play.nbryb.com/ggl26_lnk17.html
104.18.10.157200 OK 8.1 kB URL HTTP/1.1 play.nbryb.com/ggl26_lnk17.html
IP 104.18.10.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9295)
Hash 60d515238ae98c413c1e52c6918dc992
7fa4762579b8cf8c0f6cb2f0ed9bd97e9d06099e
68853ac038b7e66756906536e3bdc35cc02544bddb6189507d456aedb0180fbb
Analyzer Verdict Alert fortinet Malware
GET /ggl26_lnk17.html HTTP/1.1
Host: play.nbryb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 11:53:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 08 Aug 2022 09:55:59 GMT
CF-Cache-Status: MISS
Expires: Fri, 07 Oct 2022 11:53:58 GMT
Cache-Control: public, max-age=2678400
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746701dbc89b0b41-OSL
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d931e0142ef5ffe9cdb4c4c6bfcb9bc9
d9c4caf525e8926b042a14f38d374cc4033ed768
f610984fb0a75b3a31424faa860cbc8172c7f21804df1dc14fbb685b7c456f29
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F610984FB0A75B3A31424FAA860CBC8172C7F21804DF1DC14FBB685B7C456F29"
Last-Modified: Sat, 03 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2932
Expires: Tue, 06 Sep 2022 12:42:50 GMT
Date: Tue, 06 Sep 2022 11:53:58 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 06 Sep 2022 11:04:17 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Oa8efpZelpHHcvM_B69Ro3ks_5iwfU5LfxzvhFePwv4MDvx5wGW9gg==
Age: 2981
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.49200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.49:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 06 Sep 2022 01:15:18 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: _nOLioWKiVqcE_X0HUoy-3LI9vcNqMWcCqrw9zvJormf7SyemRmXjw==
age: 38321
X-Firefox-Spdy: h2
play.nbryb.com/play-black.png
104.18.10.157200 OK 4.8 kB URL HTTP/1.1 play.nbryb.com/play-black.png
IP 104.18.10.157:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 1810f8f07f30902895b8e462aa1c7740
482f354989f316e34e5dd15b19ff64c32209a9c8
9acd2781c19260db81863b5d6bf831f85d261984832632f1af4295a4f5490daf
GET /play-black.png HTTP/1.1
Host: play.nbryb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 11:53:58 GMT
Content-Type: image/webp
Content-Length: 4828
Connection: keep-alive
Cf-Bgj: imgq:85,h2pri
Cf-Polished: origFmt=png, origSize=10122
Content-Disposition: inline; filename="play-black.webp"
ETag: "62b3eb77-278a"
Last-Modified: Thu, 23 Jun 2022 04:26:31 GMT
Vary: Accept
CF-Cache-Status: HIT
Age: 562278
Expires: Fri, 07 Oct 2022 11:53:58 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 746701dd3b830b41-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
play.nbryb.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
104.18.10.157200 OK 3.9 kB URL HTTP/1.1 play.nbryb.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP 104.18.10.157:0
File type ASCII text, with very long lines (12331)
Hash 54c87b7a9007d256c837e382cab4170d
6c8f44204021f68596af9ae5a742c3ad1b76a6ec
3a09f98b09786cd8fbe71cc17d07660e767fc1c8d2ea467f912bc328766a54a1
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: play.nbryb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 11:53:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 31 Aug 2022 13:16:51 GMT
ETag: W/"630f5f43-302c"
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 746701dd3cd90b55-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Thu, 08 Sep 2022 11:53:58 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 11:53:58 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 06 Sep 2022 11:38:18 GMT
Cache-Control: max-age=3600
Expires: Tue, 06 Sep 2022 12:38:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zgZYqZ-RqkBDPkI29SjRvAPuGYzEFNWuxhIg1QC84Yp8SaJRpayMIg==
Age: 941
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e8952752ad4a452a575522a7eb737217
c5554fa2af05d7a7117032b0f99352de08988346
8c182bed7bbd843774a2136823b30a4cb707e2a5386f71d01640aa3558888bf7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5861
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Sep 2022 11:53:59 GMT
Last-Modified: Tue, 06 Sep 2022 10:16:18 GMT
Server: ECS (ska/F71E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.238.202.79101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.238.202.79:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 6utgO84BKxjRh+hjp2mXTg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 5fN6N1B5XJHyUcYiaOJzUUM3jf4=
2249.nbryb.com/ggl26_lnk17.html?cnt=2249
104.18.10.157200 OK 8.6 kB URL HTTP/2 2249.nbryb.com/ggl26_lnk17.html?cnt=2249
IP 104.18.10.157:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9295)
Hash 35d832836741e4debf13966fb9338569
d264ee6c08c66c6c8c4684a68ea929eba610a03b
0e37be4b7a3b861d6fe7ce677084da9530473fe78a0f53bf129593fc5287abc4
Analyzer Verdict Alert fortinet Malware
GET /ggl26_lnk17.html?cnt=2249 HTTP/1.1
Host: 2249.nbryb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 06 Sep 2022 11:53:58 GMT
content-type: text/html
last-modified: Mon, 08 Aug 2022 09:55:59 GMT
cf-cache-status: MISS
expires: Fri, 07 Oct 2022 11:53:58 GMT
cache-control: public, max-age=2678400
vary: Accept-Encoding
server: cloudflare
cf-ray: 746701de8d830b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6968
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 11:54:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6968
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 11:54:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6968
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 11:54:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bc70b1691dd339e8120b92ba393ffb69
99118be3645b3182ccdc5f9da149a97c220a3929
da94f53f998808b2b187d6c265722e95e4cdce9f0a4b23ff0bf6c96d2cdf2bd8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DA94F53F998808B2B187D6C265722E95E4CDCE9F0A4B23FF0BF6C96D2CDF2BD8"
Last-Modified: Mon, 05 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6968
Expires: Tue, 06 Sep 2022 13:50:09 GMT
Date: Tue, 06 Sep 2022 11:54:01 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 19b452d6541a6028e7d3f90529477077
1c16eb50bc2490b4ebff6775ef611fdcb282f9f9
f4763a0f464067991c2c484c384df4fe791d7df6e3d6ad15650a954db537249f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F228f042c-3a57-45c7-84c2-4aaaa1dd2f07.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10694
x-amzn-requestid: c3d2f71c-927d-41f6-93ab-bf041374a9f1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWsgHQOIAMFvSA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-5d2efd595cdf300972f4fb79;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: eikhT8BkN5e163S6QriQybdyPNTKDTf3BCsHifNwfBJfrWv7LqgL8Q==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:02:23 GMT
etag: "1c16eb50bc2490b4ebff6775ef611fdcb282f9f9"
content-type: image/jpeg
age: 49898
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3fe4a321dcd6a94a637a528d74f9321a
3f3aad2cc71226b39549db1a9baa6837d4f1d897
a19b6749429e8ecaeac8fc0849abc4d891bfc628489762b1619a3ee3064536e3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e36fad7-34cb-448b-b231-07f66a5adf7e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12573
x-amzn-requestid: 92e03b26-883b-41e2-9033-379a6d02210c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAYCdGy8oAMFQZw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166d42-1c4ea2f74b796623574bde87;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:42:26 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: u1hKGB5UKEuuIVqcQ_Lx5wfBjy_hB32Jnp7_mDnF2BrsN4a6Mj_WJQ==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:46:16 GMT
etag: "3f3aad2cc71226b39549db1a9baa6837d4f1d897"
content-type: image/jpeg
age: 50865
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ec466c0d472e43c11d36bf6fce068205
720d3624a76d060b8e2699e9aa7a320e3efd4878
5553fc24713aae808f5ab81671551b0ae719435f3ced9f25df97d8edf6bfe86f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106059e1-95ed-4ffb-b6d2-7b4f160333ed.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12683
x-amzn-requestid: 6127e5b6-72f6-40df-b400-41a1f147f6da
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xz8XmEe0IAMFQDA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63117430-2b27a2683d2d320172cef32e;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 03:10:40 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Mj_IT5g7hGu2AunKK7mvierv5BQ8cAxhnbGaUNsL6hRNu6MRAzIBDw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Sep 2022 04:36:52 GMT
age: 26229
etag: "720d3624a76d060b8e2699e9aa7a320e3efd4878"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0d404793e430ea237e75be9cb1e2bce4
059b34d1809abedd223f7beec75e7831673878be
f180b1cdeb9a794ba3211348673783508d021aeaed419d782374be1a92a4c8dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc784000-5c7c-4aa9-8318-e4d0319d1a09.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9300
x-amzn-requestid: dc833608-6b16-4baa-af21-d3885043556c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YAWshHVxIAMFlGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63166b1c-1710086818614ab247bcaf58;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 21:33:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sPkksSz3FIV3WcWpoY8E8UYKmUTE8LJ2lr5WO2JVNCGIuAvpPwYMYg==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 22:01:20 GMT
age: 49961
etag: "059b34d1809abedd223f7beec75e7831673878be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c81f3df885bdee8cac46ea9495e6b63b
fc766bca874a352a4acb569577d4cf6527f4f074
e21473f88c613ca33ba6bbe1e0cab338274a06744cdcb088f14873c972445b36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7ad09c5e-a115-4ff7-9742-809e93046365.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4426
x-amzn-requestid: b5b68557-e46d-41cd-9b11-d996aabc0de7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XzfYTHHFIAMFjFw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631145ce-1d3504367cf6ef724a345564;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 23:52:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: bSBSzzRMdrVdoV3Ld8hYWq2AwO7Mswcwa8Tk_AKa44j1SlrFugNqpg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 21:48:06 GMT
age: 50755
etag: "fc766bca874a352a4acb569577d4cf6527f4f074"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg
34.120.237.76200 OK 5.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c4b2d6a516e93799b54fe2bbd6630f86
b5a7380f294876dd308c7fde294f36a425c1be01
7463878d8967ff31d7ce20d5a4408c23ad59123032a990c21a47df0881edcb86
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F326e03cd-e1aa-45a4-8a6b-bdd21f21012c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5377
x-amzn-requestid: 2adc68e8-1889-4233-8ac4-e2a8d44ccbdd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X_4XzF1FoAMF3AA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63163a98-5918897d7de556f75bbfab34;Sampled=0
x-amzn-remapped-date: Mon, 05 Sep 2022 18:06:16 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: DpNb6dBygeDbRbFWIkeXYVddcgxlSVuq4y73JvG315Xp-wkwiDhZyQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Sep 2022 18:09:25 GMT
age: 63876
etag: "b5a7380f294876dd308c7fde294f36a425c1be01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 912f9a32166cf6d4e458969545df501d
6cecdd7246361b80f2464910ba31ee1f4381ee7d
58d632863a6aab3b308ad380f47595e74120f4495f48e83e89647e4f42533fa3
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2022 11:54:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 05 Sep 2022 06:25:21 GMT
Expires: Mon, 12 Sep 2022 06:25:20 GMT
Etag: "6cecdd7246361b80f2464910ba31ee1f4381ee7d"
Cache-Control: max-age=498078,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 746701f02ffcb506-OSL
my.rtmark.net/gid.js?checkDuplicate=true&pub=0
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?checkDuplicate=true&pub=0
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 94710d412fb2a7f7a3464008f5ff9f14
bb90c5f8d14ad7d8b508bf4ca11a309c82801029
05a60b52dcb4e2113d44d53c9b1c4afc965733639f785cce6b5769eeae984ac2
GET /gid.js?checkDuplicate=true&pub=0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://play.nbryb.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Sep 2022 11:54:01 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://play.nbryb.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2c31a8fcd6574824948e56e223acd46a; expires=Wed, 06 Sep 2023 11:54:01 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2