firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b593eb39329cfe060d55be5e4a5405e2
78e46c1028e9f94f8569303ad2d90d7df13a059a
08a810103557efe55ca4425ff0cf82593f1f54633df899127eaec9bee05d4d04
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, Alert, Content-Length, Content-Type, Backoff
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 22:07:02 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: tPHC0REqWXdjQrmYwC3hBcW78PMHsXmDRBjOv_TXqaHTHmhJZY492w==
Age: 2571
retti.com/http:/retti.com/mtm/direct/.eJw9kMtugkAAAP-FcysIVcSbJQrlqRbxcTGwLx7Fxd0FZZv-ezVNeptJ5jTfSsdKZa6ohRDtXGVIiHIEaKM2olFhyRAQ6gh5N6vioiNysVmsz6uJzJx0SXNM8tNwv4au1u-zt21iQStI_cZw9nU8m2pXJHe0Pxac6MfdbItI64X1-vDlLF3jXWC3-0wpZ6CdwshZlUGSRymJ-Y52PcH9WDtVBYAmjn2XjBvfNI86OAz74I6vF7A1TkuZmU40nPPgQjNIPMmB7cJkerAnnR2P7b7WZWkbUpdammvtzQgnrmaVMKw-sOlt6sTJCx-_VqY1LCLlRckY4Y8RD2III4bYnxSUi_Mla9BD_-88cwBQK57Nzy-3Y2y4:1oW8lt:obESAp4ho1K_2LpwFk8QIKfZrVI/
45.33.2.79200 OK 8.1 kB URL HTTP/1.1 retti.com/http:/retti.com/mtm/direct/.eJw9kMtugkAAAP-FcysIVcSbJQrlqRbxcTGwLx7Fxd0FZZv-ezVNeptJ5jTfSsdKZa6ohRDtXGVIiHIEaKM2olFhyRAQ6gh5N6vioiNysVmsz6uJzJx0SXNM8tNwv4au1u-zt21iQStI_cZw9nU8m2pXJHe0Pxac6MfdbItI64X1-vDlLF3jXWC3-0wpZ6CdwshZlUGSRymJ-Y52PcH9WDtVBYAmjn2XjBvfNI86OAz74I6vF7A1TkuZmU40nPPgQjNIPMmB7cJkerAnnR2P7b7WZWkbUpdammvtzQgnrmaVMKw-sOlt6sTJCx-_VqY1LCLlRckY4Y8RD2III4bYnxSUi_Mla9BD_-88cwBQK57Nzy-3Y2y4:1oW8lt:obESAp4ho1K_2LpwFk8QIKfZrVI/
IP 45.33.2.79:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (573)
Hash 842dd091b44e9f47438df0218e3d0ebc
d2ae9390864682886ebf4db40a41afb03ed141b5
7a005df597e51aab70a3317366e4509bc7c16d665c2e25c6ca63c9043bbe15c4
Analyzer Verdict Alert fortinet Malware
GET /http:/retti.com/mtm/direct/.eJw9kMtugkAAAP-FcysIVcSbJQrlqRbxcTGwLx7Fxd0FZZv-ezVNeptJ5jTfSsdKZa6ohRDtXGVIiHIEaKM2olFhyRAQ6gh5N6vioiNysVmsz6uJzJx0SXNM8tNwv4au1u-zt21iQStI_cZw9nU8m2pXJHe0Pxac6MfdbItI64X1-vDlLF3jXWC3-0wpZ6CdwshZlUGSRymJ-Y52PcH9WDtVBYAmjn2XjBvfNI86OAz74I6vF7A1TkuZmU40nPPgQjNIPMmB7cJkerAnnR2P7b7WZWkbUpdammvtzQgnrmaVMKw-sOlt6sTJCx-_VqY1LCLlRckY4Y8RD2III4bYnxSUi_Mla9BD_-88cwBQK57Nzy-3Y2y4:1oW8lt:obESAp4ho1K_2LpwFk8QIKfZrVI/ HTTP/1.1
Host: retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sat, 10 Sep 2022 22:49:53 GMT
content-type: text/html; charset=utf-8
content-length: 8115
vary: Accept-Language
content-language: en
connection: close
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 76d5eb597558e3dee0d99719d17e71e0
f3a0f3932fa8059f27dc9422d523b938fa9a7d09
d16de6cc9eb0e1297f53dc1137bb764bf5c21a7727be32ad05afebd1fe9501ed
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D16DE6CC9EB0E1297F53DC1137BB764BF5C21A7727BE32AD05AFEBD1FE9501ED"
Last-Modified: Sat, 10 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4907
Expires: Sun, 11 Sep 2022 00:11:40 GMT
Date: Sat, 10 Sep 2022 22:49:53 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zhKwLO5Pn8gxPW3PmXAWS3l9Ir9i3dTxQ0ryZ8R5CwoADkD0Sp1ajg==
age: 55961
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 22:49:53 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
retti.com/mtm/async/.eJxdkMtygkAQRf-FpRFBVCKmskANChFKQRHZWOMwyiAjCM1DU_n3YJLKIrt7z-1Nnw-uyCg34oQQIB0JGQGgHZwwgQETApoRDEKHGJVyNqE4nVVVXfIavuW6i52Dscriq32o8XpWLepnrQ5EzfdLntxdi6RgDKL10cmDdx_JSWhPwZu5Op3rb-jdlJJYC2-2upJP4cCSS5pQ65a7LL_LhXE3atHxLHMIVlX2UdEt-DtIXbpyQN9jv1IumyGTUs-YE3FZIyybx-Cggy73vS5fTuOF1ou87aTHi1Xqy5OgykM_3swc-8YMfjeQlniubKfgjncqiy6SF425NoeyU96IaFJGjiQj2U8Jkxz2F8RIU__sPM4xbl5sIJAaGnssbqM0jSlGQJOLUD_IU_2fsvjl-ip2lDZl6EQEVNLjb6zIIW23hNb3PuQ-vwA7d4rb:1oX9IP:GoEezdDZV2Zw1fAOH4_e2FhEhh0/1/0
45.33.2.79200 OK 438 B URL HTTP/1.1 retti.com/mtm/async/.eJxdkMtygkAQRf-FpRFBVCKmskANChFKQRHZWOMwyiAjCM1DU_n3YJLKIrt7z-1Nnw-uyCg34oQQIB0JGQGgHZwwgQETApoRDEKHGJVyNqE4nVVVXfIavuW6i52Dscriq32o8XpWLepnrQ5EzfdLntxdi6RgDKL10cmDdx_JSWhPwZu5Op3rb-jdlJJYC2-2upJP4cCSS5pQ65a7LL_LhXE3atHxLHMIVlX2UdEt-DtIXbpyQN9jv1IumyGTUs-YE3FZIyybx-Cggy73vS5fTuOF1ou87aTHi1Xqy5OgykM_3swc-8YMfjeQlniubKfgjncqiy6SF425NoeyU96IaFJGjiQj2U8Jkxz2F8RIU__sPM4xbl5sIJAaGnssbqM0jSlGQJOLUD_IU_2fsvjl-ip2lDZl6EQEVNLjb6zIIW23hNb3PuQ-vwA7d4rb:1oX9IP:GoEezdDZV2Zw1fAOH4_e2FhEhh0/1/0
IP 45.33.2.79:0
File type ASCII text, with very long lines (438), with no line terminators
Hash 7c42ae1b572130bcd7f1f9b7b653fa8f
e2349d6949757dbb510d047333d3c66bf212e6dd
ff3ac1055ec4c96f9950221d30c4b46bd43218ef074460a07eef9cbcb659d7a6
Analyzer Verdict Alert fortinet Malware
GET /mtm/async/.eJxdkMtygkAQRf-FpRFBVCKmskANChFKQRHZWOMwyiAjCM1DU_n3YJLKIrt7z-1Nnw-uyCg34oQQIB0JGQGgHZwwgQETApoRDEKHGJVyNqE4nVVVXfIavuW6i52Dscriq32o8XpWLepnrQ5EzfdLntxdi6RgDKL10cmDdx_JSWhPwZu5Op3rb-jdlJJYC2-2upJP4cCSS5pQ65a7LL_LhXE3atHxLHMIVlX2UdEt-DtIXbpyQN9jv1IumyGTUs-YE3FZIyybx-Cggy73vS5fTuOF1ou87aTHi1Xqy5OgykM_3swc-8YMfjeQlniubKfgjncqiy6SF425NoeyU96IaFJGjiQj2U8Jkxz2F8RIU__sPM4xbl5sIJAaGnssbqM0jSlGQJOLUD_IU_2fsvjl-ip2lDZl6EQEVNLjb6zIIW23hNb3PuQ-vwA7d4rb:1oX9IP:GoEezdDZV2Zw1fAOH4_e2FhEhh0/1/0 HTTP/1.1
Host: retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://retti.com/http:/retti.com/mtm/direct/.eJw9kMtugkAAAP-FcysIVcSbJQrlqRbxcTGwLx7Fxd0FZZv-ezVNeptJ5jTfSsdKZa6ohRDtXGVIiHIEaKM2olFhyRAQ6gh5N6vioiNysVmsz6uJzJx0SXNM8tNwv4au1u-zt21iQStI_cZw9nU8m2pXJHe0Pxac6MfdbItI64X1-vDlLF3jXWC3-0wpZ6CdwshZlUGSRymJ-Y52PcH9WDtVBYAmjn2XjBvfNI86OAz74I6vF7A1TkuZmU40nPPgQjNIPMmB7cJkerAnnR2P7b7WZWkbUpdammvtzQgnrmaVMKw-sOlt6sTJCx-_VqY1LCLlRckY4Y8RD2III4bYnxSUi_Mla9BD_-88cwBQK57Nzy-3Y2y4:1oW8lt:obESAp4ho1K_2LpwFk8QIKfZrVI/
Connection: keep-alive
HTTP/1.1 200 OK
server: openresty/1.13.6.1
date: Sat, 10 Sep 2022 22:49:53 GMT
content-type: text/html; charset=utf-8
content-length: 438
x-mtm-path: 7
x-mtm-prov: 308:0.00;300:0.00
x-mtm-rd: 0.00
vary: Accept-Language
content-language: en
set-cookie: mtm_delivered=WyJyZXR0aS5jb20iLCJodHRwOi8vd3d3MS5yZXR0aS5jb20vP3RtPTEmc3ViaWQ0PTE2NjI4NTAxOTMuMDM2NTYzMDAwMCZLVzE9RGVkaWNhdGVkJTIwR2FtaW5nJTIwU2VydmVycyZLVzI9T25saW5lJTIwQ2FyZWVyJTIwQ291bnNlbGluZyUyMFByb2dyYW1zJktXMz1PbmxpbmUlMjBDYXJlZXIlMjBDb3Vuc2VsaW5nJTIwUHJvZ3JhbXMmS1c0PVNvY2lhbCUyME1lZGlhJTIwQXV0b21hdGlvbiUyME1hcmtldGluZyUyMFNvZnR3YXJlJktXNT1Mb3dlc3QlMjBDYXIlMjBJbnN1cmFuY2UlMjBSYXRlcyZLVzY9QjJCJTIwVHJhdmVsJTIwQm9va2luZyUyMFN5c3RlbSZLVzc9TWFrZSUyME1vbmV5JTIwRnJvbSUyMEhvbWUmS1c4PUxvd2VzdCUyMENhciUyMEluc3VyYW5jZSUyMFJhdGVzJktXOT1CZXN0JTIwTW9ydGdhZ2UlMjBSZWZpbmFuY2luZyUyMFJhdGVzJnNlYXJjaGJveD0wJmJhY2tmaWxsPTAiLDEsIjIwMjItMDktMTAgMjI6NDk6NTMiLDEsIjE2NjI4NTAxOTMuMDM2NTYzMDAwMCIsMzA4LG51bGwsbnVsbF0:1oX9IP:PNDbifo5QYTyWLQL4DdiTfGksps; expires=Sat, 10-Sep-2022 23:49:53 GMT; Max-Age=3600; Path=/
connection: close
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Sat, 10 Sep 2022 21:56:07 GMT
Expires: Sat, 10 Sep 2022 22:12:09 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 185768229530368be94556dcab1c486a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z4h6NeGByHT30t4DIhzl-VeK1sTp-t-Mcgo5lIAyngusHFldh-qreQ==
Age: 3227
www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
13.248.148.254200 OK 5.7 kB URL HTTP/1.1 www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
IP 13.248.148.254:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3046)
Hash 8234aab5a8cc11a290c3617074244298
f461a6daca083ef2511f25c2731833fae75ca2e0
3f2f1117fb7f359b569c13a9230f7cd0d3833d9f471e76af5a2a8731364cd163
GET /?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://retti.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 22:49:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_IMrOwRbIajylx5vkyeP78wTvbBOOezWg1czW9XON74LJ22+bdMDOzh4emPUh3K0eLiqHerR1dNwcS3OB2cSv7w==
X-Template: tpl_Urspring_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
143.204.42.194200 OK 7.0 kB URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
IP 143.204.42.194:0
File type ASCII text, with very long lines (316)
Hash cce7f943ec8e7b4ba13be4aba6b463d9
220f3e8ca723daa91fd040cf518991a65f2bf110
ba5b7354353b0eec1637564dae072fee662a5b9862f6bf7ed5e60a5a76f2ef44
GET /scripts/js3caf.js HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7000
Connection: keep-alive
Server: nginx
Date: Sat, 10 Sep 2022 00:46:20 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
Accept-Ranges: bytes
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PZbO1r1HvGnAETe5qRlqRZkMjZiGRGnaeiWIcuJpfWV8QJeWXhYx3w==
Age: 79414
d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css
143.204.42.194200 OK 343 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/assets/style.css
IP 143.204.42.194:0
Hash 03a4a8c322fc0c99b0ee7cbbcc9eabcd
6fc193276de2a3458cd853c474cb9269b900e00d
a535d2296792cb37a2bbad1d9d0546e3383a8a5bfac0d9edda15795c226bddf7
GET /themes/assets/style.css HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 10 Sep 2022 01:32:23 GMT
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
Content-Encoding: gzip
ETag: W/"5ebab1f0-33d"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 41dc61beb3fe8e8c2c299a2522d8330c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 21lhjV7KFSKjsddHLAMFy36-Mfst3hJrXRWuAZSoXbwaJxc3eCAs6Q==
Age: 76651
d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css
143.204.42.194200 OK 595 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css
IP 143.204.42.194:0
Hash 3467fcf391de4afa7667a4f28cf9bdee
e0bd69005cd9f0a608a230c8268e26e529240258
55ed4b318bf91e37cdca77a89b672b77f88ac9faf184aa4c63e5bcf5971141bc
GET /themes/urspring_2fef8ec8/style.css HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
HTTP/1.1 200 OK
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Date: Sat, 10 Sep 2022 00:59:12 GMT
Last-Modified: Tue, 17 May 2022 14:10:00 GMT
Content-Encoding: gzip
ETag: W/"6283acb8-577"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 56luSNZc3XHa_9EtSwVkEq34JY0qdGlLGxupvg_aAXN0Imw1D65n8g==
Age: 78642
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash 27bbdd1d246488a7872f99e432c86c83
2d31cf370a9e7b82137fa177cf31db1aca9b0e31
cbb7852dabdf0acab9981851160c62a289d2f2fcf705f6327894413b42f40ce5
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 10 Sep 2022 22:49:54 GMT
Expires: Sat, 10 Sep 2022 22:49:54 GMT
Cache-Control: private, max-age=3600
ETag: "10733590713701250077"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
185.53.178.30200 OK 761 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP 185.53.178.30:0
Hash 64f809e06446647e192fce8d1ec34e09
5b7ced07da42e205067afa88615317a277a4a82c
f52cbd664986ad7ed6e71c448e2d31d1a16463e4d9b7bca0c6be278649ccc4f3
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 10 Sep 2022 22:49:54 GMT
Content-Type: application/javascript
Content-Length: 761
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
Accept-Ranges: bytes
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 36fe04277220227ba5ecfe7d2ff1d9d9
2eb9f6560336248cc45c1cd66d87505b5ebdf5d4
94f8f2f8f3b67db18825ea48740ff0ce218d7156fe851d6b023ef43b6bee4f7f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1403
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:54 GMT
Last-Modified: Sat, 10 Sep 2022 22:26:31 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
54.189.157.130101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.157.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: tWWLhfhW4LoWKFvIIOTuwA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: SLVzHQtjrhdPt31fJw3rSaLTe00=
d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/img/arrows.png
143.204.42.194200 OK 11 kB URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/img/arrows.png
IP 143.204.42.194:0
File type PNG image data, 1500 x 600, 8-bit colormap, non-interlaced\012- data
Hash 0cb2e5165dc9324eb462199f04e1ffa9
9e0f89847ec8a98d98a6020bc5c4ed32b7a48bf8
67dff0aad873050f12609885f2264417ccdd0d438311000a704c89f0865f7865
GET /themes/urspring_2fef8ec8/img/arrows.png HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://d1lxhc4jvstzrp.cloudfront.net/themes/urspring_2fef8ec8/style.css
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 11375
Connection: keep-alive
Server: nginx
Date: Sat, 10 Sep 2022 01:54:16 GMT
Last-Modified: Tue, 17 May 2022 14:10:00 GMT
Accept-Ranges: bytes
ETag: "6283acb8-2c6f"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: K_mMsi_o7nkUlrHJhCGYiX5MGIanB3pBoUoag_VEGeutBGa65nihsg==
Age: 75338
www1.retti.com/favicon.ico
13.248.148.254200 OK 0 B URL HTTP/1.1 www1.retti.com/favicon.ico
IP 13.248.148.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 22:49:55 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Server: nginx
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-0"
Accept-Ranges: bytes
www1.retti.com/track.php?domain=retti.com&toggle=browserjs&uid=MTY2Mjg1MDE5NC4xMjAxOjdkMmNlYzMxNzllNDRiOTYxNDQ5OTU2NDE1NmFhMjJhNTI5NmQyMjhlNGNmMzg4NWUzNDEzOTNkYjg2MTY5OWM6NjMxZDE0OTIxZDUyZQ%3D%3D
13.248.148.254200 OK 20 B URL HTTP/1.1 www1.retti.com/track.php?domain=retti.com&toggle=browserjs&uid=MTY2Mjg1MDE5NC4xMjAxOjdkMmNlYzMxNzllNDRiOTYxNDQ5OTU2NDE1NmFhMjJhNTI5NmQyMjhlNGNmMzg4NWUzNDEzOTNkYjg2MTY5OWM6NjMxZDE0OTIxZDUyZQ%3D%3D
IP 13.248.148.254:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=retti.com&toggle=browserjs&uid=MTY2Mjg1MDE5NC4xMjAxOjdkMmNlYzMxNzllNDRiOTYxNDQ5OTU2NDE1NmFhMjJhNTI5NmQyMjhlNGNmMzg4NWUzNDEzOTNkYjg2MTY5OWM6NjMxZDE0OTIxZDUyZQ%3D%3D HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 22:49:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash da7b1c24eee0db0c23872933557b7521
b8bc1215b4073784c048587e51a40152bd88c8ed
6ba38b5c68971135ed3f1fbe7afa658ce883240142a4244ce7d84fa251a64c3f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001200%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Dedicated%20Gaming%20Servers%2COnline%20Career%20Counseling%20Programs%2COnline%20Career%20Counseling%20Programs%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates%2CB2B%20Travel%20Booking%20System%2CMake%20Money%20From%20Home%2CLowest%20Car%20Insurance%20Rates%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300953%2C17300956%2C17301094%2C17301097&format=r9%7Cs&nocache=9861662850184934&num=0&output=afd_ads&domain_name=www1.retti.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1662850184935&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=472435327&rurl=http%3A%2F%2Fwww1.retti.com%2F%3Ftm%3D1%26subid4%3D1662850193.0365630000%26KW1%3DDedicated%2520Gaming%2520Servers%26KW2%3DOnline%2520Career%2520Counseling%2520Programs%26KW3%3DOnline%2520Career%2520Counseling%2520Programs%26KW4%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW5%3DLowest%2520Car%2520Insurance%2520Rates%26KW6%3DB2B%2520Travel%2520Booking%2520System%26KW7%3DMake%2520Money%2520From%2520Home%26KW8%3DLowest%2520Car%2520Insurance%2520Rates%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fretti.com%2F&adbw=master-1%3A530
142.250.74.164200 OK 2.6 kB URL HTTP/2 www.google.com/afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001200%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Dedicated%20Gaming%20Servers%2COnline%20Career%20Counseling%20Programs%2COnline%20Career%20Counseling%20Programs%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates%2CB2B%20Travel%20Booking%20System%2CMake%20Money%20From%20Home%2CLowest%20Car%20Insurance%20Rates%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300953%2C17300956%2C17301094%2C17301097&format=r9%7Cs&nocache=9861662850184934&num=0&output=afd_ads&domain_name=www1.retti.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1662850184935&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=472435327&rurl=http%3A%2F%2Fwww1.retti.com%2F%3Ftm%3D1%26subid4%3D1662850193.0365630000%26KW1%3DDedicated%2520Gaming%2520Servers%26KW2%3DOnline%2520Career%2520Counseling%2520Programs%26KW3%3DOnline%2520Career%2520Counseling%2520Programs%26KW4%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW5%3DLowest%2520Car%2520Insurance%2520Rates%26KW6%3DB2B%2520Travel%2520Booking%2520System%26KW7%3DMake%2520Money%2520From%2520Home%26KW8%3DLowest%2520Car%2520Insurance%2520Rates%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fretti.com%2F&adbw=master-1%3A530
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8698)
Hash a7b625c72bf32683bd192bbcd39ec81c
e161683900e83fcfb6d9d3bbb4dc56219f517a93
8031064355aaeba6b37e5d7aea6376d07c0e29d4321fa2f3e832eeb1ca2dee14
GET /afs/ads?adtest=off&psid=6016880802&pcsa=false&channel=000001%2C000003%2C001200%2Cbucket103&client=dp-teaminternet12_3ph&r=m&hl=en&terms=Dedicated%20Gaming%20Servers%2COnline%20Career%20Counseling%20Programs%2COnline%20Career%20Counseling%20Programs%2CSocial%20Media%20Automation%20Marketing%20Software%2CLowest%20Car%20Insurance%20Rates%2CB2B%20Travel%20Booking%20System%2CMake%20Money%20From%20Home%2CLowest%20Car%20Insurance%20Rates%2CBest%20Mortgage%20Refinancing%20Rates&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2514429714757505&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300953%2C17300956%2C17301094%2C17301097&format=r9%7Cs&nocache=9861662850184934&num=0&output=afd_ads&domain_name=www1.retti.com&v=3&bsl=8&pac=0&u_his=2&u_tz=0&dt=1662850184935&u_w=1280&u_h=1024&biw=1280&bih=939&psw=1280&psh=797&frm=0&uio=--&cont=tc&jsid=caf&jsv=472435327&rurl=http%3A%2F%2Fwww1.retti.com%2F%3Ftm%3D1%26subid4%3D1662850193.0365630000%26KW1%3DDedicated%2520Gaming%2520Servers%26KW2%3DOnline%2520Career%2520Counseling%2520Programs%26KW3%3DOnline%2520Career%2520Counseling%2520Programs%26KW4%3DSocial%2520Media%2520Automation%2520Marketing%2520Software%26KW5%3DLowest%2520Car%2520Insurance%2520Rates%26KW6%3DB2B%2520Travel%2520Booking%2520System%26KW7%3DMake%2520Money%2520From%2520Home%26KW8%3DLowest%2520Car%2520Insurance%2520Rates%26KW9%3DBest%2520Mortgage%2520Refinancing%2520Rates%26searchbox%3D0%26backfill%3D0&referer=http%3A%2F%2Fretti.com%2F&adbw=master-1%3A530 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.retti.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-disposition: inline
date: Sat, 10 Sep 2022 22:49:55 GMT
expires: Sat, 10 Sep 2022 22:49:55 GMT
cache-control: private, max-age=3600
content-encoding: br
server: gws
content-length: 2567
x-xss-protection: 0
set-cookie: CONSENT=PENDING+463; expires=Mon, 09-Sep-2024 22:49:55 GMT; path=/; domain=.google.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d278a4d2d9653a14270b74094bcab8cf
ba4b9fc06cae469867bd831d8017b147a1f53d30
a482809494678e6648a72cefe816c4eb0822d010b5453c3e5084eb529c4d886d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
partner.googleadservices.com/gampad/cookie.js?domain=www1.retti.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
142.250.74.98200 OK 181 B URL HTTP/2 partner.googleadservices.com/gampad/cookie.js?domain=www1.retti.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie
IP 142.250.74.98:0
File type ASCII text, with no line terminators
Hash 6f4a67b1b146aacd093f475b02377d55
ba93b75785e4c23c1502252d6ec0fe2bf3d29283
ac4895eea3d03192d014676b15f4fea6de1041250e82a9b36e3f52623ef48911
GET /gampad/cookie.js?domain=www1.retti.com&client=dp-teaminternet12_3ph&product=SAS&callback=__sasCookie HTTP/1.1
Host: partner.googleadservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www1.retti.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Sat, 10 Sep 2022 22:49:55 GMT
server: cafe
cache-control: private
content-length: 181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6c2fea93ba89de81c2b01aaca1a87835
0a7f50001f709285bc10f6ef044ef39a60535bff
6cae8a5f9949975a3adedc41088196b8c9dd984e4023e54bbe655800a9478349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d278a4d2d9653a14270b74094bcab8cf
ba4b9fc06cae469867bd831d8017b147a1f53d30
a482809494678e6648a72cefe816c4eb0822d010b5453c3e5084eb529c4d886d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 980f855b82a3d73edc65b71b8f3d113f
9c88299603f12df81ddf8546c75f85246f84aafc
e4af92a1d8ec2c19d16f888343b0f4ba99e9a06c9d57d54a17abb3ca9b50c49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 980f855b82a3d73edc65b71b8f3d113f
9c88299603f12df81ddf8546c75f85246f84aafc
e4af92a1d8ec2c19d16f888343b0f4ba99e9a06c9d57d54a17abb3ca9b50c49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
142.250.74.1200 OK 272 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2
IP 142.250.74.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (390)
Hash bbbac37f0b6e29a6099e4aa7cb19d6ca
0acafe95e2141f0af6109203efeb2d98e6b926c6
a3d7b37475de5a3a350d4dc4790f14a6a5f4045726d2eae4cbe9bd59aeba2fe2
GET /ad_icons/standard/publisher_icon_image/search.svg?c=%231967d2 HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 272
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 05:38:08 GMT
expires: Sun, 11 Sep 2022 04:38:08 GMT
cache-control: public, max-age=82800
age: 61907
last-modified: Thu, 19 Dec 2019 14:15:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
142.250.74.1200 OK 174 B URL HTTP/2 afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
IP 142.250.74.1:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 4de8b85c8915995b571bde50e231be7c
29c226ca7b9cbe1d44e5480ce95bbb42727b2d99
2ec9168c4507546748c5f400f5030031f0eb06f2aed8deaa11362c395bff4f7a
GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1
Host: afs.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cross-origin-opener-policy: same-origin; report-to="afs-native-asset-managers"
report-to: {"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-length: 174
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 18:02:36 GMT
expires: Sun, 11 Sep 2022 17:02:36 GMT
cache-control: public, max-age=82800
age: 17239
last-modified: Thu, 22 Oct 2020 21:45:00 GMT
content-type: image/svg+xml
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 980f855b82a3d73edc65b71b8f3d113f
9c88299603f12df81ddf8546c75f85246f84aafc
e4af92a1d8ec2c19d16f888343b0f4ba99e9a06c9d57d54a17abb3ca9b50c49e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
13.248.148.254200 OK 5.7 kB URL HTTP/1.1 www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
IP 13.248.148.254:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3022)
Hash 5e5949db057d64bebd7905dab1929a58
411845c468e983c3c75bda2576514f741c338e2c
92c7a88556e82f0332a607c89c9a0583c11c2e4d4ba9ca3ed56126bb0241e931
GET /?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0 HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: __gsas=ID=2ab567bbc0ac7d74:T=1662850195:S=ALNI_MbLbWhS8gNwzqAgFdyG-aTo9_UTLA
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 22:49:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket102
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_IMrOwRbIajylx5vkyeP78wTvbBOOezWg1czW9XON74LJ22+bdMDOzh4emPUh3K0eLiqHerR1dNwcS3OB2cSv7w==
X-Template: tpl_Urspring_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
143.204.42.194304 Not Modified 0 B URL HTTP/1.1 d1lxhc4jvstzrp.cloudfront.net/scripts/js3caf.js
IP 143.204.42.194:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/js3caf.js HTTP/1.1
Host: d1lxhc4jvstzrp.cloudfront.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
If-Modified-Since: Thu, 14 Jan 2021 10:54:01 GMT
If-None-Match: "600022c9-1b58"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Connection: keep-alive
Server: nginx
Date: Sat, 10 Sep 2022 00:46:20 GMT
Last-Modified: Thu, 14 Jan 2021 10:54:01 GMT
ETag: "600022c9-1b58"
X-Cache: Hit from cloudfront
Via: 1.1 c9f2a4d2bcd548d1a3cbe1617a22f216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: PQrz6Cpklv23cYGhOS0K5v9InnWs7BncB4tk1ylrHs7XrzQJux5P0w==
Age: 79415
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 54 kB URL HTTP/1.1 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1885)
Hash ca23bcfab325d175a10cf0e1e92b88e2
d127dc69cedb27a4a902564ac215b582a682b50d
3627cd02e23f51ea2c2941c84c7f3c2fa151513fa029d196855eb3b758e73aab
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
If-None-Match: "10733590713701250077"
Cache-Control: max-age=0
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="ads-afs-ui"
Report-To: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
Date: Sat, 10 Sep 2022 22:49:55 GMT
Expires: Sat, 10 Sep 2022 22:49:55 GMT
Cache-Control: private, max-age=3600
ETag: "1199887332638673377"
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: sffe
X-XSS-Protection: 0
c.parkingcrew.net/scripts/sale_form.js
185.53.178.30304 Not Modified 0 B URL HTTP/1.1 c.parkingcrew.net/scripts/sale_form.js
IP 185.53.178.30:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /scripts/sale_form.js HTTP/1.1
Host: c.parkingcrew.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/
If-Modified-Since: Tue, 12 May 2020 14:25:52 GMT
If-None-Match: "5ebab1f0-2f9"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Server: nginx
Date: Sat, 10 Sep 2022 22:49:55 GMT
Connection: keep-alive
Last-Modified: Tue, 12 May 2020 14:25:52 GMT
ETag: "5ebab1f0-2f9"
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4519
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 22:49:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4519
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 22:49:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4519
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 22:49:55 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 477fd76de0b69553430d504fe527cc06
88fe80a099e610212f27427ae6fd5b4e03b3df16
f27bc8051a23fbe811318b8d49f5d27e3e992962a0e72f5d30a4790fe4f42748
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F27BC8051A23FBE811318B8D49F5D27E3E992962A0E72F5D30A4790FE4F42748"
Last-Modified: Sat, 10 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4519
Expires: Sun, 11 Sep 2022 00:05:14 GMT
Date: Sat, 10 Sep 2022 22:49:55 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd9b560c-540a-4237-90ed-f82d25b384d0.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd9b560c-540a-4237-90ed-f82d25b384d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24027deb0801ab0db160cfd9cb1b84d3
22abe4db30c9e388fdba3c1c2518cc415e117c0b
8194127c8f176080483095bc3549c6bf9116d5ad65c4f8739a780a18d2bc6424
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbd9b560c-540a-4237-90ed-f82d25b384d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6649
x-amzn-requestid: 52a7ac85-aa68-4f79-a178-64814b846d72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrUcEE3oAMF8sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f282-1c09e57a751d711a5e534eaf;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:10:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: A87Z7kUZqNRVEi22TyUUFRboB3AOUkKMf7EE8zz0WQpRM8gf_80tGg==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:42:52 GMT
age: 4023
etag: "22abe4db30c9e388fdba3c1c2518cc415e117c0b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb1a86dcf94db0a29a6ebe21866766d4
b3491a6f12c97c8e1848a206a185fae29213c1e5
d05619e519fed6c0b6c0616cf540908006a68f127b25e38fb9d041dfe2546df4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc91b46a1-040b-46aa-a7a1-af67f0058b83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7519
x-amzn-requestid: bef8445b-1f8b-4c00-a9ad-b32fdefe3d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X3zXoHOhIAMFfNw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312ff63-1a6c3ef64362a4d052a761ae;Sampled=0
x-amzn-remapped-date: Sat, 03 Sep 2022 07:16:51 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Pzv2DSpqnXB0UP3C5EF-YUzRmveFwmal_8YyRfEuHuhZ1FcUWgHocg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 14:09:01 GMT
age: 31254
etag: "b3491a6f12c97c8e1848a206a185fae29213c1e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4ec2646c56c4c522f0744768ad20342b
ad1d9eee90556a359547dc7cbb6758aee2c804cd
0bf9eaa4420bf6290535fd23895c6c723c7de6b849995ba83774532862cfe8b4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F481e7fcb-66df-4e59-8130-9579a79eca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7635
x-amzn-requestid: ee29c85d-45cf-4a22-abca-d72b275dc961
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YMCYWFpkoAMFS7A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631b1768-0cc0c1627478461a7be696b2;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 10:37:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: X82JttDKpdvG8Sqya2EjvIIgfwllq6sujxNqZkmBLELGLKNxyXOTnQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 00:41:02 GMT
age: 79733
etag: "ad1d9eee90556a359547dc7cbb6758aee2c804cd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 12666d69f9af3ceb23fdfc2100bd3226
c4d17e3ea44ef6dee9819c1586424e5f056f149c
054236a4d1f88a486f48b8f3a8ac01d21ec2179d5b1f3fc9791d0982d07a88a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe41cdec0-ceff-4e9c-88a7-3a5565f1a459.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5752
x-amzn-requestid: 622ffff0-1bd5-4eb4-a9ff-eb54c5ae44a7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBrqiFiToAMF0tA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f310-49efdcc572b4fad3543f857d;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: VKsU4S6tKOso216JLUWn7b1bKDyfruIVukt98JooNCjwaXDT9bkPYQ==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5954c6394458ffb44c970b3819d7ff2a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 19:50:13 GMT
age: 10782
etag: "c4d17e3ea44ef6dee9819c1586424e5f056f149c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd9e47f-6214-4e20-b9ff-3e738ad551e3.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd9e47f-6214-4e20-b9ff-3e738ad551e3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 47ae5cf125ce99bad80c283de8a85cec
0c0c1f84d8693d0c150c97faed21204622d48132
95f5b8cddbfcdb2b6105ed5a0d5ff0dd86390839e5df7416d4f879d69fcf20c1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0dd9e47f-6214-4e20-b9ff-3e738ad551e3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6269
x-amzn-requestid: 8f3cabdd-78c3-47d2-841b-02b674a79123
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FSCoAMFywQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-4b44c935456026ba700a5759;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3lrbjYxWvd1Cm5rO-XAy1tCULAXdaeVZJAPCImd9GqQC7uZ3r3TxeA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:46:28 GMT
age: 3807
etag: "0c0c1f84d8693d0c150c97faed21204622d48132"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e407da4d97d497925b1ab523fd416787
166741631fb93d109b18dde6d316b3fa3276aa8f
707460c02438da6114e35e0b6569d42c0f3fb747f8cb51002f4d52bedbcffa61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefa6ec5a-4e0b-4c94-b9da-4836fbaa107b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8485
x-amzn-requestid: a56c9282-2786-4ae7-9fc2-0468bcc820a8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YQ1k_FM1oAMFZ2Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631d02ec-753cc4f121c9b77d22bb82b5;Sampled=0
x-amzn-remapped-date: Sat, 10 Sep 2022 21:34:36 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: Mfmj40aUc8l5RPk56M-pbqTwhde_HzYcmN5MDrfv-WFPhbpoShWYNw==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 ebe4011a81a36e2bf678f69ce1711330.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 21:57:28 GMT
age: 3147
etag: "166741631fb93d109b18dde6d316b3fa3276aa8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www1.retti.com/track.php?domain=retti.com&toggle=browserjs&uid=MTY2Mjg1MDE5NS42MzE5OmFlNjhiZjNiM2M0MjI1NWZhM2Y5N2QxMTRmYjU0MTNiNTVhY2ZiNWNkM2Q5NjcwNGFjOGE2ZTM5NWZiMTAyNGI6NjMxZDE0OTM5YTQzMw%3D%3D
13.248.148.254200 OK 20 B URL HTTP/1.1 www1.retti.com/track.php?domain=retti.com&toggle=browserjs&uid=MTY2Mjg1MDE5NS42MzE5OmFlNjhiZjNiM2M0MjI1NWZhM2Y5N2QxMTRmYjU0MTNiNTVhY2ZiNWNkM2Q5NjcwNGFjOGE2ZTM5NWZiMTAyNGI6NjMxZDE0OTM5YTQzMw%3D%3D
IP 13.248.148.254:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=retti.com&toggle=browserjs&uid=MTY2Mjg1MDE5NS42MzE5OmFlNjhiZjNiM2M0MjI1NWZhM2Y5N2QxMTRmYjU0MTNiNTVhY2ZiNWNkM2Q5NjcwNGFjOGE2ZTM5NWZiMTAyNGI6NjMxZDE0OTM5YTQzMw%3D%3D HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=2ab567bbc0ac7d74:T=1662850195:S=ALNI_MbLbWhS8gNwzqAgFdyG-aTo9_UTLA
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 22:49:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: browserjs
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www1.retti.com/ls.php
13.248.148.254201 Created 0 B IP 13.248.148.254:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
POST /ls.php HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 2974
Origin: http://www1.retti.com
Connection: keep-alive
Referer: http://www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=2ab567bbc0ac7d74:T=1662850195:S=ALNI_MbLbWhS8gNwzqAgFdyG-aTo9_UTLA
Cache-Control: max-age=0
HTTP/1.1 201 Created
Date: Sat, 10 Sep 2022 22:49:56 GMT
Content-Type: text/javascript;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
X-Log-Success: 631d14948b4e3c510e644c81
Charset: utf-8
Access-Control-Allow-Origin: http://www1.retti.com
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Max-Age: 86400
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_cFWmzV/JFzMZLLmhJmY4Gjd2LATF3e2Iu1t/jHe3UmuBwmJwJmeEEyAZzFLxgnYD/L8VWpAVO2e6n7BpPl3foQ==
www1.retti.com/track.php?domain=retti.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2Mjg1MDE5NS42MzE5OmFlNjhiZjNiM2M0MjI1NWZhM2Y5N2QxMTRmYjU0MTNiNTVhY2ZiNWNkM2Q5NjcwNGFjOGE2ZTM5NWZiMTAyNGI6NjMxZDE0OTM5YTQzMw%3D%3D
13.248.148.254200 OK 20 B URL HTTP/1.1 www1.retti.com/track.php?domain=retti.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2Mjg1MDE5NS42MzE5OmFlNjhiZjNiM2M0MjI1NWZhM2Y5N2QxMTRmYjU0MTNiNTVhY2ZiNWNkM2Q5NjcwNGFjOGE2ZTM5NWZiMTAyNGI6NjMxZDE0OTM5YTQzMw%3D%3D
IP 13.248.148.254:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /track.php?domain=retti.com&caf=1&toggle=answercheck&answer=yes&uid=MTY2Mjg1MDE5NS42MzE5OmFlNjhiZjNiM2M0MjI1NWZhM2Y5N2QxMTRmYjU0MTNiNTVhY2ZiNWNkM2Q5NjcwNGFjOGE2ZTM5NWZiMTAyNGI6NjMxZDE0OTM5YTQzMw%3D%3D HTTP/1.1
Host: www1.retti.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www1.retti.com/?tm=1&subid4=1662850193.0365630000&KW1=Dedicated%20Gaming%20Servers&KW2=Online%20Career%20Counseling%20Programs&KW3=Online%20Career%20Counseling%20Programs&KW4=Social%20Media%20Automation%20Marketing%20Software&KW5=Lowest%20Car%20Insurance%20Rates&KW6=B2B%20Travel%20Booking%20System&KW7=Make%20Money%20From%20Home&KW8=Lowest%20Car%20Insurance%20Rates&KW9=Best%20Mortgage%20Refinancing%20Rates&searchbox=0&backfill=0
Cookie: __gsas=ID=2ab567bbc0ac7d74:T=1662850195:S=ALNI_MbLbWhS8gNwzqAgFdyG-aTo9_UTLA
HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 22:49:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Custom-Track: answercheck
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.google.com/adsense/domains/caf.js
142.250.74.164200 OK 0 B URL HTTP/2 www.google.com/adsense/domains/caf.js
IP 142.250.74.164:0
GET /adsense/domains/caf.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-afs-ui"
report-to: {"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
date: Sat, 10 Sep 2022 22:49:55 GMT
expires: Sat, 10 Sep 2022 22:49:55 GMT
cache-control: private, max-age=3600
etag: "4830856951658958975"
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2