Overview

URL dramacool9.co/
IP172.67.190.162
ASNCLOUDFLARENET
Location United States
Report completed2022-09-24 16:23:05 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-09-24 2 goomaphy.com Sinkholed
2022-09-24 2 goomaphy.com Sinkholed
2022-09-24 2 goomaphy.com Sinkholed


Files

No files detected



Passive DNS (37)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS cdn.itskiddoan.club (1) 24539 2021-09-23 10:55:49 UTC 2022-09-24 09:09:43 UTC 139.45.197.236
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-09-24 04:22:29 UTC 34.120.237.76
mnemonic passive DNS cdn.1vag.com (1) 48829 2021-02-10 15:12:50 UTC 2022-09-24 09:26:22 UTC 45.133.44.24
mnemonic passive DNS dramacool9.co (2) 134703 2019-12-21 00:17:20 UTC 2022-09-24 08:02:02 UTC 172.67.190.162
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-09-24 04:22:33 UTC 142.250.74.72
mnemonic passive DNS jsc.adskeeper.com (3) 31191 2020-07-04 10:58:29 UTC 2022-09-24 08:17:32 UTC 104.18.5.42
mnemonic passive DNS fonts.googleapis.com (1) 8877 2013-06-10 20:14:26 UTC 2022-09-24 14:16:43 UTC 142.250.74.10
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-06-04 20:08:41 UTC 2022-09-24 09:41:35 UTC 143.204.55.27
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-09-24 04:26:56 UTC 34.160.144.191
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-09-24 04:22:23 UTC 34.117.237.239
mnemonic passive DNS na.nawpush.com (1) 38563 2020-12-23 08:18:12 UTC 2022-09-24 09:24:54 UTC 45.133.44.25
mnemonic passive DNS goomaphy.com (4) 0 2022-07-22 19:39:03 UTC 2022-09-24 16:02:17 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS btds.zog.link (1) 38469 2019-10-07 21:35:03 UTC 2022-09-24 10:11:35 UTC 109.206.175.85
mnemonic passive DNS dramacool9.co (2) 134703 2019-12-21 00:17:20 UTC 2022-09-24 08:02:02 UTC 104.21.51.232
mnemonic passive DNS r3.o.lencr.org (15) 344 2020-12-02 08:52:13 UTC 2022-09-24 04:21:50 UTC 23.36.76.226
mnemonic passive DNS ocsp.digicert.com (4) 86 2012-05-21 07:02:23 UTC 2022-09-24 12:29:46 UTC 93.184.220.29
mnemonic passive DNS js.wpadmngr.com (3) 25762 2021-06-02 14:43:46 UTC 2022-09-24 10:38:32 UTC 45.133.44.24
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-09-24 14:49:04 UTC 104.18.32.68
mnemonic passive DNS platform.bidgear.com (3) 30367 2018-11-15 19:45:56 UTC 2022-09-24 12:42:46 UTC 172.67.74.36
mnemonic passive DNS offerimage.com (1) 304078 2019-06-10 11:11:53 UTC 2022-09-24 09:09:45 UTC 172.67.22.216
mnemonic passive DNS fp.metricswpsh.com (2) 0 2022-04-22 11:20:32 UTC 2022-09-24 10:38:32 UTC 157.90.84.242 Unknown ranking
mnemonic passive DNS 70a240c353.2725849b34.com (1) 0 2022-09-21 03:31:51 UTC 2022-09-24 09:24:54 UTC 45.133.44.25 Unknown ranking
mnemonic passive DNS js.cabnnr.com (1) 37463 2021-08-30 12:50:21 UTC 2022-09-24 09:24:54 UTC 45.133.44.25
mnemonic passive DNS 80cfef144b.2725849b34.com (2) 0 2022-09-22 11:10:13 UTC 2022-09-24 09:24:57 UTC 159.69.163.6 Unknown ranking
mnemonic passive DNS rhombicsomeday.com (1) 0 2022-05-14 08:11:12 UTC 2022-09-23 10:33:32 UTC 23.109.82.9 Unknown ranking
mnemonic passive DNS imp9.bidgear.com (3) 34078 2021-03-15 11:09:09 UTC 2022-09-24 12:42:47 UTC 172.67.74.36
mnemonic passive DNS cdn.uponelectabuzzor.club (4) 0 2022-03-10 06:30:29 UTC 2022-09-24 16:04:17 UTC 139.45.197.239 Unknown ranking
mnemonic passive DNS securepubads.g.doubleclick.net (1) 190 2013-05-31 04:19:39 UTC 2022-09-24 05:55:20 UTC 216.58.207.194
mnemonic passive DNS ocsp.pki.goog (9) 175 2017-06-14 07:23:31 UTC 2022-09-24 04:23:20 UTC 142.250.74.3
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-09-24 05:36:42 UTC 34.213.92.18
mnemonic passive DNS notification.tubecup.net (1) 8210 2019-08-30 09:36:01 UTC 2022-09-24 15:35:10 UTC 88.198.204.166
mnemonic passive DNS rtbrennab.com (1) 0 2022-04-20 15:49:10 UTC 2022-09-24 10:11:54 UTC 162.55.139.130 Unknown ranking
mnemonic passive DNS cdnjs.cloudflare.com (1) 235 2020-10-20 10:17:36 UTC 2022-09-24 11:29:42 UTC 104.17.25.14
mnemonic passive DNS www.google-analytics.com (1) 40 2012-10-03 01:04:21 UTC 2022-09-24 10:11:12 UTC 142.250.74.174
mnemonic passive DNS fonts.gstatic.com (2) 0 2014-08-29 13:43:22 UTC 2022-09-24 04:21:47 UTC 142.250.74.163 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS c.statcounter.com (1) 7772 2016-04-06 11:04:27 UTC 2022-09-24 07:10:05 UTC 104.20.229.67
mnemonic passive DNS tzegilo.com (1) 0 2022-01-14 15:27:15 UTC 2022-09-24 11:36:59 UTC 172.67.194.45 Unknown ranking


Recent reports on same IP/ASN/Domain/Screenshot

Last 2 reports on IP: 172.67.190.162

Date UQ / IDS / BL URL IP
2022-11-21 08:35:07 +0000
0 - 0 - 4 dramacool9.co/ 172.67.190.162
2022-09-24 16:23:05 +0000
0 - 0 - 3 dramacool9.co/ 172.67.190.162

Last 5 reports on ASN: CLOUDFLARENET

Date UQ / IDS / BL URL IP
2022-11-28 21:05:40 +0000
0 - 0 - 3 5oh2vn.cyou/ 104.21.1.13
2022-11-28 21:04:03 +0000
1 - 0 - 2 quickads247.online/ip14c/index.html 104.21.78.157
2022-11-28 20:59:26 +0000
0 - 0 - 7 personal-finance.xyz/mx-tarjetas-l5/ 172.67.203.132
2022-11-28 20:58:50 +0000
0 - 0 - 14 we-meet-today.com/tt/02?affiliate_id=13989&su (...) 172.67.154.135
2022-11-28 20:57:20 +0000
0 - 0 - 1 important-messages.info/4/26ptdl.php 104.21.14.66

Last 3 reports on domain: dramacool9.co

Date UQ / IDS / BL URL IP
2022-11-21 08:35:07 +0000
0 - 0 - 4 dramacool9.co/ 172.67.190.162
2022-09-28 16:32:37 +0000
0 - 0 - 5 dramacool9.co/ 104.21.51.232
2022-09-24 16:23:05 +0000
0 - 0 - 3 dramacool9.co/ 172.67.190.162

No other reports with similar screenshot



JavaScript

Executed Scripts (31)


Executed Evals (29)

#1 JavaScript::Eval (size: 31, repeated: 1) - SHA256: fb71685befff6e5c6fb9e2dd5f9bea6c71a2a162b39920f3927ef5ebfcf0134d

                                        this.context['BeforeLoadEvent']
                                    

#2 JavaScript::Eval (size: 22, repeated: 1) - SHA256: c624a79f9c72c617d0ed1ad3207a67a39f6243071e14c4ebeace5dcff97313a3

                                        this.context['Entity']
                                    

#3 JavaScript::Eval (size: 35, repeated: 1) - SHA256: 022ae916a59e1d7cb709a35e757c60e6626bfccd2c1e87c5ad6b432f0f1b1538

                                        this.context['HTMLBaseFontElement']
                                    

#4 JavaScript::Eval (size: 19, repeated: 1) - SHA256: 67909fba812519f6eced963d195970a41923b591290d48f96704719fc6b74ec5

                                        this.context['NaN']
                                    

#5 JavaScript::Eval (size: 31, repeated: 1) - SHA256: 0408d20a8555f96ab5cced9f89880c477f78d4ade576e5618b04094f034fb081

                                        this.context['ArrayBufferView']
                                    

#6 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 5f7d79033f82e1d81e2e6490b1fe43f241e2889aae35ea6d5f968ca697f5a577

                                        this.context['close']
                                    

#7 JavaScript::Eval (size: 32, repeated: 1) - SHA256: a535a9a97ed5a801419c63a6e764dd3b24c8456f177155717caf9ba3411ef756

                                        this.context['chrome']['search']
                                    

#8 JavaScript::Eval (size: 26, repeated: 1) - SHA256: 59d45abada49f5b514521b527330402a2d826ae3f0dab2199c58c38f1e511777

                                        this.context['TouchEvent']
                                    

#9 JavaScript::Eval (size: 28, repeated: 1) - SHA256: 4f6a557989f79654728dcb244539b604c5329db30b964d6e8c524c72517b9fa6

                                        this.context['Notification']
                                    

#10 JavaScript::Eval (size: 42, repeated: 1) - SHA256: 2fc752a40595d1d6681e6be3ebd8f44cdda99876ff9ee19fe654647a6a11415e

                                        this.context['ApplicationCacheErrorEvent']
                                    

#11 JavaScript::Eval (size: 45, repeated: 1) - SHA256: d7fff9897aaa9675a3652e7cac1a8c2a3427b896b5cc0ab5ffd628f9bb106e34

                                        this.context['external']['AddSearchProvider']
                                    

#12 JavaScript::Eval (size: 21, repeated: 1) - SHA256: 37ceb2a749341c51c7b8c25daaa71dc167b4aba7485c9b398b8ab004b685e492

                                        this.context['Touch']
                                    

#13 JavaScript::Eval (size: 35, repeated: 1) - SHA256: 41aae560d6dd4b675e6e45d30c1572db537659e580ac434c4b89b76e4f3dc5ac

                                        this.context['SiteBoundCredential']
                                    

#14 JavaScript::Eval (size: 28, repeated: 1) - SHA256: fca3cd5a7ca3a44b75f81e0c169fe599fb48741835c83b5616e304b3f722522b

                                        this.context['AnalyserNode']
                                    

#15 JavaScript::Eval (size: 41, repeated: 1) - SHA256: 25fde17ee6ee622be6ebf83118c8802af55f2721a375a4017d6dec6edaf3b37b

                                        this.context['DOMException']['ABORT_ERR']
                                    

#16 JavaScript::Eval (size: 30, repeated: 1) - SHA256: 7ceacb36606d6f6599d3ed5454c31152cb4417fb3c02ebb66431c4227a653726

                                        this.context['clearImmediate']
                                    

#17 JavaScript::Eval (size: 25, repeated: 1) - SHA256: cfd8889f26f46323b63c7766e414faf4a4171cc959c4c2b2e6a64c0ec3edf13f

                                        this.context['CryptoKey']
                                    

#18 JavaScript::Eval (size: 33, repeated: 1) - SHA256: 92cc9c48ca7d897742a37b1578ba7c99e9d9c405fced233bb9a3270ef84fddfc

                                        this.context['DeviceMotionEvent']
                                    

#19 JavaScript::Eval (size: 45, repeated: 1) - SHA256: e44d38f746ee1fa3b3ef03ed6ea3f298c25e173b6daea3c4505afce8bb869508

                                        this.context['CanvasCaptureMediaStreamTrack']
                                    

#20 JavaScript::Eval (size: 36, repeated: 1) - SHA256: a612f8985aebacd5c5fa6b17d16982a29983ae9131bae94403ff9abe1ce2ded2

                                        this.context['navigator']['appName']
                                    

#21 JavaScript::Eval (size: 46, repeated: 1) - SHA256: e218a1ac15f252350ef2646dead414bf35db450215962e63da301cb7c3f064eb

                                        this.context['navigator']['webkitGetGamepads']
                                    

#22 JavaScript::Eval (size: 35, repeated: 1) - SHA256: 7013ec5264e02f54f3b42e05b51fd1ad0f180fa3870b71acd2f1a384cc81d601

                                        this.context['document']['prepend']
                                    

#23 JavaScript::Eval (size: 9, repeated: 1) - SHA256: 9312a1adbbf0a4c05fc296d158ec3bd39acfe50e9e98ff02688139aad6fc3351

                                        debugger;
                                    

#24 JavaScript::Eval (size: 41, repeated: 1) - SHA256: e9d851c02746b7bd4d9207264c143f76480b69aa3552b1cdaa79ee537d83f5ac

                                        this.context['navigator']['taintEnabled']
                                    

#25 JavaScript::Eval (size: 39, repeated: 1) - SHA256: aaa8c0ab87c7070701d0a29a610c65a4c1d29153c2d14623602acef3eea646dd

                                        this.context['EventTarget']['toString']
                                    

#26 JavaScript::Eval (size: 43, repeated: 1) - SHA256: 0220aceb9c3413632235ce2598b94dd7a130a95558114c04ad41f9386b69777b

                                        this.context['clientInformation']['vendor']
                                    

#27 JavaScript::Eval (size: 19, repeated: 1) - SHA256: 631bd9a13534679ce526b007d4fc8352793377d89bcc321392b01ecf075c4101

                                        this.context['Set']
                                    

#28 JavaScript::Eval (size: 36, repeated: 1) - SHA256: 2d498779a32244d72a8a7d953918ce95c00fab9d3b129b2a1c3125fb263ccb45

                                        this.context['self']['SharedWorker']
                                    

#29 JavaScript::Eval (size: 39, repeated: 1) - SHA256: 04f881dff1163e4e36943700ddbcf25667dfe7e0b154d21e181a771955264d60

                                        this.context['document']['createTouch']
                                    

Executed Writes (3)

#1 JavaScript::Write (size: 859, repeated: 1) - SHA256: 8e5ac48eaf8536b936fef5470412ecc02a26023e9215eb05902802629ec77f0a

                                        < div class = "bg-ssp-3133"
style = "width:300px!important;height:250px!important;position:relative!important;text-align:left!important;overflow:hidden!important;border: 1px solid #E5E5E5;" > < div style = "display:none" > < img data - cfasync = "false"
src = "//imp9.bidgear.com/rec?t=1&z=3133&uuid=94d3a10e8403414d972699b4f865bf8f&p=81&g=NO&token=4a44335432&tbg=1664036574"
rel = "noindex nofollow"
referrerpolicy = "unsafe-url" / > < /div><style> .ind-11 { z-index: 2; position: relative; } .ind-21 { z-index: 1; width: 300px; height: 18px; background-color: #fff; bottom: 0; right: 0; position: absolute; } </style > < div class = "ind-11" > < div class = "ind-21" > < /div> <div id="M551636ScriptRootC1364502"></div > < script src = "https://jsc.adskeeper.com/b/i/bidgear.dramacool9.co.1364502.js"
async > < /script> </div > < style > .bg - ssp - 3133 {
    margin - left: auto;
    margin - right: auto;
} < /style></div >
                                    

#2 JavaScript::Write (size: 858, repeated: 1) - SHA256: ff9f449448faea84f552edaf3a596d791a5fd45e801bcd1eebb1a77a0de6fa0f

                                        < div class = "bg-ssp-6833"
style = "width:300px!important;height:250px!important;position:relative!important;text-align:left!important;overflow:hidden!important;border: 1px solid #E5E5E5;" > < div style = "display:none" > < img data - cfasync = "false"
src = "//imp9.bidgear.com/rec?t=1&z=6833&uuid=c1806fa0d59f4114af92284c06b24519&p=78&g=NO&token=4a44335432&tbg=1664036574"
rel = "noindex nofollow"
referrerpolicy = "unsafe-url" / > < /div><style> .ind-12 { z-index: 2; position: relative; } .ind-22 { z-index: 1; width: 300px; height: 18px; background-color: #fff; bottom: 0; right: 0; position: absolute; } </style > < div class = "ind-12" > < div class = "ind-22" > < /div> <div id="M551636ScriptRootC1332671"></div > < script src = "https://jsc.adskeeper.com/b/i/bidgear.dramacool9.co.1332671.js"
async > < /script> </div > < style > .bg - ssp - 6833 {
    margin - left: auto;
    margin - right: auto;
} < /style></div >
                                    

#3 JavaScript::Write (size: 788, repeated: 1) - SHA256: ef12cb8aa29c33a38b19a46eb96f65080e8139f78f499e9aeda2c278f2423a1c

                                        < div class = "bg-ssp-5787"
style = "width:160px!important;height:600px!important;position:relative!important;text-align:left!important;overflow:hidden!important;border: 1px solid #E5E5E5;" > < div style = "display:none" > < img data - cfasync = "false"
src = "//imp9.bidgear.com/rec?t=1&z=5787&uuid=44d23715b59d48c5a7e1df203e0d8e5b&p=78&g=NO&token=4a44335432&tbg=1664036574"
rel = "noindex nofollow"
referrerpolicy = "unsafe-url" / > < /div><style> .ind-13 { z-index: 2; position: relative; } .ind-23 { z-index: 1; width: 90px; height: 18px; background-color: #fff; bottom: 0; right: 0; position: absolute; } </style > < div class = "ind-13" > < div class = "ind-23" > < /div> <div id="M551636ScriptRootC1329573"></div > < script src = "https://jsc.adskeeper.com/b/i/bidgear.dramacool9.co.1329573.js"
async > < /script> </div > < /div>
                                    


HTTP Transactions (86)


Request Response
                                        
                                            GET / HTTP/1.1 
Host: dramacool9.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         104.21.51.232
HTTP/1.1 301 Moved Permanently
                                        
Date: Sat, 24 Sep 2022 16:22:53 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 24 Sep 2022 17:22:53 GMT
Location: https://dramacool9.co/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DNtlqWwWOJ7lqVdEN9xrviwQ02ND2acjR4Cz9Iid7RqxMMNfybfNGNmHY4xtsaIZkbLzwDHtikiBOO7mGEEvY9MjTuPwUwg2eZRgA699NfIf7oWNNANDl0cKFjN4cF29"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74fcdc8acb641c12-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E82CA5F310E37267FBF792427747E65C2BB35E684D3F629C0AA302F688BC4F80"
Last-Modified: Fri, 23 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6788
Expires: Sat, 24 Sep 2022 18:16:02 GMT
Date: Sat, 24 Sep 2022 16:22:54 GMT
Connection: keep-alive

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 24 Sep 2022 16:14:31 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: -DKqN5OL6xCW1K6jN2b3FOMu9Q52R11uIOpwKORNSY4r_5qPdbfY3g==
Age: 503


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "4721814DA286852318F7EBF9857BD4BF01F0BEEA2C9EB7DDB9F290E3FA472232"
Last-Modified: Fri, 23 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7790
Expires: Sat, 24 Sep 2022 18:32:44 GMT
Date: Sat, 24 Sep 2022 16:22:54 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: Ux0vlW+bkK+JYvkcZqJ0J4mVszqAOvb0v81I5VtVwm+FAmvAoc6WnSoVIYnwvQz+tu6QmScviHo=
x-amz-request-id: VMGGR8GK7MAF147C
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 24 Sep 2022 15:47:37 GMT
age: 2117
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
etag: "6113f8408c59aebe188d6af273b90743"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    6113f8408c59aebe188d6af273b90743
Sha1:   7398873bf00f99944eaa77ad3ebc0d43c23dba6b
Sha256: b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770
                                        
                                            GET / HTTP/1.1 
Host: dramacool9.co
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

                                         
                                         172.67.190.162
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
date: Sat, 24 Sep 2022 16:22:54 GMT
location: http://www.dramacool9.co/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lrKCmkONJBKU00CzTTpmtMOZXE%2BzaJQ%2Bqj0ptYTWCwO9sqziVPrBm89eZvu0vteoZqNvKDqAXhd7L21DIClu%2B9m70MWemiNlLv73HCCFe%2FlWSF32EgRo%2B3yrHATNKRlq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc8cabb4b51e-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   162
Md5:    4f8e702cc244ec5d4de32740c0ecbd97
Sha1:   3adb1f02d5b6054de0046e367c1d687b6cdf7aff
Sha256: 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:54 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         143.204.55.27
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 24 Sep 2022 16:04:17 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Sat, 24 Sep 2022 16:52:30 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 8ntFurs9QqLNWBElxnfkmtu8nyrn3sDZp9qXlqxb4C5ivelFKw22vA==
Age: 1117


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /ajax/libs/jquery_lazyload/1.9.7/jquery.lazyload.min.js?ver=1 HTTP/1.1 
Host: cdnjs.cloudflare.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.17.25.14
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 24 Sep 2022 16:22:54 GMT
content-length: 1120
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-d35"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1782550
expires: Thu, 14 Sep 2023 16:22:54 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=onVvSrKh7Wm%2FrR%2BrUQlB0D4A6zmFiuEriFxFRT%2FwqKQUI6foLfRZVrM%2FdwdMwYWweNeJkaACblb8T49KvvLQ3Sb4N6Rbk5FFNdB8eqcOeW9kl9Czhy%2BUBWg5IRbGGSJlsKy5WF%2BP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 74fcdc905d85b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (3309)
Size:   1120
Md5:    edf1dd25b1ab3d24fbf2444b4061838c
Sha1:   e59cb30ed49d56313ee1f770f6784f5faaa1199f
Sha256: c31915d8a610a15ca29180348abb37bdaff9d8bde76f13c0e78bc841e633c06e
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3938
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 16:22:54 GMT
Last-Modified: Sat, 24 Sep 2022 15:17:16 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "B9FEC2D71F4810F5FB792F8171156FEB19E82897E1B7CEA3D0103835F9033279"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15870
Expires: Sat, 24 Sep 2022 20:47:24 GMT
Date: Sat, 24 Sep 2022 16:22:54 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   1543
Md5:    efc97631aa160acac330542ae0fa131f
Sha1:   0061df1334cd2a8fdcf1b9b81fb9cacb0380b1ea
Sha256: 39321343a0078adc5c1a638a14bdb575b7febecd9da6dc7f71a7e7a680ed9183
                                        
                                            GET /gtag/js?id=UA-131447009-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.72
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 24 Sep 2022 16:22:54 GMT
expires: Sat, 24 Sep 2022 16:22:54 GMT
cache-control: private, max-age=900
last-modified: Sat, 24 Sep 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 42256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1720)
Size:   42256
Md5:    ca6314319a65d29d7271f5ee7b6925ec
Sha1:   240cb88f92f323dbf88e1d263aafe2e890026585
Sha256: d28c705e2049de989ff7560e99b32521caf7c508c9276e61b9d485c666c33a2e
                                        
                                            GET /1clkn/16782 HTTP/1.1 
Host: rhombicsomeday.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.109.82.9
HTTP/1.1 200 OK
Content-Type: application/javascript; charset=utf-8
                                        
Server: nginx
Date: Sat, 24 Sep 2022 16:22:54 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 25-Sep-2022 16:22:54 GMT; Max-Age=86400; path=/; secure; SameSite=None GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 25-Sep-2022 16:22:54 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   26
Md5:    414a242a6fee8464282857e475d3ef61
Sha1:   f669890350347f53aa9bd19c1a355692e8d17d2f
Sha256: d4914e81dd0b4c1d8ee8e789f6b369d107b93ac886f862930e1a98580e79aafa
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C60C3AD4995B42F2045615A7B2BBD038E1E5382AB8DA3F743AF1A8FA5EC5D3B7"
Last-Modified: Thu, 22 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2545
Expires: Sat, 24 Sep 2022 17:05:20 GMT
Date: Sat, 24 Sep 2022 16:22:55 GMT
Connection: keep-alive

                                        
                                            GET /rec?t=1&z=3133&uuid=94d3a10e8403414d972699b4f865bf8f&p=81&g=NO&token=4a44335432&tbg=1664036574 HTTP/1.1 
Host: imp9.bidgear.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.74.36
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s0LwTpRrLBlKBLlP0uub33xtnI9v72AQ0P23xHXoUqoNDcShTnNjqbcpPB69I1%2F44GzzXhg2xpYLEtDbvNc6dIHB309nAJAUyfbYvpXAsAwm509SWtkFWS7IkZekwl3Hby0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc915be8b506-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Size:   599
Md5:    ca49a7e783b806a4e8576ea80346203d
Sha1:   6fe9d083221dae98f6c76f7121c37bc884b02d82
Sha256: 3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "285536F73FBAA5CE5ACCF236DDAB824E8F38A76E9D657963B935721DDD50784B"
Last-Modified: Fri, 23 Sep 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5887
Expires: Sat, 24 Sep 2022 18:01:02 GMT
Date: Sat, 24 Sep 2022 16:22:55 GMT
Connection: keep-alive

                                        
                                            GET /rec?t=1&z=6833&uuid=c1806fa0d59f4114af92284c06b24519&p=78&g=NO&token=4a44335432&tbg=1664036574 HTTP/1.1 
Host: imp9.bidgear.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.74.36
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OPRM6c3oThRS%2B%2F%2FHwLIfvctyN7LRhajvjJ%2FhhZ%2FbzB3MFLdTvqpFiI9owuXszlnguyL10lwYG9x8a%2FTbpnHHuAwX0269F9pkitkzWZiMa%2FC2fdFTe7tQwrgLbWYqTDc8MPY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc917c1bb506-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Size:   599
Md5:    ca49a7e783b806a4e8576ea80346203d
Sha1:   6fe9d083221dae98f6c76f7121c37bc884b02d82
Sha256: 3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
                                        
                                            GET /rec?t=1&z=5787&uuid=44d23715b59d48c5a7e1df203e0d8e5b&p=78&g=NO&token=4a44335432&tbg=1664036574 HTTP/1.1 
Host: imp9.bidgear.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         172.67.74.36
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 599
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KJRQ%2BTvPvYYGY8GKOrkRO9dxhW8PdGTzyZgF8KQaMO3G0dp4qoZ4cyu3ZpQnhZLN4kOuvLbTUaO19z7wOeIcygO6NE95q%2B8JkWBJCPU%2Bbbnz76Khke321TiUV8cXMfu70XE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc917c22b506-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, baseline, precision 8, 1x1, components 3\012- data
Size:   599
Md5:    ca49a7e783b806a4e8576ea80346203d
Sha1:   6fe9d083221dae98f6c76f7121c37bc884b02d82
Sha256: 3e9a98dd5f0a28ff4a059f33d760264a6db02786666ac1692095ebb976f5da28
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jtv3FO8X8nr0ivQ0h6kwSA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         34.213.92.18
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Kg7Pdgtyb9+d+twJufuD8kHW5k8=

                                        
                                            GET /npc/sdk/wp-banners.js HTTP/1.1 
Host: js.wpadmngr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         45.133.44.24
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Sat, 24 Sep 2022 16:27:55 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AE61997F5E632422B15A7AFE3E3F82C856CA27466F6CC7A5C463C951BCCE4DD3"
Last-Modified: Thu, 22 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4119
Expires: Sat, 24 Sep 2022 17:31:34 GMT
Date: Sat, 24 Sep 2022 16:22:55 GMT
Connection: keep-alive

                                        
                                            GET /1?z=5305455 HTTP/1.1 
Host: cdn.uponelectabuzzor.club
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: text/javascript
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:55 GMT
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 0fd5bb401f91c96c6b5c09908b36a11d
access-control-expose-headers: X-Sc
x-sc: ySZVompdT2KAr5dN0zsdOpXLBTMO8ifUDtP4H09nCDx61AsgAUkXnotP1jkzEpPhorb3bIntH05Mq18V_N-aURA9ylE=
set-cookie: scm=1; expires=Sun, 24 Sep 2023 16:22:55 GMT; secure; SameSite=None OAID=84f4be9c1eab47e0b1fc1690c03cdf64; expires=Sun, 24 Sep 2023 16:22:55 GMT; secure; SameSite=None oaidts=1664036575; expires=Sun, 24 Sep 2023 16:22:55 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4061
Md5:    7b058c559cbb164dbf9f1e6398efb188
Sha1:   69661db19e469ed170ce58de27a76f7532fce2ec
Sha256: 269aa08febee5aec2e8fa54f892067dfc47dfc289d1d472b1683a10e9f4a019b
                                        
                                            GET /stattag.js HTTP/1.1 
Host: tzegilo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.194.45
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 2059
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkE%2FmyvJWssrHni5I1Qgnd2XsZWV9jGXJ39GyRf6VW7cHb6pm5Es93inm0Zp%2FcaAgPep%2BO5FK9nZpqQnsE5CZ%2Bfw2QJNKi8hO7VG0LkSCPpreQzMen8m2PiK5817gA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fcdc93f9bfb503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, Unicode text, UTF-8 text, with very long lines (32771), with no line terminators
Size:   12228
Md5:    8e1003ca642618b5a0232906520c21eb
Sha1:   57127f64dd9e08be3ad9078b03b84f2ccb02ecce
Sha256: 2aad181f5fffb4ee80343ef9100f701183e47b5d01405c435b0a820341edf246
                                        
                                            GET /42/38?z=5305455 HTTP/1.1 
Host: cdn.uponelectabuzzor.club
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Cookie: scm=1; OAID=84f4be9c1eab47e0b1fc1690c03cdf64; oaidts=1664036575
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 1bb4c55adc59a1917c550d28ab87b08d
access-control-expose-headers: X-Sc
set-cookie: OAID=84f4be9c1eab47e0b1fc1690c03cdf64; expires=Sun, 24 Sep 2023 16:22:55 GMT; secure; SameSite=None oaidts=1664036575; expires=Sun, 24 Sep 2023 16:22:55 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:55 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 18:25:22 GMT
Expires: Thu, 29 Sep 2022 18:25:21 GMT
Etag: "235a3579a72192a6a1fc0366d6d8671e2630b9f5"
Cache-Control: max-age=438745,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fcdc95f8c4b517-OSL


--- Additional Info ---
Magic:  data
Size:   31693
Md5:    790549d62dd6f600bd6b77fc9053fa92
Sha1:   77135dab217d078f6e41a28e6abf13621cf0f844
Sha256: f736afd2af82731d80d0c900c07d59227f3ad4cd71d11b89c6f7f13b47f65137
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:55 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 22 Sep 2022 12:52:21 GMT
Expires: Thu, 29 Sep 2022 12:52:20 GMT
Etag: "b25b1883b0f0e02956c3eb5beb98552f814ee6ab"
Cache-Control: max-age=418764,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74fcdc963ac9b4f7-OSL

                                        
                                            GET /static/adManager.js HTTP/1.1 
Host: js.wpadmngr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.24
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
server: nginx/1.18.0
last-modified: Wed, 13 Jul 2022 06:52:04 GMT
etag: W/"62ce6b94-4e2"
content-encoding: gzip
expires: Sat, 24 Sep 2022 16:27:55 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2

                                        
                                            GET /tags/20140?version_name=b HTTP/1.1 
Host: na.nawpush.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/json
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
server: nginx/1.18.0
cache-control: max-age=300, public
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6508), with no line terminators
Size:   6508
Md5:    a7506d4b6a6f0b7b6df34b07c75bb6ca
Sha1:   130e2002adf797b40eab237ac713f5ada5307d3a
Sha256: 426fe88386d3d0fba461f4ceb64f80cb897d4209a374c79abcea247d8dbef48c
                                        
                                            GET /ads.php?domainid=2175&sizeid=2&zoneid=3133 HTTP/1.1 
Host: platform.bidgear.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.74.36
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 24 Sep 2022 16:22:54 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4kBSnvcEOkr2Bz26nG0NpxgrlgtZjcLy%2Fagsy8hPCJ%2BRXLZBTrZfONvLS%2BbbFCf%2BqhGMF5cQb7UkQLoL5UsIp13hBiFfaDf3y0iPXdPAFFue9mnaUmiDP727qSePZKlbQMN9qn9I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc908af0b506-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (889), with no line terminators
Size:   764
Md5:    b040e6f4072f7512023c0cba89bb56ac
Sha1:   3a33296247871515d2d9b5c79fa2a4704a73de96
Sha256: 27593bd35dcbed96b40fa3ecc7fc9a697fd7de22860bdba6b01d1fe5d146716f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2583
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 16:22:55 GMT
Last-Modified: Sat, 24 Sep 2022 15:39:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1034
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 16:22:55 GMT
Last-Modified: Sat, 24 Sep 2022 16:05:41 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /b/i/bidgear.dramacool9.co.1329573.js HTTP/1.1 
Host: jsc.adskeeper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.5.42
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 914
x-amz-id-2: W3FOiZ97EzudGJbp2XD0oyNWXX4VnFc2ZwsuVHU58fkaAp1NbCo+AxfAtKIs/a1dDM0axgb7dvU=
x-amz-request-id: 6CF04NDFNQFQ84PH
last-modified: Fri, 24 Jun 2022 15:23:06 GMT
etag: "d5ab2135a77d913058f3259022db6e03"
content-encoding: gzip
x-amz-version-id: TEtDV_qmGna89BsWeE04RFszhRJV4XCN
cf-cache-status: HIT
age: 5102
expires: Sat, 24 Sep 2022 20:22:55 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fcdc9718aeb4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2350)
Size:   914
Md5:    d5ab2135a77d913058f3259022db6e03
Sha1:   0047f3c2357656964cdcc40fcf02170fd66f399e
Sha256: a369b32d63b33ffe5b3c2f1eb8772b8e2eb8a78b29d8779c21a1869a1c11affe
                                        
                                            GET /b/i/bidgear.dramacool9.co.1332671.js HTTP/1.1 
Host: jsc.adskeeper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.5.42
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 913
x-amz-id-2: b2PjQRYZhOm2JUXSTW2DEvNamPQqNiM0FGjeiS1gEZWb8ZYJHMQG3EJFIackKtpfk2D38ODNCNpPLZd8k/2HBQ==
x-amz-request-id: 02648CTXNZYPW0MR
last-modified: Wed, 24 Aug 2022 10:28:37 GMT
etag: "e9b76b5544d05c107269640692311375"
content-encoding: gzip
x-amz-version-id: a5W0cvH5zo5anLHMKThCQjjWo70.OEyi
cf-cache-status: HIT
age: 5102
expires: Sat, 24 Sep 2022 20:22:55 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fcdc9718b6b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2350)
Size:   913
Md5:    e9b76b5544d05c107269640692311375
Sha1:   60f21b9ff62963fb30f7c846190b9233558a4fc9
Sha256: dad9937760c263ef39ca4e2552a8af973d7de715d6e460f7b958ec6f2d673d04
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /b/i/bidgear.dramacool9.co.1364502.js HTTP/1.1 
Host: jsc.adskeeper.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.18.5.42
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
content-length: 913
x-amz-id-2: 77adqSBim5oWo2vR6+a9ddeYVNeEFITkLUkGSHnuUAoxtsQLUQdBplSKqXLPTmYvFhWhG3+0JWY=
x-amz-request-id: YFSTX6SS75KRM19Q
last-modified: Wed, 21 Sep 2022 19:28:36 GMT
etag: "a8a3feb1832300a0cf92f938dd7cd3da"
content-encoding: gzip
x-amz-version-id: I0fCd9cXY7XJ4yhaSu8kU.2fcK1kotQ.
cf-cache-status: HIT
age: 5140
expires: Sat, 24 Sep 2022 20:22:55 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fcdc9718b3b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (2350)
Size:   913
Md5:    a8a3feb1832300a0cf92f938dd7cd3da
Sha1:   fa0cf96681b372358412efdc39e0ff8be59fa96c
Sha256: 59981ea78afacfacdee093fae69a23c7e7a274a8dfde45332018bcd8763ce293
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 19826
date: Sat, 24 Sep 2022 14:41:09 GMT
expires: Sat, 24 Sep 2022 16:41:09 GMT
cache-control: public, max-age=7200
age: 6106
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   19826
Md5:    cae538dcce82598fbe43c0bf443e62dd
Sha1:   cc68ac6be9c5e0087a0000e5735b83270ace30f5
Sha256: 954b9e9d9744e1319c51760780a35de2dec353afffac705c2cca6d836a5e056d
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2583
Cache-Control: 'max-age=158059'
Date: Sat, 24 Sep 2022 16:22:55 GMT
Last-Modified: Sat, 24 Sep 2022 15:39:52 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /tag/js/gpt.js HTTP/1.1 
Host: securepubads.g.doubleclick.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.194
HTTP/2 200 OK
content-type: text/javascript
                                        
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27830
date: Sat, 24 Sep 2022 16:22:55 GMT
expires: Sat, 24 Sep 2022 16:22:55 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1343 / 236 of 1000 / last-modified: 1663970755"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (45162)
Size:   27830
Md5:    ff30071db760c132a410be0b0a69dd8e
Sha1:   ff398651c3ea49315a264fad93398fc5709da017
Sha256: d4edd21612c6bbb611df07b636296a932d6403fd7a495e7647d898b66d7921ff
                                        
                                            GET /apu.php?zoneid=5290228 HTTP/1.1 
Host: cdn.itskiddoan.club
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.236
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:55 GMT
x-trace-id: b471a4890149032f7aa41ebba89347d2
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=28de5ca9d0ce43889facbe9a524e7803; expires=Sun, 24 Sep 2023 16:22:55 GMT; path=/; secure; SameSite=None oaidts=1664036575; expires=Sun, 24 Sep 2023 16:22:55 GMT; path=/; secure; SameSite=None syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   119791
Md5:    ccd41c6a0fee102f5aee8abbb7e9638b
Sha1:   aba487680d5ee35db4d9d8c8e7b6b80f319d96a0
Sha256: fc594198e3f6f99998a6a99c5b6adfd778dc0cbb24d543f06bdfc99561edcb70
                                        
                                            GET /ads.php?domainid=2175&sizeid=3&zoneid=5787 HTTP/1.1 
Host: platform.bidgear.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.74.36
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 24 Sep 2022 16:22:54 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2FPv8s2PsvKT0UoA37Bte8OsDq0hfd%2BE%2FY%2FzhtcIuFoCN1BIzWXuCnLqkUrwA4PPym8CmgiPOoxabsKcEK%2FhbiRWYwT8Yk7rI5FXrNdD9ODCTH0NgCs6IBU8%2BaJN%2BXjyovrHgaOL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc908af2b506-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (818), with no line terminators
Size:   76813
Md5:    cd95e740aa07ed206cf2041a21384804
Sha1:   60fa80badcae7e128bd57f39c12a84a435121e73
Sha256: 4fc484474897b793b745188d4d20032a527ac73dd2623f75ebe34e7db1f432ca
                                        
                                            GET /ads.php?domainid=2175&sizeid=2&zoneid=6833 HTTP/1.1 
Host: platform.bidgear.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.74.36
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Sat, 24 Sep 2022 16:22:54 GMT
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2BYmwep2F6UadN%2F%2B1tVnYjxc7U4NXt3I53BfFYVXMUj%2BIGLHxzeHG63eAQAb0k4d%2FVJKgxZoIlxqy4xtNY10p0WyOctEtiWmvJfX1sR5tJZbdZ1uCKjpLj2lfGt07kiW1plQzs1h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74fcdc909af4b506-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text, with very long lines (888), with no line terminators
Size:   77183
Md5:    216dd77353da290331a72fd5a8e1ac97
Sha1:   09ecf2f83ee38b95bb5857f5511917f805683944
Sha256: 59cb41beb0ddf3d04d6c404937d46f182d16e4cada6c102227850325af3cae6b
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            OPTIONS /9?z=5305455&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dramacool9.co%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=5d3b41840f364a039c5a0337d0798c6e HTTP/1.1 
Host: cdn.uponelectabuzzor.club
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dramacool9.co/
Origin: https://www.dramacool9.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 204 No Content
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:56 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://www.dramacool9.co
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

                                        
                                            POST /9?z=5305455&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fwww.dramacool9.co%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&sah=1002&drf=&hil=1&ist=0&oaid=5d3b41840f364a039c5a0337d0798c6e HTTP/1.1 
Host: cdn.uponelectabuzzor.club
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 237
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Cookie: scm=1; OAID=84f4be9c1eab47e0b1fc1690c03cdf64; oaidts=1664036575
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:56 GMT
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://www.dramacool9.co
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: bac0ad0c670d08116cee48c3ae547440
access-control-expose-headers: X-Sc
set-cookie: OAID=5d3b41840f364a039c5a0337d0798c6e; expires=Sun, 24 Sep 2023 16:22:56 GMT; secure; SameSite=None oaidts=1664036575; expires=Sun, 24 Sep 2023 16:22:56 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    a97eb6fbe6f13b601d5d48c0eba8baae
Sha1:   736efb938caf3d0edec406932ada889f1a4f2268
Sha256: a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "D564477F9DC071F3699F2D67B991F7FF931779D585A2212E7620CA8A6054D870"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6887
Expires: Sat, 24 Sep 2022 18:17:43 GMT
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive

                                        
                                            GET /tags?tag_id=20140&timezone_olson=UTC&version_name=b HTTP/1.1 
Host: notification.tubecup.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         88.198.204.166
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx/1.18.0
date: Sat, 24 Sep 2022 16:22:56 GMT
content-length: 6486
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (6486), with no line terminators
Size:   6486
Md5:    8f46eb155266653e239a196de81d63da
Sha1:   b635e8f4ae51760957814970388a360319e67994
Sha256: db72aadf4ed98160d81c98d4f61e4c7a972cd2a875411ad8800aaa71469055a2
                                        
                                            OPTIONS /500/5287605?excludes=&oaid=5d3b41840f364a039c5a0337d0798c6e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fwww.dramacool9.co%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://www.dramacool9.co/
Origin: https://www.dramacool9.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:56 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://www.dramacool9.co
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3837
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3837
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3837
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0FC47DBA3F2789B7C509A4916B1FE3C7B6B30C6778E5354742256125730310F3"
Last-Modified: Fri, 23 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3837
Expires: Sat, 24 Sep 2022 17:26:53 GMT
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd5039669-74cb-4d54-9208-94257c765b35.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9935
x-amzn-requestid: 9eb8463d-172a-40a2-8eed-3c97b1260afe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQ5FARoAMFXQQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2738-3709a2f22ecc033532223b26;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:38:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: e5eETCL5yFnoG4HPx0Qv8hjGnlXx5vOL4syMx9uato8nuIHkSvMezg==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:58:23 GMT
age: 66273
etag: "a30f9044330824e70dde0dcc785890d981e6fdf5"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9935
Md5:    55d224ac83a417772c98bc5080fb6689
Sha1:   a30f9044330824e70dde0dcc785890d981e6fdf5
Sha256: b2ea4dea200109019a65834b98e31e8fac718a199513810a2819858be2b4470a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F76fa20bb-9883-4867-b55e-fc56c8f8fc57.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 6386
x-amzn-requestid: 4380489e-d0ba-4f67-ac4f-67619ba34422
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7shGHryIAMF6zg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e27a0-005f9c783c7722f16c178026;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:39:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: RuUOjTDRTkcaGFf_hTWrHZ89edOajgGUdl5PjbaUV7CUppat6IYsRg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 e80693c02cfdfd081110512210d57840.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:27 GMT
age: 66869
etag: "f6f926be6e265a597aaede424f05fcd7c76fcc20"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   6386
Md5:    d8d9af95acfc8b9b431eb1e020157f6d
Sha1:   f6f926be6e265a597aaede424f05fcd7c76fcc20
Sha256: 0b61d6cb0e0908cb8d303b9e951e2854166bd232e0291b5d698a6b757c064e88
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F85d1d130-04e1-43f4-81d7-b15e9286f813.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8354
x-amzn-requestid: 3ec3470c-2268-4102-af88-27dcfed76bfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPCGOcoAMF2xQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-481aa98b413690636fc3a2f0;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: pVtBCTCGh0DCF_1Vf9qMWttoDUQO_xSCkpdis9Gu3o4_cVEqaHngVg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:48:30 GMT
age: 66866
etag: "670d89082f8da643e1196b11fb64bf71707f0e8d"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8354
Md5:    e1087dcce202bbbc8c84196bd2050662
Sha1:   670d89082f8da643e1196b11fb64bf71707f0e8d
Sha256: f6a7b6e07177431d7845e2f2b7b1b3b76088671db32aeef580a72e9bd3ddae00
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd719f7db-20e1-4834-9525-3117f1824f36.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10032
x-amzn-requestid: 521c4012-9834-4100-a7ed-30093502f1a9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sPBHGYoAMFh-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e272c-77b03c321240d76a572d603a;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:48 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: N7TwxCLUL8qnvm3YuZ6CGyJquVerc266VvZ1g8j5RxGpQXoUJwhULg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:51:16 GMT
age: 66700
etag: "ed04f74fbb4c77b21e2babc51a82857f5e23d169"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10032
Md5:    aa150280eb113504d61a25935c0f0127
Sha1:   ed04f74fbb4c77b21e2babc51a82857f5e23d169
Sha256: 07df17fffb391aa82efb09e30d97e88fa4dbe6df00e37bb90304f69179f4848e
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb77ad616-c829-40b4-8b70-2be46252d64c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10279
x-amzn-requestid: 0f361c26-1f12-421a-9752-7d4fcdf839ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y4V65GTXIAMF9-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632cd045-25677a637307879044de8242;Sampled=0
x-amzn-remapped-date: Thu, 22 Sep 2022 21:14:45 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: HfslSWhSAKRjZr-qqajVm6bKf9jGt2pXq8N8GlXgyTwRxWqw0y-CgA==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 24 Sep 2022 05:14:28 GMT
age: 40108
etag: "60a83a1618ffae06e49ca3002bac1db9980dcfe8"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10279
Md5:    8ea5f06ad31f0cedd2cb5c6df82f35f4
Sha1:   60a83a1618ffae06e49ca3002bac1db9980dcfe8
Sha256: 5f6a4cb92c016ef0f229b11d727e9680a15b10782b5bfe9e66ad9d100b458d8d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F96ebb238-493f-4ccc-a8d9-7a7c6f8ab469.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7963
x-amzn-requestid: cadfa4ff-473d-4927-bdf6-3aad64cddf18
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Y7sQbHTCIAMFfZg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632e2735-41d711e5210099aa6273dd86;Sampled=0
x-amzn-remapped-date: Fri, 23 Sep 2022 21:37:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: g0NS7XamCzSMKmm1-mLnWLwUuBoJczvwSmTb0c_7klsY78wbrg4bRw==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Fri, 23 Sep 2022 21:57:25 GMT
age: 66331
etag: "d2180d40ceb16924a87a41aad90dedb0bb912085"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7963
Md5:    5a4b36e1bf29c9c82f069cdd3c50874c
Sha1:   d2180d40ceb16924a87a41aad90dedb0bb912085
Sha256: aab96d28ea8e21e6d37449eba400cac45acced1825ebdb27853d17ae4f993b00
                                        
                                            GET /www/images/3d08aacb36c7474e0d13b60f8f4adc14.png HTTP/1.1 
Host: offerimage.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         172.67.22.216
HTTP/2 200 OK
content-type: image/png
                                        
date: Sat, 24 Sep 2022 16:22:56 GMT
content-length: 66121
last-modified: Thu, 10 Dec 2020 17:24:49 GMT
etag: "5fd259e1-10249"
expires: Sun, 25 Sep 2022 13:33:25 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10171
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 74fcdc9b6bbe0b02-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Size:   66121
Md5:    3d08aacb36c7474e0d13b60f8f4adc14
Sha1:   e4af2de372b5e3a2211579a5973ef7ed160e7be4
Sha256: 54b0569cf052e12dd373e86031009d0a54a893275a21c2ef863277a9a978ab1c
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BE9F7CB3017AF492D1EB20173650CF58E74BEA734CF91C62BB173DD8C024BE08"
Last-Modified: Sat, 24 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3484
Expires: Sat, 24 Sep 2022 17:21:00 GMT
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive

                                        
                                            GET /500/5287605?excludes=&oaid=5d3b41840f364a039c5a0337d0798c6e&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fwww.dramacool9.co%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Cookie: OAID=623d784da1b7464f82cd292210aa8dcf
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:56 GMT
x-trace-id: a670841beb827fbe51d924235fbae05d
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://www.dramacool9.co
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=5d3b41840f364a039c5a0337d0798c6e; expires=Sun, 24 Sep 2023 16:22:56 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1691
Md5:    42d904c327c8d1a10e7d5941b64336a1
Sha1:   55e905f3f0d6f516a7d700cc168c0687b26d564f
Sha256: 8f630ff47c88e1f3c7e9b5bcf8ed8ccb7476bd3cea120dde88a9a0c25960e293

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            OPTIONS /fp?tag_id=20140 HTTP/1.1 
Host: fp.metricswpsh.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.dramacool9.co/
Origin: https://www.dramacool9.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         157.90.84.242
HTTP/1.1 204 No Content
                                        
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 16:22:56 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://www.dramacool9.co
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

                                        
                                            GET /in/track?data=eyJ3bCI6MCwic3ViaWQiOjAsInVzZXJfaWQiOiI4ODA3MTk2MjU4MzE5NDgzMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOC4xIiwidGFnX2lkIjoyMDE0MCwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjoxLjA3LCJpc192MiI6MSwiaXNfdjJfZW1wdHkiOm51bGwsInVzZXJfa2V5d29yZHMiOiJEcmFtYWNvb2wlMkNBc2lhbiUyQ0RyYW1hJTJDTW92aWVzJTJDYW5kJTJDS1Nob3clMkNFbmdsaXNoJTJDU3ViJTJDaW4lMkNIRCUyQygyMDIyKSUyQ1dhdGNoJTJDYW5kJTJDZG93bmxvYWQlMkNLb3JlYW4lMkNkcmFtYSUyQ21vdmllcyUyQ0tzaG93JTJDYW5kJTJDb3RoZXIlMkNBc2lhbiUyQ2RyYW1hcyUyQ3dpdGglMkNlbmdsaXNoJTJDc3VidGl0bGVzJTJDb25saW5lJTJDZnJlZSUyQ0RyYW1hY29vbCUyQ2ZvciUyQ2V2ZXJ5b25lISUyMCJ9 HTTP/1.1 
Host: 70a240c353.2725849b34.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.25
HTTP/2 200 OK
                                        
date: Sat, 24 Sep 2022 16:22:56 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

                                        
                                            POST /fp?tag_id=20140 HTTP/1.1 
Host: fp.metricswpsh.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22269
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         157.90.84.242
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
                                        
Server: nginx/1.20.1
Date: Sat, 24 Sep 2022 16:22:56 GMT
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.dramacool9.co
Set-Cookie: id=9639336900976290718; Expires=Sun, 24 Sep 2023 16:22:56 GMT; Secure; SameSite=None
Vary: Origin


--- Additional Info ---
Magic:  JSON data\012- , ASCII text
Size:   28
Md5:    d8ded99ae3089c609f0f3dfd190a3299
Sha1:   aa378c43d5b8dc4887db4f93f86a319f75731b6f
Sha256: f5526ab1e5df71c978b3db3ada96990b256be308611834bea29d342b88338000
                                        
                                            GET /banner-admanager/build.m.js HTTP/1.1 
Host: js.cabnnr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.25
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 24 Sep 2022 16:22:56 GMT
server: nginx/1.18.0
last-modified: Tue, 13 Sep 2022 14:00:41 GMT
etag: W/"63208d09-b395"
content-encoding: gzip
expires: Sat, 24 Sep 2022 16:27:56 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   15579
Md5:    1c879caaff862117352fcc70cab3358f
Sha1:   82fe3c92d9c2f491be5c41eaa048af29d035b9e1
Sha256: 95109a962fd43223394a4fdf83934298dcc3617b6cb14b2f4f59fc660fe607b6
                                        
                                            GET /impression/uJh9H5DfaT41ShNaf6k-Uz09Tze7ieHU08vRU8zGWmBHHLRM0H0UYCto3zI2Z1NrUKhs5ILZvge-kDTaLRSM5YoTnBnGdFQBwN7NWnF-8U00Sc6QW1-uq7Iz97RfxjJmYzCk6CvNtewN6HgkMjzUFBQe1Z3HwMiRf8UUHPSi0VODRb8bWZ2BbeNkPeLpPWOYVtQQgNcIEjSD986v4Tq67hpZn_ZjlYGMp0Qx_o5_L-YqUVKDo1flX-IECHj5VXO0PmgW3QRPv_POSryKMBv-LNjiZqh0th8hWmO0y_Q944rF8yDpV8-3Q2RKqhaPutQfXK5FQfX0hBToPnDU8RQLY6Fae1_ttriliea0T1zlvOCYKp2AN2VVgmVV0Ecw7r200Gs9NfpleK3axul30wCRudcDnUsaLSQJ3wZ7vV6Yog2IgVacw_auEBWOvxz2pMUQcWjwDWI4eiPCFF4T_BXFTOxJOiyLacNgdD4qK-Zpt7lmM7F7WPf-URRqRnqnghzKxon44XSeLyjuLGmifUmNT8jC1qdwRBIhA2kLBLTrj5xWip0CIuwrVScp2jUBP6_3ukUJh-JcP7xXeqxOOdpqzCnq2UoUN6wQonclVw==?_z=5287605&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=0&pl=https%3A%2F%2Fwww.dramacool9.co%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Cookie: OAID=5d3b41840f364a039c5a0337d0798c6e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:57 GMT
content-length: 43
x-trace-id: 1c95ff22cddb8e81f44797ba4768bfa6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 247729
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.163
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 21 Sep 2022 19:34:08 GMT
expires: Thu, 21 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 247729
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Sat, 24 Sep 2022 16:22:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "8E6F63D4068A2EF202E7FC88B3538A7E74BE49597C9C358CAA29871789BF7CED"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8965
Expires: Sat, 24 Sep 2022 18:52:24 GMT
Date: Sat, 24 Sep 2022 16:22:59 GMT
Connection: keep-alive

                                        
                                            GET /health/ HTTP/1.1 
Host: 80cfef144b.2725849b34.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         159.69.163.6
HTTP/2 200 OK
                                        
server: nginx/1.18.0
date: Sat, 24 Sep 2022 16:22:59 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2

                                        
                                            GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7InRhZ19hYiI6ImIiLCJpZCI6MTY5NSwic3BhY2VpZCI6MTY5NSwidHlwZSI6InBvcCIsImlkem9uZSI6bnVsbCwiYWRfdGFncyI6IkRyYW1hY29vbCUyQ0FzaWFuJTJDRHJhbWElMkNNb3ZpZXMlMkNhbmQlMkNLU2hvdyUyQ0VuZ2xpc2glMkNTdWIlMkNpbiUyQ0hEJTJDKDIwMjIpJTJDV2F0Y2glMkNhbmQlMkNkb3dubG9hZCUyQ0tvcmVhbiUyQ2RyYW1hJTJDbW92aWVzJTJDS3Nob3clMkNhbmQlMkNvdGhlciUyQ0FzaWFuJTJDZHJhbWFzJTJDd2l0aCUyQ2VuZ2xpc2glMkNzdWJ0aXRsZXMlMkNvbmxpbmUlMkNmcmVlJTJDRHJhbWFjb29sJTJDZm9yJTJDZXZlcnlvbmUhJTIwIiwibGFiZWxzIjoiNCw1LDYsNyw4LDksNDYsNDcsNTQsNTUsNjEsMTA5IiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMTUyNDQ4NDQ5IiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzMxOTIsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjAsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4LCJidHlwZSI6MH0sImJhbm5lciI6eyJ3IjoxLCJoIjoxfX1dLCJzaXRlIjp7ImlkIjoiMzMxOTIiLCJjYXQiOlsiSUFCMSJdLCJwYWdlIjoiaHR0cHM6Ly93d3cuZHJhbWFjb29sOS5jby8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjY0MDM2NTc4Nzg4fX0= HTTP/1.1 
Host: 80cfef144b.2725849b34.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         159.69.163.6
HTTP/2 302 Found
                                        
server: nginx/1.18.0
date: Sat, 24 Sep 2022 16:23:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://rtbrennab.com/banner/in/show/?mid=1078360493&pid=0&site=33192&sc=NO&usage_type=DCH&subid=152448449&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=www.dramacool9.co&hostname=auc-banner-hz-1&site_id=0&spot_id=33192&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB1&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=100&ml=&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB1&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D33192%26source%3D152448449%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D33192%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3DDramacool%252CAsian%252CDrama%252CMovies%252Cand%252CKShow%252CEnglish%252CSub%252Cin%252CHD%252C%282022%29%252CWatch%252Cand%252Cdownload%252CKorean%252Cdrama%252Cmovies%252CKshow%252Cand%252Cother%252CAsian%252Cdramas%252Cwith%252Cenglish%252Csubtitles%252Conline%252Cfree%252CDramacool%252Cfor%252Ceveryone%21%2520%26spot_id%3D33192%26p%3Dhttps%253A%252F%252Fwww.dramacool9.co%252F%26katds_labels%3D4%2C5%2C6%2C7%2C8%2C9%2C46%2C47%2C54%2C55%2C61%2C109%26btype%3D0%26score%3D100&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Dramacool%2CAsian%2CDrama%2CMovies%2Cand%2CKShow%2CEnglish%2CSub%2Cin%2CHD%2C(2022)%2CWatch%2Cand%2Cdownload%2CKorean%2Cdrama%2Cmovies%2CKshow%2Cand%2Cother%2CAsian%2Cdramas%2Cwith%2Cenglish%2Csubtitles%2Conline%2Cfree%2CDramacool%2Cfor%2Ceveryone!%20&stratagem=&ssp=3758
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E74F0E6D6A26D46B92252FDAFA728EDA5B0647844EC7BF215986B7A3E9B1B42E"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3307
Expires: Sat, 24 Sep 2022 17:18:07 GMT
Date: Sat, 24 Sep 2022 16:23:00 GMT
Connection: keep-alive

                                        
                                            GET /banner/in/show/?mid=1078360493&pid=0&site=33192&sc=NO&usage_type=DCH&subid=152448449&sid=0&cid=0&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=&tcid=0&out_id=&ver=&ver_c=&refdom=www.dramacool9.co&hostname=auc-banner-hz-1&site_id=0&spot_id=33192&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=0&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=default&iabcat=IAB1&min_cpm=0.0001&placement_type_id=&skin_test=&verify_hash=&score=100&ml=&ttl=&space_id=1695&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB1&url=https%3A%2F%2Fbtds.zog.link%2Fin%2F912%2F%3Fsid%3D33192%26source%3D152448449%26idzone%3D0%26w%3D1%26h%3D1%26mo%3D%26ve%3D%26site_id%3D33192%26utm1%3D%26utm2%3D%26utm3%3D%26utm4%3D%26ad_tags%3DDramacool%252CAsian%252CDrama%252CMovies%252Cand%252CKShow%252CEnglish%252CSub%252Cin%252CHD%252C%282022%29%252CWatch%252Cand%252Cdownload%252CKorean%252Cdrama%252Cmovies%252CKshow%252Cand%252Cother%252CAsian%252Cdramas%252Cwith%252Cenglish%252Csubtitles%252Conline%252Cfree%252CDramacool%252Cfor%252Ceveryone%21%2520%26spot_id%3D33192%26p%3Dhttps%253A%252F%252Fwww.dramacool9.co%252F%26katds_labels%3D4%2C5%2C6%2C7%2C8%2C9%2C46%2C47%2C54%2C55%2C61%2C109%26btype%3D0%26score%3D100&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=Dramacool%2CAsian%2CDrama%2CMovies%2Cand%2CKShow%2CEnglish%2CSub%2Cin%2CHD%2C(2022)%2CWatch%2Cand%2Cdownload%2CKorean%2Cdrama%2Cmovies%2CKshow%2Cand%2Cother%2CAsian%2Cdramas%2Cwith%2Cenglish%2Csubtitles%2Conline%2Cfree%2CDramacool%2Cfor%2Ceveryone!%20&stratagem=&ssp=3758 HTTP/1.1 
Host: rtbrennab.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dramacool9.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         162.55.139.130
HTTP/2 302 Found
                                        
server: nginx/1.16.0
date: Sat, 24 Sep 2022 16:23:00 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://btds.zog.link/in/912/?sid=33192&source=152448449&idzone=0&w=1&h=1&mo=&ve=&site_id=33192&utm1=&utm2=&utm3=&utm4=&ad_tags=Dramacool%2CAsian%2CDrama%2CMovies%2Cand%2CKShow%2CEnglish%2CSub%2Cin%2CHD%2C(2022)%2CWatch%2Cand%2Cdownload%2CKorean%2Cdrama%2Cmovies%2CKshow%2Cand%2Cother%2CAsian%2Cdramas%2Cwith%2Cenglish%2Csubtitles%2Conline%2Cfree%2CDramacool%2Cfor%2Ceveryone!%20&spot_id=33192&p=https%3A%2F%2Fwww.dramacool9.co%2F&katds_labels=4,5,6,7,8,9,46,47,54,55,61,109&btype=0&score=100
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "68E033B65A3A4C7BCB8D44DB4EBE0B8697DCA39659EF97ACE54D8B8C9BB6A006"
Last-Modified: Fri, 23 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3411
Expires: Sat, 24 Sep 2022 17:19:51 GMT
Date: Sat, 24 Sep 2022 16:23:00 GMT
Connection: keep-alive

                                        
                                            GET /in/912/?sid=33192&source=152448449&idzone=0&w=1&h=1&mo=&ve=&site_id=33192&utm1=&utm2=&utm3=&utm4=&ad_tags=Dramacool%2CAsian%2CDrama%2CMovies%2Cand%2CKShow%2CEnglish%2CSub%2Cin%2CHD%2C(2022)%2CWatch%2Cand%2Cdownload%2CKorean%2Cdrama%2Cmovies%2CKshow%2Cand%2Cother%2CAsian%2Cdramas%2Cwith%2Cenglish%2Csubtitles%2Conline%2Cfree%2CDramacool%2Cfor%2Ceveryone!%20&spot_id=33192&p=https%3A%2F%2Fwww.dramacool9.co%2F&katds_labels=4,5,6,7,8,9,46,47,54,55,61,109&btype=0&score=100 HTTP/1.1 
Host: btds.zog.link
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dramacool9.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         109.206.175.85
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
                                        
server: nginx/1.20.1
date: Sat, 24 Sep 2022 16:23:01 GMT
content-length: 0
location: https://cdn.1vag.com/1x1.png
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 912.0=1; expires=Sun, 25 Sep 2022 16:23:00 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1 
Host: fonts.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.10
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 24 Sep 2022 16:22:57 GMT
date: Sat, 24 Sep 2022 16:22:57 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   1263
Md5:    3876975bd6a5075ffd9a0bf9136c1ce7
Sha1:   02f10fd64da1be2a6394221cf554fb89dc57b696
Sha256: 9c8e7a8fac09a65ddf29a60bf66115ffb28feac125dfb4152fb009583096302d
                                        
                                            GET /1x1.png HTTP/1.1 
Host: cdn.1vag.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.dramacool9.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.24
HTTP/2 200 OK
content-type: image/png
                                        
date: Sat, 24 Sep 2022 16:23:00 GMT
content-length: 68
server: nginx/1.20.1
last-modified: Wed, 15 Apr 2020 13:30:15 GMT
etag: "5e970c67-44"
cache-control: max-age=3600
x-request-id: e0cea73041c202c45e6ab3a8b14597f5
expires: Sat, 24 Sep 2022 17:23:00 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size:   68
Md5:    91e42db1c66c0b276abf6234dc50b2eb
Sha1:   c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
Sha256: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
                                        
                                            GET /t.php?sc_project=11857087&u1=9E57080F81F94FE0FCD9F60B7DF58B18&java=1&security=513b4a2c&sc_snum=1&sess=a8f3c4&p=0&rcat=d&rdom=d&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=&u=https%3A//www.dramacool9.co/&t=Dramacool%3A%20Asian%20Drama%2C%20Movies%20and%20KShow%20English%20Sub%20in%20HD%20(2022)&invisible=1&sc_rum_e_s=2094&sc_rum_e_e=2098&sc_rum_f_s=0&sc_rum_f_e=2038&get_config=true HTTP/1.1 
Host: c.statcounter.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.20.229.67
HTTP/2 200 OK
content-type: application/json
                                        
date: Sat, 24 Sep 2022 16:22:56 GMT
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique=sc11857087.1664036575.0; SameSite=None; Secure; Expires=Friday, 24-Sep-2027 00:22:55 CST; Path=/; Domain=.statcounter.com is_visitor_unique=1664036575283491167; SameSite=None; Secure; Expires=Tuesday, 24-Sep-2024 00:22:55 CST; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://www.dramacool9.co
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 74fcdc9788e40b55-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /401/5287605 HTTP/1.1 
Host: goomaphy.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.197.239
HTTP/2 200 OK
content-type: application/javascript
                                        
server: nginx
date: Sat, 24 Sep 2022 16:22:55 GMT
x-trace-id: eb9f8cc64e9d6bd1a7ab8d71e2f72aa4
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=623d784da1b7464f82cd292210aa8dcf; expires=Sun, 24 Sep 2023 16:22:55 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /static/adManager.m.js HTTP/1.1 
Host: js.wpadmngr.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.dramacool9.co
Connection: keep-alive
Referer: https://www.dramacool9.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         45.133.44.24
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Sat, 24 Sep 2022 16:22:55 GMT
server: nginx/1.18.0
last-modified: Fri, 23 Sep 2022 12:39:30 GMT
etag: W/"632da902-15a62"
content-encoding: gzip
expires: Sat, 24 Sep 2022 16:27:55 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---