Report - wedistormeschant.com/3f9e6b22-da96-4612-85de-2399d9192124

Report Overview

Submitted URL
wedistormeschant.com/3f9e6b22-da96-4612-85de-2399d9192124
IP
3.64.65.230
ASN
#16509 AMAZON-02
Submitted
2022-11-30 07:05:39
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
use.typekit.net	494	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	381 B	1.3 kB	23.36.76.186
eggs-content.kinkoid.com	668083	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	1.4 MB	94.75.250.120
tm-offers.gamingadult.com	175580	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	542 B	380 B	137.74.247.34
wedistormeschant.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	842 B	3.64.65.230
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	4.8 kB	104.18.32.68
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	443 B	7.1 kB	142.250.74.106
p.typekit.net	620	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	468 B	357 B	23.36.76.186
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.5 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	392 B	32 kB	142.250.74.106
gh1.hh-content.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.3 kB	532 kB	104.152.112.111
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	54.148.53.106
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	55 kB	34.120.237.76
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	23.36.76.226
www.gayharem.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.9 kB	51 kB	94.75.250.120
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	985 B	52 kB	142.250.74.35
images.hh-content.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	860 B	5.2 kB	104.152.112.111
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	4.2 kB	142.250.74.131
eggs-ext.kinkoid.com	552669	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	551 B	275 B	94.75.250.120

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-30	medium	wedistormeschant.com/3f9e6b22-da96-4612-85de-2399d9192124	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (16)

	URL	Size	First Seen	Last Seen
	eggs-ext.kinkoid.com/authentication/start_authentication?product_id=2&language=en&purpose=authenticate	14 kB	2023-03-09	2023-03-11
Pretty URL eggs-ext.kinkoid.com/authentication/start_authentication?product_id=2&language=en&purpose=authenticate IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 22:09:03 Last Seen2023-03-11 22:52:58 Times Seen1 Hash a7bd3ad6fccfd224a54ceb4bdafd28ce 00eb3f06f3319def1ebf5198d2387576449da5fd 62e5b063b4b08276367ee05226f852c001141a4efc0171029150349f58c33d14 Loading...

	www.gayharem.com/js/screenfull.js?v=66928416	2.9 kB	2023-03-07	2024-02-05
Pretty URL www.gayharem.com/js/screenfull.js?v=66928416 IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:38:20 Last Seen2024-02-05 22:18:33 Times Seen112 Hash 67dbfe9b672c902f618ccb6440d6e8c4 5ee56f41df8abdd06f7fb5a668b95e9cb8076209 6f575774986ea35312c5d750b761fd82298bbfd8664f810d43e499d8c9bdb266 Loading...

	ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js	228 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:06 Last Seen2024-04-25 12:03:36 Times Seen1974 Hash fd255415839568e52a48da5de5af244c abd6f85a04584792d77e4791c441ff49e9e28c0d 9671f8be70ad94a5362e60f4656d5d53ba214d32ab70a3f9d1603d7dadf9d1c1 Loading...

	www.gayharem.com/home.html	3.4 kB	2023-03-11	2023-03-11
Pretty URL www.gayharem.com/home.html IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:52:58 Last Seen2023-03-11 22:52:58 Times Seen1 Hash aafd07f2a1195b606f9d748d89f73bf4 facea940fefa1c067b59c7c1aa1c96acc58aacac 4564524e91e2eda352d6e8a7322623618a15af09d7bc85813e8ce86d818528d7 Loading...

	www.gayharem.com/js/guest.js?v=66928414	1.4 kB	2023-03-07	2023-07-04
Pretty URL www.gayharem.com/js/guest.js?v=66928414 IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:38:20 Last Seen2023-07-04 17:49:38 Times Seen61 Hash e0b082b77c7be4355a7049a6a7c5f353 d915737134d98b3a965cd5fa5cdaca6f65b5057c 9e09472f0d52ddb3a3d195366f5595855fd08ece7a60d3dfb5b38ea02363bfef Loading...

	www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=	365 B	2023-03-07	2023-03-11
Pretty URL www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8= IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:43:28 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 1d2ed677118f376bea53de739c31d7eb 96ce02d43b0d5936e2d3d7560ec0b482781201c7 be52b78325a8f4982a3b733fe8fa8494bda80eab2df14dd937c3a8a8ad83906d Loading...

	www.gayharem.com/phoenix-tr_labels-en-1172.js	45 kB	2023-03-11	2023-03-11
Pretty URL www.gayharem.com/phoenix-tr_labels-en-1172.js IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:52:58 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 2d3235fdf4f252cc8cdb4d62c18d182c b8ac9caf63e56c967a0d059bb3ae1fff38c4539c 8efff31ccc2dd38ed8fbf206694947ada93bc621cf241afedae28947d9446682 Loading...

	www.gayharem.com/js/default.js?v=66928415	1.9 MB	2023-03-11	2023-03-11
Pretty URL www.gayharem.com/js/default.js?v=66928415 IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:52:58 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 25936b24de5aaded9e75fa69c22286d3 e4ffb7203f8aeb341b705c36a05781716f16eff9 4d2389816f41deb28d5c8457a461baa655bcd2a31dfb2a80632f0a46a6870a01 Loading...

	www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=	599 B	2023-03-07	2023-03-11
Pretty URL www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8= IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:43:28 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 157df283189f1a862eeda57650900fe2 c35790a6f2230b9a88cc34c0d6bb4469b977bfd2 a6e29c5134f31ad907d6701b87c417832abe3bb192037098fdd7450dcc3c3961 Loading...

	www.gayharem.com/home.html	187 B	2023-03-07	2023-03-11
Pretty URL www.gayharem.com/home.html IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:43:28 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 73f5005a9e8122d95273946c72e83a8e b52913b60740535d71927134de2494d5b1e815db d7ea20e0183e5945da22b01144a263cf324bc05f8d6e680fe1ff514538511bdc Loading...

	www.gayharem.com/home.html	628 B	2023-03-08	2023-03-11
Pretty URL www.gayharem.com/home.html IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:32:31 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 01cb2602e087f9ed724eaa2c9d8ef293 a88491be80c05132c8e589968308e14cbcea908d 205c21eb6339794bba6b3094dd5a6c8c9570623c3e961e27233b9dfdd47fa1e6 Loading...

	www.gayharem.com/js/quest.js?v=66928415	31 kB	2023-03-11	2023-03-11
Pretty URL www.gayharem.com/js/quest.js?v=66928415 IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 22:52:58 Last Seen2023-03-11 22:52:58 Times Seen1 Hash ed5bb80229bb0613439584f09dfe6613 6246f23381e721e3f0d038e8956564050557f699 35ecd5ee3de77f3c7fa1e73878c4123367354dfbb1660b74fd7124cd8694901e Loading...

	www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=	278 B	2023-03-07	2023-03-11
Pretty URL www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8= IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 15:43:28 Last Seen2023-03-11 22:52:58 Times Seen1 Hash 2333d636849e6a5e66b899064ef62596 0140f14d32ead287cf00aef30a602d4ddf0838a0 3188dadebdbfe7ed643da64ae1fae9cc83717d098c7d7576582b1aadbf2ec0cf Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	90 kB	2023-03-07	2024-04-27
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:13 Last Seen2024-04-27 05:01:51 Times Seen262020 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	www.gayharem.com/js/chat.js?v=66928416	417 kB	2023-03-08	2024-02-07
Pretty URL www.gayharem.com/js/chat.js?v=66928416 IP 94.75.250.120 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:44:26 Last Seen2024-02-07 05:38:08 Times Seen1 Hash 8f73aff380e06800a6b1bfb18fd0ff79 89cb07ebbad970ae373187074a7f99fd10de26fe fa8159f6b107cec1ec5764868efcc2d0472b34e87ff5c6b6cb7f0e5fdbe515fa Loading...

		Size	First Seen	Last Seen
	#1 Write - 120e61e6b4c2f5e8544b8c78d722a904	621 B	2023-03-07	2024-02-05
Pretty Observations First Seen2023-03-07 14:38:20 Last Seen2024-02-05 22:18:33 Times Seen59 Hash 120e61e6b4c2f5e8544b8c78d722a904 574db9117bb739ac8dfe7218b4b0d4aac79d2f16 af36037d076d94f2c9f53b219d848056bcef43f86667ae5e550f57c75bf61caa Loading...

HTTP Transactions (74)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a5daf4dc99951793ae2315d4795e8146
4427507ca4d3a5632cc8f598afbc85e2195d00bd
94fb64c1c826ed7099283c0bedb3cea7ac7e1d9526794cb9fad6e761f5989d32

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94FB64C1C826ED7099283C0BEDB3CEA7AC7E1D9526794CB9FAD6E761F5989D32"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2633
Expires: Wed, 30 Nov 2022 07:49:18 GMT
Date: Wed, 30 Nov 2022 07:05:25 GMT
Connection: keep-alive

wedistormeschant.com/3f9e6b22-da96-4612-85de-2399d9192124

3.64.65.230

302

0 B

URL HTTP/1.1
wedistormeschant.com/3f9e6b22-da96-4612-85de-2399d9192124
IP
3.64.65.230:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /3f9e6b22-da96-4612-85de-2399d9192124 HTTP/1.1
Host: wedistormeschant.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Server: nginx
Date: Wed, 30 Nov 2022 07:05:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://tm-offers.gamingadult.com/?offer=49&uid=507583a4-7fe9-4587-a5fd-cf52fcff602d&lp=49&subid=w0ggqetvnhmgb7rk2usuvt82
Pragma: no-cache
Set-Cookie: 3f9e6b22-da96-4612-85de-2399d9192124-v4=3BuPM4HRhfpNfUCOnkO4RfviX7j5PHldTi1FYKeY6oo; Max-Age=86400; Expires=Thu, 01-Dec-2022 07:05:25 GMT; Domain=wedistormeschant.com; Path=/; HttpOnly
cc-v4=xLItiuJa6g%2Bei9j%2BVGT%2B862S1JJx40wemkM1CETrz1RpJ0pn1uP1YrkIuz8dG9fD6lWuAD4oNt0t7DsoYYzFJA0Uro%2Ff2NXPxZBVTGLRGcK8D%2FKpGqzk6IDw%2F%2FgLK9GthW9Em7h7jQtBBFi9M1vhMQ%3D%3D; Max-Age=31536000; Expires=Thu, 30-Nov-2023 07:05:25 GMT; Domain=wedistormeschant.com; Path=/; HttpOnly

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
4ed065cb23b5fca1a179dd73b3c5b7b2
4422eb24688f5e056fc1b18b127c7f63b1dbf5e0
b723d770d0dec7441d8505dc5a4e7d34f55c9f564ec52f20d9b70c7c3a0d9d35

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3267
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:25 GMT
Last-Modified: Wed, 30 Nov 2022 06:10:58 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6d9d34c96b9a826ae5676640c966469c
8052a16d41a637e420478b7de1ff5a2dc951fccd
f18ac558cb786126bb7efb159e03353d268d5f5796bcfd2691a349dfc68d863c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F18AC558CB786126BB7EFB159E03353D268D5F5796BCFD2691A349DFC68D863C"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8900
Expires: Wed, 30 Nov 2022 09:33:45 GMT
Date: Wed, 30 Nov 2022 07:05:25 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 30 Nov 2022 06:19:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2745
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Ika6kKNABzGMRWFbF2xGRhQPZXR+vhgo4Ft8cctgWxgUUY0AK2cF7dLHWce7hhaoS5eaTYkfSfA=
x-amz-request-id: TT5K1Q96HF4TG047
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 30 Nov 2022 06:45:07 GMT
age: 1218
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 30 Nov 2022 07:05:25 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e72492a40bd5e5ab674094ffa1e70d2d
ba41dbf4704d5b22f2536c541cca5451da183958
77fcd0f733564289256d9b7c75313f41aad3f995dab90f09419afe57d762e74e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "77FCD0F733564289256D9B7C75313F41AAD3F995DAB90F09419AFE57D762E74E"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=571
Expires: Wed, 30 Nov 2022 07:14:56 GMT
Date: Wed, 30 Nov 2022 07:05:25 GMT
Connection: keep-alive

www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=

94.75.250.120

200 OK

2.1 kB

URL HTTP/2
www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
2.1 kB (2143 bytes)
Hash
8c866678f89683be3a1d97d3033efa51
721b62d3243dd7f277b92f1aaf45a11b8f53c7d7
c844649617bed4e25e790742ad34a2cf608624a504d6d1ec181a24ddc993dd4a

HTTP Headers

GET /?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8= HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:25 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; expires=Wed, 30-Nov-2022 15:05:25 GMT; Max-Age=28800; path=/; secure; SameSite=None
lang=en; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
ref_id=24; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
tc1=HHbf4a1d105856f722360ef142adcd33d5; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
tc2=1377; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
tc3=49; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
tc4=SOI; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
tc5=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
tc6=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
tc7=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
tc8=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; SameSite=None
age_verification=1; expires=Thu, 30-Nov-2023 07:05:25 GMT; Max-Age=31536000; path=/; secure; SameSite=None
HAPBK=web2; path=/; Secure; SameSite=None
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
content-length: 2143
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

www.gayharem.com/js/screenfull.js?v=66928416

94.75.250.120

200 OK

935 B

URL HTTP/2
www.gayharem.com/js/screenfull.js?v=66928416
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with very long lines (2863), with no line terminators
Size
935 B (935 bytes)
Hash
4dfe9ff40759d6d7316a51d4c38e5f9e
e1e3d4777637e222b1200a6d6bc67135492f9dd0
5ba0c79e328a50335bcd5850178c1f0cb70cd5478e738950a925081d04c49c50

HTTP Headers

GET /js/screenfull.js?v=66928416 HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:25 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Nov 2022 10:02:43 GMT
etag: "b2f-5ee3481986582-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 935
content-type: application/javascript
X-Firefox-Spdy: h2

www.gayharem.com/css/chat.css?v=66928413

94.75.250.120

200 OK

15 kB

URL HTTP/2
www.gayharem.com/css/chat.css?v=66928413
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with very long lines (65536), with no line terminators
Size
15 kB (14745 bytes)
Hash
394d3b1d034d079885c62451c49c6b45
52e7386beb16d4bc88696c5294d424bd868d1990
46376016d85fe4f4e7d969e71041e7a92ae4d1918e1cd85e61b57c8ab19edd18

HTTP Headers

GET /css/chat.css?v=66928413 HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:25 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Nov 2022 10:02:15 GMT
etag: "1ea9c-5ee347fe68e22-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 14745
content-type: text/css
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.106

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65447)
Size
31 kB (31017 bytes)
Hash
7808e0e4b7a714230373852158500533
4a79d18722a68a2f38d52e2d3a11b550bdd30b3c
8ba5796bee6a065b8b31895e7e8d59ba564cfd36d2ce056e327588e67736f054

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Nov 2022 22:30:58 GMT
expires: Wed, 29 Nov 2023 22:30:58 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
age: 30867
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
146dac10a93604a686550631e14eefb9
b4af601ce6d515d9ec124938ce626060e0d43099
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 30 Nov 2022 06:11:14 GMT
cache-control: public,max-age=3600
age: 3252
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

www.gayharem.com/home.html

94.75.250.120

200 OK

3.8 kB

URL HTTP/2
www.gayharem.com/home.html
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1409)
Size
3.8 kB (3842 bytes)
Hash
baddf4c0b682d0279a33ba649d028396
61518994e7285debdb66f4afb9884cec7b3b1539
a3a7a453f08a53d5ef7fa643cee7a12a3f15db60427ffd88475d7874a84e2a51

HTTP Headers

GET /home.html HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
content-encoding: gzip
content-length: 3842
content-type: text/html; charset=UTF-8
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.gayharem.com/js/quest.js?v=66928415

94.75.250.120

200 OK

7.5 kB

URL HTTP/2
www.gayharem.com/js/quest.js?v=66928415
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with very long lines (30914), with no line terminators
Size
7.5 kB (7548 bytes)
Hash
be420a0c61753f1b8179b9732566fd9e
5bbed109d9d12f1c78e386752a35c5ae0f9e1115
2a4b1ba51c8325d547e8cd7d9df5a43a99bfaf58dc67da0bb99b37743f65b523

HTTP Headers

GET /js/quest.js?v=66928415 HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/home.html
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Nov 2022 10:02:39 GMT
etag: "78c2-5ee3481570701-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 7548
content-type: application/javascript
X-Firefox-Spdy: h2

fonts.gstatic.com/s/carterone/v17/q5uCsoe5IOB2-pXv9UcNExN8hA.woff2

142.250.74.35

200 OK

28 kB

URL HTTP/2
fonts.gstatic.com/s/carterone/v17/q5uCsoe5IOB2-pXv9UcNExN8hA.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 27984, version 1.0\012- data
Size
28 kB (27984 bytes)
Hash
9c01ef3c4862a40bf29bd780e7e88da4
54db29d9cf8092d9c50d477c5d9d9e199c944453
dc6d951120092f271275422fbff657a219671695d03bdd251761e05ee9e86589

HTTP Headers

GET /s/carterone/v17/q5uCsoe5IOB2-pXv9UcNExN8hA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gayharem.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 27984
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 25 Nov 2022 00:05:48 GMT
expires: Sat, 25 Nov 2023 00:05:48 GMT
cache-control: public, max-age=31536000
age: 457178
last-modified: Thu, 21 Apr 2022 17:07:09 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.gayharem.com/js/guest.js?v=66928414

94.75.250.120

200 OK

529 B

URL HTTP/2
www.gayharem.com/js/guest.js?v=66928414
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
ASCII text, with very long lines (1367), with no line terminators
Size
529 B (529 bytes)
Hash
7348e55be15dc16f98e50b2826ece833
4186367a3694585077625c655a9c503cdabbd545
ea3aab4a54f71ce834d19887b7b10988bb3ba09ed818f92b80ee64150bf59972

HTTP Headers

GET /js/guest.js?v=66928414 HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/home.html
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Nov 2022 10:02:23 GMT
etag: "557-5ee3480605241-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-length: 529
content-type: application/javascript
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e6398b8e11a23c36b3bfaf8b11127a2c
4e42ad6154d435fad8be547e3a396ff0bdc844f9
c2b33b35ba98033d022ab0237ef34b4e159cc3b5d0d7ca8ce7d138abc584edf2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 07:05:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 03:14:34 GMT
Expires: Mon, 05 Dec 2022 03:14:33 GMT
Etag: "4e42ad6154d435fad8be547e3a396ff0bdc844f9"
Cache-Control: max-age=417546,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7721bc12fbee1c0a-OSL

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
608e4d04a251ebcd51660e801f388303
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e6398b8e11a23c36b3bfaf8b11127a2c
4e42ad6154d435fad8be547e3a396ff0bdc844f9
c2b33b35ba98033d022ab0237ef34b4e159cc3b5d0d7ca8ce7d138abc584edf2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 07:05:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 03:14:34 GMT
Expires: Mon, 05 Dec 2022 03:14:33 GMT
Etag: "4e42ad6154d435fad8be547e3a396ff0bdc844f9"
Cache-Control: max-age=417546,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7721bc134e0fb4fd-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e6398b8e11a23c36b3bfaf8b11127a2c
4e42ad6154d435fad8be547e3a396ff0bdc844f9
c2b33b35ba98033d022ab0237ef34b4e159cc3b5d0d7ca8ce7d138abc584edf2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 07:05:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 03:14:34 GMT
Expires: Mon, 05 Dec 2022 03:14:33 GMT
Etag: "4e42ad6154d435fad8be547e3a396ff0bdc844f9"
Cache-Control: max-age=417546,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7721bc133c141c0a-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
3c8c689bd654417640d85f3da51af313
85123b6d46230a23d03768bf304b386e5d301305
516138ca79703b45e904d32d7dde1c1e9fd35995b9f1bb1331c547542745676d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3213
Cache-Control: max-age=96895
Content-Type: application/ocsp-response
Date: Wed, 30 Nov 2022 07:05:26 GMT
Etag: "6385cba8-1d7"
Expires: Thu, 01 Dec 2022 10:00:21 GMT
Last-Modified: Tue, 29 Nov 2022 09:06:48 GMT
Server: ECS (ska/F70D)
X-Cache: HIT
Content-Length: 471

gh1.hh-content.com/ic_loading_carrot.svg

104.152.112.111

200 OK

3.7 kB

URL HTTP/2
gh1.hh-content.com/ic_loading_carrot.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
3.7 kB (3743 bytes)
Hash
c7ea21734a64fecf0b2b8f54e582e036
2383ef4319d210f37b256cdd05a6e75de60091bc
bd50e89429493ff3043675f67cbbdeea7da18da0ef2a8e0de870eb39dac8dd25

HTTP Headers

GET /ic_loading_carrot.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 3743
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6140-0-28233-h-0-0---;6141-24-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/clubs/ic_xCross.png

104.152.112.111

200 OK

1.3 kB

URL HTTP/2
gh1.hh-content.com/clubs/ic_xCross.png
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
PNG image data, 82 x 74, 8-bit colormap, non-interlaced\012- data
Size
1.3 kB (1264 bytes)
Hash
8ae89c096a2186b9ed393a2baa1e8886
53917bc9a063bc304440ec6ae17fb1c583c8f9c4
02c88820b0f0b1292dfc9a5ad88c8cbbfd7941a41ca69f00b769b41deb198be6

HTTP Headers

GET /clubs/ic_xCross.png HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 1264
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
accept-ranges: bytes
x-cdn-diag: ams5-6139-0-32167-h-0-0---;6141-24-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/pictures/design/mob_rotation.gif

104.152.112.111

200 OK

237 kB

URL HTTP/2
gh1.hh-content.com/pictures/design/mob_rotation.gif
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
GIF image data, version 89a, 786 x 698\012- data
Size
237 kB (237009 bytes)
Hash
e6e83330ff5589bfe920467e9899f31e
c628ffd1e5a5cb9fb54503b2c739bbd958b2de59
1189ad1cf1763829b8d69976c20f8105a2b321894d53cea4bafb7dbe81caec2f

HTTP Headers

GET /pictures/design/mob_rotation.gif HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/gif
content-length: 237009
last-modified: Thu, 08 Apr 2021 09:29:25 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-43335-h-0-0---;6141-24-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/quest/ic_eyeopen.svg

104.152.112.111

200 OK

1.1 kB

URL HTTP/2
gh1.hh-content.com/quest/ic_eyeopen.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.1 kB (1142 bytes)
Hash
d024138a612c10f6f1f53a59ee5e3dd2
eeaf38bfbcc7b8eb245647db978e61db286bcc30
54dc51810c4190a40a490c712bc60a7a2764e6213f8c1b7230836d83de5de996

HTTP Headers

GET /quest/ic_eyeopen.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 1142
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-7846-0-3623-h-0-0---;6141-24-20702----0-0-0
X-Firefox-Spdy: h2

images.hh-content.com/gay/pictures/design/logo2.png

104.152.112.111

200 OK

2.7 kB

URL HTTP/2
images.hh-content.com/gay/pictures/design/logo2.png
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
PNG image data, 318 x 250, 8-bit colormap, non-interlaced\012- data
Size
2.7 kB (2683 bytes)
Hash
0c3bb2832345bfd21e34cc9187cd3c4f
5b24617ff5f5e01c22ac97c2b37e668f93d99a50
4a7c61eee015a7b5201c12c84f4906902e08204c0aaf08bd91eea65c797e3bde

HTTP Headers

GET /gay/pictures/design/logo2.png HTTP/1.1
Host: images.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 2683
last-modified: Tue, 23 Mar 2021 12:09:11 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: images.hh-content.com
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-43337-h-0-0---;6141-23-20702----0-0-1
X-Firefox-Spdy: h2

images.hh-content.com/gay/pictures/design/logo-apple-touch-icon.png

104.152.112.111

200 OK

1.8 kB

URL HTTP/2
images.hh-content.com/gay/pictures/design/logo-apple-touch-icon.png
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
PNG image data, 150 x 150, 8-bit colormap, non-interlaced\012- data
Size
1.8 kB (1806 bytes)
Hash
45596fd87d941cd0a5af48c457dfad57
5c46418a8a2bf547740caca495b2d7ed4ca9e84f
d3b23aeca39a160509db3cc52c620386e594be966c8878ba224bde58f8fc296a

HTTP Headers

GET /gay/pictures/design/logo-apple-touch-icon.png HTTP/1.1
Host: images.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 1806
last-modified: Thu, 17 Dec 2020 17:04:14 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: images.hh-content.com
accept-ranges: bytes
x-cdn-diag: ams5-6139-0-32167-h-0-0---;6141-25-20702----0-0-1
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Carter+One|Kalam:700|Mr+Dafoe|Alegreya+Sans:700i|Marck+Script

142.250.74.106

200 OK

6.3 kB

URL HTTP/2
fonts.googleapis.com/css?family=Carter+One|Kalam:700|Mr+Dafoe|Alegreya+Sans:700i|Marck+Script
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
6.3 kB (6316 bytes)
Hash
71b9e5dcd4e1b295822afa94d1ecd0fc
9c0ca4057f936121b5fe37617957520e417d68f2
98f063439e91aa1f7bf28a49719c7e0fafec11517291e380d573ea3556bb192b

HTTP Headers

GET /css?family=Carter+One|Kalam:700|Mr+Dafoe|Alegreya+Sans:700i|Marck+Script HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 30 Nov 2022 07:05:25 GMT
date: Wed, 30 Nov 2022 07:05:25 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

gh1.hh-content.com/design/ic_join.svg

104.152.112.111

200 OK

1.4 kB

URL HTTP/2
gh1.hh-content.com/design/ic_join.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (401), with CRLF line terminators
Size
1.4 kB (1411 bytes)
Hash
8ba97dba6572f93deebde7fe83bd5b69
f4cda4f98492c210aa990cf6063e8a79590ae011
f5557fa48f8dcff13b38b1b5055d04768470bc01be5a1a0971fd9293042b1b79

HTTP Headers

GET /design/ic_join.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 1411
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-43337-h-0-0---;6141-25-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/design/ic_legal.svg

104.152.112.111

200 OK

2.3 kB

URL HTTP/2
gh1.hh-content.com/design/ic_legal.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.3 kB (2320 bytes)
Hash
e12db90b345490737b33530778cf44ee
e873e0209b1a08f5d87dd0534d6fd3311c9f766f
b8f586101e80adb692675c6b21adaad397a7ba1033d45d61d2f0189b78c6cb91

HTTP Headers

GET /design/ic_legal.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 2320
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6141-0-7900-h-0-0---;6141-25-20702----0-0-0
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e6398b8e11a23c36b3bfaf8b11127a2c
4e42ad6154d435fad8be547e3a396ff0bdc844f9
c2b33b35ba98033d022ab0237ef34b4e159cc3b5d0d7ca8ce7d138abc584edf2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 07:05:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 03:14:34 GMT
Expires: Mon, 05 Dec 2022 03:14:33 GMT
Etag: "4e42ad6154d435fad8be547e3a396ff0bdc844f9"
Cache-Control: max-age=417546,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7721bc134a6a0b41-OSL

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
e6398b8e11a23c36b3bfaf8b11127a2c
4e42ad6154d435fad8be547e3a396ff0bdc844f9
c2b33b35ba98033d022ab0237ef34b4e159cc3b5d0d7ca8ce7d138abc584edf2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 30 Nov 2022 07:05:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 03:14:34 GMT
Expires: Mon, 05 Dec 2022 03:14:33 GMT
Etag: "4e42ad6154d435fad8be547e3a396ff0bdc844f9"
Cache-Control: max-age=417546,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7721bc135e040b45-OSL

gh1.hh-content.com/design/ic_login.svg

104.152.112.111

200 OK

8.7 kB

URL HTTP/2
gh1.hh-content.com/design/ic_login.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
8.7 kB (8722 bytes)
Hash
5915a8ebac160e3953e4467dedec30b8
df20474ef16fc034e7c9bf27bb1bff222d106032
fec09101a2dbd6d4956c64c59f4898b448ec8dc884cbc01976ce6e6fa6eeb118

HTTP Headers

GET /design/ic_login.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 8722
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4183-h-0-0---;6141-24-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/quest/ic_eyeclosed.svg

104.152.112.111

200 OK

1.4 kB

URL HTTP/2
gh1.hh-content.com/quest/ic_eyeclosed.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
1.4 kB (1424 bytes)
Hash
ee4ad4b4410fcc5898cab08a69780cd6
a8ed6e8ef5b181c240270cbcc7aa155405eb3003
1221af76045abbae2c6505da09d58cdee9ece408c45c084198f4b6646e60cb84

HTTP Headers

GET /quest/ic_eyeclosed.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 1424
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6140-0-28233-h-0-0---;6141-24-20702----0-0-0
X-Firefox-Spdy: h2

push.services.mozilla.com/

54.148.53.106

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.148.53.106:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jm8fU65vsZXyc2EPA3YzpQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: fiWrtEzaM8B24M29UTc8wTzGad4=

fonts.gstatic.com/s/kalam/v16/YA9Qr0Wd4kDdMtDqHTLMkiQ.woff2

142.250.74.35

200 OK

22 kB

URL HTTP/2
fonts.gstatic.com/s/kalam/v16/YA9Qr0Wd4kDdMtDqHTLMkiQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 22144, version 1.0\012- data
Size
22 kB (22144 bytes)
Hash
f3ad3b3081bb38a18628d88ddf39b8b6
befa33190a885871d06ebf259dc12d0d325fd74c
252063af6ade8b9a744cde4ddad0fc21ea53b8ba711eed121a0c2e8610ea9c93

HTTP Headers

GET /s/kalam/v16/YA9Qr0Wd4kDdMtDqHTLMkiQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.gayharem.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 22144
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 14:43:54 GMT
expires: Sun, 26 Nov 2023 14:43:54 GMT
cache-control: public, max-age=31536000
age: 318092
last-modified: Tue, 26 Apr 2022 15:48:21 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

gh1.hh-content.com/design/ic_fullscreen.svg

104.152.112.111

200 OK

9.1 kB

URL HTTP/2
gh1.hh-content.com/design/ic_fullscreen.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
9.1 kB (9108 bytes)
Hash
0831c44a1a21d67c02ef25bc69e5b889
b160e53081718dfbde5d57fc71d3d09e7d263eac
ceb0ca832f16fdb1647cbf5d34d6c095dd6ad6b8b842dc2cf7317f15dcbe2f76

HTTP Headers

GET /design/ic_fullscreen.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 9108
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4183-h-0-0---;6141-23-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/design/menu/sound_on.svg

104.152.112.111

200 OK

2.3 kB

URL HTTP/2
gh1.hh-content.com/design/menu/sound_on.svg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
2.3 kB (2269 bytes)
Hash
c89b911deef6444f334ee6bec8b70bae
8e9121d4a8eb7cac274a7cc6b9665531d908e604
7c114f2ad2ce1fb762d9a537d35c75de9901a6885e00a77aa1b9486dd8169c8f

HTTP Headers

GET /design/menu/sound_on.svg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 2269
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
vary: Accept-Encoding
accept-ranges: bytes
x-cdn-diag: ams5-6249-0-43339-h-0-0---;6141-23-20702----0-0-1
X-Firefox-Spdy: h2

www.gayharem.com/phoenix-tr_labels-en-1172.js

94.75.250.120

200 OK

16 kB

URL HTTP/2
www.gayharem.com/phoenix-tr_labels-en-1172.js
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
data
Size
16 kB (16118 bytes)
Hash
d8775e01e51e7479e1e43c214f5fb3f4
ea0af2b3767d71672c930ddf3c2def858cc1cc0e
cb4fa14ad135a4353b9b6439569e522c833beec5685241ccedbf06af4cdd0c6c

HTTP Headers

GET /phoenix-tr_labels-en-1172.js HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/home.html
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
content-encoding: gzip
cache-control: private, max-age=604800, pre-check=604800
pragma: private
expires: Thu, 08 Jan 70 01:00:00 +0100
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8;
X-Firefox-Spdy: h2

gh1.hh-content.com/design_v2/gh_ic_XP.png

104.152.112.111

200 OK

4.3 kB

URL HTTP/2
gh1.hh-content.com/design_v2/gh_ic_XP.png
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size
4.3 kB (4317 bytes)
Hash
56afc911f1367343363901032f074bb1
b2db1da840e402fb2861f2294a914c1cdafd3329
07e4cfffe075e888a8d21fb449717f4f40d1e2c962591146563d87e74ce70799

HTTP Headers

GET /design_v2/gh_ic_XP.png HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 4317
last-modified: Tue, 05 May 2020 14:59:59 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
accept-ranges: bytes
x-cdn-diag: ams5-6140-0-28233-h-0-0---;6141-23-20702----0-0-0
X-Firefox-Spdy: h2

gh1.hh-content.com/pictures/design/ic_soft_currency.png

104.152.112.111

200 OK

4.8 kB

URL HTTP/2
gh1.hh-content.com/pictures/design/ic_soft_currency.png
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
PNG image data, 100 x 100, 8-bit colormap, non-interlaced\012- data
Size
4.8 kB (4783 bytes)
Hash
628032e842e346860ba4132a5b66fe93
d441605bb3c43621520525758d75b9c9bc99831a
1fbde569f6ce61dc1302f088318f2d1acdc24b85475e998bda540fc131c4f04a

HTTP Headers

GET /pictures/design/ic_soft_currency.png HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 4783
last-modified: Wed, 13 Mar 2019 16:03:42 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
accept-ranges: bytes
x-cdn-diag: ams5-7619-0-4183-h-0-0---;6141-23-20702----0-0-0
X-Firefox-Spdy: h2

www.gayharem.com/ajax.php

94.75.250.120

200 OK

16 B

URL HTTP/2
www.gayharem.com/ajax.php
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
JSON data\012- , ASCII text, with no line terminators
Size
16 B (16 bytes)
Hash
7363e85fe9edee6f053a4b319588c086
a15e2127145548437173fc17f3e980e3f3dee2d0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

HTTP Headers

POST /ajax.php HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 60
Origin: https://www.gayharem.com
Connection: keep-alive
Referer: https://www.gayharem.com/home.html
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
strict-transport-security: max-age=31536000
content-length: 16
content-type: application/json; charset=utf-8
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5e2f47d63ffbb03e8073e9ff81209c23
844c091ef9e62c47d4c9bb08e6990ccd79426d12
98ba5a7e2e1fb16a2430deaa02f026fe83e05ce0ab2943d7aba118fbbcc08be8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98BA5A7E2E1FB16A2430DEAA02F026FE83E05CE0AB2943D7ABA118FBBCC08BE8"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12223
Expires: Wed, 30 Nov 2022 10:29:09 GMT
Date: Wed, 30 Nov 2022 07:05:26 GMT
Connection: keep-alive

gh1.hh-content.com/pictures/audio/bg_music_2.ogg

104.152.112.111

206 Partial Content

250 kB

URL HTTP/2
gh1.hh-content.com/pictures/audio/bg_music_2.ogg
IP
104.152.112.111:0
ASN
#11019 HAPROXY-TECHNOLOGIES

File type
Ogg data, Vorbis audio, stereo, 44100 Hz, ~48000 bps\012- data
Size
250 kB (250322 bytes)
Hash
cc713bef94160a27aa29823b77faae94
a2475ef66418a00354dbc1e553d40f361853d7b1
8676704e47de7b5c2fe9a53086b253499c3eddec05dca45d1e1613f9908321ad

HTTP Headers

GET /pictures/audio/bg_music_2.ogg HTTP/1.1
Host: gh1.hh-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://www.gayharem.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 206 Partial Content
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: audio/ogg
content-length: 1833608
last-modified: Mon, 22 Feb 2021 10:25:29 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
x-vhost-info: gh
content-range: bytes 0-1833607/1833608
x-cdn-diag: ams5-7846-0-3621-h-0-0---;6141-27-20702----0-0-0
X-Firefox-Spdy: h2

use.typekit.net/lfu1uah.css

23.36.76.186

200 OK

827 B

URL HTTP/2
use.typekit.net/lfu1uah.css
IP
23.36.76.186:0
ASN
#20940 Akamai International B.V.

File type
Unicode text, UTF-8 text, with very long lines (516)
Size
827 B (827 bytes)
Hash
23cb3bd0e9baa58586be8877ed1fa4cf
4ba80bb386eced49c48a45d0f1760810178e4fbe
9170aa9c3289e5e5d09f40bc0941d772e3d4cde22e5f145eafdfa7b68118ad69

HTTP Headers

GET /lfu1uah.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 827
date: Wed, 30 Nov 2022 07:05:26 GMT
X-Firefox-Spdy: h2

eggs-content.kinkoid.com/authentication/hide.svg

94.75.250.120

200 OK

748 B

URL HTTP/2
eggs-content.kinkoid.com/authentication/hide.svg
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (748), with no line terminators
Size
748 B (748 bytes)
Hash
cad59edc70e2ae6387ab04e4f961528f
c7bb66aa521e859f4d8a35b6b8da847862e24413
51bdb6a686feff9b34838a4e975c4ed30fb665543036b1f8adc6036be0764192

HTTP Headers

GET /authentication/hide.svg HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 748
last-modified: Tue, 14 Jul 2020 06:31:25 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

eggs-content.kinkoid.com/authentication/show.svg

94.75.250.120

200 OK

510 B

URL HTTP/2
eggs-content.kinkoid.com/authentication/show.svg
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (510), with no line terminators
Size
510 B (510 bytes)
Hash
aae407daa4dba9e5d6b2ddf37a0f1b41
fa37c7736d6c33b9e62349cc65d0252bc715cb47
84bc80996a1db1c515d60d9fb037042d6220adc9b5be3bf279b06013fc9d6aa2

HTTP Headers

GET /authentication/show.svg HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/svg+xml
content-length: 510
last-modified: Tue, 14 Jul 2020 06:31:15 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

eggs-content.kinkoid.com/authentication/gay/logo.png

94.75.250.120

200 OK

3.0 kB

URL HTTP/2
eggs-content.kinkoid.com/authentication/gay/logo.png
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
PNG image data, 200 x 164, 8-bit colormap, non-interlaced\012- data
Size
3.0 kB (2957 bytes)
Hash
2a358132cf75e190deb6c8b897a15e56
96355ada6eeb3ff2530d7f926864a7db88fc5f65
931960a7b78fb2fa8055a2e9ee7c45898fea75efd117008a7d689fbac85d122f

HTTP Headers

GET /authentication/gay/logo.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 2957
last-modified: Tue, 01 Sep 2020 04:45:50 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

eggs-content.kinkoid.com/authentication/gay/forgotten_password.png

94.75.250.120

200 OK

408 kB

URL HTTP/2
eggs-content.kinkoid.com/authentication/gay/forgotten_password.png
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
PNG image data, 1200 x 3000, 8-bit colormap, non-interlaced\012- data
Size
408 kB (408338 bytes)
Hash
a47d3883477a377931ed3f77da12f37a
2e5bad2cc7ef2519c5db5365c5e0ba7c44bc4efe
28dac23df8ee2522ae2f86a881f58154286d902a53f3ffa3a309b7c39617548f

HTTP Headers

GET /authentication/gay/forgotten_password.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 408338
last-modified: Tue, 01 Sep 2020 05:53:58 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

p.typekit.net/p.css?s=1&k=lfu1uah&ht=tk&f=34212.34213.34214.34215.34216.34217&a=13331608&app=typekit&e=css

23.36.76.186

200 OK

5 B

URL HTTP/2
p.typekit.net/p.css?s=1&k=lfu1uah&ht=tk&f=34212.34213.34214.34215.34216.34217&a=13331608&app=typekit&e=css
IP
23.36.76.186:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
5 B (5 bytes)
Hash
83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

HTTP Headers

GET /p.css?s=1&k=lfu1uah&ht=tk&f=34212.34213.34214.34215.34216.34217&a=13331608&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Wed, 30 Nov 2022 07:05:27 GMT
X-Firefox-Spdy: h2

eggs-content.kinkoid.com/authentication/gay/register.png

94.75.250.120

200 OK

392 kB

URL HTTP/2
eggs-content.kinkoid.com/authentication/gay/register.png
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
PNG image data, 1200 x 3000, 8-bit colormap, non-interlaced\012- data
Size
392 kB (392512 bytes)
Hash
014ad549dd3e2f34fb0ce16437a644c1
1afbae4d3c8495e66e14d7a8f6f5d4ac0ec4aea7
d8b94f33162a2d00a49187fdc97a7be901a72a503c90067673e7828dacfef9ec

HTTP Headers

GET /authentication/gay/register.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 392512
last-modified: Tue, 01 Sep 2020 05:53:58 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

eggs-content.kinkoid.com/authentication/gay/authenticate.png

94.75.250.120

200 OK

640 kB

URL HTTP/2
eggs-content.kinkoid.com/authentication/gay/authenticate.png
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
PNG image data, 1200 x 3000, 8-bit colormap, non-interlaced\012- data
Size
640 kB (640316 bytes)
Hash
9f61fff17d7fd4367fbc28ddde97b9e4
8f91f4746c5f0ccbd3fe1b3a7accd3c8cd3d8323
7c79b819840ba34b6551d63e354b836e4bdaa6d030c0f747b901be73e181197b

HTTP Headers

GET /authentication/gay/authenticate.png HTTP/1.1
Host: eggs-content.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eggs-ext.kinkoid.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.14.2
date: Wed, 30 Nov 2022 07:05:26 GMT
content-type: image/png
content-length: 640316
last-modified: Tue, 01 Sep 2020 05:53:58 GMT
cache-control: public, max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4843
Expires: Wed, 30 Nov 2022 08:26:10 GMT
Date: Wed, 30 Nov 2022 07:05:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4843
Expires: Wed, 30 Nov 2022 08:26:10 GMT
Date: Wed, 30 Nov 2022 07:05:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4843
Expires: Wed, 30 Nov 2022 08:26:10 GMT
Date: Wed, 30 Nov 2022 07:05:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4843
Expires: Wed, 30 Nov 2022 08:26:10 GMT
Date: Wed, 30 Nov 2022 07:05:27 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a97c452e75cf1d4833e777d7ba7f2c47
58f15763fd33f742ce870f49f1c2dbed5b41205f
39bb874a415db37a81432942eb84151b0134d1aacaa31d364b6dadae4388c6a1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39BB874A415DB37A81432942EB84151B0134D1AACAA31D364B6DADAE4388C6A1"
Last-Modified: Mon, 28 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4843
Expires: Wed, 30 Nov 2022 08:26:10 GMT
Date: Wed, 30 Nov 2022 07:05:27 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp

34.120.237.76

200 OK

9.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.3 kB (9330 bytes)
Hash
bbe350ea797a0fec5a19a450fc5de4b4
2f3a39a528d3b759060203931de33c12303592e1
4d661dac2e19e07ae15d0f8cf00bd268c6c2defb2f5e4de38fcb6e7031dfd605

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F13e1db4e-7108-464a-85b6-24ac0c4609f9.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9330
x-amzn-requestid: 3fad352d-7664-43e0-9395-e840f671ca61
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgFQFIdoAMFSmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a21-5e9847852f8435231d401fe6;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:13 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: mCEtSOenWKxay4vNy5mN9cexxXKXKt7TMuLaLw-M86tLKwQ2MwuxPg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:11:32 GMT
age: 32035
etag: "2f3a39a528d3b759060203931de33c12303592e1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
6.1 kB (6069 bytes)
Hash
d9db3f376641fa1de0064ce53dc0f136
99223349693ded05ecf80814a3070893e5690841
421d1644c1783fb01695207d30c8bf36f9d39d87cd0a9aa74a9d9e281899145a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F250668cd-c9db-4014-b576-3aaad4eb9150.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5785
x-amzn-requestid: ee77265b-8e90-4035-8ef1-92a2d26aaefa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgDaHdWoAMFqmw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a15-0d10d74030e7aee74804b654;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:01 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: GydenCzPtpFdVLqN4ssiZ4dKN48WGneS3mwzEdDE81pobtLznfC4VQ==
via: 1.1 38eecd3ca21bf068d69a2f9cfe668d14.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:07:59 GMT
age: 32248
etag: "f7cf3a0f89751a02fbcf8d21f505f24a74e8b30b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6bad627-8bb4-4de1-a2da-92da8f9ec614.webp
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7658 bytes)
Hash
536cd283dee06cf1ceb9e15e4850db92
47aafca572d34f9726a0174ac902178556e581d8
63a5acf87962da6656f828422545af0ccc0888f0a2a15ebd2160ffb3714e6241

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6bad627-8bb4-4de1-a2da-92da8f9ec614.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7658
x-amzn-requestid: e729e5b6-0c92-4ed3-b449-4a30d5bb4b89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEyEQSIAMFWsQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1e-1bba7e9a2d15d66779b1896c;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AuN9hTb4YydNZjvpnTGyE313wl-O3F_p4jC_NUSe8kr3RB_4AjOEMw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:56:09 GMT
age: 32958
etag: "47aafca572d34f9726a0174ac902178556e581d8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.0 kB (7971 bytes)
Hash
9e135c29a8769eb12ef8c26f99097400
87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d
ce41ff79c382efc54aa2fd3ab64293d2d2b706a7f21585f4bd8bbcd9a3566126

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde294fb7-e851-4e57-83be-aa3374862dcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7971
x-amzn-requestid: e47d10e4-2b60-4998-b5fa-5b145e60aac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhgWHgGoAMFcLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867c68-5b9710a07b0a59730e73dce4;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:40:56 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OURSF_raDXrHV3-3ScaEdorNpW9ZKSIQjv6WUCQYHhruGz372BU_QA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:11:32 GMT
age: 32035
etag: "87447d20e9c0a6a6aeefe6ca107f93cd3598cd0d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7a6f598-362e-4a6c-ba04-330df636e33b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.5 kB (8498 bytes)
Hash
f3c7e8351884491aeab9323c004bc3f3
127ac68bac21c88ffc6e09cc6666e93de4746a1f
e6fa04c502105c43c85c00d39481d2598c6d8fd56540e10107b6668c51597ae4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7a6f598-362e-4a6c-ba04-330df636e33b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8498
x-amzn-requestid: f6b92060-88d4-49bd-b60e-94d99feca4e4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYiBaGPOIAMFu1Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867d3c-331dacfb087d23881924eef9;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:44:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5Zv5zu1q8h4GFU6agEcDzSVFYuvF74qu7UBnovs3vH5jpu17cmyxjQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 21:44:50 GMT
age: 33637
etag: "127ac68bac21c88ffc6e09cc6666e93de4746a1f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8885 bytes)
Hash
8825a2c5c0d98323f489e0b816b7f1d8
05f46985ea4ace57460120876da8e19db08857b3
1d12590a78b32146d6f1d107fb93bdb6cb45228d15babd087c0111495d7138e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F48df8a6f-5803-4ce0-ab84-1efc8ca3e251.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8885
x-amzn-requestid: 67e1ba67-b4fb-42c8-985d-f34164101c7b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYhIGGtloAMFxjw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867bcd-295995bb1123430c55659fe3;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:38:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: d64lSE184IwrwZKVC8KOUINEBclth9b7xRGV9T1uNfAptgXz0bxKhw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 29 Nov 2022 22:14:25 GMT
age: 31862
etag: "05f46985ea4ace57460120876da8e19db08857b3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

tm-offers.gamingadult.com/?offer=49&uid=507583a4-7fe9-4587-a5fd-cf52fcff602d&lp=49&subid=w0ggqetvnhmgb7rk2usuvt82

137.74.247.34

302 Found

0 B

URL HTTP/2
tm-offers.gamingadult.com/?offer=49&uid=507583a4-7fe9-4587-a5fd-cf52fcff602d&lp=49&subid=w0ggqetvnhmgb7rk2usuvt82
IP
137.74.247.34:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?offer=49&uid=507583a4-7fe9-4587-a5fd-cf52fcff602d&lp=49&subid=w0ggqetvnhmgb7rk2usuvt82 HTTP/1.1
Host: tm-offers.gamingadult.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
server: nginx
date: Wed, 30 Nov 2022 07:05:25 GMT
content-type: text/html; charset=UTF-8
location: https://www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=
set-cookie: HH-offer49=1; expires=Wed, 30-Nov-2022 19:05:25 GMT; Max-Age=43200; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

www.gayharem.com/js/chat.js?v=66928416

94.75.250.120

200 OK

0 B

URL HTTP/2
www.gayharem.com/js/chat.js?v=66928416
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/chat.js?v=66928416 HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/?ref_id=24&noagev=1&tc1=HHbf4a1d105856f722360ef142adcd33d5&tc2=1377&tc3=49&tc4=SOI&tc5=&tc6=&tc7=&tc8=
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:25 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Nov 2022 10:02:42 GMT
etag: "65b72-5ee348183d3d8-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2

www.gayharem.com/js/default.js?v=66928415

94.75.250.120

200 OK

0 B

URL HTTP/2
www.gayharem.com/js/default.js?v=66928415
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/default.js?v=66928415 HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/home.html
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
strict-transport-security: max-age=31536000
last-modified: Thu, 24 Nov 2022 10:02:37 GMT
etag: "1c95a0-5ee348135752f-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
X-Firefox-Spdy: h2

www.gayharem.com/img/quests/1/1/1600x/p1a.jpg

94.75.250.120

200 OK

0 B

URL HTTP/2
www.gayharem.com/img/quests/1/1/1600x/p1a.jpg
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/quests/1/1/1600x/p1a.jpg HTTP/1.1
Host: www.gayharem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/home.html
Cookie: HH_SESS_14=nn8uto1sgd5ub4kaq08nvrd846; lang=en; ref_id=24; tc1=HHbf4a1d105856f722360ef142adcd33d5; tc2=1377; tc3=49; tc4=SOI; age_verification=1; HAPBK=web2
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 30 Nov 2022 07:05:26 GMT
server: Apache
cache-control: private, max-age=2629000, pre-check=2629000
pragma: private
expires: Sat, 31 Jan 70 11:16:40 +0100
strict-transport-security: max-age=31536000
content-type: image/jpg
X-Firefox-Spdy: h2

eggs-ext.kinkoid.com/authentication/start_authentication?product_id=2&language=en&purpose=authenticate

94.75.250.120

200 OK

0 B

URL HTTP/2
eggs-ext.kinkoid.com/authentication/start_authentication?product_id=2&language=en&purpose=authenticate
IP
94.75.250.120:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /authentication/start_authentication?product_id=2&language=en&purpose=authenticate HTTP/1.1
Host: eggs-ext.kinkoid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.gayharem.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-methods: OPTIONS, POST, GET
access-control-max-age: 2592000
access-control-allow-headers: protocol
content-type: text/html; charset=utf-8
date: Wed, 30 Nov 2022 07:05:26 GMT
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations