dramacool.sr/video-watch/little-women-2022-episode-6-hta
104.21.65.60301 Moved Permanently 0 B URL HTTP/1.1 dramacool.sr/video-watch/little-women-2022-episode-6-hta
IP 104.21.65.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video-watch/little-women-2022-episode-6-hta HTTP/1.1
Host: dramacool.sr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Sat, 22 Oct 2022 07:57:48 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 08:57:48 GMT
Location: https://dramacool.sr/video-watch/little-women-2022-episode-6-hta
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pf9r7%2FzfwoXrl8P9TfdCGoMzH0JK7rCXRBy35HuefCz0ZKSVOLn%2FbjutQkZ9r6rcXxuseX1j6LZBvKsT7XtZ6plH7s0mz%2FMLgPpTPYDlJWlTLBgn6hB3O%2BVhS8vWdfQ%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75e0af2d29560b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
firefox.settings.services.mozilla.com/v1/
143.204.55.35200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.35:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 22 Oct 2022 07:52:41 GMT
Expires: Sat, 22 Oct 2022 08:18:54 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NZNZbqCxneQJr6GqBxHmjB-hycunpEmA3sUrsqH1JoKIkYnkrZbnjg==
Age: 308
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7084
Expires: Sat, 22 Oct 2022 09:55:53 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9dc4f23f82148797f6d8041bdda3c7f7
6841ded3e2dd94fd762316d01efd43f7aafb8354
e229db1854a85b320cee574e805210f3adf5797136ea820c0a0ce9abcd63d4dd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E229DB1854A85B320CEE574E805210F3ADF5797136EA820C0A0CE9ABCD63D4DD"
Last-Modified: Thu, 20 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7039
Expires: Sat, 22 Oct 2022 09:55:08 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 3svM4RwwGQvHaXhuvcuTLIsryZtn9M9hSAbvpKZeyP9Tj538K8XsXQ4qDtPTqT3c+oqtJmSt1S4=
x-amz-request-id: 74D40BXQ9SS4AH7V
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 22 Oct 2022 07:37:29 GMT
age: 1220
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 50a37a613470de0d3d0540b4b21ce441
603fbe2351a389a283502a1158e8fa7fa36fe9fa
3742edfcd1b82f1b6fa3b2635f944e4781805fd2036715c73c6fac60e6a3da23
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 636
Cache-Control: max-age=141233
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Etag: "635324b2-117"
Expires: Sun, 23 Oct 2022 23:11:42 GMT
Last-Modified: Fri, 21 Oct 2022 23:01:06 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:49 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 50a37a613470de0d3d0540b4b21ce441
603fbe2351a389a283502a1158e8fa7fa36fe9fa
3742edfcd1b82f1b6fa3b2635f944e4781805fd2036715c73c6fac60e6a3da23
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 636
Cache-Control: max-age=141233
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Etag: "635324b2-117"
Expires: Sun, 23 Oct 2022 23:11:42 GMT
Last-Modified: Fri, 21 Oct 2022 23:01:06 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 4.7 kB IP 142.250.74.35:0
Hash f34419fd2e49cb9eda00b24eb865546a
ee23d15167fac20504be37e01d06e05b31343970
f0b715d8e998c05a8d7093bf5590cb0b9e29e7647c5c5c2f5c77e4d7461c15a3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-223055057-1
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-223055057-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash 605a9cf5b8dc48294f1726a03a35c31b
dbd68551b24c259ebc4307571e0846f9a2c1df35
90ddd1d04ecb29ad6c96b828ad8fdee1d565f6930bce9c1a8a2c91b65a12e8d4
GET /gtag/js?id=UA-223055057-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 22 Oct 2022 07:57:49 GMT
expires: Sat, 22 Oct 2022 07:57:49 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44632
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 1.6 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a072fcd52a6214023d696a6563a0fd4c
bcfa5e46a2f5912e04e22142c2763d4441700e35
ad202ec4402240dbc492720acf17591a4f7d6ead73439cbd4d4f56d7c4bda4be
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26FF1B1F6822270C707B23BD5A051D0D737FC763C8E756D7924BA97CCF2FA3E0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=219
Expires: Sat, 22 Oct 2022 08:01:28 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2d35666458aed0a33cd7737d707dc7a
654840a4d57a4e3c428df070ac65b1430114cec0
26ff1b1f6822270c707b23bd5a051d0d737fc763c8e756d7924ba97ccf2fa3e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26FF1B1F6822270C707B23BD5A051D0D737FC763C8E756D7924BA97CCF2FA3E0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=219
Expires: Sat, 22 Oct 2022 08:01:28 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d90e3d3fb6decd17d0b905b824726895
27750449e6e49bfa274dcde10d2c76e8e870956d
6b2399f170db2787f87089ba2d64005cd5afd7adfa1bd320569523460d5c424a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B2399F170DB2787F87089BA2D64005CD5AFD7ADFA1BD320569523460D5C424A"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20207
Expires: Sat, 22 Oct 2022 13:34:36 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 94ee541bb392e5675c1e24c94c197f8b
bce18b05a24f5e2c6743cbbe849a733091586176
82f791c205847646216d72b4ce65bc3587ca69d1da17a3a2afb477640822c4dc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.35200 OK 65 kB URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.35:0
Hash 1f4e54587cb84a9b7eb63a498cfd8947
7ee8577d8a1f606345fdedcfb7d205e1c145b607
04ca729de9ed73626d446cf3b6f4cda8a25be2bc29b3039491d45893780b0f1d
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 22 Oct 2022 07:43:40 GMT
Cache-Control: max-age=3600
Expires: Sat, 22 Oct 2022 07:57:59 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: MSwPX9kTvUZi-YenPgy6yQnt-FOIF1PJ7Wcv0m9EMTmp1UenA5Ukkw==
Age: 849
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5d6a1371b505e1db8000bbe95f7f389
7bc2d0d6b8760893d38da4c7edd55a7621a16937
6a98680d3bbaac5ad475ccb1357f70937a3e36a1e37f3c152e6c228c2b249291
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6A98680D3BBAAC5AD475CCB1357F70937A3E36A1E37F3C152E6C228C2B249291"
Last-Modified: Fri, 21 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20935
Expires: Sat, 22 Oct 2022 13:46:44 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
za.ricinusdagomba.com/rq5ocjsMrq2/49122
23.109.248.177200 OK 25 B URL HTTP/1.1 za.ricinusdagomba.com/rq5ocjsMrq2/49122
IP 23.109.248.177:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
GET /rq5ocjsMrq2/49122 HTTP/1.1
Host: za.ricinusdagomba.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 22 Oct 2022 07:57:49 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dramacool.sr
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
Set-Cookie: GL_UI4=eJw9jUtOwzAYhPMOVUnESDkAR2gi0rRLNqy4Q%2BTYf4Jp4r9y3Ae3xyDBbh6fZoIgiKoS4TWLEV9Ei%2BejGru9pJrkoW6a%2BuXQyLEdRDfWqunqdoeNXnsnhplcgseJDFkte8mKCjz56i85Gb6ZBOlghVEF0sUTc4F8sHxbyVYxEiMWQv6mLY1894T4ZIvouPdSGy%2FDHSJeq7jcIH3X5nIvt1lQFlmA7XkWbmS79Fp5m05WKEL4igcpHE1sv5ArWk%2BOzwDPqv%2Fnfz%2FT%2BWcNmaKrlt6y%2ByD7DTb9Sx8%3D; expires=Sun, 23-Oct-2022 07:57:49 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjMFqg0AURXXSTCOK5UI%2FID9Qk7R2kW3TZdGFHzBY8xIGzDxxJm0mX181ULK5HA6cGwSBeE4hdIdku8m26yx%2FzTbvOWZHYoiiRNLw2bjeK1OfCLLg%2Frf2kD0dNRuI9RviG6uG94R5Ub7cuSmKS9vycjf%2BeDw0etxRIRr51j0O3eRm2nZIP1p9WVbcnt3wYhEZcsp2RHtEu%2Fq7pdVn9YX0304fMsRCW9X1fPEDPzl9oisbUnw4WHJSIPyR4g8Mt0dW; expires=Sun, 23-Oct-2022 07:57:49 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
grunoaph.net/tag.min.js
139.45.197.238200 OK 26 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (12453), with no line terminators
Hash 6a22718813bc6f300b627c222205bb47
18b57998c2967f167e47a0b09eb8f5f02abc9869
a69dc0f17f81df59e6d23c8aff27c0cf5ea1079642533ecfc0c58d7dec2038c2
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: grunoaph.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:49 GMT
content-type: text/javascript; charset=utf-8
content-length: 22986
content-encoding: br
x-trace-id: a13ac8bfab0e5a2ec99f9ecc5e440a14
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Thu, 20 Oct 2022 13:16:57 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
biggboss16.de/wp-content/uploads/2022/09/player.png
104.21.58.138200 OK 13 kB URL HTTP/2 biggboss16.de/wp-content/uploads/2022/09/player.png
IP 104.21.58.138:0
File type PNG image data, 903 x 508, 8-bit/color RGBA, non-interlaced\012- data
Hash 717ae10433c166525629fa95f7f8ec48
3d4adbfb57ff6f651f132b81da1d05b088ecc365
179f4d7161a63c46820ffd0f3c4c37e3b334774088ebe094a4828ae6da47ff26
GET /wp-content/uploads/2022/09/player.png HTTP/1.1
Host: biggboss16.de
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:49 GMT
content-type: image/png
content-length: 13184
last-modified: Thu, 29 Sep 2022 12:08:09 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3593
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PxZbmC1lSfUhdHCq7KCdz35I6Ax7aAYLYO61hU232FlV5k7IeayxRCzFPINgKlYnxr0pKLcLNI2e0p5N4ZAQVLGdkqcu1LqDUn9THCHxT%2BV5coeJYzik2HL%2B%2ByPqKqLh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e0af32ce93fac8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f47cc320695635b544a761f72f3afc6f
b7cee764dcb0a625e0f8e0b4a4fce04548a1bf76
78608be3d0d6aaaf0364aed316b8676ab28d23c9b6a8ac6c147cf5d16e5cc283
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5799
Cache-Control: max-age=92737
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Etag: "63525317-1d7"
Expires: Sun, 23 Oct 2022 09:43:26 GMT
Last-Modified: Fri, 21 Oct 2022 08:06:47 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b5d6a1371b505e1db8000bbe95f7f389
7bc2d0d6b8760893d38da4c7edd55a7621a16937
6a98680d3bbaac5ad475ccb1357f70937a3e36a1e37f3c152e6c228c2b249291
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6A98680D3BBAAC5AD475CCB1357F70937A3E36A1E37F3C152E6C228C2B249291"
Last-Modified: Fri, 21 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20935
Expires: Sat, 22 Oct 2022 13:46:44 GMT
Date: Sat, 22 Oct 2022 07:57:49 GMT
Connection: keep-alive
dramacool-ukph88jvsw.disqus.com/count.js
151.101.84.134200 OK 871 B URL HTTP/1.1 dramacool-ukph88jvsw.disqus.com/count.js
IP 151.101.84.134:0
File type ASCII text, with very long lines (528)
Hash a487039f9b553cb4f6928743872234e9
b3d835075d1983a8c2fe716285d173fcc3708f9c
364f622ba24e063adcee84f132da53c6e6071745f04a00d10937663deb24b822
GET /count.js HTTP/1.1
Host: dramacool-ukph88jvsw.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 871
Content-Type: application/javascript; charset=utf-8
Server: nginx
Last-Modified: Fri, 21 Oct 2022 17:23:59 GMT
ETag: "6352d5af-367"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Pop: DFW3-C1
X-Amz-Cf-Id: 3kAtWxhH-mwtnq3i_w6dAauqYy59e8_YczAkRYXhxosArFbZdRGdmg==
Cache-Control: public, max-age=300
Date: Sat, 22 Oct 2022 07:57:49 GMT
Age: 154
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 06210a4a9db522652fd6aabfa05b2653
630b4ef71ec82a3970927a328d279035eaaa1267
5100e1703020fdef7d473c91e1c88dfb734083057f431feeefaaa24838990a21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 06210a4a9db522652fd6aabfa05b2653
630b4ef71ec82a3970927a328d279035eaaa1267
5100e1703020fdef7d473c91e1c88dfb734083057f431feeefaaa24838990a21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 06210a4a9db522652fd6aabfa05b2653
630b4ef71ec82a3970927a328d279035eaaa1267
5100e1703020fdef7d473c91e1c88dfb734083057f431feeefaaa24838990a21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8153444726766124
142.250.74.34200 OK 55 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8153444726766124
IP 142.250.74.34:0
File type ASCII text, with very long lines (2776)
Hash cd4dcfc53cabdb15355a3133af9fa609
30e767bfe8bdf1b90556663439d3f3298f7debfc
533a7fa431653fbf515d2e5183eae9271005d2bac57d7ad0a3fae902fd8214e6
GET /pagead/js/adsbygoogle.js?client=ca-pub-8153444726766124 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 22 Oct 2022 07:57:49 GMT
expires: Sat, 22 Oct 2022 07:57:49 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 1710357470626077908
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 55285
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d9639d05cede1912efa49fc43d61f10
f14fcfe1b0fcd43dee9ab83ab8fef34b6890a795
791a6571b18816611851b2a29a6b4d8fe5f8350068469cbb65e8d93082e026aa
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "791A6571B18816611851B2A29A6B4D8FE5F8350068469CBB65E8D93082E026AA"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11981
Expires: Sat, 22 Oct 2022 11:17:31 GMT
Date: Sat, 22 Oct 2022 07:57:50 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 06210a4a9db522652fd6aabfa05b2653
630b4ef71ec82a3970927a328d279035eaaa1267
5100e1703020fdef7d473c91e1c88dfb734083057f431feeefaaa24838990a21
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
dramacool-ukph88jvsw.disqus.com/count-data.js?2=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta
151.101.84.134200 OK 301 B URL HTTP/1.1 dramacool-ukph88jvsw.disqus.com/count-data.js?2=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta
IP 151.101.84.134:0
Hash c72a73017708358022ffb1658ce3dad1
30c41b4a8199d2a1d6e7b7300be630a2e6d2c502
694a40469ee99e2d4bdab6eaf5269e57962a71afe56cbe69a7be1f889d241d58
GET /count-data.js?2=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta HTTP/1.1
Host: dramacool-ukph88jvsw.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 301
Server: nginx
Content-Type: application/javascript; charset=UTF-8
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=600
Date: Sat, 22 Oct 2022 07:57:50 GMT
Age: 3547
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
push.services.mozilla.com/
54.148.77.40101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.77.40:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Qakm1Hxf600fI7kMHZ+4ww==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: BzBEtwGt6wcv4w6qjPxf17OLUGA=
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 22 Oct 2022 06:41:09 GMT
expires: Sat, 22 Oct 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 4601
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/tag/js/gpt.js
216.58.207.194200 OK 27 kB URL HTTP/2 securepubads.g.doubleclick.net/tag/js/gpt.js
IP 216.58.207.194:0
File type ASCII text, with very long lines (45029)
Hash 0957fba339c8191addc6a24b6f211a30
19ea25e4746f58f109583da0685993837ca80064
bd247c1788ac1349da83aae1d934d1772d0b5d828f40a701921c00c7078e5644
GET /tag/js/gpt.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 27350
date: Sat, 22 Oct 2022 07:57:50 GMT
expires: Sat, 22 Oct 2022 07:57:50 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1371 / 530 of 1000 / last-modified: 1666390088"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d8ad2cc67fe4edf14ed9497ee349419b
b11f1d3df0e57e5967f39f8dfeb97af5138edd5f
b459e908234aaa71dd46eafb74920476176f9f8136fc2df0cdd7eecb744d35c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=dramacool.sr
142.250.74.66200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=dramacool.sr
IP 142.250.74.66:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=dramacool.sr HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 07:57:50 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=dramacool.sr
142.250.74.130200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=dramacool.sr
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=dramacool.sr HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 07:57:50 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash d8ad2cc67fe4edf14ed9497ee349419b
b11f1d3df0e57e5967f39f8dfeb97af5138edd5f
b459e908234aaa71dd46eafb74920476176f9f8136fc2df0cdd7eecb744d35c6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1b0cd7fce51616614b5ebb265d02c2f7
6748d7df7c347bbe06afb2155fff3bbc8bf50eb0
d41beb047830bdacb772b75123c39906db8edcd49fdc8c9a00258a2556efd1c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ce0cf92bd2e2301bc4afdcff4f277661
ede10a09567c052a04b01362f6e70802afd10920
9d6c05642f88f86f03a8cfccf19dc8a21e05bd7ad2d17718b8134dc9f005af3a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9D6C05642F88F86F03A8CFCCF19DC8A21E05BD7AD2D17718B8134DC9F005AF3A"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8611
Expires: Sat, 22 Oct 2022 10:21:21 GMT
Date: Sat, 22 Oct 2022 07:57:50 GMT
Connection: keep-alive
dembed2.com/streaming.php?id=MzQ3MjE3&title=Little+Women+%282022%29+episode+6&typesub=SUB
104.26.15.20200 OK 26 kB URL HTTP/2 dembed2.com/streaming.php?id=MzQ3MjE3&title=Little+Women+%282022%29+episode+6&typesub=SUB
IP 104.26.15.20:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (54774)
Hash b70f0fe6e1d2fc14807a03dbe4deab39
1d7e5a47257b699643c808e2f12ab4e8b4d61b10
233ea040a9305957e0ea5fb5442076bc0e613d9667dd8633f6d1b9195e4cffdf
GET /streaming.php?id=MzQ3MjE3&title=Little+Women+%282022%29+episode+6&typesub=SUB HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KmIIhEICHZr5UU2BGRWN5WUNgeeNpdrunxxmcqzT%2BHUDpKs4OSilgcKuRILldNTQjFgCS6Z3krB0eBH9LMRjIV%2FwLxBI3IlPKXrl2MGwp2nUc2OL5rwoXT8%2FEsUt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af3418f8b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ce0cf92bd2e2301bc4afdcff4f277661
ede10a09567c052a04b01362f6e70802afd10920
9d6c05642f88f86f03a8cfccf19dc8a21e05bd7ad2d17718b8134dc9f005af3a
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "9D6C05642F88F86F03A8CFCCF19DC8A21E05BD7AD2D17718B8134DC9F005AF3A"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8611
Expires: Sat, 22 Oct 2022 10:21:21 GMT
Date: Sat, 22 Oct 2022 07:57:50 GMT
Connection: keep-alive
api.movcloud.net/v1/count/drama/en/episode/347217
172.67.210.209200 OK 0 B URL HTTP/2 api.movcloud.net/v1/count/drama/en/episode/347217
IP 172.67.210.209:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/count/drama/en/episode/347217 HTTP/1.1
Host: api.movcloud.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: text/javascript; charset=utf-8
content-length: 0
x-dns-prefetch-control: off
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FEZfTbxkz2J42RVZIfCXRD9nS3o3%2BaYByZo3hC5xXdaPqbG0wKYbsUL2UoNbuw8%2Fa10v%2B5B3DxuS0rbZeYcCkOPXThVGpF2fkskMJOM47dg%2B4LIMBnSD1nHsRuLb3bGUnprX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af36ecc4b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash da8807c6af2451da0a685a3c68d63077
a543920204460eb88c588cd077b36a88ff735cef
bb0321415e69692b18380a0c6bd30c8cabf8b5756fedc4c021ce92524988ccc9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2268448cd5973acbdb51c0fdbe0057fa
c58b74392583af752c58cbfe2aed591b166b7539
0ac99d9229c747cd1ac0c395b9c2feb48e68a198fba14954d3ea4e8abb9c0d6e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0AC99D9229C747CD1AC0C395B9C2FEB48E68A198FBA14954D3EA4E8ABB9C0D6E"
Last-Modified: Fri, 21 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9198
Expires: Sat, 22 Oct 2022 10:31:08 GMT
Date: Sat, 22 Oct 2022 07:57:50 GMT
Connection: keep-alive
partner.googleadservices.com/gampad/cookie.js?domain=dramacool.sr&callback=_gfp_s_&client=ca-pub-8153444726766124&gpid_exp=1
172.217.21.162200 OK 251 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=dramacool.sr&callback=_gfp_s_&client=ca-pub-8153444726766124&gpid_exp=1
IP 172.217.21.162:0
File type ASCII text, with very long lines (391), with no line terminators
Hash dca25f5db23ad9c262ff6ce284af5d82
70749e54b972465236f0d525ad844656f8e4098d
51fb7d37ca9a03e029278d56a7325aa370f11607348897d564e85c32f267b661
GET /gampad/cookie.js?domain=dramacool.sr&callback=_gfp_s_&client=ca-pub-8153444726766124&gpid_exp=1 HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 07:57:50 GMT
server: cafe
cache-control: private
content-length: 251
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash da8807c6af2451da0a685a3c68d63077
a543920204460eb88c588cd077b36a88ff735cef
bb0321415e69692b18380a0c6bd30c8cabf8b5756fedc4c021ce92524988ccc9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-K66MQMMZ99>m=2oeaj0&_p=1178280880&cid=1424741494.1666425484&ul=en-us&sr=1280x1024&_s=1&sid=1666425484&sct=1&seg=0&dl=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&dt=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-K66MQMMZ99>m=2oeaj0&_p=1178280880&cid=1424741494.1666425484&ul=en-us&sr=1280x1024&_s=1&sid=1666425484&sct=1&seg=0&dl=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&dt=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-K66MQMMZ99>m=2oeaj0&_p=1178280880&cid=1424741494.1666425484&ul=en-us&sr=1280x1024&_s=1&sid=1666425484&sct=1&seg=0&dl=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&dt=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://dramacool.sr
date: Sat, 22 Oct 2022 07:57:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=0e14fc0b86d1419fae98ffc16301f176
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=0e14fc0b86d1419fae98ffc16301f176
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 9b8e0189a9c286bc90eff0c9ffb4948c
91e6730c265f31d47de9465e4c9a0eada1fc6ea2
8e7cb567236847a026d3fb55c6d255cc87d7cfe3824863ce035caf9058c26867
GET /gid.js?userId=0e14fc0b86d1419fae98ffc16301f176 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dramacool.sr
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0e14fc0b86d1419fae98ffc16301f176; expires=Sun, 22 Oct 2023 07:57:51 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
dembed2.com/video/img/bg/icon.png
104.26.15.20200 OK 20 kB URL HTTP/2 dembed2.com/video/img/bg/icon.png
IP 104.26.15.20:0
File type PNG image data, 29 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash f7073693ae0abee71dcbe6b4683d15a0
1f6ee14fc2bfe7184568aac31ef9d247b6ffbdde
43e1a200a6912f591d8e5a05adbe01193487924bda0efaa94d8cf29ecb302609
GET /video/img/bg/icon.png HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: image/png
content-length: 19864
last-modified: Wed, 27 Mar 2019 09:55:49 GMT
etag: "5c9b48a5-4d98"
expires: Wed, 16 Nov 2022 06:24:36 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 437595
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K9jTMi%2BNBHKx1dDWiu2vXW0T6jm2NBpwV7y%2BYqzIW%2FMuTzTuYTlTYR%2FC28JQG9BL6oKgEIhMwGTZXloU9p1VFC0DmdvV9cbWsC9clqArzs30OsgPiK4dAiH%2FtVcm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e0af3dcb92b4f1-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0438c62aa51847d76f31e25352249e6a
917a3fe21ccf7dddf403e09e2f95e80c901b76db
d172c5406d17a81159b68222847bd911eec54f715cd5ddb40bcde478471a9e99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D172C5406D17A81159B68222847BD911EEC54F715CD5DDB40BCDE478471A9E99"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7656
Expires: Sat, 22 Oct 2022 10:05:27 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
pocli.click/pub?id=53
172.67.217.216200 OK 22 kB IP 172.67.217.216:0
File type ASCII text, with very long lines (58086), with no line terminators
Hash f7dec928e5b3bebf833b9a6bf22c6f3e
a646cc8b61f6eb2c240079923c59c7ba0e4fff51
418bc5374b17a27bb62e1c779f0b457b896f6c044d1b4a7dad3717715a2177ad
GET /pub?id=53 HTTP/1.1
Host: pocli.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: text/javascript;charset=UTF-8
cf-bgj: minify
cf-polished: origSize=58087
vary: Accept-Encoding
cache-control: max-age=120
cf-cache-status: HIT
age: 7019
last-modified: Sat, 22 Oct 2022 06:00:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Prth6CP0PzuEhwxWreojHPjQkmIs2hLHm%2BRJivEfJUy6SyU9LpGHcMurTI69SH4GM3wKxxOKe6inAFBnv1irka1MenyZcLd86phzQNUgGN0FwNoQq%2F8GVMwkkhh4wg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af37193cb4e8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7689
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7689
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7689
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 56aa4d33e288d7ec3acf3ac1a61ef7f9
ac2e2f3609cc604dde554e37471567c042bf8191
544823f794ac3e837c81449d896a9dcbe94f4d59a13e293d84b5af44531141d0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "544823F794AC3E837C81449D896A9DCBE94F4D59A13E293D84B5AF44531141D0"
Last-Modified: Wed, 19 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7689
Expires: Sat, 22 Oct 2022 10:06:00 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
ledrapti.net/5/5256424
139.45.197.238200 OK 23 kB IP 139.45.197.238:0
Hash cd38854b7e82a8256ffc5547d8f27a8d
8c0d74c5c35498e87e66bd8b019cdccb1617e445
f10f14daa0ed406ae89aa23ebdc4bf526e8819334627d7a8e7e9f2163be717d6
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5256424 HTTP/1.1
Host: ledrapti.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: application/javascript
x-trace-id: 8b85c3da04c738a70eadf742889e36a8
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=2aa280045f8648b29dd812e3b417af65; expires=Sun, 22 Oct 2023 07:57:50 GMT; path=/; secure; SameSite=None
oaidts=1666425470; expires=Sun, 22 Oct 2023 07:57:50 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f4fb0f4c9ac5a88678baf456107f5341
f6c54dbdfad7e243fe38c03f004c4c79f96b2892
b2fc6c453d7ed610521fcf34d7736a20191d86b485fd57236d2d2c4849cbb8d9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb5f34cfb-1029-497a-8d09-65db888e6f11.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7821
x-amzn-requestid: b3b72561-80fd-4b73-862c-ad070f135634
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-LzEkrIAMFmrQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b1-73f427947c17f35667c0b443;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: LMoH9qNuDmuriAWS_UIw4XHAUcnNhvxI48pB39I68aypUxeorSft0A==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
etag: "f6c54dbdfad7e243fe38c03f004c4c79f96b2892"
content-type: image/jpeg
age: 35839
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
dembed2.com/js/player.min.js?v=10.1.19
104.26.15.20200 OK 101 kB URL HTTP/2 dembed2.com/js/player.min.js?v=10.1.19
IP 104.26.15.20:0
File type ASCII text, with very long lines (58389)
Size 101 kB (101153 bytes)
Hash 6972e9bffcf3f36114ab4dc6aca2ace9
77cf844310ad808e5e2b88a182fa34dafc11dcc2
5e63c3818588069fe1ce02d6dc29c2049b48c0319031836f62aba2909a926f8a
GET /js/player.min.js?v=10.1.19 HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Fri, 14 Oct 2022 03:48:24 GMT
etag: W/"6348dc08-31dc1"
expires: Wed, 16 Nov 2022 06:24:35 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 437595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAa7f62wQeYNHzuWvhLYNMzPr85AdOUCA5j3E5yeKdgcqA4zq3%2FKH0KyxM9pihV%2BFxPEc6Eq5usptCkukniZ%2B5ClJUYYo6QBA%2BNLX48Mlg1UGkF66lXXKK1Kq48A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af36bc14b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5ef386b42bd6b9efb747cfeb3d64fb7a
db63f62383d513348c1ef231ea4fb58d7e1e044e
988cb73f0fef893d2d65a66fad0b171350102f4496fa5ba22e415d5929373d0f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63f136cc-8688-48a8-a173-5f57e08e25bb.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10684
x-amzn-requestid: 643c8e7b-15e9-4241-8ba1-e3f4a4592373
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-okE7AoAMFjDQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-705159c619bc23880acd4d42;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Npq_KhYynsGPhwdVvIa_JeWi13m74Qgm7vw5GyWDydH7tzON7p0MYA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 35839
etag: "db63f62383d513348c1ef231ea4fb58d7e1e044e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd19113d-c1df-4109-b7c9-1d4ed544d9d8.jpeg
34.120.237.76200 OK 8.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd19113d-c1df-4109-b7c9-1d4ed544d9d8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 97e9c05ece38dedeaa752c612029c78d
715f72710799f828e2c06932c33919d8f23844f5
29408c0bd34660a836f59a7abb61c7c2b1f864b31194787ddf4d178314184b96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd19113d-c1df-4109-b7c9-1d4ed544d9d8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8639
x-amzn-requestid: e598ff88-e152-4b9e-af16-aa30dcf452a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-m5HlMoAMFvjQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6353115f-7f17a59522afc40e64ac216d;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:39 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: b760bBSu62p--j9lUv-AHR8xZKOPskf1LmXb-lJ_DSiM8k_usKOmwA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:25 GMT
age: 35846
etag: "715f72710799f828e2c06932c33919d8f23844f5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 616e14aee034bbf77c3b74b3ea53961b
ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c
0ae716474e2837c90c658d635fb9db2c8d4cdb7bf025b8e4e9e802e3ff56b0c3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd771af0d-55ee-450f-bbb3-a9e419e74a51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7372
x-amzn-requestid: 080f5f7f-51a8-4ef5-9acc-0c7f7f64defb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-ojEg2IAMFjPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63531169-5106c8af6e77450c33a0c899;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:38:49 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: -R91mOdVOCkUp-5vOpEyQactO7SrjtbYwxTsvbR1LP6fBlFZFDTP5A==
via: 1.1 2e20768704c71ff3ce2e677251d27f3c.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
age: 35839
etag: "ebf69c1ff6dc9450f33aef5dc2403d4df17a4c2c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63520430-d90d-4f99-ad29-214d03cc1525.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63520430-d90d-4f99-ad29-214d03cc1525.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cd562cc3980d93423b625d59deea0f95
5c8646f62e19f78579fca8473edcc4e5de0e161f
b77d018b77f627e99ae6d6d2eac6c56d92499779abdbb85da3045ccb8df5211e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F63520430-d90d-4f99-ad29-214d03cc1525.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6801
x-amzn-requestid: 668e33b2-d3e8-46c6-acae-b99777f605d7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aX-M6HOBIAMFyNQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635310b8-2b4e95e24c0dd2f33f8a2dc7;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 21:35:52 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: jX845xtiDprfbqEMYNg-ELNuGkXnqAsXxoL68DxaK6gygdCR9Tj9_w==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Fri, 21 Oct 2022 22:00:32 GMT
etag: "5c8646f62e19f78579fca8473edcc4e5de0e161f"
content-type: image/jpeg
age: 35839
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c0aefb95f776864f6fe60986d630e633
f238647edd7b4ac925effadc51deef314f931b08
aee57229fcb8513c2645e2d7c6b24f81ba22a9ae384db1362f3c63dbef539622
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5232
Cache-Control: max-age=89302
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:51 GMT
Etag: "635247e5-117"
Expires: Sun, 23 Oct 2022 08:46:13 GMT
Last-Modified: Fri, 21 Oct 2022 07:19:01 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
dembed2.com/streaming.php?id=MzQ3MjE3&title=Little+Women+%282022%29+episode+6&typesub=SUB
104.26.15.20200 OK 0 B URL HTTP/2 dembed2.com/streaming.php?id=MzQ3MjE3&title=Little+Women+%282022%29+episode+6&typesub=SUB
IP 104.26.15.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /streaming.php?id=MzQ3MjE3&title=Little+Women+%282022%29+episode+6&typesub=SUB HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2vEJpYCfRn7LoKH0u%2Fnw0bKNgb1tRLcD9PAyuymVP9DPAR7y2nNKW1lLciCr6Tx6u%2F%2B9OtzYUmNR14t2kKIaCr9dnE9%2FbX2hJdRYPXP%2BXT18OcFxcs2oIIhqStvX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af3d7b15b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1e75ff2f9d70bcc9a8749d7b6d9d39c5
6ad563172158aef194745459664d867677174f3d
65051297a2f132b3b64bd131df1e1cbceea6eb2d9252db6fb71d03b584c9cc86
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65051297A2F132B3B64BD131DF1E1CBCEEA6EB2D9252DB6FB71D03B584C9CC86"
Last-Modified: Fri, 21 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8222
Expires: Sat, 22 Oct 2022 10:14:53 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9548c9753766c064281382773a5bb5fb
9fd0ffcca2333027d6b127080ab97d6fb8d06712
2195932a1137889394b79e3acf2a6cf8d0a0711d5fe1d487d483453a2b1dfbad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 794a6d2df00fc15e8b4ed6ff4992525e
f8d67c7fd506709d7232298859fe2b3daf374f29
02d38690754b5d99178d576fe6df6c1ca881a2bbd806a75c633c371fac0221da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 9548c9753766c064281382773a5bb5fb
9fd0ffcca2333027d6b127080ab97d6fb8d06712
2195932a1137889394b79e3acf2a6cf8d0a0711d5fe1d487d483453a2b1dfbad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js
142.250.74.33200 OK 7.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1501)
Hash 918896f2228425540a85b9a11b788c5c
422c286ef76bc1196921dd7f2b59d961654aefea
8552705788eeff8c59f6aad7f7ad5003127a628fe16464ef0070b86ee9981744
GET /pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 7569
x-xss-protection: 0
date: Fri, 21 Oct 2022 18:36:30 GMT
expires: Fri, 04 Nov 2022 18:36:30 GMT
cache-control: public, max-age=1209600
age: 48081
etag: 4237063375490391177
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/abg_lite_fy2021.js
142.250.74.33200 OK 9.6 kB URL HTTP/2 tpc.googlesyndication.com/pagead/js/r20221019/r20110914/abg_lite_fy2021.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1631)
Hash d5da7be99728c9aa968df635d13f08a5
2bfb1d759b9173b1d75746c0ead2fa6d9a41af94
f2852df148e8717747899d7d5a3620fb0522614d89802b17e8fca3b31b4c7e80
GET /pagead/js/r20221019/r20110914/abg_lite_fy2021.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 9571
x-xss-protection: 0
date: Fri, 21 Oct 2022 18:41:45 GMT
expires: Fri, 04 Nov 2022 18:41:45 GMT
cache-control: public, max-age=1209600
age: 47766
etag: 15799940544776262544
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash c0aefb95f776864f6fe60986d630e633
f238647edd7b4ac925effadc51deef314f931b08
aee57229fcb8513c2645e2d7c6b24f81ba22a9ae384db1362f3c63dbef539622
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5232
Cache-Control: max-age=89302
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:51 GMT
Etag: "635247e5-117"
Expires: Sun, 23 Oct 2022 08:46:13 GMT
Last-Modified: Fri, 21 Oct 2022 07:19:01 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
delivery.taroads.com/creative
104.21.27.251200 OK 1.1 kB URL HTTP/2 delivery.taroads.com/creative
IP 104.21.27.251:0
File type JSON data\012- , ASCII text, with very long lines (1191)
Hash cc24e991011266e439da0e5f80bb00d1
ec7433d9eb2bb3d075784654b0a503f45c29fe52
d8fbf3f11aaace1d069d6a6c896976dc417c28526e6c64c59aad14c1cc945709
POST /creative HTTP/1.1
Host: delivery.taroads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Origin: https://dembed2.com
Content-Length: 195
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: application/json
vary: Accept-Encoding, Origin
set-cookie: ___tasd=e33,; Path=/; Expires=Sat, 22-Oct-22 13:57:51 GMT; SameSite=None; Secure
access-control-allow-origin: https://dembed2.com
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEdfH45hWiVT2FvRVD9g6ZrilrWlu8iKsESneGfXBC%2FO9ScAKO%2F3%2FZ2ffJNVmWt827idkp7sLvTd%2FMnjVrBJD8AjmpghfbpdmPX8H75ci3BOfJyCXMzBRsNsNFyu%2BulZqOR5Oy8e6A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af3e7db2b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14152923843179563484/index.html
142.250.74.33200 OK 4.7 kB URL HTTP/2 tpc.googlesyndication.com/sadbundle/$csp%3Der3$/14152923843179563484/index.html
IP 142.250.74.33:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (14748), with no line terminators
Hash 3d522f67249f2f548f1424109b8204e4
e286c6d7894884555795b12d5869c09b4a67f674
9ec528a7fc4ba14e4d0e99e1fac3923fe841b4b5fa7b9d3a1199da442b18fa44
GET /sadbundle/$csp%3Der3$/14152923843179563484/index.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 4684
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 22:02:43 GMT
expires: Thu, 19 Oct 2023 22:02:43 GMT
cache-control: public, max-age=31536000
age: 208508
last-modified: Thu, 15 Sep 2022 11:33:49 GMT
content-type: text/html
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 794a6d2df00fc15e8b4ed6ff4992525e
f8d67c7fd506709d7232298859fe2b3daf374f29
02d38690754b5d99178d576fe6df6c1ca881a2bbd806a75c633c371fac0221da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:51 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
delivery.taroads.com/openrtb
104.21.27.251204 No Content 0 B URL HTTP/2 delivery.taroads.com/openrtb
IP 104.21.27.251:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /openrtb HTTP/1.1
Host: delivery.taroads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Origin: https://dembed2.com
Content-Length: 195
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sat, 22 Oct 2022 07:57:51 GMT
access-control-allow-origin: https://dembed2.com
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
vary: Origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BUahGLOFLlvizT5CKY47dRvGVNXd1%2BAn5ULsDVBw1cgucB2i7cmNKFb%2B3Jqwao%2BRRY0KaUVGl6%2FTmQswBDFkadF3bPhPWMz0eHE7BSPONfY%2FU7P7X%2BdF%2BJolmB5q0L4CUgc2z%2FuJ9w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af3e8db7b4ed-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 04419d242d5466e338e49b39b2ce6128
2bc3e18ec61be28acf65956b90a55bf8681da808
fe93060ff27574a7c4549645fb78b290e9f7456cb576794ed6020f893f990162
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FE93060FF27574A7C4549645FB78B290E9F7456CB576794ED6020F893F990162"
Last-Modified: Fri, 21 Oct 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9702
Expires: Sat, 22 Oct 2022 10:39:33 GMT
Date: Sat, 22 Oct 2022 07:57:51 GMT
Connection: keep-alive
cdn.itskiddien.club/apu.php?zoneid=4717013
139.45.197.236200 OK 968 B URL HTTP/2 cdn.itskiddien.club/apu.php?zoneid=4717013
IP 139.45.197.236:0
File type ASCII text, with very long lines (801)
Hash edeeba569495e64dea894464e90ec6c3
b569cf1f18915ad09d41ad68b612640cf612b949
6086ab9b2ab0d1ea6c5f72709a02493c747c31455582abba65c14dedee72723b
GET /apu.php?zoneid=4717013 HTTP/1.1
Host: cdn.itskiddien.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:52 GMT
content-type: application/javascript
content-length: 968
x-trace-id: 3add33cd787cf074eff82a94d55b3bf6
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=20a15786b10c4cebbbb74ea85f8a4ce4; expires=Sun, 22 Oct 2023 07:57:52 GMT; path=/; secure; SameSite=None
oaidts=1666425472; expires=Sun, 22 Oct 2023 07:57:52 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 1.2 kB IP 142.250.74.35:0
File type gzip compressed data, max compression\012- data
Hash 96d1c178a15d0074bdf8220414a75477
deb2a83c3fe0f1522ba546ac4fc038daa78efabc
975957b8b95bab15f792ba96132832d9d1d906965b45e1a547fc6fb7b73cf90f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/mysidia/6d06f43d9219529f87f676616f1c0e3b.js?tag=mysidia_one_click_handler_one_afma_2019
142.250.74.163200 OK 14 kB URL HTTP/2 www.gstatic.com/mysidia/6d06f43d9219529f87f676616f1c0e3b.js?tag=mysidia_one_click_handler_one_afma_2019
IP 142.250.74.163:0
File type ASCII text, with very long lines (1792)
Hash f7c33c139d255d6850230e6a245e9cc5
b7eaff0223cf8ac35a29302cc669f670a3d6d2d8
00814d5928eb44505d367be09571e6901f164bfd5794fd24b01861ee0d5809f7
GET /mysidia/6d06f43d9219529f87f676616f1c0e3b.js?tag=mysidia_one_click_handler_one_afma_2019 HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="mysidia"
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-length: 13940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 03:08:17 GMT
expires: Fri, 20 Jan 2023 03:08:17 GMT
cache-control: public, max-age=7776000
last-modified: Thu, 20 Oct 2022 17:30:44 GMT
content-type: text/javascript
age: 17375
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 78f2476e0e57d3c337ba3e29aafe7c32
8ca483064a69de5aef97b32126cb95c13dbd33c4
33459d0c1860c80ee0159e476727a4fb0e704de2c71ad01fdd5761702f90a0c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 60fcf0b588f9927fde2759de6b3e3fed
f564b9ea498a878638fa3a374bf6fdfe468559ad
ae3eb07b4b347d54014f24971dafb4dccbc009c397caec6a78403e92e65f3cbc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
142.250.74.70200 OK 24 kB URL HTTP/2 s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
IP 142.250.74.70:0
File type ASCII text, with very long lines (60805)
Hash 8bb0a6e91cbcf4aca9c691e9225b34a8
83d921cf6e8334253aded6cd30ffb5781cf3c0cb
06df011163bc2147a0b8dbf5d412f24bfe7ebaaa1654a2d4ac2c68cc71373ddd
GET /ads/studio/cached_libs/gsap_3.5.1_min.js HTTP/1.1
Host: s0.2mdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 24155
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 07:57:52 GMT
expires: Sat, 22 Oct 2022 07:57:52 GMT
cache-control: public, max-age=0
age: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 09f1d552877c07059a3c8debf4187f12
5832bc57522a3fda9a0fec7288076db87d4560c5
de8ad3e1d71f1e4f709bed37590b5e0cdb520db9a246e57d212036af8cfc0f18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/drt/ui
142.250.74.164302 Found 0 B URL HTTP/2 www.google.com/pagead/drt/ui
IP 142.250.74.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/drt/ui HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 22 Oct 2022 07:57:52 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 78f2476e0e57d3c337ba3e29aafe7c32
8ca483064a69de5aef97b32126cb95c13dbd33c4
33459d0c1860c80ee0159e476727a4fb0e704de2c71ad01fdd5761702f90a0c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 22 Oct 2022 07:57:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:21 GMT
expires: Thu, 19 Oct 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 217411
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 217424
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 217424
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
216.58.207.195200 OK 48 kB URL HTTP/2 fonts.gstatic.com/s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 47728, version 1.0\012- data
Hash b1581ddd77372ceb06eb14adfd1bea07
1a3b0fc96fa73b808aa1f91f122a3c9bdcf93ee8
97e82d8eac8d106b28abf1b716982c40c06fffe49cc2f34cd1c299266745ef73
GET /s/worksans/v18/QGYsz_wNahGAdqQ43Rh_fKDp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: null
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47728
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 18 Oct 2022 19:22:36 GMT
expires: Wed, 18 Oct 2023 19:22:36 GMT
cache-control: public, max-age=31536000
age: 304516
last-modified: Tue, 23 Aug 2022 17:55:22 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dramacool-ukph88jvsw.disqus.com/count.js?
151.101.84.134200 OK 871 B URL HTTP/1.1 dramacool-ukph88jvsw.disqus.com/count.js?
IP 151.101.84.134:0
File type ASCII text, with very long lines (528)
Hash a487039f9b553cb4f6928743872234e9
b3d835075d1983a8c2fe716285d173fcc3708f9c
364f622ba24e063adcee84f132da53c6e6071745f04a00d10937663deb24b822
GET /count.js? HTTP/1.1
Host: dramacool-ukph88jvsw.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 871
Content-Type: application/javascript; charset=utf-8
Server: nginx
Last-Modified: Fri, 21 Oct 2022 17:23:59 GMT
ETag: "6352d5af-367"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Amz-Cf-Pop: DFW3-C1
X-Amz-Cf-Id: 3kAtWxhH-mwtnq3i_w6dAauqYy59e8_YczAkRYXhxosArFbZdRGdmg==
Cache-Control: public, max-age=300
Date: Sat, 22 Oct 2022 07:57:52 GMT
Age: 157
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0c041832970c63da32155c9d3092d14a
c3b88b6d9568ef5b227eef19636b225e2dfad5d1
b0acbf23ee8ca27a0c01d270706f89c8467fca1eac3b8a90df29a2befdb22b33
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 07:57:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 13:33:19 GMT
Expires: Fri, 28 Oct 2022 13:33:18 GMT
Etag: "c3b88b6d9568ef5b227eef19636b225e2dfad5d1"
Cache-Control: max-age=537925,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e0af429eea0b3d-OSL
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221019&st=env
142.250.74.34200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221019&st=env
IP 142.250.74.34:0
File type JSON data\012- , ASCII text, with very long lines (14717), with no line terminators
Hash 1271e80562e580ab656adc214d64a36a
e527e7487d88b517e3c841c38f5b0146cf1d491a
1037f5c72d302979b97cb6bab8f424626d1c79e68f02c5b9f2d1d5c48fd0b04d
GET /getconfig/sodar?sv=200&tid=gda&tv=r20221019&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 22 Oct 2022 07:57:52 GMT
server: cafe
cache-control: private
content-length: 11171
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 968
Origin: https://dembed2.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Sat, 22 Oct 2022 07:57:52 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://dembed2.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 882bd6bed1136169cb6febd8a8fa9a7c
46640ffb93c5cba3e255cb1ac872628b99789749
55e422aecd456a0f0d4a432028a725da3bd07088972d93736395ebf6254d26fb
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 07:57:52 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 05:29:14 GMT
Expires: Sat, 29 Oct 2022 05:29:13 GMT
Etag: "46640ffb93c5cba3e255cb1ac872628b99789749"
Cache-Control: max-age=595280,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e0af41eae71bfa-OSL
nanouwho.com/9?z=4408721&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdembed2.com%2Fstreaming.php%3Fid%3DMzQ3MjE3%26title%3DLittle%2BWomen%2B%25282022%2529%2Bepisode%2B6%26typesub%3DSUB&wy=0&wx=0&ww=1280&wh=1024&cw=728&wiw=728&wih=409&wfc=2&sah=1002&drf=https%3A%2F%2Fdramacool.sr%2F&hil=1&ist=0&oaid=0e14fc0b86d1419fae98ffc16301f176
139.45.197.242204 No Content 0 B URL HTTP/2 nanouwho.com/9?z=4408721&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdembed2.com%2Fstreaming.php%3Fid%3DMzQ3MjE3%26title%3DLittle%2BWomen%2B%25282022%2529%2Bepisode%2B6%26typesub%3DSUB&wy=0&wx=0&ww=1280&wh=1024&cw=728&wiw=728&wih=409&wfc=2&sah=1002&drf=https%3A%2F%2Fdramacool.sr%2F&hil=1&ist=0&oaid=0e14fc0b86d1419fae98ffc16301f176
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=4408721&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdembed2.com%2Fstreaming.php%3Fid%3DMzQ3MjE3%26title%3DLittle%2BWomen%2B%25282022%2529%2Bepisode%2B6%26typesub%3DSUB&wy=0&wx=0&ww=1280&wh=1024&cw=728&wiw=728&wih=409&wfc=2&sah=1002&drf=https%3A%2F%2Fdramacool.sr%2F&hil=1&ist=0&oaid=0e14fc0b86d1419fae98ffc16301f176 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://dembed2.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sat, 22 Oct 2022 07:57:52 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://dembed2.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
ssl.p.jwpcdn.com/player/v/8.23.1/jwpsrv.js
151.101.86.114200 OK 19 kB URL HTTP/2 ssl.p.jwpcdn.com/player/v/8.23.1/jwpsrv.js
IP 151.101.86.114:0
File type ASCII text, with very long lines (63039)
Hash 47c80e5e949f9c51cea9f3f4eb3411c8
ea848020d7f54579af52ebd5e5f6922b98cc2512
6455d2bb063d9fde3276b77cb3e6e886c9b2a87dfc1bf16365d0cd3e8c1d131d
GET /player/v/8.23.1/jwpsrv.js HTTP/1.1
Host: ssl.p.jwpcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: max-age=900, immutable
last-modified: Tue, 02 Aug 2022 22:52:18 GMT
etag: "662d21d9cc48caa9758882be57e10e92"
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
accept-ranges: bytes
date: Sat, 22 Oct 2022 07:57:52 GMT
via: 1.1 varnish
age: 704
x-served-by: cache-bma1633-BMA
x-cache: HIT
x-cache-hits: 16
x-timer: S1666425473.580147,VS0,VE0
vary: Accept-Encoding
access-control-allow-origin: *
content-length: 18857
X-Firefox-Spdy: h2
rndskittytor.com/400/4231561
139.45.197.238200 OK 113 kB URL HTTP/2 rndskittytor.com/400/4231561
IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 113 kB (112640 bytes)
Hash 7a4e50fbaafc141a8c91ed2396ff40c6
b6afe9e4c4f61d30e49503d5825c31b794f87c8a
66073e2cf07a4821875c61fbde3d003d063178b90b9ab77bc7922d7dff00b28c
Analyzer Verdict Alert quad9 Sinkholed
GET /400/4231561 HTTP/1.1
Host: rndskittytor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: application/javascript
x-trace-id: 73636f74f8acd98b2b3a9943f31fc6e7
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=dbd5cc0b104d47a48c0c116146868d61; expires=Sun, 22 Oct 2023 07:57:51 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/9?z=4408721&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdembed2.com%2Fstreaming.php%3Fid%3DMzQ3MjE3%26title%3DLittle%2BWomen%2B%25282022%2529%2Bepisode%2B6%26typesub%3DSUB&wy=0&wx=0&ww=1280&wh=1024&cw=728&wiw=728&wih=409&wfc=2&sah=1002&drf=https%3A%2F%2Fdramacool.sr%2F&hil=1&ist=0&oaid=0e14fc0b86d1419fae98ffc16301f176
139.45.197.242200 OK 7 B URL HTTP/2 nanouwho.com/9?z=4408721&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdembed2.com%2Fstreaming.php%3Fid%3DMzQ3MjE3%26title%3DLittle%2BWomen%2B%25282022%2529%2Bepisode%2B6%26typesub%3DSUB&wy=0&wx=0&ww=1280&wh=1024&cw=728&wiw=728&wih=409&wfc=2&sah=1002&drf=https%3A%2F%2Fdramacool.sr%2F&hil=1&ist=0&oaid=0e14fc0b86d1419fae98ffc16301f176
IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash a97eb6fbe6f13b601d5d48c0eba8baae
736efb938caf3d0edec406932ada889f1a4f2268
a04bf061f53e0011fd2f43bdf081526344f003c50146c88c42c2d95ef22c1821
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=4408721&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdembed2.com%2Fstreaming.php%3Fid%3DMzQ3MjE3%26title%3DLittle%2BWomen%2B%25282022%2529%2Bepisode%2B6%26typesub%3DSUB&wy=0&wx=0&ww=1280&wh=1024&cw=728&wiw=728&wih=409&wfc=2&sah=1002&drf=https%3A%2F%2Fdramacool.sr%2F&hil=1&ist=0&oaid=0e14fc0b86d1419fae98ffc16301f176 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 174
Origin: https://dembed2.com
Connection: keep-alive
Cookie: OAID=1f3cca452ff447fe95c2d612b5194763; oaidts=1666425471
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:52 GMT
content-type: application/javascript
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin: https://dembed2.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2e5785d88af0710e8e978867458fa2dc
access-control-expose-headers: X-Sc
x-sc: 4pjyq8qZjtD9y8t2Ad5rCeJWRn5wZJxQ9TDHhj-Cd17fnoAJTIGdXhXtQSx7szi-w3p8DHJWiu8unW0u
set-cookie: OAID=0e14fc0b86d1419fae98ffc16301f176; expires=Sun, 22 Oct 2023 07:57:52 GMT; secure; SameSite=None
oaidts=1666425471; expires=Sun, 22 Oct 2023 07:57:52 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
dramacool-ukph88jvsw.disqus.com/embed.js
151.101.84.134200 OK 25 kB URL HTTP/1.1 dramacool-ukph88jvsw.disqus.com/embed.js
IP 151.101.84.134:0
File type ASCII text, with very long lines (32042)
Hash 5420b1ea6cf1afa6fb70fdc168ea0d38
a15f23e58962584b264bbc82d56f3a0dfcc29b4a
9e07ca6620ae973020a75a6ca330965945a88c1a790cb2e4acc52e27253db264
GET /embed.js HTTP/1.1
Host: dramacool-ukph88jvsw.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 25427
Server: openresty
Content-Type: application/javascript; charset=utf-8
X-Service: router
Content-Encoding: gzip
Date: Sat, 22 Oct 2022 07:57:52 GMT
Age: 0
Vary: Accept-Encoding
Cache-Control: private, max-age=60
Strict-Transport-Security: max-age=300; includeSubdomains
Cross-Origin-Resource-Policy: cross-origin
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
nanouwho.com/1?z=4408721
139.45.197.242200 OK 9.9 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (7782)
Hash b6fab527623343b1301d2191349f41ac
9f06d4c5f433faa0f9e7ff9284d5af626a256ace
bbef65cb0ba34b6f8df694a2e179eac7e2e60f4d194bc761c471af78223cf848
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=4408721 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 74a3bcaf1d4d7e9003604f7fb0515c53
access-control-expose-headers: X-Sc
x-sc: wme8489jclZuNnOmiZANSSbaU8PGaoGVXGodEbD2g6T6SeArbm7o2gYuWjNE2uhKKfzCgMd2lkJx26tr
set-cookie: OAID=1f3cca452ff447fe95c2d612b5194763; expires=Sun, 22 Oct 2023 07:57:51 GMT; secure; SameSite=None
oaidts=1666425471; expires=Sun, 22 Oct 2023 07:57:51 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
de5e6f8c6d9a2d4d0eee1c532b34803b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
142.250.74.65200 OK 3.1 kB URL HTTP/2 de5e6f8c6d9a2d4d0eee1c532b34803b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html HTTP/1.1
Host: de5e6f8c6d9a2d4d0eee1c532b34803b.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Sat, 22 Oct 2022 07:57:52 GMT
expires: Sun, 22 Oct 2023 07:57:52 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
nanouwho.com/27/b10314e887d309db18535b2593bd9514
139.45.197.242200 OK 564 B URL HTTP/2 nanouwho.com/27/b10314e887d309db18535b2593bd9514
IP 139.45.197.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (814), with no line terminators
Hash 761478cff33caa5842e7d2878c8b4c02
ccdf1709077a066001effd7a1c68450db4fe3e18
5ea04f158c94d394a176e37994c6acb5067145c6aa607807ce05d4d8737159d9
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b10314e887d309db18535b2593bd9514 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: OAID=1f3cca452ff447fe95c2d612b5194763; oaidts=1666425471
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 20 Oct 2022 04:50:21 GMT
expires: Thu, 19 Nov 2082 04:50:21 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
disqus.com/embed/comments/?base=default&f=dramacool-ukph88jvsw&t_u=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&t_d=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&t_t=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&s_o=default
151.101.64.134200 OK 2.7 kB URL HTTP/1.1 disqus.com/embed/comments/?base=default&f=dramacool-ukph88jvsw&t_u=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&t_d=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&t_t=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&s_o=default
IP 151.101.64.134:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2823)
Hash 00d9109efce1064755bb0379acae5cd8
c4284e6eb94aa4079291dd6cfbfab219b2092141
8d6df1d1415198bad08564e5c07baa838f3555d943e14490f9371f68c35cf561
GET /embed/comments/?base=default&f=dramacool-ukph88jvsw&t_u=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&t_d=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&t_t=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&s_o=default HTTP/1.1
Host: disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2745
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://com-disqus.netmng.com:* 'unsafe-inline' https://referrer.disqus.com/juggler/ https://connect.facebook.net/en_US/sdk.js https://cdn.syndication.twimg.com/tweets.json https://apis.google.com https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Thu, 22 Sep 2022 12:32:58 GMT
ETag: W/"lounge:view:9364431086.ca10d199df6282f82a2a6e13bd6da9c9.2"
Referrer-Policy: no-referrer-when-downgrade
Content-Encoding: gzip
Date: Sat, 22 Oct 2022 07:57:53 GMT
Age: 33
Vary: Accept-Encoding
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains
pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthAIezP6tMvXawgB9n-DYpLA3OrLSrj2Mq-V-OaesLo4Z6EFYx3BJlUy-BZu2WzYn6RrHOMDxX2eTXoufgsivmqLr5AVuirKiFL8IXYzsluB88tNaCVWfBzAyNvPHlx5Q_Lmk8-Lk1QEEFkD4XdiJZTU4NAKVJbsgWtm-1A7Wl5zEee2q5P1ZvTjhWuC7KMHqrSp69lC4V4Fkt9M-YMbU9EVJWdk404ver7xuF2WXAM4bQ-5O9X9x-t3xWBN6j_IlSS1ukaaQ3vpG-qUXZXERvsrIJnTQN89X2HfAjXJaXA519za36XuxLbdlwaCqoCgAbnnaabkbEiAImoqR-R-oHkvWtGqXWZhxVTlk9RlUYeBGrwFS6rxy0j9DroHvfqnegNei_GDsKLlKSspLlXowDW77EUIj9GiQhhBn_ypvsEBoknVNN0-RhqIQE-R8u8HjouEKoYeQZ7UubYRUOGEQrtvQJiwMtVQOFziN3Oii2YUq3j0d0teHrKcgcQOpcEC1odRjmK-rRkQGl17SY_mvc5QjEDl9UxSFEj7yk2WTl-jTt2_Jp_eHfQBZZCXl-C0QdmGYbeLRvMYatPW1C4-l8FfqCg_bKzKZZ1QYA2Dplt_w81ESN5Th_GMc2fFWJlPl6Mw_y1yTGDnm9BD3pOCa9zYKsi6WkCao5ARLI1MI0iTzaN876S-2z2cRou04c9dPLN-rbH-1qNu3Df7lmhtH9rKtdRJmDqr-NLKTKBF2LXi4El_4uy8Scacnm-xEEiBGeXTuRxwtOcuj3P13knZDix8KtrL1fcq4-GdyiPUkykq6-bYwCdnYeXvXU1vP4TT7gllUNwJG3WrW1mztom-BqWkvAGOJgDIlh9OFxqBJvsvh0hkuxtKFewmzDIhT284pQhd8UdtuoKs9K9BnCxVnV2YrgcJVFv-he5xUBv93mlVDmS_g864LlwcLnCgDFu_VylQJwKwEkJc0Y1hC7eDO1BW_ecJ7Dnexo5ypqnQvnqX5EiZRZ-m-jxR7_uiwLmZ7Yitiw6aM&sai=AMfl-YQvNupKh7sB5bCDzB5OcEdrLs2tCndOoR9OpD6BJb5o3-AvQseHiP0MyCu-Ddaf6g_6FXu1e992TD4vAbY_mJAuqp3470NsmXJd&sig=Cg0ArKJSzPBWWu8FLqs_EAE&cid=CAQSGwDq26N9jEoJBUZ0SfwBvRaIZhBFkokI4Pe_ZRgBIA4&id=lidar2&mcvt=1074&p=0,0,280,728&mtos=1074,1074,1074,1074,1074&tos=1074,0,0,0,0&v=20221019&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3589930872&rs=2&la=0&cr=0&vs=4&r=v&rst=1666425484477&rpt=1912&met=mue&wmsd=0
142.250.74.34200 OK 42 B URL HTTP/2 pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsthAIezP6tMvXawgB9n-DYpLA3OrLSrj2Mq-V-OaesLo4Z6EFYx3BJlUy-BZu2WzYn6RrHOMDxX2eTXoufgsivmqLr5AVuirKiFL8IXYzsluB88tNaCVWfBzAyNvPHlx5Q_Lmk8-Lk1QEEFkD4XdiJZTU4NAKVJbsgWtm-1A7Wl5zEee2q5P1ZvTjhWuC7KMHqrSp69lC4V4Fkt9M-YMbU9EVJWdk404ver7xuF2WXAM4bQ-5O9X9x-t3xWBN6j_IlSS1ukaaQ3vpG-qUXZXERvsrIJnTQN89X2HfAjXJaXA519za36XuxLbdlwaCqoCgAbnnaabkbEiAImoqR-R-oHkvWtGqXWZhxVTlk9RlUYeBGrwFS6rxy0j9DroHvfqnegNei_GDsKLlKSspLlXowDW77EUIj9GiQhhBn_ypvsEBoknVNN0-RhqIQE-R8u8HjouEKoYeQZ7UubYRUOGEQrtvQJiwMtVQOFziN3Oii2YUq3j0d0teHrKcgcQOpcEC1odRjmK-rRkQGl17SY_mvc5QjEDl9UxSFEj7yk2WTl-jTt2_Jp_eHfQBZZCXl-C0QdmGYbeLRvMYatPW1C4-l8FfqCg_bKzKZZ1QYA2Dplt_w81ESN5Th_GMc2fFWJlPl6Mw_y1yTGDnm9BD3pOCa9zYKsi6WkCao5ARLI1MI0iTzaN876S-2z2cRou04c9dPLN-rbH-1qNu3Df7lmhtH9rKtdRJmDqr-NLKTKBF2LXi4El_4uy8Scacnm-xEEiBGeXTuRxwtOcuj3P13knZDix8KtrL1fcq4-GdyiPUkykq6-bYwCdnYeXvXU1vP4TT7gllUNwJG3WrW1mztom-BqWkvAGOJgDIlh9OFxqBJvsvh0hkuxtKFewmzDIhT284pQhd8UdtuoKs9K9BnCxVnV2YrgcJVFv-he5xUBv93mlVDmS_g864LlwcLnCgDFu_VylQJwKwEkJc0Y1hC7eDO1BW_ecJ7Dnexo5ypqnQvnqX5EiZRZ-m-jxR7_uiwLmZ7Yitiw6aM&sai=AMfl-YQvNupKh7sB5bCDzB5OcEdrLs2tCndOoR9OpD6BJb5o3-AvQseHiP0MyCu-Ddaf6g_6FXu1e992TD4vAbY_mJAuqp3470NsmXJd&sig=Cg0ArKJSzPBWWu8FLqs_EAE&cid=CAQSGwDq26N9jEoJBUZ0SfwBvRaIZhBFkokI4Pe_ZRgBIA4&id=lidar2&mcvt=1074&p=0,0,280,728&mtos=1074,1074,1074,1074,1074&tos=1074,0,0,0,0&v=20221019&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3589930872&rs=2&la=0&cr=0&vs=4&r=v&rst=1666425484477&rpt=1912&met=mue&wmsd=0
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pcs/activeview?xai=AKAOjsthAIezP6tMvXawgB9n-DYpLA3OrLSrj2Mq-V-OaesLo4Z6EFYx3BJlUy-BZu2WzYn6RrHOMDxX2eTXoufgsivmqLr5AVuirKiFL8IXYzsluB88tNaCVWfBzAyNvPHlx5Q_Lmk8-Lk1QEEFkD4XdiJZTU4NAKVJbsgWtm-1A7Wl5zEee2q5P1ZvTjhWuC7KMHqrSp69lC4V4Fkt9M-YMbU9EVJWdk404ver7xuF2WXAM4bQ-5O9X9x-t3xWBN6j_IlSS1ukaaQ3vpG-qUXZXERvsrIJnTQN89X2HfAjXJaXA519za36XuxLbdlwaCqoCgAbnnaabkbEiAImoqR-R-oHkvWtGqXWZhxVTlk9RlUYeBGrwFS6rxy0j9DroHvfqnegNei_GDsKLlKSspLlXowDW77EUIj9GiQhhBn_ypvsEBoknVNN0-RhqIQE-R8u8HjouEKoYeQZ7UubYRUOGEQrtvQJiwMtVQOFziN3Oii2YUq3j0d0teHrKcgcQOpcEC1odRjmK-rRkQGl17SY_mvc5QjEDl9UxSFEj7yk2WTl-jTt2_Jp_eHfQBZZCXl-C0QdmGYbeLRvMYatPW1C4-l8FfqCg_bKzKZZ1QYA2Dplt_w81ESN5Th_GMc2fFWJlPl6Mw_y1yTGDnm9BD3pOCa9zYKsi6WkCao5ARLI1MI0iTzaN876S-2z2cRou04c9dPLN-rbH-1qNu3Df7lmhtH9rKtdRJmDqr-NLKTKBF2LXi4El_4uy8Scacnm-xEEiBGeXTuRxwtOcuj3P13knZDix8KtrL1fcq4-GdyiPUkykq6-bYwCdnYeXvXU1vP4TT7gllUNwJG3WrW1mztom-BqWkvAGOJgDIlh9OFxqBJvsvh0hkuxtKFewmzDIhT284pQhd8UdtuoKs9K9BnCxVnV2YrgcJVFv-he5xUBv93mlVDmS_g864LlwcLnCgDFu_VylQJwKwEkJc0Y1hC7eDO1BW_ecJ7Dnexo5ypqnQvnqX5EiZRZ-m-jxR7_uiwLmZ7Yitiw6aM&sai=AMfl-YQvNupKh7sB5bCDzB5OcEdrLs2tCndOoR9OpD6BJb5o3-AvQseHiP0MyCu-Ddaf6g_6FXu1e992TD4vAbY_mJAuqp3470NsmXJd&sig=Cg0ArKJSzPBWWu8FLqs_EAE&cid=CAQSGwDq26N9jEoJBUZ0SfwBvRaIZhBFkokI4Pe_ZRgBIA4&id=lidar2&mcvt=1074&p=0,0,280,728&mtos=1074,1074,1074,1074,1074&tos=1074,0,0,0,0&v=20221019&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3589930872&rs=2&la=0&cr=0&vs=4&r=v&rst=1666425484477&rpt=1912&met=mue&wmsd=0 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://googleads.g.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: image/gif
date: Sat, 22 Oct 2022 07:57:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c.disquscdn.com/next/embed/lounge.load.7cd05f00ed923276b6ac2952cfa1e435.js
143.204.55.127200 OK 497 B URL HTTP/2 c.disquscdn.com/next/embed/lounge.load.7cd05f00ed923276b6ac2952cfa1e435.js
IP 143.204.55.127:0
File type ASCII text, with very long lines (958), with no line terminators
Hash 0e7be5ed21214e9e8492cfcba4371b26
a918e1c103f025c4f2ecaa74f46f44e072da764a
8e63104670c558efdae33cc24acc61dfc59302f3f188411f621a4967927f7482
GET /next/embed/lounge.load.7cd05f00ed923276b6ac2952cfa1e435.js HTTP/1.1
Host: c.disquscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://disqus.com
Connection: keep-alive
Referer: https://disqus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 497
date: Thu, 20 Oct 2022 14:52:43 GMT
server: nginx
last-modified: Thu, 20 Oct 2022 14:48:33 GMT
etag: "63515fc1-1f1"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Fri, 20 Oct 2023 14:52:43 GMT
cache-control: max-age=31536000, public, immutable, no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: tAmCks2VXldQPINmhfT2cxxCg1paPLLwduQbpG_707NqN5XSBf1jGQ==
age: 147910
X-Firefox-Spdy: h2
c.disquscdn.com/next/embed/common.bundle.c817aead0064c1fa134fcaa6055ca127.js
143.204.55.127200 OK 95 kB URL HTTP/2 c.disquscdn.com/next/embed/common.bundle.c817aead0064c1fa134fcaa6055ca127.js
IP 143.204.55.127:0
File type ASCII text, with very long lines (32023)
Hash e9fbef6f4bab8b18badabca33462577d
b5446389651f33fd9454ab24d1bc96dde7000090
188ff7dd708927779c5d467bab4db53d65e99cd3251ea1c43591399d1a08de6c
GET /next/embed/common.bundle.c817aead0064c1fa134fcaa6055ca127.js HTTP/1.1
Host: c.disquscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://disqus.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 94757
date: Fri, 14 Oct 2022 12:36:27 GMT
server: nginx
last-modified: Fri, 14 Oct 2022 12:15:46 GMT
etag: "634952f2-17225"
content-encoding: gzip
x-served-by: static-web-1
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 14 Oct 2023 12:36:27 GMT
cache-control: max-age=31536000, public, immutable, no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6PyWRTgjvhpo8KTvnkwfWdwMBZ7Aeej7R-Z3OK8fpnUYXBpDH9wHiw==
age: 674485
X-Firefox-Spdy: h2
c.disquscdn.com/next/embed/styles/lounge.a6306b99a258593b69a6bcf61dc83760.css
143.204.55.127200 OK 27 kB URL HTTP/2 c.disquscdn.com/next/embed/styles/lounge.a6306b99a258593b69a6bcf61dc83760.css
IP 143.204.55.127:0
File type ASCII text, with very long lines (65469)
Hash 0fcec6517a29c105a8af5e2889f49165
5223391ff90d7237a7c6fa6367687decef85c863
8756029234c4e53b1b8000f1d725d6e19e6d8bd7d580995b73e57679228f0130
GET /next/embed/styles/lounge.a6306b99a258593b69a6bcf61dc83760.css HTTP/1.1
Host: c.disquscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
content-length: 26781
date: Wed, 19 Oct 2022 13:11:36 GMT
server: nginx
last-modified: Wed, 19 Oct 2022 12:59:42 GMT
etag: "634ff4be-689d"
content-encoding: gzip
x-served-by: static-web-1
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Thu, 19 Oct 2023 13:11:36 GMT
cache-control: max-age=31536000, public, immutable, no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kE23NHyVHO6MGF3u2ksflIOMCf3gK3T1usOEQFgWqFcRGwtAO2OtEw==
age: 240377
X-Firefox-Spdy: h2
c.disquscdn.com/next/embed/lounge.bundle.3c359b914364cd453831c854d654c1f8.js
143.204.55.127200 OK 125 kB URL HTTP/2 c.disquscdn.com/next/embed/lounge.bundle.3c359b914364cd453831c854d654c1f8.js
IP 143.204.55.127:0
File type ASCII text, with very long lines (32035)
Size 125 kB (125179 bytes)
Hash 31c1be3500eca5c78387c3a98504f8e2
83e965da5be6e3313bbcd27125355bac3819e4c6
56303371925932230156a0bcd3aedc8448e2bb02ccceb28b6aee2ba3b664af5d
GET /next/embed/lounge.bundle.3c359b914364cd453831c854d654c1f8.js HTTP/1.1
Host: c.disquscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 125179
date: Thu, 20 Oct 2022 14:52:43 GMT
server: nginx
last-modified: Thu, 20 Oct 2022 14:48:33 GMT
etag: "63515fc1-1e8fb"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Fri, 20 Oct 2023 14:52:43 GMT
cache-control: max-age=31536000, public, immutable, no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: F9gb6vT7ds5tdyf4n-LqwlOicnLenywvqpUTfOnYRZe4DXbuvLkUmQ==
age: 147910
X-Firefox-Spdy: h2
disqus.com/next/config.js
151.101.64.134200 OK 16 kB URL HTTP/1.1 disqus.com/next/config.js
IP 151.101.64.134:0
File type ASCII text, with very long lines (16448), with no line terminators
Hash 1d817543d25498a9b70ccec488b68257
e728c606ab471112cb94347dda68f33bb8be9ee5
42bc77f07cc0d25be4750ebe63d74b25ffa76cc5305b6e15476c58e4df2137c9
GET /next/config.js HTTP/1.1
Host: disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 16448
Server: nginx
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Sat, 22 Oct 2022 07:57:53 GMT
Age: 44
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains
disqus.com/api/3.0/forums/details?forum=dramacool-ukph88jvsw&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
151.101.64.134200 OK 3.0 kB URL HTTP/1.1 disqus.com/api/3.0/forums/details?forum=dramacool-ukph88jvsw&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F
IP 151.101.64.134:0
File type JSON data\012- , ASCII text, with very long lines (3021), with no line terminators
Hash 793bb6befcbabd325ccd96cc79fbcd05
b2948e6e23c1112d3b923cc9e156ef61eca7b567
c03cf74b1b880cb460b7b0958454a4c27591e00d8f9eb7233744ad081e22b329
GET /api/3.0/forums/details?forum=dramacool-ukph88jvsw&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F HTTP/1.1
Host: disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://disqus.com/embed/comments/?base=default&f=dramacool-ukph88jvsw&t_u=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&t_d=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&t_t=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&s_o=default
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 3021
Server: nginx
Content-Type: application/json
X-Frame-Options: SAMEORIGIN
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Sat, 22 Oct 2022 07:57:54 GMT
Age: 58
Vary: Origin, Cookie
Cross-Origin-Resource-Policy: cross-origin
Strict-Transport-Security: max-age=300; includeSubdomains
c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
143.204.55.127200 OK 27 kB URL HTTP/2 c.disquscdn.com/next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js
IP 143.204.55.127:0
File type ASCII text, with very long lines (32024)
Hash 0c2785ae737e4a3a6baf270c42954aaa
ba03fa7243d6e4f184c3f2f05f733f5f40b96cc3
75310b8dcb511e824684c40202fb6edb67136e7b747e2d42c71a628bce42c2f2
GET /next/embed/alfie_v4.63f1ab6d6b9d5807dc0c94ef3fe0b851.js HTTP/1.1
Host: c.disquscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
content-length: 26578
date: Thu, 08 Sep 2022 01:31:12 GMT
server: nginx
last-modified: Tue, 30 Aug 2022 17:50:38 GMT
etag: "630e4dee-67d2"
content-encoding: gzip
x-served-by: static-web-2
x-cache-hits: 0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Fri, 08 Sep 2023 01:31:12 GMT
cache-control: max-age=31536000, public, immutable, no-transform
access-control-allow-origin: *
timing-allow-origin: *
surrogate-key: next
cross-origin-resource-policy: cross-origin
x-cache: Hit from cloudfront
via: 1.1 bb1da7862c4968b28920b91b324095c0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: raFhftvxh3PUm0dMI6BjQFyAe6yP847z6UtCnCW39tFli9VLQ2T2jg==
age: 3824802
X-Firefox-Spdy: h2
a.disquscdn.com/1666200926/images/noavatar92.png
151.101.86.49200 OK 1.6 kB URL HTTP/2 a.disquscdn.com/1666200926/images/noavatar92.png
IP 151.101.86.49:0
File type PNG image data, 92 x 92, 8-bit/color RGB, non-interlaced\012- data
Hash 675fb4b91ca717db030507f2d84bcfdf
c8728df74487f907230358a1b08ae1a1b25f9ed4
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
GET /1666200926/images/noavatar92.png HTTP/1.1
Host: a.disquscdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://disqus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
server: nginx
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
etag: "60395f01-66c"
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
expires: Sat, 19 Nov 2022 14:38:59 GMT
cache-control: max-age=2592000
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: ARN1-C1
x-amz-cf-id: zlPFvzPsVRr0B6KOCKkF_qkeK1SmcpKZslH-Jl_sK249XWUn6wholA==
date: Sat, 22 Oct 2022 07:57:54 GMT
age: 148735
strict-transport-security: max-age=300; includeSubdomains
content-length: 1644
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLLCvlb9k5-KH0kuYmsH4JWmOU9bRgS4r0EASeCBAqowF9JvGxumDoYcslmvuI-XcXfGJUC0gY0DR58Qs5feaUFYxXNdhaPgvDX9rCvhLWqXwWaYaWcaEwx6UoFdDUJutV17oLXYa6e8Qvfm9ZR1xG11Crx5i4dQhsbV2pCAsf51gpOUILFLkRbg1mAuFKgLXSnp13K0Ou6emiigre_f-rOxyxmFLTnzK4DK7Kw-oNYzSIx7jWGTK8p9al2YgazwGn_G1KOAL5_yfSChgqPkI3xxTW3aG8ZZ0PyM0W_PXvKdKbE58JVyMUNNJH-JSrice_2Y8JUV5LUtaAuvnKC5f7-3T3cJFtdTMpVeDuD9MSGjIYgB6q4BVaASszLFOCvRQ5cF4Or8anKLqf0j7VQM677RJJsoIiJCUAV3WHvH4Zqxrmdm3mSuU_zPH5KGd_5IJLo1nUUnukyNUvZXnTalDM15NJnTDPpjMjOvbsIDCberynnh5OfQ6F5Lzn0Y64ZDsd0dOuWxFsHUBEcapvO8JH4ThetizLeybz8sL5xkI-Mb3Fd9I_sYuoWZCZu7I74ozIHTEQHCiPjkYKi_0TvEZen909o8OfI-MZB02D8GRn32nvj2lLYbiqZyZsSnKfPsE8BhKdoMphJO-9sHB2Ml7anIppfpNlfWR3EQpWlCMwaML1AHEyYHAUyenaqC_bu5SqqVa_FAiueivh1dln-_4uuoYBBwBHw6LOACckKQh2osf3zFgzZUnnotif8Y_Qt7H1BZqdDPsypiQScpKwYcr1w7_WY5vRT94bxJsSYpRY-nuUiCXputrQBsopIYAfeuP1-rqc-aI-W-ml_4LlK3y0XKl_2ptHletaoRmquzt0H_zr7UgvFbsZ_6EgbbcEsXumUCq5QY_kYJpMtRdtXIhWR2gMDshVJtWahofhxtpaTB3dHe_J0BYhMVBdwBZhzOF6Zh6KGWnBLk0lBq8QeRmqI_XwlanUTlim0IuGUptkVxMVrWThthpRbxILe1UqortEhkOQe6z108-jSjLhKV87BGl19Pp_H4uqmvkMIzEZt1_BfYgPCIskmJ68H7oNlY18H6IpFeqvjB7L-shaPob2iHkViB-1CeE_6vNYLJOpKnr5CNQrgf0TnLTNIHdPKgqAwBtcNHEZ5kC55EhAcIUwLWMWR0ojySbI1FVDQOo5bPEijyLzMYFszBu-Q4yHvU_rgQ&sai=AMfl-YTyJvKkE9oCSvhoNG9PfuqEyC72ZfHP18CbSuEmhgC5Z0demPc-05hwtMTgJ7wkwricjIgJ5MbzCCrC-AWLdi02ZV5ee0gPPW7t-bTo9tuwTSgto2X9N8-trej6VX6cqb4iyu-fRZOmxPPpV0_GXZl73XaxM0urUootoplGpOATwCDxxh0xTUFmXYDc9ef6T-L5NZu2ikjb27XUXA1mbz-Yy0OqoyfkWJl_o1wPKwHHtAq2GhUbSeHWTU7N8Kza5HJAnc1vCcpFt0v1YNA4y6iGJRiyRU_la0HwOY04NT7xu-00Rp8tZLn3N30DvFSRxH1-y2RirL7KR81fsm3w8dLG8kXbOp9AmplIS1HZypYNaunqGLh47-ujcwB8y1ELlSlu8Sn9db5cD6flXXrgZ6B04fwZBXmpki7J&sig=Cg0ArKJSzI2bjMBl6q5REAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20221019.42495&adurl=
172.217.21.162200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLLCvlb9k5-KH0kuYmsH4JWmOU9bRgS4r0EASeCBAqowF9JvGxumDoYcslmvuI-XcXfGJUC0gY0DR58Qs5feaUFYxXNdhaPgvDX9rCvhLWqXwWaYaWcaEwx6UoFdDUJutV17oLXYa6e8Qvfm9ZR1xG11Crx5i4dQhsbV2pCAsf51gpOUILFLkRbg1mAuFKgLXSnp13K0Ou6emiigre_f-rOxyxmFLTnzK4DK7Kw-oNYzSIx7jWGTK8p9al2YgazwGn_G1KOAL5_yfSChgqPkI3xxTW3aG8ZZ0PyM0W_PXvKdKbE58JVyMUNNJH-JSrice_2Y8JUV5LUtaAuvnKC5f7-3T3cJFtdTMpVeDuD9MSGjIYgB6q4BVaASszLFOCvRQ5cF4Or8anKLqf0j7VQM677RJJsoIiJCUAV3WHvH4Zqxrmdm3mSuU_zPH5KGd_5IJLo1nUUnukyNUvZXnTalDM15NJnTDPpjMjOvbsIDCberynnh5OfQ6F5Lzn0Y64ZDsd0dOuWxFsHUBEcapvO8JH4ThetizLeybz8sL5xkI-Mb3Fd9I_sYuoWZCZu7I74ozIHTEQHCiPjkYKi_0TvEZen909o8OfI-MZB02D8GRn32nvj2lLYbiqZyZsSnKfPsE8BhKdoMphJO-9sHB2Ml7anIppfpNlfWR3EQpWlCMwaML1AHEyYHAUyenaqC_bu5SqqVa_FAiueivh1dln-_4uuoYBBwBHw6LOACckKQh2osf3zFgzZUnnotif8Y_Qt7H1BZqdDPsypiQScpKwYcr1w7_WY5vRT94bxJsSYpRY-nuUiCXputrQBsopIYAfeuP1-rqc-aI-W-ml_4LlK3y0XKl_2ptHletaoRmquzt0H_zr7UgvFbsZ_6EgbbcEsXumUCq5QY_kYJpMtRdtXIhWR2gMDshVJtWahofhxtpaTB3dHe_J0BYhMVBdwBZhzOF6Zh6KGWnBLk0lBq8QeRmqI_XwlanUTlim0IuGUptkVxMVrWThthpRbxILe1UqortEhkOQe6z108-jSjLhKV87BGl19Pp_H4uqmvkMIzEZt1_BfYgPCIskmJ68H7oNlY18H6IpFeqvjB7L-shaPob2iHkViB-1CeE_6vNYLJOpKnr5CNQrgf0TnLTNIHdPKgqAwBtcNHEZ5kC55EhAcIUwLWMWR0ojySbI1FVDQOo5bPEijyLzMYFszBu-Q4yHvU_rgQ&sai=AMfl-YTyJvKkE9oCSvhoNG9PfuqEyC72ZfHP18CbSuEmhgC5Z0demPc-05hwtMTgJ7wkwricjIgJ5MbzCCrC-AWLdi02ZV5ee0gPPW7t-bTo9tuwTSgto2X9N8-trej6VX6cqb4iyu-fRZOmxPPpV0_GXZl73XaxM0urUootoplGpOATwCDxxh0xTUFmXYDc9ef6T-L5NZu2ikjb27XUXA1mbz-Yy0OqoyfkWJl_o1wPKwHHtAq2GhUbSeHWTU7N8Kza5HJAnc1vCcpFt0v1YNA4y6iGJRiyRU_la0HwOY04NT7xu-00Rp8tZLn3N30DvFSRxH1-y2RirL7KR81fsm3w8dLG8kXbOp9AmplIS1HZypYNaunqGLh47-ujcwB8y1ELlSlu8Sn9db5cD6flXXrgZ6B04fwZBXmpki7J&sig=Cg0ArKJSzI2bjMBl6q5REAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20221019.42495&adurl=
IP 172.217.21.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvLLCvlb9k5-KH0kuYmsH4JWmOU9bRgS4r0EASeCBAqowF9JvGxumDoYcslmvuI-XcXfGJUC0gY0DR58Qs5feaUFYxXNdhaPgvDX9rCvhLWqXwWaYaWcaEwx6UoFdDUJutV17oLXYa6e8Qvfm9ZR1xG11Crx5i4dQhsbV2pCAsf51gpOUILFLkRbg1mAuFKgLXSnp13K0Ou6emiigre_f-rOxyxmFLTnzK4DK7Kw-oNYzSIx7jWGTK8p9al2YgazwGn_G1KOAL5_yfSChgqPkI3xxTW3aG8ZZ0PyM0W_PXvKdKbE58JVyMUNNJH-JSrice_2Y8JUV5LUtaAuvnKC5f7-3T3cJFtdTMpVeDuD9MSGjIYgB6q4BVaASszLFOCvRQ5cF4Or8anKLqf0j7VQM677RJJsoIiJCUAV3WHvH4Zqxrmdm3mSuU_zPH5KGd_5IJLo1nUUnukyNUvZXnTalDM15NJnTDPpjMjOvbsIDCberynnh5OfQ6F5Lzn0Y64ZDsd0dOuWxFsHUBEcapvO8JH4ThetizLeybz8sL5xkI-Mb3Fd9I_sYuoWZCZu7I74ozIHTEQHCiPjkYKi_0TvEZen909o8OfI-MZB02D8GRn32nvj2lLYbiqZyZsSnKfPsE8BhKdoMphJO-9sHB2Ml7anIppfpNlfWR3EQpWlCMwaML1AHEyYHAUyenaqC_bu5SqqVa_FAiueivh1dln-_4uuoYBBwBHw6LOACckKQh2osf3zFgzZUnnotif8Y_Qt7H1BZqdDPsypiQScpKwYcr1w7_WY5vRT94bxJsSYpRY-nuUiCXputrQBsopIYAfeuP1-rqc-aI-W-ml_4LlK3y0XKl_2ptHletaoRmquzt0H_zr7UgvFbsZ_6EgbbcEsXumUCq5QY_kYJpMtRdtXIhWR2gMDshVJtWahofhxtpaTB3dHe_J0BYhMVBdwBZhzOF6Zh6KGWnBLk0lBq8QeRmqI_XwlanUTlim0IuGUptkVxMVrWThthpRbxILe1UqortEhkOQe6z108-jSjLhKV87BGl19Pp_H4uqmvkMIzEZt1_BfYgPCIskmJ68H7oNlY18H6IpFeqvjB7L-shaPob2iHkViB-1CeE_6vNYLJOpKnr5CNQrgf0TnLTNIHdPKgqAwBtcNHEZ5kC55EhAcIUwLWMWR0ojySbI1FVDQOo5bPEijyLzMYFszBu-Q4yHvU_rgQ&sai=AMfl-YTyJvKkE9oCSvhoNG9PfuqEyC72ZfHP18CbSuEmhgC5Z0demPc-05hwtMTgJ7wkwricjIgJ5MbzCCrC-AWLdi02ZV5ee0gPPW7t-bTo9tuwTSgto2X9N8-trej6VX6cqb4iyu-fRZOmxPPpV0_GXZl73XaxM0urUootoplGpOATwCDxxh0xTUFmXYDc9ef6T-L5NZu2ikjb27XUXA1mbz-Yy0OqoyfkWJl_o1wPKwHHtAq2GhUbSeHWTU7N8Kza5HJAnc1vCcpFt0v1YNA4y6iGJRiyRU_la0HwOY04NT7xu-00Rp8tZLn3N30DvFSRxH1-y2RirL7KR81fsm3w8dLG8kXbOp9AmplIS1HZypYNaunqGLh47-ujcwB8y1ELlSlu8Sn9db5cD6flXXrgZ6B04fwZBXmpki7J&sig=Cg0ArKJSzI2bjMBl6q5REAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=3&cbvp=1&cstd=0&cisv=r20221019.42495&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://de5e6f8c6d9a2d4d0eee1c532b34803b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-security-policy: script-src 'none'; object-src 'none'
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 22 Oct 2022 07:57:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 22-Oct-2022 08:12:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 22 Oct 2022 07:57:54 GMT
X-Firefox-Spdy: h2
googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLLCvlb9k5-KH0kuYmsH4JWmOU9bRgS4r0EASeCBAqowF9JvGxumDoYcslmvuI-XcXfGJUC0gY0DR58Qs5feaUFYxXNdhaPgvDX9rCvhLWqXwWaYaWcaEwx6UoFdDUJutV17oLXYa6e8Qvfm9ZR1xG11Crx5i4dQhsbV2pCAsf51gpOUILFLkRbg1mAuFKgLXSnp13K0Ou6emiigre_f-rOxyxmFLTnzK4DK7Kw-oNYzSIx7jWGTK8p9al2YgazwGn_G1KOAL5_yfSChgqPkI3xxTW3aG8ZZ0PyM0W_PXvKdKbE58JVyMUNNJH-JSrice_2Y8JUV5LUtaAuvnKC5f7-3T3cJFtdTMpVeDuD9MSGjIYgB6q4BVaASszLFOCvRQ5cF4Or8anKLqf0j7VQM677RJJsoIiJCUAV3WHvH4Zqxrmdm3mSuU_zPH5KGd_5IJLo1nUUnukyNUvZXnTalDM15NJnTDPpjMjOvbsIDCberynnh5OfQ6F5Lzn0Y64ZDsd0dOuWxFsHUBEcapvO8JH4ThetizLeybz8sL5xkI-Mb3Fd9I_sYuoWZCZu7I74ozIHTEQHCiPjkYKi_0TvEZen909o8OfI-MZB02D8GRn32nvj2lLYbiqZyZsSnKfPsE8BhKdoMphJO-9sHB2Ml7anIppfpNlfWR3EQpWlCMwaML1AHEyYHAUyenaqC_bu5SqqVa_FAiueivh1dln-_4uuoYBBwBHw6LOACckKQh2osf3zFgzZUnnotif8Y_Qt7H1BZqdDPsypiQScpKwYcr1w7_WY5vRT94bxJsSYpRY-nuUiCXputrQBsopIYAfeuP1-rqc-aI-W-ml_4LlK3y0XKl_2ptHletaoRmquzt0H_zr7UgvFbsZ_6EgbbcEsXumUCq5QY_kYJpMtRdtXIhWR2gMDshVJtWahofhxtpaTB3dHe_J0BYhMVBdwBZhzOF6Zh6KGWnBLk0lBq8QeRmqI_XwlanUTlim0IuGUptkVxMVrWThthpRbxILe1UqortEhkOQe6z108-jSjLhKV87BGl19Pp_H4uqmvkMIzEZt1_BfYgPCIskmJ68H7oNlY18H6IpFeqvjB7L-shaPob2iHkViB-1CeE_6vNYLJOpKnr5CNQrgf0TnLTNIHdPKgqAwBtcNHEZ5kC55EhAcIUwLWMWR0ojySbI1FVDQOo5bPEijyLzMYFszBu-Q4yHvU_rgQ&sai=AMfl-YTyJvKkE9oCSvhoNG9PfuqEyC72ZfHP18CbSuEmhgC5Z0demPc-05hwtMTgJ7wkwricjIgJ5MbzCCrC-AWLdi02ZV5ee0gPPW7t-bTo9tuwTSgto2X9N8-trej6VX6cqb4iyu-fRZOmxPPpV0_GXZl73XaxM0urUootoplGpOATwCDxxh0xTUFmXYDc9ef6T-L5NZu2ikjb27XUXA1mbz-Yy0OqoyfkWJl_o1wPKwHHtAq2GhUbSeHWTU7N8Kza5HJAnc1vCcpFt0v1YNA4y6iGJRiyRU_la0HwOY04NT7xu-00Rp8tZLn3N30DvFSRxH1-y2RirL7KR81fsm3w8dLG8kXbOp9AmplIS1HZypYNaunqGLh47-ujcwB8y1ELlSlu8Sn9db5cD6flXXrgZ6B04fwZBXmpki7J&sig=Cg0ArKJSzI2bjMBl6q5REAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=433&vt=11&dtpt=430&dett=2&cstd=0&cisv=r20221019.42495&adurl=
172.217.21.162200 OK 0 B URL HTTP/2 googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvLLCvlb9k5-KH0kuYmsH4JWmOU9bRgS4r0EASeCBAqowF9JvGxumDoYcslmvuI-XcXfGJUC0gY0DR58Qs5feaUFYxXNdhaPgvDX9rCvhLWqXwWaYaWcaEwx6UoFdDUJutV17oLXYa6e8Qvfm9ZR1xG11Crx5i4dQhsbV2pCAsf51gpOUILFLkRbg1mAuFKgLXSnp13K0Ou6emiigre_f-rOxyxmFLTnzK4DK7Kw-oNYzSIx7jWGTK8p9al2YgazwGn_G1KOAL5_yfSChgqPkI3xxTW3aG8ZZ0PyM0W_PXvKdKbE58JVyMUNNJH-JSrice_2Y8JUV5LUtaAuvnKC5f7-3T3cJFtdTMpVeDuD9MSGjIYgB6q4BVaASszLFOCvRQ5cF4Or8anKLqf0j7VQM677RJJsoIiJCUAV3WHvH4Zqxrmdm3mSuU_zPH5KGd_5IJLo1nUUnukyNUvZXnTalDM15NJnTDPpjMjOvbsIDCberynnh5OfQ6F5Lzn0Y64ZDsd0dOuWxFsHUBEcapvO8JH4ThetizLeybz8sL5xkI-Mb3Fd9I_sYuoWZCZu7I74ozIHTEQHCiPjkYKi_0TvEZen909o8OfI-MZB02D8GRn32nvj2lLYbiqZyZsSnKfPsE8BhKdoMphJO-9sHB2Ml7anIppfpNlfWR3EQpWlCMwaML1AHEyYHAUyenaqC_bu5SqqVa_FAiueivh1dln-_4uuoYBBwBHw6LOACckKQh2osf3zFgzZUnnotif8Y_Qt7H1BZqdDPsypiQScpKwYcr1w7_WY5vRT94bxJsSYpRY-nuUiCXputrQBsopIYAfeuP1-rqc-aI-W-ml_4LlK3y0XKl_2ptHletaoRmquzt0H_zr7UgvFbsZ_6EgbbcEsXumUCq5QY_kYJpMtRdtXIhWR2gMDshVJtWahofhxtpaTB3dHe_J0BYhMVBdwBZhzOF6Zh6KGWnBLk0lBq8QeRmqI_XwlanUTlim0IuGUptkVxMVrWThthpRbxILe1UqortEhkOQe6z108-jSjLhKV87BGl19Pp_H4uqmvkMIzEZt1_BfYgPCIskmJ68H7oNlY18H6IpFeqvjB7L-shaPob2iHkViB-1CeE_6vNYLJOpKnr5CNQrgf0TnLTNIHdPKgqAwBtcNHEZ5kC55EhAcIUwLWMWR0ojySbI1FVDQOo5bPEijyLzMYFszBu-Q4yHvU_rgQ&sai=AMfl-YTyJvKkE9oCSvhoNG9PfuqEyC72ZfHP18CbSuEmhgC5Z0demPc-05hwtMTgJ7wkwricjIgJ5MbzCCrC-AWLdi02ZV5ee0gPPW7t-bTo9tuwTSgto2X9N8-trej6VX6cqb4iyu-fRZOmxPPpV0_GXZl73XaxM0urUootoplGpOATwCDxxh0xTUFmXYDc9ef6T-L5NZu2ikjb27XUXA1mbz-Yy0OqoyfkWJl_o1wPKwHHtAq2GhUbSeHWTU7N8Kza5HJAnc1vCcpFt0v1YNA4y6iGJRiyRU_la0HwOY04NT7xu-00Rp8tZLn3N30DvFSRxH1-y2RirL7KR81fsm3w8dLG8kXbOp9AmplIS1HZypYNaunqGLh47-ujcwB8y1ELlSlu8Sn9db5cD6flXXrgZ6B04fwZBXmpki7J&sig=Cg0ArKJSzI2bjMBl6q5REAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=433&vt=11&dtpt=430&dett=2&cstd=0&cisv=r20221019.42495&adurl=
IP 172.217.21.162:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pcs/view?xai=AKAOjsvLLCvlb9k5-KH0kuYmsH4JWmOU9bRgS4r0EASeCBAqowF9JvGxumDoYcslmvuI-XcXfGJUC0gY0DR58Qs5feaUFYxXNdhaPgvDX9rCvhLWqXwWaYaWcaEwx6UoFdDUJutV17oLXYa6e8Qvfm9ZR1xG11Crx5i4dQhsbV2pCAsf51gpOUILFLkRbg1mAuFKgLXSnp13K0Ou6emiigre_f-rOxyxmFLTnzK4DK7Kw-oNYzSIx7jWGTK8p9al2YgazwGn_G1KOAL5_yfSChgqPkI3xxTW3aG8ZZ0PyM0W_PXvKdKbE58JVyMUNNJH-JSrice_2Y8JUV5LUtaAuvnKC5f7-3T3cJFtdTMpVeDuD9MSGjIYgB6q4BVaASszLFOCvRQ5cF4Or8anKLqf0j7VQM677RJJsoIiJCUAV3WHvH4Zqxrmdm3mSuU_zPH5KGd_5IJLo1nUUnukyNUvZXnTalDM15NJnTDPpjMjOvbsIDCberynnh5OfQ6F5Lzn0Y64ZDsd0dOuWxFsHUBEcapvO8JH4ThetizLeybz8sL5xkI-Mb3Fd9I_sYuoWZCZu7I74ozIHTEQHCiPjkYKi_0TvEZen909o8OfI-MZB02D8GRn32nvj2lLYbiqZyZsSnKfPsE8BhKdoMphJO-9sHB2Ml7anIppfpNlfWR3EQpWlCMwaML1AHEyYHAUyenaqC_bu5SqqVa_FAiueivh1dln-_4uuoYBBwBHw6LOACckKQh2osf3zFgzZUnnotif8Y_Qt7H1BZqdDPsypiQScpKwYcr1w7_WY5vRT94bxJsSYpRY-nuUiCXputrQBsopIYAfeuP1-rqc-aI-W-ml_4LlK3y0XKl_2ptHletaoRmquzt0H_zr7UgvFbsZ_6EgbbcEsXumUCq5QY_kYJpMtRdtXIhWR2gMDshVJtWahofhxtpaTB3dHe_J0BYhMVBdwBZhzOF6Zh6KGWnBLk0lBq8QeRmqI_XwlanUTlim0IuGUptkVxMVrWThthpRbxILe1UqortEhkOQe6z108-jSjLhKV87BGl19Pp_H4uqmvkMIzEZt1_BfYgPCIskmJ68H7oNlY18H6IpFeqvjB7L-shaPob2iHkViB-1CeE_6vNYLJOpKnr5CNQrgf0TnLTNIHdPKgqAwBtcNHEZ5kC55EhAcIUwLWMWR0ojySbI1FVDQOo5bPEijyLzMYFszBu-Q4yHvU_rgQ&sai=AMfl-YTyJvKkE9oCSvhoNG9PfuqEyC72ZfHP18CbSuEmhgC5Z0demPc-05hwtMTgJ7wkwricjIgJ5MbzCCrC-AWLdi02ZV5ee0gPPW7t-bTo9tuwTSgto2X9N8-trej6VX6cqb4iyu-fRZOmxPPpV0_GXZl73XaxM0urUootoplGpOATwCDxxh0xTUFmXYDc9ef6T-L5NZu2ikjb27XUXA1mbz-Yy0OqoyfkWJl_o1wPKwHHtAq2GhUbSeHWTU7N8Kza5HJAnc1vCcpFt0v1YNA4y6iGJRiyRU_la0HwOY04NT7xu-00Rp8tZLn3N30DvFSRxH1-y2RirL7KR81fsm3w8dLG8kXbOp9AmplIS1HZypYNaunqGLh47-ujcwB8y1ELlSlu8Sn9db5cD6flXXrgZ6B04fwZBXmpki7J&sig=Cg0ArKJSzI2bjMBl6q5REAE&uach_m=[UACH]&pr=missingexchangepricemacro&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=433&vt=11&dtpt=430&dett=2&cstd=0&cisv=r20221019.42495&adurl= HTTP/1.1
Host: googleads4.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://de5e6f8c6d9a2d4d0eee1c532b34803b.safeframe.googlesyndication.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
access-control-allow-origin: *
content-type: image/gif
x-content-type-options: nosniff
date: Sat, 22 Oct 2022 07:57:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 22-Oct-2022 08:12:54 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 22 Oct 2022 07:57:54 GMT
X-Firefox-Spdy: h2
ocsp.comodoca4.com/
104.18.32.68200 OK 283 B IP 104.18.32.68:0
Hash 4a05f9b6ce42f1cda742d71bbf61d843
592d8921640d8f7915b49a6b9e57d06888e78c42
4da8b4113fa004b9e492f798cd80eb9a235775fcb25f2e475cd147ea03ed72f7
POST / HTTP/1.1
Host: ocsp.comodoca4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 07:57:54 GMT
Content-Type: application/ocsp-response
Content-Length: 283
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 00:47:11 GMT
Expires: Sat, 29 Oct 2022 00:47:10 GMT
Etag: "592d8921640d8f7915b49a6b9e57d06888e78c42"
Cache-Control: max-age=578355,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e0af4eee21b50f-OSL
ocsp.comodoca4.com/
104.18.32.68200 OK 283 B IP 104.18.32.68:0
Hash 4a05f9b6ce42f1cda742d71bbf61d843
592d8921640d8f7915b49a6b9e57d06888e78c42
4da8b4113fa004b9e492f798cd80eb9a235775fcb25f2e475cd147ea03ed72f7
POST / HTTP/1.1
Host: ocsp.comodoca4.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 22 Oct 2022 07:57:54 GMT
Content-Type: application/ocsp-response
Content-Length: 283
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 00:47:11 GMT
Expires: Sat, 29 Oct 2022 00:47:10 GMT
Etag: "592d8921640d8f7915b49a6b9e57d06888e78c42"
Cache-Control: max-age=578355,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75e0af4ee804b524-OSL
cdn.viglink.com/images/pixel.gif?ch=1&rn=4.638751009260079
104.16.161.13200 OK 43 B URL HTTP/2 cdn.viglink.com/images/pixel.gif?ch=1&rn=4.638751009260079
IP 104.16.161.13:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /images/pixel.gif?ch=1&rn=4.638751009260079 HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:54 GMT
content-type: image/gif
content-length: 43
x-amz-id-2: DKooxv1hnVb14U7tRfofRlXkRWdAROqFTeVdJoYhgJujYE//2ob7xvZ4F6AurymI+gMMM6LbsRM=
x-amz-request-id: ZF3JJ27GZVXBFS73
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
etag: "221d8352905f2c38b3cb2bd191d630b0"
cache-control: max-age=15, must-revalidate
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e0af4f38320afe-OSL
X-Firefox-Spdy: h2
cdn.viglink.com/images/pixel.gif?ch=2&rn=4.638751009260079
104.16.161.13200 OK 43 B URL HTTP/2 cdn.viglink.com/images/pixel.gif?ch=2&rn=4.638751009260079
IP 104.16.161.13:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /images/pixel.gif?ch=2&rn=4.638751009260079 HTTP/1.1
Host: cdn.viglink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:54 GMT
content-type: image/gif
content-length: 43
x-amz-id-2: DKooxv1hnVb14U7tRfofRlXkRWdAROqFTeVdJoYhgJujYE//2ob7xvZ4F6AurymI+gMMM6LbsRM=
x-amz-request-id: ZF3JJ27GZVXBFS73
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
etag: "221d8352905f2c38b3cb2bd191d630b0"
cache-control: max-age=15, must-revalidate
cf-cache-status: HIT
age: 1
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e0af4f38350afe-OSL
X-Firefox-Spdy: h2
referrer.disqus.com/juggler/event.gif?abe=1&embed_hidden=1&load_time=475&event=init_embed&thread=9364431086&forum=dramacool-ukph88jvsw&forum_id=7315247&imp=5uh7qdp141eih6&thread_slug=little_women_2022_episode_6_english_sub_at_dramacool_70&user_type=anon&referrer=https%3A%2F%2Fdramacool.sr%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true
151.101.84.134200 OK 43 B URL HTTP/1.1 referrer.disqus.com/juggler/event.gif?abe=1&embed_hidden=1&load_time=475&event=init_embed&thread=9364431086&forum=dramacool-ukph88jvsw&forum_id=7315247&imp=5uh7qdp141eih6&thread_slug=little_women_2022_episode_6_english_sub_at_dramacool_70&user_type=anon&referrer=https%3A%2F%2Fdramacool.sr%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true
IP 151.101.84.134:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /juggler/event.gif?abe=1&embed_hidden=1&load_time=475&event=init_embed&thread=9364431086&forum=dramacool-ukph88jvsw&forum_id=7315247&imp=5uh7qdp141eih6&thread_slug=little_women_2022_episode_6_english_sub_at_dramacool_70&user_type=anon&referrer=https%3A%2F%2Fdramacool.sr%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default&variant=fallthrough&service=dynamic&promoted_enabled=true&max_enabled=true HTTP/1.1
Host: referrer.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://disqus.com/embed/comments/?base=default&f=dramacool-ukph88jvsw&t_u=https%3A%2F%2Fdramacool.sr%2Fvideo-watch%2Flittle-women-2022-episode-6-hta&t_d=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&t_t=Little%20Women%20(2022)%20Episode%206%20English%20sub%20at%20Dramacool&s_o=default
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 43
Server: nginx
Content-Type: image/gif
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Date: Sat, 22 Oct 2022 07:57:54 GMT
Cross-Origin-Resource-Policy: cross-origin
links.services.disqus.com/api/ping
151.101.84.64200 OK 316 B URL HTTP/1.1 links.services.disqus.com/api/ping
IP 151.101.84.64:0
File type ASCII text, with very long lines (316), with no line terminators
Hash 10f397d846cf954783a23e60d873fc2c
250225fc9d77a57ac82b605aae62724899778bdc
147c5ec98e7893da2643edbcf99b011e780a3426cd900c29ceb6c6b26fd3b9c3
POST /api/ping HTTP/1.1
Host: links.services.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 173
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 316
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dramacool.sr
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Date: Sat, 22 Oct 2022 07:57:54 GMT
Set-Cookie: vglnk.Agent.p=fcd92e880a4f58f87cfd9a69c5003923; Expires=Sun, 22 Oct 2023 07:57:54 GMT; path=/
vglnk.PartnerRfsh.p=; Expires=Sun, 22 Oct 2023 07:57:54 GMT; path=/
links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
151.101.84.64200 OK 43 B URL HTTP/1.1 links.services.disqus.com/api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d
IP 151.101.84.64:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 221d8352905f2c38b3cb2bd191d630b0
d804b495cb9b84b9007a25b5d85f9ae674004cde
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
GET /api/sync.gif?key=cfdfcf52dffd0a702a61bad27507376d HTTP/1.1
Host: links.services.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 43
Cache-Control: no-cache, no-store
Content-Type: image/gif;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Date: Sat, 22 Oct 2022 07:57:55 GMT
Set-Cookie: vglnk.Agent.p=02dd697e4ba6a38a3fa9465d63ef4524; Expires=Sun, 22 Oct 2023 07:57:55 GMT; path=/
vglnk.PartnerRfsh.p=; Expires=Sun, 22 Oct 2023 07:57:55 GMT; path=/
links.services.disqus.com/api/domains
151.101.84.64200 OK 41 B URL HTTP/1.1 links.services.disqus.com/api/domains
IP 151.101.84.64:0
File type ASCII text, with no line terminators
Hash 4dd098e1a33a2e624e02fd4cd5975bba
9fb9a940af75e93dbb70cf972234dd5e59d3150b
f1640b2b1f1cfd9ca28cb170742732f4b5aa7e74b12e657c53c2a70d895a1615
POST /api/domains HTTP/1.1
Host: links.services.disqus.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 249
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 41
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://dramacool.sr
Cache-Control: no-cache, no-store
Content-Type: text/javascript;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Pragma: no-cache
Server: Apache-Coyote/1.1
Date: Sat, 22 Oct 2022 07:57:55 GMT
Set-Cookie: vglnk.Agent.p=a47ffac20218829cc2599ee5eff20b28; Expires=Sun, 22 Oct 2023 07:57:55 GMT; path=/
vglnk.PartnerRfsh.p=; Expires=Sun, 22 Oct 2023 07:57:55 GMT; path=/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bd9089074278cfc155dc2c7f5eeaa15e
96a6c6c03b53792a9124bcd61f8823138b32b095
3c91b7bd396d60ec811bcbdf2727ad50b706d6db67e6713496aad9b1b0e76c93
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C91B7BD396D60EC811BCBDF2727AD50B706D6DB67E6713496AAD9B1B0E76C93"
Last-Modified: Wed, 19 Oct 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5186
Expires: Sat, 22 Oct 2022 09:24:21 GMT
Date: Sat, 22 Oct 2022 07:57:55 GMT
Connection: keep-alive
stairtuy.com/jmvnimasgfwgpieixrcgjasxverajd.css?aHR0cHM6Ly9ybmRza2l0dHl0b3IuY29tLzQwMC80MjMxNTYz
139.45.197.154200 OK 38 kB URL HTTP/2 stairtuy.com/jmvnimasgfwgpieixrcgjasxverajd.css?aHR0cHM6Ly9ybmRza2l0dHl0b3IuY29tLzQwMC80MjMxNTYz
IP 139.45.197.154:0
Hash b5d9e6c7d6041499adab3bd2e21fa3d8
2766a89255dec46a071539940ae1638711e2a943
2ad5fa5eb8d87281b7a012ac33a824b9cf2336c27da890fcfe00cc1839042154
Analyzer Verdict Alert quad9 Sinkholed
GET /jmvnimasgfwgpieixrcgjasxverajd.css?aHR0cHM6Ly9ybmRza2l0dHl0b3IuY29tLzQwMC80MjMxNTYz HTTP/1.1
Host: stairtuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dembed2.com
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:55 GMT
content-type: text/css
x-trace-id: db71c26b9baccd1277e5e7f073115e0b
pragma: no-cache
vary: Accept-Encoding, Origin
access-control-expose-headers: Link
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
access-control-allow-origin: https://dembed2.com
set-cookie: OAID=4504de3ed8b043a580646d40d6b5606e; expires=Sun, 22 Oct 2023 07:57:55 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
dembed2.com/player/js/jquery.min.js?v=10.1.19
104.26.15.20200 OK 0 B URL HTTP/2 dembed2.com/player/js/jquery.min.js?v=10.1.19
IP 104.26.15.20:0
GET /player/js/jquery.min.js?v=10.1.19 HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Wed, 21 Jul 2021 11:00:50 GMT
etag: W/"60f7fe62-1514d"
expires: Wed, 16 Nov 2022 07:24:20 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 437595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RN4QNisQgb1jLRoBtJZhn2eKHG7krDsKjjHHGFPoI1WdM1KSu8dvaiZs3b09bdQkcewYQoqV7kokB2JEUCTpmIYv%2F88sitr0hEkPMwORjldUh%2FxQsnOWIfpxzuMH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af36bc0eb4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
dembed2.com/ajax/user/panel
104.26.15.20404 Not Found 0 B URL HTTP/2 dembed2.com/ajax/user/panel
IP 104.26.15.20:0
GET /ajax/user/panel HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
set-cookie: tvshow=5fa4i1qh10uvf44k2i5te187c0; path=/
token=6353a27f97729; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9G8Vix5DpslStPXwxaYuhM%2Be33Xkgvr1iW8tNUO6DVy3upG4LSLSC%2BOLWvA%2FtRK%2FjVI31Y3QJfXj4UbEBy8H3WdQWl3WXyA6qfXOW6OVJl3Ra4g%2Fs3kIFb%2BUibuz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af3cfab2b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
grunoaph.net/5/5360946/?oo=1&aab=1
139.45.197.238200 OK 0 B URL HTTP/2 grunoaph.net/5/5360946/?oo=1&aab=1
IP 139.45.197.238:0
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5360946/?oo=1&aab=1 HTTP/1.1
Host: grunoaph.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dramacool.sr
Connection: keep-alive
Referer: https://dramacool.sr/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 22 Oct 2022 07:57:49 GMT
content-type: application/json
x-trace-id: cf5db00c9f3c68dbcb55d365e20f7a58
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://dramacool.sr
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=0e14fc0b86d1419fae98ffc16301f176; expires=Sun, 22 Oct 2023 07:57:49 GMT; path=/; secure; SameSite=None
oaidts=1666425469; expires=Sun, 22 Oct 2023 07:57:49 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
IP 142.250.74.10:0
GET /css?family=Roboto%3A300%2C400%2C700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://googleads.g.doubleclick.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 22 Oct 2022 07:57:51 GMT
date: Sat, 22 Oct 2022 07:57:51 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
dembed2.com/js/jw8.23/jwplayer.js?v=10.1.19
104.26.15.20200 OK 0 B URL HTTP/2 dembed2.com/js/jw8.23/jwplayer.js?v=10.1.19
IP 104.26.15.20:0
GET /js/jw8.23/jwplayer.js?v=10.1.19 HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Fri, 31 Dec 2021 07:33:23 GMT
etag: W/"61ceb243-1c36f"
expires: Wed, 16 Nov 2022 06:24:35 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 437595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bclzhdojosTv32T7OYOsVeLD0SJz2Hpp0rg5or3sMSqxNrudk4gPRNQtEeB53xaRhyfJWEWC%2FN3gb3kXosCq6ccsZIp6pyg%2FFfnpGZmdYZDpjhuiqCBU9yc7KoID"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af36bc10b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
172.67.194.45200 OK 0 B IP 172.67.194.45:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:51 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 3703
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bcXKdOB0Os2nVqrJIIwQvSbCjagEl5P1LYweCzTmuqXhK4YT3G83%2BIYwyZ%2BxVkHi%2FQWPTZz5N9ncbrAfTNOYsV1XvnZm4bcPbcDQoHQ0VtrPwtoZDksSVVEZ%2B2VDig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75e0af3ef8301bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dramacool.sr/video-watch/little-women-2022-episode-6-hta
104.21.65.60200 OK 0 B URL HTTP/2 dramacool.sr/video-watch/little-women-2022-episode-6-hta
IP 104.21.65.60:0
GET /video-watch/little-women-2022-episode-6-hta HTTP/1.1
Host: dramacool.sr
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:49 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
content-security-policy: upgrade-insecure-requests
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6Inozcy9hc01ROFkxc3VDbUhreTBjQVE9PSIsInZhbHVlIjoiOFhLZFQvL2w4SlAxV29DR0NnVFFGUnBlOVlzVTViV2pNYlM1WkMvYWRKTXpoWi9oNGU0SzJXNEJETTBxK24vMmt6MVVLNkFzenpDMmhJOXo1bEdMb1pnVzZlUFdIUG1tek9pcGsxTCtCc3FJcE9COTFCOTJ1c3NMTjBTVFR1RUUiLCJtYWMiOiI4Njg4ZDEyYWI4OWNiZjBjYTM3YmVhZGFhYWNkNThmYzA1MzgzNmMwOTEwYmM1YmUwNDBmYjZlYzRhNGU3MGJlIiwidGFnIjoiIn0%3D; expires=Sat, 22-Oct-2022 09:57:49 GMT; Max-Age=7200; path=/; samesite=lax
dramacool_session=eyJpdiI6IlZzVFpwWnZRWUVndmpxdVlibTZYS3c9PSIsInZhbHVlIjoib3JPa0I3U1ZJRnV3VngxdlBjeHIrYk1mQ2hBY3ZPMnVLNjV0bTVRY3hreWcvWkZPQW1peGdaMWdRbG9XcW9xOEM0Uis1Uk83dTBIdGNBOVYxZXo2SklxdzZWNUY0TTk2dnE3QzlNT3RHTDFBZ3g4L1FINjNBU0hCL3FaczlPTlUiLCJtYWMiOiI0MjM0MWQyMDgwNmVkZDAyMzMxZmI4NTNjYTZiODI1NmFmZGQwNDhmMzFiMmYzNDQ1OGE3NTAyNWIzYTlkYjk4IiwidGFnIjoiIn0%3D; expires=Sat, 22-Oct-2022 09:57:49 GMT; Max-Age=7200; path=/; httponly; samesite=lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fMy6ijwnzMzAes1FCXTnwX06CUwdqEvY%2BTqesbK9mCPu9Y%2Fzu3nTvWn0lpq0TyJYP6Wwccdlw1Ll0XWZB8ICuggbXJ1vetw2ARFe5YL8U%2BR9QkXE0evR0WRMWg2jegs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af2eed84b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dembed2.com/player/css/main.css?v=10.1.19
104.26.15.20200 OK 0 B URL HTTP/2 dembed2.com/player/css/main.css?v=10.1.19
IP 104.26.15.20:0
GET /player/css/main.css?v=10.1.19 HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
last-modified: Tue, 26 Mar 2019 10:08:11 GMT
etag: W/"5c99fa0b-797"
expires: Wed, 16 Nov 2022 06:24:35 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 437595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xeRQMhOi5L1rpYeadsufDWxQMbqZjBQnzGN%2BRa7rPIivAFd2NADC%2Bi6Zyz9IDrOe0A1UeUMgXBUAUca2Ba7N3Q%2BqwJeWsMYk7XtL2s82JbWUVyJG%2F9yW%2B5cwLmgt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af36ac07b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
dembed2.com/js/crypto-js/crypto-js.js?v=10.1.19
104.26.15.20200 OK 0 B URL HTTP/2 dembed2.com/js/crypto-js/crypto-js.js?v=10.1.19
IP 104.26.15.20:0
GET /js/crypto-js/crypto-js.js?v=10.1.19 HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:50 GMT
content-type: application/javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Mon, 21 Jun 2021 05:38:08 GMT
etag: W/"60d025c0-2f4dd"
expires: Wed, 16 Nov 2022 06:24:35 GMT
cache-control: public, max-age=2592000, must-revalidate, proxy-revalidate
pragma: public
cf-cache-status: HIT
age: 437595
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHUzn8hpLjIlIxlFs2BG3v8DLSQtfYK5lNcQeBpu59DOSoPTUagAi8%2B3jVYxbpzRKn1KHpjBaHPD3odBvCUbH7Jfw6u4aA2xuR0DvhpIQawgBz5w690WdSqAZPWH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af36bc12b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2
dembed2.com/encrypt-ajax.php?id=mDEHaUM51nSG/Td4ch53qw==&title=Little+Women+%282022%29+episode+6&typesub=SUB&mip=0.0.0.0&refer=https://dramacool.sr/&op=1&alias=MzQ3MjE3
104.26.15.20200 OK 0 B URL HTTP/2 dembed2.com/encrypt-ajax.php?id=mDEHaUM51nSG/Td4ch53qw==&title=Little+Women+%282022%29+episode+6&typesub=SUB&mip=0.0.0.0&refer=https://dramacool.sr/&op=1&alias=MzQ3MjE3
IP 104.26.15.20:0
GET /encrypt-ajax.php?id=mDEHaUM51nSG/Td4ch53qw==&title=Little+Women+%282022%29+episode+6&typesub=SUB&mip=0.0.0.0&refer=https://dramacool.sr/&op=1&alias=MzQ3MjE3 HTTP/1.1
Host: dembed2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sat, 22 Oct 2022 07:57:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.6.13
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=444y8fLUEFN%2F0yYsp2FDrOZZdantKntwfIE%2FJ%2FLLbOVyKKbtjPi9Qld8cWvRCuOaR%2B%2Bv1CThmN%2F2BMKMGCwZXWoZhLyekTlUBkSj3dXsFJm154fbPcLileUCltjX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75e0af413ef6b4f1-OSL
content-encoding: br
X-Firefox-Spdy: h2