS7vmorqITdQVwddi_ZzQj7j3TdVbvjyXOQA5zRT0I44d5kwOpg-GYreD7eDrGpy7tnVVkvYZAGefRFli3lih3GHJOmSjzdoWayN4vR_8cN7klOC7U0w5NUKCWZM5L-g5xkCZuvmDako_NH3jFvbLQp87XdcTiuKE1LKZ3KRzpg0L3ruHfjsQqXt9Y56ndk8jxXfilQNN-fk02owu7dUTIjSp34Ndywe35V7QAwabHNCy4L4vOoczq-rwUf6bCEdrZJFcAklZ42Ifi55XkIBn7VkSSeYw3vPu4KLau1LbJydt0GQcQP9ZwpJrXFfrxGNXqw03MNL1dzD-aWk1P8B4aSvM23o_F4IWTW8Rb_XdW1zOlutytEj25XjJIMgd9k8mlo56GUEZIuerHIbb61I2PymqidG0oCjX9kmcMLtQ4jR-sBRo97nS1a-A_Ysno_Eb2UeYNG847PUAlp1_Z5kyrGOrWIzDI1cQrNNgbC7QUIutSsAEehLiqZt4goPrEdNW130fYJdjRAI1z8eT90d57v8O4Cx02hrguyPvFFwXrfzu9gBTSCahVWTBOkIwiO6w3BNCxjwoelDdiZ8h0PwD5NUA4tRknI5w55czdRZm4DzFmOKTfSXw3txw_jc-OQrQ8An0iR_3ldIGCuGzOMraiQ5vUFIi7XPoxz0hTK4_EGZuKqDNTycblGpF-_Gly-ZjCGOHn-x591QDjtjHl2Lwdh5iX8WcD0rYtYQe8oTwd1INUuwOem-nKnHd4CZHgG5iGqta7Thb9Una6IMgZY-KEE8cM8hO-nNyMURHfaL7xYXafsEGPYrvN8mRtupQuNXX67PBhWVh3VEP7QqLLMnP8dazGH87Cmw5WkI_SqkhfsTLcvLJI38OxuktRg2kzx15uWe0uLW_fJRlgOolufdFeYWWrSl9sptfZOm7uBSVZVIUcInVcVDOkuCatVQpt8XjIstJ7eyIQUzEj06hPczI7TCGKVVkWeB2yMYwp40EqH05qZL75JD9u7fXapS7Ziw_wEh8MFn5sPRjv-kSrnYfZLrW7Zx6rY18QhlmErBN7t4Mdv1kSWin-6yp_KuSXqXml4mhT4gLsaarWVYOjmLVQjpyZFOLS6-un4dSqWvw4LOlDKUVLKNi_fHDnAPOzNX2H8u0rZB_yYjB_BY_hcQs8je7IifUaoYMM7uQoJXc HTTP/1.1
Host: 2348.thomasbarlowpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: image/png
content-length: 68
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
everefor.buzz/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Content-Length: 382
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
bulrev.com/resources/slider.min.js
51.161.119.209200 OK 164 kB URL HTTP/1.1 bulrev.com/resources/slider.min.js
IP 51.161.119.209:0
File type Unicode text, UTF-8 text, with very long lines (65495)
Size 164 kB (164425 bytes)
Hash b6372f3fdd38e04278e732ea4bc27644
accf47a697ba650a9df8496334e75752fc3c56f6
040228f0e85722bd244dc0e29f2f1cacf47fa102b209feb9f53b602a9892c782
GET /resources/slider.min.js HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 23 Mar 2023 11:33:13 GMT
Content-Type: application/javascript
Content-Length: 164425
Connection: keep-alive
Content-Encoding: br
Last-Modified: Wed, 11 Jan 2023 13:55:59 GMT
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
ishedtotigai.info/popunder.gif
104.21.11.226200 OK 35 B URL HTTP/2 ishedtotigai.info/popunder.gif
IP 104.21.11.226:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /popunder.gif HTTP/1.1
Host: ishedtotigai.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: image/gif
access-control-allow-origin: *
pragma: public
cache-control: public, max-age=604800, immutable
cf-cache-status: HIT
age: 42356
last-modified: Wed, 22 Mar 2023 23:47:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWnxJ%2BRetd30fKdNd4qFavR0yEyQeZaWueuER3AXZ%2BUTWDoOlwuvLGuFaY6k1tFp%2B3j6B997yJxhjt4PvGr2ErBZuSwdLLpH9lOAIX%2Bzj38am6fv1GoZseMDyDQFcaI79%2BKT%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c3e2d68fac4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
167.99.122.29200 OK 717 B URL HTTP/1.1 oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
IP 167.99.122.29:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document, ASCII text, with very long lines (777)
Hash 91f90523b9fec949d7dbbcdefad7c60a
408db5473810788f61218875b64f86edaad69163
82e5e4032fcdf5558053cab65d183204b93e852c017701af59f33ebbde372b61
GET /servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69 HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: AVPUID=569c8d6e039931bb2bf38d3dc284b5b6; Expires=Fri, 22-Mar-2024 11:33:35 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101
167.99.122.29200 OK 660 B URL HTTP/1.1 oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101
IP 167.99.122.29:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with very long lines (601), with CRLF, LF line terminators
Hash 6c24032d53e5a6ae332912dadf8ff86b
3f2dc173a37ecdd5a9e8e2614fe0161d0f00900f
f0b4a15c51552a22b7cd60032a0195f6151dc59dfdd8c71c4983c4755923e7b6
GET /servlet/view/banner/javascript/html/zone?zid=44&pid=0&custom1=GC101 HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.pierlinks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:35 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: Thu, 31 Dec 1998 11:59:59 GMT
X-Robots-Tag: none
P3P: CP="NOI DSP COR NID"
Set-Cookie: AVPUID=31e0b6afa2b8bb0dff9d30a6fe754de6; Expires=Fri, 22-Mar-2024 11:33:35 GMT; Path=/; Secure; HttpOnly; SameSite=None
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23c054d3aee551b6fdc42a5a472a7040
b1a46c12ac7d65c979fd1998bdb243f3dba8f956
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 11:33:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ssl.google-analytics.com/ga.js
142.250.74.40200 OK 17 kB URL HTTP/2 ssl.google-analytics.com/ga.js
IP 142.250.74.40:0
File type ASCII text, with very long lines (1305)
Hash 01d5892e6e243b52998310c2925b9f3a
58180151b6a6ee4af73583a214b68efb9e8844d4
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Thu, 23 Mar 2023 10:41:41 GMT
expires: Thu, 23 Mar 2023 12:41:41 GMT
cache-control: public, max-age=7200
age: 3114
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23c054d3aee551b6fdc42a5a472a7040
b1a46c12ac7d65c979fd1998bdb243f3dba8f956
9e8b91ab91da9ea20dfb5f90c1c06239d2872b0eb80785534d0c59c3b51de404
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 23 Mar 2023 11:33:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tanceteventu.com/utx?cb=TN9VVd045Re0&top=www.heavy-r.com&tid=894738
108.157.229.68204 No Content 0 B URL HTTP/2 tanceteventu.com/utx?cb=TN9VVd045Re0&top=www.heavy-r.com&tid=894738
IP 108.157.229.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=TN9VVd045Re0&top=www.heavy-r.com&tid=894738 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 23 Mar 2023 11:33:35 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Thu, 23 Mar 2023 11:34:35 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: MihPjiOweVHiFW24YRC5vQCHYvCSqdqCcZFlKFifnE5XJef2VlWN7g==
X-Firefox-Spdy: h2
oceanicmb.advertserve.com/js/interactive2.js
167.99.122.29200 OK 2.8 kB URL HTTP/1.1 oceanicmb.advertserve.com/js/interactive2.js
IP 167.99.122.29:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (11788), with no line terminators
Hash 4606eaef09eb072216fab89e7d5f64cb
15a6e1efc28c397d58678486c1730daafeff6638
88c6c7072c776fbaeb880d88ff04fa74c38767dceec317817652e50c60081274
GET /js/interactive2.js HTTP/1.1
Host: oceanicmb.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/servlet/view/banner/javascript/html/zone?zid=45&pid=0&custom1=GC69
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:35 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=86400
Expires: Fri, 24 Mar 2023 11:33:35 GMT
Vary: Accept-Encoding, Accept-Encoding
Last-Modified: Fri, 13 Jan 2023 13:38:00 GMT
Content-Encoding: gzip
everefor.buzz/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heavy-r.com
Content-Length: 348
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/203
205.185.216.42200 OK 748 kB URL HTTP/1.1 cdn.advertserve.com/images/oceanicmb.advertserve.com/servlet/files/203
IP 205.185.216.42:0
File type GIF image data, version 89a, 900 x 250\012- data
Size 748 kB (747566 bytes)
Hash aa7d88676665723eda66c2c64a2d97fa
57c03eb457efb42dc3c5fb2df13d8e8f974abedc
ea1469b353465ed9d94a45937e9cd4fefd2419f2f1bdd0a3d48daaf1c14b1913
GET /images/oceanicmb.advertserve.com/servlet/files/203 HTTP/1.1
Host: cdn.advertserve.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:33:36 GMT
Connection: Keep-Alive
ETag: "978263999"
Cache-Control: public, max-age=2592000
Content-Length: 747566
Content-Type: image/gif
Last-Modified: Sun, 31 Dec 2000 11:59:59 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-HW: 1679571216.dop001.sk1.t,1679571216.cds252.sk1.shn,1679571216.dop001.sk1.t,1679571216.cds261.sk1.c
bulrev.com/resources/slider.min.css
51.161.119.209200 OK 2.9 kB URL HTTP/1.1 bulrev.com/resources/slider.min.css
IP 51.161.119.209:0
File type ASCII text, with very long lines (6167), with no line terminators
Hash 836a7513b5893c1b15fbfe1d12f3d7af
010ef80d3beb1bd26aa2ee3ed4af9698ad21a3fb
c60d1d0549abcdb5e77b359b26384c79a8232752acaf94ec7484aedead733167
GET /resources/slider.min.css HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 23 Mar 2023 11:33:14 GMT
Content-Type: text/css; charset=utf-8
Content-Length: 2926
Connection: keep-alive
Content-Encoding: br
Last-Modified: Wed, 11 Jan 2023 13:55:59 GMT
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 410731fd3c675921feaeb1e98baa93df
1d4a48af797464375318ba7055e578d73783af68
e16b0ef95c901b4d40d9c7615a7b6398a421835dc72a9da553830a7994751f99
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 23 Mar 2023 11:33:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 21 Mar 2023 14:35:29 GMT
Expires: Tue, 28 Mar 2023 14:35:28 GMT
Etag: "1d4a48af797464375318ba7055e578d73783af68"
Cache-Control: max-age=442311,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ac65c43eae4b512-OSL
poweredby.jads.co/js/jads.js
185.94.237.101301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.237.101:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 23 Mar 2023 11:33:36 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
tanceteventu.com/floater?tid=894738&red=1&cs=cHNlUE5BRFE2fklBVTV%2FRBEBNX5A&abt=0&v=0.5.54.0&sm=83&k=heavy%20tube%20free%20videos%20porn&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fwp-login.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_q7du=1679571223213&crc=1
108.157.229.68200 OK 1.5 kB URL HTTP/2 tanceteventu.com/floater?tid=894738&red=1&cs=cHNlUE5BRFE2fklBVTV%2FRBEBNX5A&abt=0&v=0.5.54.0&sm=83&k=heavy%20tube%20free%20videos%20porn&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fwp-login.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_q7du=1679571223213&crc=1
IP 108.157.229.68:0
File type ASCII text, with very long lines (2163), with no line terminators
Hash 3d998833c898533c794342e4c82ba671
a6f48fb3868b17659dcb2ec07c981a3c0a97a2d3
2cea9056e41e8126a92ce150ef8777aa23298956a21e951f83d2e11a7efc4579
GET /floater?tid=894738&red=1&cs=cHNlUE5BRFE2fklBVTV%2FRBEBNX5A&abt=0&v=0.5.54.0&sm=83&k=heavy%20tube%20free%20videos%20porn&sts=&prn=0&emb=0&fs=1&aa=td1&m=1&ns=1&ndp=1&asi=1&ref=https%3A%2F%2Fwww.heavy-r.com%2Fwp-login.php&jst=0&enr=0&lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A105.0)%20gecko%2F20100101%20firefox%2F105.0&tzd=0&uloc=&if=0&_q7du=1679571223213&crc=1 HTTP/1.1
Host: tanceteventu.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
content-length: 1504
date: Thu, 23 Mar 2023 11:33:36 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: https://www.heavy-r.com
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=c78ba5c1-6c15-4888-951f-9ba3fc9baba0
content-encoding: gzip
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 41ce182e8f343263845579fafd1af6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: BlJ18YROhKqtsg6mpiPc07SDv79cgweWewBba4HgzbQnz-4AyCyxZQ==
X-Firefox-Spdy: h2
everefor.buzz/
52.20.131.174200 OK 0 B IP 52.20.131.174:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Content-Type: text/plain;charset=UTF-8
Origin: https://www.heavy-r.com
Content-Length: 352
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
access-control-allow-origin: *
X-Firefox-Spdy: h2
bulrev.com/placements/settings?scid=538
51.161.119.209200 OK 265 B URL HTTP/1.1 bulrev.com/placements/settings?scid=538
IP 51.161.119.209:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 5a5ba359a55b35f99f9594c2fb2e3a2f
df0a616d91c008a18f37b351aa1ea138ec4d5179
4dc04e88d2a0c1615e3e5742c79385815a161810956c2f1d15ba3d1dee82dca2
GET /placements/settings?scid=538 HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 23 Mar 2023 11:33:14 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 265
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Set-Cookie: orbit_uuid=cc62b30e-443a-47e8-81ee-9ed75f1f5604; expires=Fri, 22 Mar 2024 11:33:36 GMT; domain=.bulrev.com; path=/; secure; SameSite=None
poweredby.jads.co/js/jads2.js
185.94.237.101200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.237.101:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://oceanicmb.advertserve.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:36 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 21 Nov 2022 05:24:20 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"637b0b84-eae"
Content-Encoding: gzip
cloudlogobox.com/rtbfeed.php?1418776e8a5b
195.123.209.175200 OK 106 B URL HTTP/1.1 cloudlogobox.com/rtbfeed.php?1418776e8a5b
IP 195.123.209.175:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 45519216be3b413c13c1bd623990d1b8
f374f2578e498a536085b57c41d3d2299fa84f5e
4742175aa9e5530bd227e6d0ca2e5d2be4aa5b46ec7ee4a7c8f81c74d7d7884c
GET /rtbfeed.php?1418776e8a5b HTTP/1.1
Host: cloudlogobox.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:36 GMT
Content-Type: image/png
Content-Length: 106
Last-Modified: Wed, 10 Feb 2021 11:05:43 GMT
Connection: keep-alive
ETag: "6023be07-6a"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
poweredby.jads.co/adshow.php?adzone=981986
185.94.237.101200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=981986
IP 185.94.237.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1332), with CRLF, LF line terminators
Hash 3f8e21c398c66e00e81f94171ee6f59e
603129d933136fb333df82826a8fcde4bfb01d55
074761e56db7db8a6a35732557381aede4c735503f43fc6c38939755c271674d
GET /adshow.php?adzone=981986 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://oceanicmb.advertserve.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 23 Mar 2023 11:33:37 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=2380b28f667588a8094491420369d12e; expires=Fri, 22-Mar-2024 11:33:36 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Sun, 26-Mar-2023 11:33:36 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Sun, 26-Mar-2023 11:33:36 GMT; Max-Age=259200; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14352
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14352
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14352
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14352
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:33:37 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0d3d7099bbc5fed74a6e78e1a3096bf
96afaf8b3ac053577c56aca5f4a20d8655ecb771
c8ff32c6809a506d4c656d3200dbfc6682c156c3de0647d13ab8f07a6f9a38ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C8FF32C6809A506D4C656D3200DBFC6682C156C3DE0647D13AB8F07A6F9A38BA"
Last-Modified: Tue, 21 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14352
Expires: Thu, 23 Mar 2023 15:32:49 GMT
Date: Thu, 23 Mar 2023 11:33:37 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f777f840a3fc7e500c57a7cbdf88f26d
3518e8a18807209e94011806a96492e0d86ee9c9
44aa32fa1bf15785a4dd8cd6184772fb268113cbf459f5f30a70ff5ca66c9e05
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a7546f8-3d34-4fb4-b63f-8e8098b48c30.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7419
x-amzn-requestid: bc02abbe-706d-42af-b963-0163b07b87c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B9xbnE7OIAMFW2g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641562b0-247606a3713a20d25cf83763;Sampled=0
x-amzn-remapped-date: Sat, 18 Mar 2023 07:05:20 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: 3hcFsEgTbzbZ7idbLT-fhzhzhO6nT7xNDgHvY4iF8Hd934YYbjviLA==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 618052a0d9c86c1a3bf663f82d041d1c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 18:52:41 GMT
age: 60056
etag: "3518e8a18807209e94011806a96492e0d86ee9c9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c05bfdf1411a931d8ea9adc64b07bc74
156ef59e53564a4f2b27002b2695fafecd578d82
15d17c0df2d2b0625ecf5f576a7ff630ae8b923b28be354ad23aec6a284a801a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5be1b286-007a-44a5-a6fd-872190ecfa0b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6692
x-amzn-requestid: 3a0f6a8d-89b1-43f4-8a15-8749bdbc047b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM9d9FcOoAMFaFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b75f2-3540256d6be3d4f85bba65ea;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:41:06 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: PNAVsyfdAHjn5F6Rt1uz1U46QCIGvTCqZatbAurr6Ilu0quHWExuSw==
via: 1.1 e92cc925fc8895560cd0628c67f58828.cloudfront.net (CloudFront), 1.1 aabd01c4a20dae837d162bd972422efc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:34 GMT
age: 49803
etag: "156ef59e53564a4f2b27002b2695fafecd578d82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85351059b67b0a42eda7e69a31b3b4b4
b798268806dc2f79f033e5872676019faf0e0cc1
86e163b7159b197d6358ab01333ac6da221de0ebe1c5da8d5cef2977d38625fe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F255e6a5a-97bb-4a35-8a48-4d120747a63c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4000
x-amzn-requestid: 68dc01d7-3eed-48f6-8532-8efaa96cc1ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CJpraEqyoAMFgNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a2315-3852cc8961365a560d1fa02f;Sampled=0
x-amzn-remapped-date: Tue, 21 Mar 2023 21:35:17 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: Ncagzm12kJaHQtYhhjUUhcfXVfbwMdonoNYqpK-QXEmLfyyENgFnFA==
via: 1.1 288c777a01e22425da9494dad7a69734.cloudfront.net (CloudFront), 1.1 42ef990e439ae115ff739f04e3945234.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 02:49:25 GMT
age: 31452
etag: "b798268806dc2f79f033e5872676019faf0e0cc1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
34.120.237.76200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 40d24dfcd9f0afe0e4077384f16cc494
76213c7d5c759471ed3823888860f918ac7e8f13
fbbbef0498ddf14bc9b204273a3cd416c357dceed20339c3e8c64a16b0be3caf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fea5d4e17-e42c-49fb-a54b-d7d97ad50ba4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7083
x-amzn-requestid: 352ae6e5-476d-430b-adf0-84d4a739967b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: B6fGcE1foAMFbRQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64141228-7dc6c3cb72cd40965006ab76;Sampled=0
x-amzn-remapped-date: Fri, 17 Mar 2023 07:09:28 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: bgeeN4oUpN5wPo6UnQKqKTGDiuLWu-ioS9UtrO5a6m5SI7WyiRNLcA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 6bdc2963c9ed59b475ec36c35e5932a4.cloudfront.net (CloudFront), 1.1 google
date: Thu, 23 Mar 2023 09:43:54 GMT
age: 6583
etag: "76213c7d5c759471ed3823888860f918ac7e8f13"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F93c300c4-e707-428c-9ae5-d4699c20a7ef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: ce85112e-428d-4ca1-9dac-1d6c8c6dc74a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CKyF9EI3oAMFtyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641a96f2-05c5948d6f74948b1c67d68c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 05:49:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: lnMR6Lh4T37cFhMwb1qXIxjoPBghVFOGUz7HTt65DegMaxlElZxfjQ==
via: 1.1 59456abf79b201034ab5c9cfef7355e2.cloudfront.net (CloudFront), 1.1 599f04a365a179d553682d476509c388.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:32 GMT
age: 56796
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4a771935927950222124e14b56046df
d07fe53e4ac41048497b2732c017f6666c3eda9e
4e8388626074646c2336711be0a170ceab367c343648a32d2389dd87640251d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9a816157-9568-4e7f-a034-14b2f1982949.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4912
x-amzn-requestid: d8fcf495-12af-42ae-ad69-0ea07b1a8669
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM8H3Fl1IAMFYgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b73cb-01cbd1981a57e53b3d3cde93;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:31:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: 4xGMCVWy2EXLLN8keteGLQvQjOp6KH97rkn_FK10eyng0-5EudcOig==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 174acb08636ac7d9e9a778bbf1bcbc52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 22 Mar 2023 21:43:33 GMT
etag: "d07fe53e4ac41048497b2732c017f6666c3eda9e"
content-type: image/jpeg
age: 49804
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
i.jads.co/ads/user1895/ad1918654-1662317520.jpg
69.16.175.10200 OK 22 kB URL HTTP/2 i.jads.co/ads/user1895/ad1918654-1662317520.jpg
IP 69.16.175.10:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 728x90, components 3\012- data
Hash 905051a026523535fc573a8c5a4b14d4
79c8b6aebdd63f8dd11adb975c448c1331b653a0
ca78826aeeeb9adf194cde1a0979e0cef042eb4bb821fbde045f78f111d80fc1
GET /ads/user1895/ad1918654-1662317520.jpg HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=2380b28f667588a8094491420369d12e; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:37 GMT
etag: "1662317520"
cache-control: max-age=14282493
content-length: 22302
content-type: image/jpeg
last-modified: Sun, 04 Sep 2022 18:52:00 GMT
accept-ranges: bytes
x-hw: 1679571217.dop211.sk1.t,1679571217.cds015.sk1.hn,1679571217.cds230.sk1.c
X-Firefox-Spdy: h2
i.jads.co/1x1.gif
69.16.175.10200 OK 43 B IP 69.16.175.10:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 9bb191c6827273aa978cab39a3587950
25d8043336eb799e52b1a0e15ff6b95e09c24e35
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
GET /1x1.gif HTTP/1.1
Host: i.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Cookie: surferid=2380b28f667588a8094491420369d12e; juicy_data_1=YTowOnt9; juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:37 GMT
etag: "1457030838"
cache-control: max-age=7654049
content-length: 43
content-type: image/gif
last-modified: Thu, 03 Mar 2016 18:47:18 GMT
accept-ranges: bytes
x-hw: 1679571217.dop211.sk1.t,1679571217.cds015.sk1.hn,1679571217.cds264.sk1.c
X-Firefox-Spdy: h2
www.heavy-r.com/css/members.css?b
172.67.20.237200 OK 60 kB URL HTTP/2 www.heavy-r.com/css/members.css?b
IP 172.67.20.237:0
File type ASCII text, with very long lines (3829)
Hash a741b26b9317ccb9641d895f13d54308
0638045a698a388aaf76ebc1a651c3eb8214ecf3
1b9d13e07783e046d53de9bcd3c58a91c5323a95e231296db8f5fc101fed357d
GET /css/members.css?b HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4762
etag: W/"2172495735"
last-modified: Fri, 10 Nov 2017 12:19:51 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6644
server: cloudflare
cf-ray: 7ac65c3bbbaa1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
bulrev.com/show/std?scid=538
51.161.119.209200 OK 19 kB URL HTTP/1.1 bulrev.com/show/std?scid=538
IP 51.161.119.209:0
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (545)
Hash 23ba6221d93231748a95b5dd301954ef
5facd3b2773c741af691275e3ab021dbb91d32d2
f3072a1fc1f1bb57efba8fee136f2ad1cbe3388c9e40fe3fc7fc7eed56bc19bd
GET /show/std?scid=538 HTTP/1.1
Host: bulrev.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/xml
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.heavy-r.com
Connection: keep-alive
Referer: https://www.heavy-r.com/
Cookie: orbit_uuid=cc62b30e-443a-47e8-81ee-9ed75f1f5604
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 23 Mar 2023 11:33:15 GMT
Content-Type: text/xml
Content-Length: 19006
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.heavy-r.com
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash bed79de835d5cf03aa0a6b7faaad1374
cafa0b67386b92c07c695c78ce812c9018ab8fd2
9b10cc90c6f07750347d31a23a85870761222ae5f1cc1e6770b25ef7a0e61622
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B10CC90C6F07750347D31A23A85870761222AE5F1CC1E6770B25EF7A0E61622"
Last-Modified: Wed, 22 Mar 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10771
Expires: Thu, 23 Mar 2023 14:33:08 GMT
Date: Thu, 23 Mar 2023 11:33:37 GMT
Connection: keep-alive
ads.bullionyield.com/impression?id=41797b8c-158a-4623-a55b-9eef91f037fc
51.161.119.209200 OK 68 B URL HTTP/1.1 ads.bullionyield.com/impression?id=41797b8c-158a-4623-a55b-9eef91f037fc
IP 51.161.119.209:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
GET /impression?id=41797b8c-158a-4623-a55b-9eef91f037fc HTTP/1.1
Host: ads.bullionyield.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Thu, 23 Mar 2023 11:33:16 GMT
Content-Type: image/png
Content-Length: 68
Connection: keep-alive
Access-Control-Allow-Origin: https://www.heavy-r.com
Access-Control-Allow-Credentials: true
Set-Cookie: orbit_uuid=a42e4e45-ce40-4c9a-8359-752734ec7b82; expires=Fri, 22 Mar 2024 11:33:38 GMT; domain=.bullionyield.com; path=/; secure; SameSite=None
www.heavy-r.com/js/jquery.bxslider.min.js?v1
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/jquery.bxslider.min.js?v1
IP 172.67.20.237:0
GET /js/jquery.bxslider.min.js?v1 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 19 Oct 2022 22:54:57 GMT
etag: W/"2811880859"
expires: Wed, 19 Oct 2022 23:55:51 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3c0c091bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/sw.js?RExCdjgfbnVAC318dlQUZm5uVAknf3YVCXx8b0JZcShvQll8LW8UAHZ%2EbxVaInV0FQ90enMUDGZgYEcBcn8hRQAhYXNDDSZhdk8PfWF6Qgh9YXpBCCF%2EJEYKInR3TxpobjEBGmhuJwBdNikkGUpqLjcMQmZgYEcIanlgWl4lIDETFCItLgVdaCojGkshEQ
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/sw.js?RExCdjgfbnVAC318dlQUZm5uVAknf3YVCXx8b0JZcShvQll8LW8UAHZ%2EbxVaInV0FQ90enMUDGZgYEcBcn8hRQAhYXNDDSZhdk8PfWF6Qgh9YXpBCCF%2EJEYKInR3TxpobjEBGmhuJwBdNikkGUpqLjcMQmZgYEcIanlgWl4lIDETFCItLgVdaCojGkshEQ
IP 172.67.20.237:0
GET /sw.js?RExCdjgfbnVAC318dlQUZm5uVAknf3YVCXx8b0JZcShvQll8LW8UAHZ%2EbxVaInV0FQ90enMUDGZgYEcBcn8hRQAhYXNDDSZhdk8PfWF6Qgh9YXpBCCF%2EJEYKInR3TxpobjEBGmhuJwBdNikkGUpqLjcMQmZgYEcIanlgWl4lIDETFCItLgVdaCojGkshEQ HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 30 Nov 2022 18:16:55 GMT
etag: W/"118614824"
cache-control: max-age=14400
cf-cache-status: MISS
server: cloudflare
cf-ray: 7ac65c4068041bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/jquery.form.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/jquery.form.js
IP 172.67.20.237:0
GET /js/jquery.form.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=45171
etag: W/"1000751821"
expires: Wed, 22 Mar 2023 07:32:42 GMT
last-modified: Sun, 19 Jul 2020 07:12:41 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 6979
server: cloudflare
cf-ray: 7ac65c3bcbc21bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/CH_Ajax.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/CH_Ajax.js
IP 172.67.20.237:0
GET /js/CH_Ajax.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=4539
etag: W/"902188345"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Wed, 18 Oct 2017 04:28:37 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1092
server: cloudflare
cf-ray: 7ac65c3bdbcf1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/mobile3.js?v=8
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/mobile3.js?v=8
IP 172.67.20.237:0
GET /js/mobile3.js?v=8 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=5428
etag: W/"761676667"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Tue, 06 Apr 2021 20:20:03 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 2598
server: cloudflare
cf-ray: 7ac65c3bebe11bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/bootstrap.min.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/bootstrap.min.js
IP 172.67.20.237:0
GET /js/bootstrap.min.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Wed, 19 Aug 2020 22:21:31 GMT
etag: W/"2596413615"
expires: Mon, 06 Jun 2022 23:13:46 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1892
server: cloudflare
cf-ray: 7ac65c3c0c061bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/style.css?b3
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/style.css?b3
IP 172.67.20.237:0
GET /css/style.css?b3 HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=53476
etag: W/"2283685840"
last-modified: Fri, 16 Apr 2021 20:21:53 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1264
server: cloudflare
cf-ray: 7ac65c3bbba81bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/zxml.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/zxml.js
IP 172.67.20.237:0
GET /js/zxml.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=6483
etag: W/"170460536"
expires: Mon, 04 Jul 2022 18:35:40 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3bdbd81bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/myaccount.css
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/myaccount.css
IP 172.67.20.237:0
GET /css/myaccount.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=2264
etag: W/"2986297702"
last-modified: Tue, 15 Nov 2016 20:03:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2598
server: cloudflare
cf-ray: 7ac65c3bcbad1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/favicon.ico
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/favicon.ico
IP 172.67.20.237:0
GET /favicon.ico HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: image/vnd.microsoft.icon
etag: W/"4080963554"
last-modified: Mon, 11 Dec 2017 19:49:52 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 2769
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ac65c430ae31bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/jquery.bxslider-v4.1.2.css
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/jquery.bxslider-v4.1.2.css
IP 172.67.20.237:0
GET /css/jquery.bxslider-v4.1.2.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=3835
etag: W/"2731420745"
last-modified: Wed, 19 Oct 2022 22:44:35 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5091
server: cloudflare
cf-ray: 7ac65c3bbba71bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/date.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/date.js
IP 172.67.20.237:0
GET /js/date.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=6956
etag: W/"2653494852"
expires: Mon, 18 Apr 2022 22:49:49 GMT
last-modified: Sun, 23 Aug 2020 06:54:25 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5454
server: cloudflare
cf-ray: 7ac65c3bdbce1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/general.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/general.js
IP 172.67.20.237:0
GET /js/general.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=1980
etag: W/"3710786616"
expires: Wed, 31 Aug 2022 16:30:49 GMT
last-modified: Tue, 13 Jun 2017 03:52:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3bdbd61bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/sw.js
172.67.20.237200 OK 0 B IP 172.67.20.237:0
GET /sw.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/wp-login.php
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=103032
etag: W/"118614824"
last-modified: Wed, 30 Nov 2022 18:16:55 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 6161
server: cloudflare
cf-ray: 7ac65c3bbb9f1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/bootstrap.min.css
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/bootstrap.min.css
IP 172.67.20.237:0
GET /css/bootstrap.min.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
vary: Accept-Encoding
last-modified: Sun, 09 Apr 2017 14:40:35 GMT
etag: W/"908251226"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2653
server: cloudflare
cf-ray: 7ac65c3bbba41bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/css/myfav.css
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/myfav.css
IP 172.67.20.237:0
GET /css/myfav.css HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4664
etag: W/"2717861221"
last-modified: Tue, 15 Nov 2016 20:03:01 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3bbbab1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
2348.thomasbarlowpro.com/v2/a/na/136227?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fwp-login.php&referer=&av=1&abl=0&kws=free%2Cporn%2Cvideos%2Cheavy%2Ccom&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Mar%2023%202023%2011%3A33%3A43%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&dcid=
88.208.59.103200 OK 0 B URL HTTP/2 2348.thomasbarlowpro.com/v2/a/na/136227?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fwp-login.php&referer=&av=1&abl=0&kws=free%2Cporn%2Cvideos%2Cheavy%2Ccom&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Mar%2023%202023%2011%3A33%3A43%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&dcid=
IP 88.208.59.103:0
ASN #39572 DataWeb Global Group B.V.
GET /v2/a/na/136227?subId=&pageUri=https%3A%2F%2Fwww.heavy-r.com%2Fwp-login.php&referer=&av=1&abl=0&kws=free%2Cporn%2Cvideos%2Cheavy%2Ccom&rtg=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221268%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Thu%20Mar%2023%202023%2011%3A33%3A43%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&dcid= HTTP/1.1
Host: 2348.thomasbarlowpro.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Origin: https://www.heavy-r.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://www.heavy-r.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Thu, 23 Mar 2023 11:33:35 UTC
expires: Thu, 23 Mar 2023 11:33:35 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
a.pierlinks.com/loader?a=101&s=10&t=2&p=5
172.67.140.205200 OK 0 B URL HTTP/2 a.pierlinks.com/loader?a=101&s=10&t=2&p=5
IP 172.67.140.205:0
GET /loader?a=101&s=10&t=2&p=5 HTTP/1.1
Host: a.pierlinks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:35 GMT
content-type: text/html
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T2Nh%2BJhO6PkEJwdOlj%2BI2KrTR99BxhznYNIsNYu5HJcXuQgk5WhIlCO7qK%2BnwQUCiknRDOcAIfxkrOgsSqsSORP%2FQCbMcbMJ4GATqxEvF3NogwwKShfRnpMRa5fbH9mYeI4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ac65c3e2fedb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
everefor.buzz/NkRrOHZtZlwORQ90XxpaFGZHGkdVd19bRw50RgwXAyBGDBcOJUZaTgR3RlsUUH1dW0EGclpaQhRoSQlPAHcIC05TaVoNQ1RpXwFBD2lTDEYPaVMPRlN3DQhEUHxeAVQaZhhPVBpmDk4TRCENVwQYJh5CDBRoSQlGGHFJFBBXKBhdWlAlB0sTGiIKVAVTGQ
52.20.131.174200 OK 0 B URL HTTP/2 everefor.buzz/NkRrOHZtZlwORQ90XxpaFGZHGkdVd19bRw50RgwXAyBGDBcOJUZaTgR3RlsUUH1dW0EGclpaQhRoSQlPAHcIC05TaVoNQ1RpXwFBD2lTDEYPaVMPRlN3DQhEUHxeAVQaZhhPVBpmDk4TRCENVwQYJh5CDBRoSQlGGHFJFBBXKBhdWlAlB0sTGiIKVAVTGQ
IP 52.20.131.174:0
GET /NkRrOHZtZlwORQ90XxpaFGZHGkdVd19bRw50RgwXAyBGDBcOJUZaTgR3RlsUUH1dW0EGclpaQhRoSQlPAHcIC05TaVoNQ1RpXwFBD2lTDEYPaVMPRlN3DQhEUHxeAVQaZhhPVBpmDk4TRCENVwQYJh5CDBRoSQlGGHFJFBBXKBhdWlAlB0sTGiIKVAVTGQ HTTP/1.1
Host: everefor.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.heavy-r.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
set-cookie: 7a5f28e0027e30fc03ad95ac541634b0=1; Max-Age=604800
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: GET, POST
access-control-allow-headers: X-Requested-With,content-type
cache-control: public, max-age=86400
etag: W/"8442-O1qv9qc3zUD55wov2nMmfVEQ2gk"
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.heavy-r.com/css/comm.css?e
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/css/comm.css?e
IP 172.67.20.237:0
GET /css/comm.css?e HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=5463
etag: W/"448465228"
last-modified: Mon, 27 Nov 2017 17:41:08 GMT
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2653
server: cloudflare
cf-ray: 7ac65c3bcbb21bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js//jquery.tools.min.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js//jquery.tools.min.js
IP 172.67.20.237:0
GET /js//jquery.tools.min.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 18 May 2018 12:20:18 GMT
etag: W/"14602103"
expires: Mon, 17 Oct 2022 18:22:47 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 5091
server: cloudflare
cf-ray: 7ac65c3bcbbf1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.heavy-r.com/js/jquery.jcarousel.pack2.js
172.67.20.237200 OK 0 B URL HTTP/2 www.heavy-r.com/js/jquery.jcarousel.pack2.js
IP 172.67.20.237:0
GET /js/jquery.jcarousel.pack2.js HTTP/1.1
Host: www.heavy-r.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.heavy-r.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 23 Mar 2023 11:33:34 GMT
content-type: application/javascript
cache-control: max-age=14400
cf-bgj: minify
cf-polished: origSize=8882
etag: W/"975768959"
expires: Mon, 06 Jun 2022 23:55:06 GMT
last-modified: Tue, 15 Nov 2016 20:03:02 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5090
server: cloudflare
cf-ray: 7ac65c3bdbcd1bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2