r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5160
Expires: Thu, 08 Dec 2022 20:02:56 GMT
Date: Thu, 08 Dec 2022 18:36:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3256
Expires: Thu, 08 Dec 2022 19:31:12 GMT
Date: Thu, 08 Dec 2022 18:36:56 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 08 Dec 2022 18:08:13 GMT
content-type: application/json
age: 1723
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 00e7703bd74975689fc9050356aaca6b
9788fe6a36d6f278e8da329ebc5dd87bcd212317
593bc437ff8a8233516c62613d50220fcb25b9f967ed5fb384c253f0db135103
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "593BC437FF8A8233516C62613D50220FCB25B9F967ED5FB384C253F0DB135103"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9016
Expires: Thu, 08 Dec 2022 21:07:12 GMT
Date: Thu, 08 Dec 2022 18:36:56 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: a2lRC7NxnMOF8f57e1C6pz7YQ3acq5Uw8ZJc8P/5tJ+uVMo9RQ/N9bhG49tSciQmXfJmDZKcMAUndIiFFmzUCg==
x-amz-request-id: CVMCZ71CPC2GWEFV
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 08 Dec 2022 17:49:53 GMT
age: 2823
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 08 Dec 2022 18:36:56 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ritasshoes.tk/sba/login.globalsources.com/error.php?email=
5.8.71.100200 OK 12 kB URL HTTP/1.1 ritasshoes.tk/sba/login.globalsources.com/error.php?email=
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
Hash 2a23682e6c344b2d2b01dc13d0e8c2ff
7373290b4cce98841e2e4c72baf57971cc55e68e
f6de24cb3a3a13acc164ec1d88c628c6bbe7280c7082c50f97bce4e4df3578e9
Analyzer Verdict Alert openphish Global Sources (HK)
GET /sba/login.globalsources.com/error.php?email= HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Thu, 08 Dec 2022 18:36:56 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 08 Dec 2022 18:07:55 GMT
age: 1742
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3271
Cache-Control: max-age=141866
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:57 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:01:23 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: srU4TE9OoCVVvsHq6yOSbg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wYmuHZROeZsfXLGpwcU88I4MMRo=
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=0sHBf+y+/zZVF58Pj40WuKShZm3ha+UV4RwAtM2jc2XgY6TT9j2fIk8ekWxfvYCZnWpilTIpWhfkn6LbuZRSP31I6dYLWWTEb6ihHGcDub8M0tZrKCbryrk2Kn9m5rIIK9WH1QhxqkBXEqPMdWXgOGfptN7JAtUL4qwDzlzle+K7; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=0sHBf+y+/zZVF58Pj40WuKShZm3ha+UV4RwAtM2jc2XgY6TT9j2fIk8ekWxfvYCZnWpilTIpWhfkn6LbuZRSP31I6dYLWWTEb6ihHGcDub8M0tZrKCbryrk2Kn9m5rIIK9WH1QhxqkBXEqPMdWXgOGfptN7JAtUL4qwDzlzle+K7; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=dbY0ujpJ3ECTcfyk+scc9DeU9GiczDepMiAIhaqLchYHzqK/02ytW9yOtXJ1voIJnQlcRhriuPTBFXAp81CohOGebSctdObtc0e/8P2I8VzK0mkix3bD2SSKvT9O; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=dbY0ujpJ3ECTcfyk+scc9DeU9GiczDepMiAIhaqLchYHzqK/02ytW9yOtXJ1voIJnQlcRhriuPTBFXAp81CohOGebSctdObtc0e/8P2I8VzK0mkix3bD2SSKvT9O; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=nTChaCws9z/vADnwOJREPwAAAADCdfPZK6MZfGCule4gVeMb; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=6kApSFWAEEnPOQhfiBrYA8kukmMAAAAA9AZjPZJCBns6lCApxSO41Q==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71906000 pNNN RT(1670524617325 47) q(0 0 0 0) r(3 3) U2
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5310
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 18:36:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5310
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 18:36:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5310
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 18:36:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5310
Expires: Thu, 08 Dec 2022 20:05:28 GMT
Date: Thu, 08 Dec 2022 18:36:58 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: etWGqF-8tXSwaeZVTPK4g9CV5ZbdYv5ZDjF5Yx2PSNnTsreewpbhdA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 08:48:08 GMT
age: 35330
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c94003641bb5a7595e7004f80f95d22
3446450df60d732f9021d5bfd5f5f7c6c870d9ec
4d782dbf94b2163e9bc18028cd0c1a391fdcfcb019f23c4c26ea0b44432039ff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4119e239-0c3b-4175-bfe0-f5d42729d743.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7801
x-amzn-requestid: cb8d5aab-409f-4b39-b498-b1ba84f34e06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFRNHX4oAMFvoQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c07-7c6e3bfa3f81082b48f43fa9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8QHhEAFHTHd-5UqS1S5qwJj_h4WNfix2CgS4MO4zR_psrzgMP3SZ5g==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:16:35 GMT
age: 69623
etag: "3446450df60d732f9021d5bfd5f5f7c6c870d9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 24d89b69ba37bf23c5d576aff4063caf
3d46a21b4da571d7e4962e335c18a28ca5f81ecf
09b52cdab278805c6e7282f469a02768ee62fc9ef09a6623a337e3d3aaa446fd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbbba0eea-a6f1-4374-a9c7-dab84270023b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7268
x-amzn-requestid: ae5c231c-b1be-498a-a242-e8d641f3fe8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFDgEzUoAMFgyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911baf-10f06dc37cac69631c823fd9;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:03:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: QSv756DvAzOQnKae5wVg75wrQS6oDGPkfIZka86FNQ2vizBnZ7sIDQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:12:45 GMT
age: 69853
etag: "3d46a21b4da571d7e4962e335c18a28ca5f81ecf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b87d6543345f73653ed4a49b37d7c959
c4f26846b8b72293368ff16915d49297cf12bbb9
aee6aa42e4b5b83b81f74801ff8f0039fc6d38036f42ee81875813c856cf5eef
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9519925e-95b7-4e66-b317-84c1708c7f84.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8659
x-amzn-requestid: 6f420d07-65d5-4bb2-9f1f-e56025de497b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czFSYFArIAMF46w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911c0f-0a295e5c48228d5806b4f107;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 23:04:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TSh1BNzzIPhWCfYEiqvQJckSPAyhHobe-HK6msEVeEJ1ruX-_rMSSA==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:33:19 GMT
age: 68619
etag: "c4f26846b8b72293368ff16915d49297cf12bbb9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c408efaa98ac2ce63bb1618368d10c15
a51bbb49ebd862d04eaee465d0a35b22dcd21391
077eb8c8739f527828c71c25a1c3aaae46afead3aac093ec11a6d5488ef2f0ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F74e98e03-fa9f-4e56-a8ba-5411568d88c8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9596
x-amzn-requestid: e5e6ceb2-5bad-4146-a9de-92a859716029
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy3_qH63oAMFfLg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639106ca-678bed1b7729b8aa2645688d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 21:34:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FsbiyZG0110CEANduIIWuLcxFOxfrV0YPvOSy-ScXFIX1qM6qaOdCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 22:21:22 GMT
age: 72936
etag: "a51bbb49ebd862d04eaee465d0a35b22dcd21391"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 57be99ac898a37d73f2ba4a24f56248f
04e32eb45581201a6a1863200e4d139df48285e6
a20081b64fc019372843360b15aa3461ec9dd3deb50ab398bca0a5e74d5468c2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa9301ee5-df75-4967-a2c7-597f869e557b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12534
x-amzn-requestid: 2a01f2ba-cf3a-4f59-8339-214c66bcc0d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: czDbyGTcoAMF_TQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911918-5d3eba8d01e4175a71acc6cd;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:52:08 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NoZlZ8WFfOuIbkWaC2pJPJQrWtjzz2gCHJWr-u-nMNYmu8MkTf6_PA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 23:03:58 GMT
age: 70380
etag: "04e32eb45581201a6a1863200e4d139df48285e6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
107.154.199.39200 OK 3.8 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
IP 107.154.199.39:0
File type PNG image data, 210 x 32, 8-bit colormap, non-interlaced\012- data
Hash a8656a61ac922e6b5e297627ae7b078a
fd0a07d76165669d22d9b8c1e930da9fb51aef22
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
GET /sso/gsol/pex/en/balat/images/GSLOGO.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: image/png
content-length: 3788
set-cookie: AWSALBTG=uP57/bwTzRZHKnObfHd4GnYgrdufuPlk8X9mD+K9BR2GMaER6MTaw9ND/BENyYQrHhTTT3zWodO8iy1LyPcuBxq3DJB06FxY0H/nD/OIattU/QfytUuPb5/abgvUDCEYt+iJn/u1gi9g7oJr/PNvWf6w0xta/xAZ8tiw71WUvvEU; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=uP57/bwTzRZHKnObfHd4GnYgrdufuPlk8X9mD+K9BR2GMaER6MTaw9ND/BENyYQrHhTTT3zWodO8iy1LyPcuBxq3DJB06FxY0H/nD/OIattU/QfytUuPb5/abgvUDCEYt+iJn/u1gi9g7oJr/PNvWf6w0xta/xAZ8tiw71WUvvEU; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=ALNU9H9hXGgSBGql6OPrNWC1eJgdZ/T3TuCnhuB4fTAeoSuuEY2nmVNcRm9gUaFN9yHCoN03nEgohoIizxvOOmDf7eVCOfmhV1ykPczKijHhZWIbv8FUl7P5sttC; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=ALNU9H9hXGgSBGql6OPrNWC1eJgdZ/T3TuCnhuB4fTAeoSuuEY2nmVNcRm9gUaFN9yHCoN03nEgohoIizxvOOmDf7eVCOfmhV1ykPczKijHhZWIbv8FUl7P5sttC; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=7bEAE/PIv0MdAuc6OJREPwAAAAAJpVO/Q2lo80NBdhqfgjuq; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=FJFmIaJnYAPPOQhfiBrYA8oukmMAAAAAK+mEKpBW9zfgI+itGMR0sQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 36) q(0 0 0 4) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
107.154.199.39200 OK 4.7 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash f68d2d065e34993ce6e4b832737c7147
8e799c63bd8292de2f320b8afa23524107773266
b0501c9294231206d2aeb28e8bbd622910de7fc139e02756dc339cb9a68d017f
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: image/jpeg
content-length: 4667
set-cookie: AWSALBTG=B/9nNU0521h98YmFyXUu054pZFQNXndl5US6Th5fIQYgq1mwzGojEG8i7esSjRFaCEf+Ej6Mxgms8ghGKRbWO+OAG8p7+y54k6kZJOioRWLsj+09lHrknxGsfeh+Ox0/faL1ID6lZHeh0wjOtqNkqV/ufzlw2COU4sHMflOn8euG; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=B/9nNU0521h98YmFyXUu054pZFQNXndl5US6Th5fIQYgq1mwzGojEG8i7esSjRFaCEf+Ej6Mxgms8ghGKRbWO+OAG8p7+y54k6kZJOioRWLsj+09lHrknxGsfeh+Ox0/faL1ID6lZHeh0wjOtqNkqV/ufzlw2COU4sHMflOn8euG; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=NTEDPkHsX6LOHpRq1Od+uNcZNyM878Jab9ytrgdo+nNCcWcTrzkErEAP9303DTcKGk7gjzOxZ9gRKF/dR/+E0g8zMHVXv7UtvwWXdykn1gvcMM6NXP+R+Y8Kjjbk; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=NTEDPkHsX6LOHpRq1Od+uNcZNyM878Jab9ytrgdo+nNCcWcTrzkErEAP9303DTcKGk7gjzOxZ9gRKF/dR/+E0g8zMHVXv7UtvwWXdykn1gvcMM6NXP+R+Y8Kjjbk; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=bKBjN0mAFymU332jOJREPwAAAABugxM4zDsIiRZRVwowP8p+; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=LggdODHp4grPOQhfiBrYA8oukmMAAAAAByZ7Ic5mxHpWaY45ZLH1RQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912471 2NNN RT(1670524617325 43) q(0 0 0 0) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
107.154.199.39200 OK 4.3 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash 3416d1e30f078febf83bad93f15f7ba6
2997b26ac512fd945f5c1ef64e3bcf178ee47f6b
900774ab9d108ddeee13c38f67680d8b855588ab4b3c37949fa79f4b15c4e3a9
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: image/jpeg
content-length: 4284
set-cookie: AWSALBTG=KMkE1EGWJi6cowTH0/ktWcwQNLTVEhTNkxuZqV6b7y9cMrt7Iv9GH2q00OxHGDm4pUDwsknHtGBFPta4mKYccQwxfcVSnPu6q6Tejqa0RP1xs55WPWLD14yxAjZ9/eex0xZEeNQ+Kx/BYA3JaBeboSdjQYWOvE7opjdb0ezRqHED; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=KMkE1EGWJi6cowTH0/ktWcwQNLTVEhTNkxuZqV6b7y9cMrt7Iv9GH2q00OxHGDm4pUDwsknHtGBFPta4mKYccQwxfcVSnPu6q6Tejqa0RP1xs55WPWLD14yxAjZ9/eex0xZEeNQ+Kx/BYA3JaBeboSdjQYWOvE7opjdb0ezRqHED; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=uYPO1BrLvNU7+/SgmN9ScCWq4s/EXHIiAJD4BTglYhL++zFmb0ek/IQeSGGBhxtK1saSzBnGHpjJjVf5B0TeGe4UghglP664RXdZp2LtqBkvMmXwyZWmhph6Qpl2; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=uYPO1BrLvNU7+/SgmN9ScCWq4s/EXHIiAJD4BTglYhL++zFmb0ek/IQeSGGBhxtK1saSzBnGHpjJjVf5B0TeGe4UghglP664RXdZp2LtqBkvMmXwyZWmhph6Qpl2; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=DJvZWki+vg9/Q1iJOJREPwAAAABSVajGSu27ve8dvrKa6QaO; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=37euLaWLsmHPOQhfiBrYA8oukmMAAAAAKsAtC3yn6MOppJqP9MjHlA==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 40) q(0 0 0 2) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
107.154.199.39200 OK 65 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
IP 107.154.199.39:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 456x555, components 3\012- data
Hash f4cfa4fb0267a0184bc6caa933d39633
7871c922ca703ddf022e5cf32d70de76ea42be16
a333d615df16eae983fc674e1e06c445d08bc440cb16eff950ec7570d98c3206
GET /sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: image/jpeg
content-length: 64609
set-cookie: AWSALBTG=VAe5hDgL9Dz4a1Vz9jCtsvYgpxdSEyvOPaLU4r6zjnuKLygnOJCzWhMjus7vKHp5nJaJU/gVCDNuScHzA6pOuyJvL2FDXFVGPRlCLwTozjLWPfhQDDpmZGcMAjWmHzKOukJIjnhC+R6QCu/DDYo8eSsMHppiQbdvyBwR7eUYY78L; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=VAe5hDgL9Dz4a1Vz9jCtsvYgpxdSEyvOPaLU4r6zjnuKLygnOJCzWhMjus7vKHp5nJaJU/gVCDNuScHzA6pOuyJvL2FDXFVGPRlCLwTozjLWPfhQDDpmZGcMAjWmHzKOukJIjnhC+R6QCu/DDYo8eSsMHppiQbdvyBwR7eUYY78L; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=9ob/mW0aKlMJr5sbIbx6rSvv+h744iD6V2luquGxrWqdlXnELEeERYiag4dhYrIFIzOuMSlufw1mD7bKFy/lgBJ+jK6NBRQ5TjpnRhGLQASVN/TS/de3bJiZjMQQ; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=9ob/mW0aKlMJr5sbIbx6rSvv+h744iD6V2luquGxrWqdlXnELEeERYiag4dhYrIFIzOuMSlufw1mD7bKFy/lgBJ+jK6NBRQ5TjpnRhGLQASVN/TS/de3bJiZjMQQ; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=9XT4I9KMWSQq1gIHOJREPwAAAACDh5Z/5FvZJPj6Rc3MWbcP; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=hff0LsifbhfPOQhfiBrYA8oukmMAAAAAhJZkQxoTPo4vHX5iXWSyYg==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:47:51 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912471 2NNN RT(1670524617325 45) q(0 0 0 0) r(12 12) U2
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 08dc1097c83d6f931819890010215132
651f4c8dec266bc1149c5009aeaff8b850c95cfa
45e607d3d26d0460dc67aded9e4bab3da0e230ad8656bc7cde02db523965d5f0
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 08 Dec 2022 18:36:59 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
analytics.analytics-egain.com/onetag/EG48975170
54.229.238.74400 94 B URL HTTP/1.1 analytics.analytics-egain.com/onetag/EG48975170
IP 54.229.238.74:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7c2244849ceda3c6e2bb50114f6058fb
d256ae299f5db884f47827d10825f70724506fa3
d1e261174189998690fd10b216468c539fddb4c0beee035d76e29fac38a378a7
GET /onetag/EG48975170 HTTP/1.1
Host: analytics.analytics-egain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 400
Date: Thu, 08 Dec 2022 18:36:59 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server:
Cache-Control: no-cache
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.168200 OK 97 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (53281)
Hash 7f2bad86b911d7e2ab4ce9c14461b285
d204f24cd5031b1f50d23159e1e0b5135926b6ee
e9090637a1bca36442e3484a9fe38b46c7ec3628b57718962a0d2d3610201118
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 08 Dec 2022 18:36:59 GMT
expires: Thu, 08 Dec 2022 18:36:59 GMT
cache-control: private, max-age=900
last-modified: Thu, 08 Dec 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 96816
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=qTtrp48pNpjtQkueJcIeAl0+yKIoL1Nr20uEblW5K2DfvLCKMeKcYZlaiEojWFD/lqEzoqJavt71/G13nn2tdkpQcXDoiC1Kx9Rk0yO6eLHyapUQMgoY8KpoxJbjqjPPWQ+Hb5+9ic+Vr+tW0Yvj1ZpDqJGuSe507vDi/YXsT6Tb; AWSALBCORS=2OV7yByar76FlgCCrIbzNBhCe9Yr4znr3DQGMY50ZziX25f+G2ODcQCoahD3eYaB6hmmOJfCIaR9YgqegHuPgNVnG1p5hTzWKndwDTM8IFMT2A0eIk3G1T7XpF+Q
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 28 Apr 2022 06:31:57 GMT
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:59 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=ypSHo35yNjdgmEeW4MMFGWyd9nAT0bAoovJvlYMRcxeoLBPzPQLKD74kvjL0wsAXKYbKoHef+EqEjfRNWLSpaVxZSMTBiG11Fwcvt2qV/kUSnAurbM4egrf4ICd07NO64mAYepSPoH0gUdR0qdXmvRsc9otdab3DePWz5yDYlzkG; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBTGCORS=ypSHo35yNjdgmEeW4MMFGWyd9nAT0bAoovJvlYMRcxeoLBPzPQLKD74kvjL0wsAXKYbKoHef+EqEjfRNWLSpaVxZSMTBiG11Fwcvt2qV/kUSnAurbM4egrf4ICd07NO64mAYepSPoH0gUdR0qdXmvRsc9otdab3DePWz5yDYlzkG; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
AWSALB=0PsIWfPr598QcxyanxWkDpP9CSVmDZmN/2sNWPv8Z9w5VSZCUq7uT3J4TcHuI1I8DtayWUaeVDdJOQ3dfb5mNpPTu2Pd2mXnoxcxduDxfLKpwr5eGxlqFQk+v3+O; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBCORS=0PsIWfPr598QcxyanxWkDpP9CSVmDZmN/2sNWPv8Z9w5VSZCUq7uT3J4TcHuI1I8DtayWUaeVDdJOQ3dfb5mNpPTu2Pd2mXnoxcxduDxfLKpwr5eGxlqFQk+v3+O; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=nW4XYJaE+xbI0yKyOJREPwAAAABnZDRg4PLsQ/XSGRWH04hv; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=F2VsRruQGFjPOQhfiBrYA8sukmMAAAAA1cSu6cUYd6I7ByxvO+Zl4A==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:07 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 1530) q(0 0 0 0) r(2 2) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG
107.154.199.39200 OK 1.6 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG
IP 107.154.199.39:0
File type PNG image data, 146 x 63, 8-bit colormap, non-interlaced\012- data
Hash db7ada75691e9de834f24b8e1ca09a9d
e7dacc636b096ab8e4ed8380475b97b39b356ebb
d0f108ac5521a079f476c836ca9612310bd8da9e75ba91ff412653453939ae51
GET /sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
Cookie: AWSALBTGCORS=qTtrp48pNpjtQkueJcIeAl0+yKIoL1Nr20uEblW5K2DfvLCKMeKcYZlaiEojWFD/lqEzoqJavt71/G13nn2tdkpQcXDoiC1Kx9Rk0yO6eLHyapUQMgoY8KpoxJbjqjPPWQ+Hb5+9ic+Vr+tW0Yvj1ZpDqJGuSe507vDi/YXsT6Tb; AWSALBCORS=2OV7yByar76FlgCCrIbzNBhCe9Yr4znr3DQGMY50ZziX25f+G2ODcQCoahD3eYaB6hmmOJfCIaR9YgqegHuPgNVnG1p5hTzWKndwDTM8IFMT2A0eIk3G1T7XpF+Q
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:59 GMT
content-type: image/png
content-length: 1634
set-cookie: AWSALBTG=tYZFIID90+wRJSuRTDk5fTfOjLncSmUuoer7em6z11lpba0/okW1AdMpUYJs1VaKgTKLvY7Ramgbp1ENLZfhrMJFyibecy9EM8F9STSZn4rUUM0jCqedcEm7QA/LzVPAnT/S4siGUOJxjck1cb54Qx2JLDaRVsfUSR+ckoPww6y0; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBTGCORS=tYZFIID90+wRJSuRTDk5fTfOjLncSmUuoer7em6z11lpba0/okW1AdMpUYJs1VaKgTKLvY7Ramgbp1ENLZfhrMJFyibecy9EM8F9STSZn4rUUM0jCqedcEm7QA/LzVPAnT/S4siGUOJxjck1cb54Qx2JLDaRVsfUSR+ckoPww6y0; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
AWSALB=Q+DiQ/P/HER2PIZUEVprLe8t5J1ylDGiErk5YeqAy173XvhXa8pwWMncpn3awoKaIMDGXQnhjkfN/ZHQ73gzawzEvUhRE8rFHGeYTYMymO0fdrzmaa++B+Ip5UIz; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBCORS=Q+DiQ/P/HER2PIZUEVprLe8t5J1ylDGiErk5YeqAy173XvhXa8pwWMncpn3awoKaIMDGXQnhjkfN/ZHQ73gzawzEvUhRE8rFHGeYTYMymO0fdrzmaa++B+Ip5UIz; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=yXW2UIQzcw1zJVAkOJREPwAAAADG0IdaZOTL9AqG4lAwj4h3; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=uRpfOSjN7irPOQhfiBrYA8sukmMAAAAABzAIHN6rw6uxQgXZvx3n+g==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 1546) q(0 0 0 0) r(3 3) U2
X-Firefox-Spdy: h2
login.globalsources.com/rdvoqldvqhjbezvv825122.js
107.154.199.39404 Not Found 3.2 kB URL HTTP/2 login.globalsources.com/rdvoqldvqhjbezvv825122.js
IP 107.154.199.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d7f109f3a79ebaa0db47355572f7004c
a46d83ae626c8855355f2ee076ee589f651afca5
d9cecfd6ae8cd64e138b6af8e4599cd7967074b1874618cb1d364a960fc41254
GET /rdvoqldvqhjbezvv825122.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=qTtrp48pNpjtQkueJcIeAl0+yKIoL1Nr20uEblW5K2DfvLCKMeKcYZlaiEojWFD/lqEzoqJavt71/G13nn2tdkpQcXDoiC1Kx9Rk0yO6eLHyapUQMgoY8KpoxJbjqjPPWQ+Hb5+9ic+Vr+tW0Yvj1ZpDqJGuSe507vDi/YXsT6Tb; AWSALBCORS=2OV7yByar76FlgCCrIbzNBhCe9Yr4znr3DQGMY50ZziX25f+G2ODcQCoahD3eYaB6hmmOJfCIaR9YgqegHuPgNVnG1p5hTzWKndwDTM8IFMT2A0eIk3G1T7XpF+Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Thu, 08 Dec 2022 18:36:59 GMT
content-type: text/html
set-cookie: AWSALBTG=SFUnEMPIUEE4XZwOnnde3L8snH803JnBjkp4Ike0yufNcnlaXSfhObn10zqvYaj2cW7MOAXU1EFN4Amx3GGEbFRE+UFwppkFHu0VXUN6i8nDuFb2E6/Yr7jvRfJoJDW4B00vUHaAgjK2URVukpa+sT38xZbLLFed1ofZVXshHVGz; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBTGCORS=SFUnEMPIUEE4XZwOnnde3L8snH803JnBjkp4Ike0yufNcnlaXSfhObn10zqvYaj2cW7MOAXU1EFN4Amx3GGEbFRE+UFwppkFHu0VXUN6i8nDuFb2E6/Yr7jvRfJoJDW4B00vUHaAgjK2URVukpa+sT38xZbLLFed1ofZVXshHVGz; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
AWSALB=BFltROXxRk9kRlXGqIBzRayRrW3A8rirnbNfo7dHo+78GD2TiNmN79Uhfq2Ij4F2ZVFcTeuZ8Y8JrvrYR3BpGYqNCBpxv5d9cLmH335IViRb+fkSCJFc4V5N/LPv; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBCORS=BFltROXxRk9kRlXGqIBzRayRrW3A8rirnbNfo7dHo+78GD2TiNmN79Uhfq2Ij4F2ZVFcTeuZ8Y8JrvrYR3BpGYqNCBpxv5d9cLmH335IViRb+fkSCJFc4V5N/LPv; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=z4fKLHGWGV7dY4Z0OJREPwAAAADw3PbIiIDWe1B3wuA9Y+Ph; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=cceOAUzJ9QHPOQhfiBrYA8sukmMAAAAAaghGU9JBkIjxe9SRGpLzng==; path=/; Domain=.globalsources.com
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912482 2NNN RT(1670524617325 1523) q(0 0 0 0) r(2 2) U11
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/1.1 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20039
Date: Thu, 08 Dec 2022 18:13:36 GMT
Expires: Thu, 08 Dec 2022 20:13:36 GMT
Cache-Control: public, max-age=7200
Age: 1403
Last-Modified: Tue, 27 Sep 2022 22:01:05 GMT
Content-Type: text/javascript
s.webtrends.com/js/webtrends.hm.js
143.204.55.49200 OK 7.4 kB URL HTTP/1.1 s.webtrends.com/js/webtrends.hm.js
IP 143.204.55.49:0
File type HTML document, ASCII text, with CRLF line terminators
Hash b2ea8b95abb8ab706e7a0cfa9685cd10
8b75b0f6fff26a3a651d9346db02fefe45a67379
fe11671e8ca6d3b5659e5dae0924ecae80c99c0dd72478710eed0886e687f69d
GET /js/webtrends.hm.js HTTP/1.1
Host: s.webtrends.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7382
Connection: keep-alive
Last-Modified: Tue, 25 Feb 2020 23:34:02 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 03 Dec 2022 04:57:41 GMT
ETag: "b2ea8b95abb8ab706e7a0cfa9685cd10"
X-Cache: Hit from cloudfront
Via: 1.1 f66e3db0f0449307dba3fbf72bbf3bac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Q-53Vf5rIXLNWdnNMONR_3jfUKTtjz64wvjG4nnv7Si3F2mWfZc6sA==
Age: 481159
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4febe4716d93c01917cc718ed52f0d1c
9437b5b65a71ae87dc652a40a0e030a6464991e4
3ff71e43c20bb1c8d9018a800fe877e8e4e46be21f0a051b402297f370eca77a
GET /gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Thu, 08 Dec 2022 18:36:59 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash 8dc722d27824e60548fd25752623cd07
33d66ad1a4a162e2d6c9ed732d6c9af79635fc4d
14ce9119fe06fb2d363ba3c824e9f5b3f212f1f39dfab38c836fa13a20daec1b
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 16:19:20 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 410f51195842d9b592b15d6588c36654.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: J0akJvFSCgLg1-lorjjOKkR_n1IpwSAn6OtsWWEalRMaF3ubMIjCpw==
Age: 8260
10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.38200 OK 257 B URL HTTP/2 10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499), with no line terminators
Hash 15bfeee514df56e0e386de441b2a4ad2
a38dffa545511adffaba030c8ac288cb948389c1
54f2677ead53be268519f29dadcbbea032cae1aab1491d5dfdda1100b881d84e
GET /activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 10716254.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:36:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 257
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 18:51:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.38200 OK 256 B URL HTTP/2 12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (496), with no line terminators
Hash 0fc6899aece018f2df2e4f4394e7da91
a93463b413a18c0ceebd27f2e3dee611d0c02397
937109fb43bb02886fd617bf84ab11393268a292b0506896826cbb23acea8fc6
GET /activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 12419770.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:36:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 256
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 18:51:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
107.154.199.39200 OK 89 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
IP 107.154.199.39:0
Hash b7b22089aeb0bc341bb35ffb546ba95b
733c4b08ec99d897f7ce0a53ffe3e052e6ae7e84
f4fb946fc2c1f97484dabb7f1230d9a890b5df944dff571e5b7bb13ae0335c3f
GET /sso/gsol/pex/en/balat/includes/SSO.CSS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: text/css
set-cookie: AWSALBTG=qTtrp48pNpjtQkueJcIeAl0+yKIoL1Nr20uEblW5K2DfvLCKMeKcYZlaiEojWFD/lqEzoqJavt71/G13nn2tdkpQcXDoiC1Kx9Rk0yO6eLHyapUQMgoY8KpoxJbjqjPPWQ+Hb5+9ic+Vr+tW0Yvj1ZpDqJGuSe507vDi/YXsT6Tb; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=qTtrp48pNpjtQkueJcIeAl0+yKIoL1Nr20uEblW5K2DfvLCKMeKcYZlaiEojWFD/lqEzoqJavt71/G13nn2tdkpQcXDoiC1Kx9Rk0yO6eLHyapUQMgoY8KpoxJbjqjPPWQ+Hb5+9ic+Vr+tW0Yvj1ZpDqJGuSe507vDi/YXsT6Tb; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=2OV7yByar76FlgCCrIbzNBhCe9Yr4znr3DQGMY50ZziX25f+G2ODcQCoahD3eYaB6hmmOJfCIaR9YgqegHuPgNVnG1p5hTzWKndwDTM8IFMT2A0eIk3G1T7XpF+Q; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=2OV7yByar76FlgCCrIbzNBhCe9Yr4znr3DQGMY50ZziX25f+G2ODcQCoahD3eYaB6hmmOJfCIaR9YgqegHuPgNVnG1p5hTzWKndwDTM8IFMT2A0eIk3G1T7XpF+Q; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=zeuxbZdKpD7iNwSnOJREPwAAAABFlxc7xBepv0Y455Ga6Fek; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=ZqQCeh3ZWWTPOQhfiBrYA8oukmMAAAAASw0BTAyVjFYCLrmi7qJ31Q==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 48) q(0 0 0 1) r(13 13) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=ypSHo35yNjdgmEeW4MMFGWyd9nAT0bAoovJvlYMRcxeoLBPzPQLKD74kvjL0wsAXKYbKoHef+EqEjfRNWLSpaVxZSMTBiG11Fwcvt2qV/kUSnAurbM4egrf4ICd07NO64mAYepSPoH0gUdR0qdXmvRsc9otdab3DePWz5yDYlzkG; AWSALBCORS=0PsIWfPr598QcxyanxWkDpP9CSVmDZmN/2sNWPv8Z9w5VSZCUq7uT3J4TcHuI1I8DtayWUaeVDdJOQ3dfb5mNpPTu2Pd2mXnoxcxduDxfLKpwr5eGxlqFQk+v3+O
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:59 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=FE+4AijrHC6Q270X4uvxdoy5hjAej2Mvtp6gXmdXwl/EAmRB65S4VLBLgEhSg8K50FwQjrmjI2S31MGmXeDd5eYhtjOA5xKwJGGaZYyESRo9S5kp/C3zJbZ01XcXY5N3z1JaXeaD64qMaVEt5gCYySuqbgvkZfTXf89GcNxCrBbP; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBTGCORS=FE+4AijrHC6Q270X4uvxdoy5hjAej2Mvtp6gXmdXwl/EAmRB65S4VLBLgEhSg8K50FwQjrmjI2S31MGmXeDd5eYhtjOA5xKwJGGaZYyESRo9S5kp/C3zJbZ01XcXY5N3z1JaXeaD64qMaVEt5gCYySuqbgvkZfTXf89GcNxCrBbP; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
AWSALB=m0I5WHUolf4Y8QYghB68RYu1NNYXoCWYHOUYYL+J9hJ5Z7QXXNu/ks1dPJJltBoRa1X9TkHCdzXxh0xHyszZMGbvkMhCEpoTQ+RS17PCUVY7Gd5fSSyl7wbT0trE; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBCORS=m0I5WHUolf4Y8QYghB68RYu1NNYXoCWYHOUYYL+J9hJ5Z7QXXNu/ks1dPJJltBoRa1X9TkHCdzXxh0xHyszZMGbvkMhCEpoTQ+RS17PCUVY7Gd5fSSyl7wbT0trE; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=rt0FBqLcQhd5NuhROJREPwAAAACvZ0c9lubf7jsnqAYAkDsG; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=8wRHDgq3MW/POQhfiBrYA8sukmMAAAAAFDaW3Os9QMYeJ8tQCdYADg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:07 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71906000 pNNN RT(1670524617325 1800) q(0 0 0 0) r(2 2) U2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1d710c2ae0ff0416ce1764fb7693d013
c1c510bda24203ddf2d803c081b623709ba55fa6
775db3bc6b40a9276261cf44642fe22183fda853674d9d16db709e0a7239b408
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
107.154.199.39200 OK 5.4 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
IP 107.154.199.39:0
Hash 27c22aa556d634dbdca86bcf88c4d560
2a24af97aef0d8317c8341037b271515ecbf8ea7
6edac66d04dc9af95e509ce6fb4c0ed42eaa61c87dd2a44f488952a8fc706f1b
GET /sso/gsol/pex/en/balat/includes/SSO.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=SSCaKtGD/sA5HGe3B2qxm1kkOS/aywbQMDReRX2FTmU94t8wUKyNmvOT+vLFWInAMbPjewXSs1Ah4rQ717FOTCSCuYBji9PjYRIOhNIfteZb1y4eHBD56DpYc6zamOtmBomG/d/0tDpr0NPWztyyTmJDDg33vhCvXpnFVOTuU/ng; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=SSCaKtGD/sA5HGe3B2qxm1kkOS/aywbQMDReRX2FTmU94t8wUKyNmvOT+vLFWInAMbPjewXSs1Ah4rQ717FOTCSCuYBji9PjYRIOhNIfteZb1y4eHBD56DpYc6zamOtmBomG/d/0tDpr0NPWztyyTmJDDg33vhCvXpnFVOTuU/ng; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=p9XlyHd56pw60k6EySVLKJHCGhrj53V0rZxWXehgOapn2GAaEDrLHzZtD0UWxgEHiiVfTcZQ4HfL1beeMQw0I7Kpt6Ue9K+Wy+h9NuEpDqKe24QI/RPU2DIPPEKy; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=p9XlyHd56pw60k6EySVLKJHCGhrj53V0rZxWXehgOapn2GAaEDrLHzZtD0UWxgEHiiVfTcZQ4HfL1beeMQw0I7Kpt6Ue9K+Wy+h9NuEpDqKe24QI/RPU2DIPPEKy; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=bnSiUfHHNmgFAZ0COJREPwAAAABvvxAx7qbb0z9n1ccz4Ore; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=ZrFAb9/XBUDPOQhfiBrYA8oukmMAAAAA/mlkfJHKxdj4VG9An2hGAw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 36) q(0 0 0 2) r(13 13) U2
X-Firefox-Spdy: h2
login.globalsources.com/csp_report
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/csp_report
IP 107.154.199.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csp_report HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 408
Origin: https://login.globalsources.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: text/plain
x-robots-tag: noindex
content-length: 0
set-cookie: visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=oLeXKINvzHDPOQhfiBrYA8sukmMAAAAArHcext/ehPOPJVhcySjjeQ==; path=/; Domain=.globalsources.com
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
X-Firefox-Spdy: h2
ritasshoes.tk/sso/GeneralManager?action=captchaApi&language=en
5.8.71.100404 Not Found 315 B URL HTTP/1.1 ritasshoes.tk/sso/GeneralManager?action=captchaApi&language=en
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
POST /sso/GeneralManager?action=captchaApi&language=en HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 21
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/sba/login.globalsources.com/error.php?email=
HTTP/1.1 404 Not Found
Date: Thu, 08 Dec 2022 18:36:59 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
login.globalsources.com/sso/gsol/pex/en/balat/includes/webtrends.min.js
107.154.199.39200 OK 8.9 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/webtrends.min.js
IP 107.154.199.39:0
Hash ec0086cd7dfc98cf9ecb116fb2bdcdbe
12af313358a130ac5a5b68d43e63c7afd828d5b7
29dce04d1d4bec9af397f599efe490943dab0c75ba83a8a2610fccc4a0c50986
GET /sso/gsol/pex/en/balat/includes/webtrends.min.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=qTtrp48pNpjtQkueJcIeAl0+yKIoL1Nr20uEblW5K2DfvLCKMeKcYZlaiEojWFD/lqEzoqJavt71/G13nn2tdkpQcXDoiC1Kx9Rk0yO6eLHyapUQMgoY8KpoxJbjqjPPWQ+Hb5+9ic+Vr+tW0Yvj1ZpDqJGuSe507vDi/YXsT6Tb; AWSALBCORS=2OV7yByar76FlgCCrIbzNBhCe9Yr4znr3DQGMY50ZziX25f+G2ODcQCoahD3eYaB6hmmOJfCIaR9YgqegHuPgNVnG1p5hTzWKndwDTM8IFMT2A0eIk3G1T7XpF+Q
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:59 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=L6FgAUrywmQTcXtEhHzD228p1oIEWz1MHzFD/PKfQorQeR5Oe6IJj02TRc5OE5QC0aozclvUKkD3KJL/M3l1zhgtVmc2leNF+LchyASgT/DWLfix6B2lhLN5AFNE8x2lUMfAaGfQMeKQuC8gDR4JWnpyhoCkOm3PUFah6Csq4FUe; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBTGCORS=L6FgAUrywmQTcXtEhHzD228p1oIEWz1MHzFD/PKfQorQeR5Oe6IJj02TRc5OE5QC0aozclvUKkD3KJL/M3l1zhgtVmc2leNF+LchyASgT/DWLfix6B2lhLN5AFNE8x2lUMfAaGfQMeKQuC8gDR4JWnpyhoCkOm3PUFah6Csq4FUe; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
AWSALB=1rYPx+up8E1o/n1AXZBDXZV8+mZ9YtRqo3T/HWY7eNHY76AdVxxvnDoeENfZ+SjPrK4o0XUP3Mwj25rtTl+P0QXqGP5u4lwKwMNbJdU4QD8gDPivdqGuTkoJgCwt; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBCORS=1rYPx+up8E1o/n1AXZBDXZV8+mZ9YtRqo3T/HWY7eNHY76AdVxxvnDoeENfZ+SjPrK4o0XUP3Mwj25rtTl+P0QXqGP5u4lwKwMNbJdU4QD8gDPivdqGuTkoJgCwt; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=rdkJEMNv6GpjrF43OJREPwAAAAA3sfPUiQhP/My0+xX0i2KX; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=NgjeRTFPPx3POQhfiBrYA8sukmMAAAAAh27yACtTM4atTvUktyEqHw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912471 2NNN RT(1670524617325 1539) q(0 0 0 0) r(3 3) U2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:36:59 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/collect?v=1&_v=j98&a=1733229434&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YGBAgEABAAAAAAAAI~&jid=327408924&gjid=1836250351&cid=1786411624.1670524619&tid=UA-179370-18&_gid=292450974.1670524619&cg1=LOGIN_FORM_ERR&z=964798947
142.250.74.14200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j98&a=1733229434&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YGBAgEABAAAAAAAAI~&jid=327408924&gjid=1836250351&cid=1786411624.1670524619&tid=UA-179370-18&_gid=292450974.1670524619&cg1=LOGIN_FORM_ERR&z=964798947
IP 142.250.74.14:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=1733229434&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YGBAgEABAAAAAAAAI~&jid=327408924&gjid=1836250351&cid=1786411624.1670524619&tid=UA-179370-18&_gid=292450974.1670524619&cg1=LOGIN_FORM_ERR&z=964798947 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 08 Dec 2022 17:34:48 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 3731
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
107.154.199.39200 OK 15 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
IP 107.154.199.39:0
File type ASCII text, with very long lines (53477)
Hash ccfdd12a9ab85a70af2f07997e1aaa05
476b30011345a1512171438abe83741af423ffb4
00d357d49b1e40bd584d1438c314489a29a971d5846417bf850b7c54f843cc06
GET /sso/gsol/pex/en/common/includes/ssoscripts.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=/lCb9fX4lXBfhlLVp4/WqZs1ungFVoLW2iOU40h26YlJvLc8JdZPh3edq5FExhMclobX8jSJKZu4E8pAtKLTc3uKt7qWXEboP0SnB7sSVzgBQNdQPkQ3MKZzQUsj8NPWDsYj29ZHnUa2V7QMVW7KKVgeWMm76KO/C8qqsvixs/Zp; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=/lCb9fX4lXBfhlLVp4/WqZs1ungFVoLW2iOU40h26YlJvLc8JdZPh3edq5FExhMclobX8jSJKZu4E8pAtKLTc3uKt7qWXEboP0SnB7sSVzgBQNdQPkQ3MKZzQUsj8NPWDsYj29ZHnUa2V7QMVW7KKVgeWMm76KO/C8qqsvixs/Zp; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=Aq9vXYWkH7ejCciPn2+4k8D/M0OWH2asXbednkR+NQKRG/j1yTdrgWDWOGa40NJ1a5ckBG3NNt9nM0Lpi0riOJGsjClXDwqcUgbT/iXAbo4uCS5uC06kGkd6EC3O; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=Aq9vXYWkH7ejCciPn2+4k8D/M0OWH2asXbednkR+NQKRG/j1yTdrgWDWOGa40NJ1a5ckBG3NNt9nM0Lpi0riOJGsjClXDwqcUgbT/iXAbo4uCS5uC06kGkd6EC3O; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=jbJrFm1aehjLPLlMOJREPwAAAAAR7CisKoc4b0xR1n0HOc3B; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=s9N0TFxkBQbPOQhfiBrYA8oukmMAAAAAk+XBLQBvOFZCiLMHbPy+7Q==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912482 2NNN RT(1670524617325 52) q(0 0 0 1) r(10 10) U2
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.34200 OK 259 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Hash cb1b83e0779f970a77ca481551789a37
585a43e613e9a03ada6d74de3cce31902f93efb8
51cac2621da86bd4e385e854d4107730b0edf2cbfb80cd16d354e72e711f24a9
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://10716254.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:36:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 259
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.34200 OK 258 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (495), with no line terminators
Hash 67af654e52a1c17e2374512ce704f053
101789b16584ad69d6a520282acdee6da2456269
a3fa24e40feaf57cf14288d64289c9b3f472bb64c3afcd5151f725992d34c44b
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12419770.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:36:59 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 258
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.156.98.77301 Moved Permanently 244 B URL HTTP/1.1 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.156.98.77:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8fc9865f26fa25a6392c2f6060ae5df3
848c84d5259d274403799d8f07dce9a524662a0f
6fcb4b79975d55a072ba52bfd817cfba24b1a9f4777c706fb0706fd385601caa
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
Date: Thu, 08 Dec 2022 18:36:59 GMT
Connection: close
Content-Length: 244
bat.bing.com/bat.js
13.107.21.200200 OK 12 kB IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39124), with no line terminators
Hash d925a898de26295fdebfc90203ef46fa
77dd3f5893b76530e08058d50e8f9aef017e80c7
8f4a413fec7e48f5ac290f4596fef33b6396e7fb31080ec0203a5ec817d140c8
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11460
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
set-cookie: MUID=3C881482266D6A2C27FC06F6273A6BDD; domain=.bing.com; expires=Tue, 02-Jan-2024 18:37:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2911DEFC1A0A4DD6B12EED45AD50B48F Ref B: OSL30EDGE0312 Ref C: 2022-12-08T18:36:59Z
date: Thu, 08 Dec 2022 18:36:59 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1670524619014&cv=11&fst=1670524619014&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=1232549588.1670524619&rfmt=3&fmt=4
142.250.74.130200 OK 889 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1670524619014&cv=11&fst=1670524619014&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=1232549588.1670524619&rfmt=3&fmt=4
IP 142.250.74.130:0
File type ASCII text, with very long lines (1869), with no line terminators
Hash 6526f289ed199f38783c995d1a5df596
b2338f06038f191f994aac4773176a53614afec1
216f051cfc2620434c8cae7acb2d462cb490f751c021a89f1af6fb3c4bb27729
GET /pagead/viewthroughconversion/1072021429/?random=1670524619014&cv=11&fst=1670524619014&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=1232549588.1670524619&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 889
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 18:52:00 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 664
Cache-Control: max-age=165550
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 16:36:10 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
54.230.111.78200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
IP 54.230.111.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/3267009/domain/ritasshoes.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://ritasshoes.tk/
Origin: http://ritasshoes.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 0
date: Wed, 07 Dec 2022 20:18:23 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ehrGZBa4DYu0hOQSxrewCBr6zQe1bZsEa9W2mZR8xLDOvLYPnig4Sg==
age: 80317
X-Firefox-Spdy: h2
login.globalsources.com/rdvoqldvqhjbezvv825122.js
107.154.199.39404 Not Found 3.2 kB URL HTTP/2 login.globalsources.com/rdvoqldvqhjbezvv825122.js
IP 107.154.199.39:0
Hash dfb7ac011f2068c7f356b2c1a12deb63
b06f2c79b2c8c7ea502e6e2f649faa82bb8dd9bf
73aa535328b812eda20718f9c73c7a756d337dbc96bd67e0a89d4b7ae460a79a
GET /rdvoqldvqhjbezvv825122.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: text/html
set-cookie: AWSALBTG=lQVuO98TN05KPy+Ut2JcxqWeFcwV/wnO8jzMjjdQgFbzdzT4Oqzqt7G7IDIRq9sGbBeflPI0DLlEl75THY6bSe26jgn/lxS1yKt4GVlmBi4eXMpdLY8GY1I5KAgp80+2neXpnupgCPq2LBGzEGs7WSgVwgX3BC4jCGGvIwmBBM8e; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=lQVuO98TN05KPy+Ut2JcxqWeFcwV/wnO8jzMjjdQgFbzdzT4Oqzqt7G7IDIRq9sGbBeflPI0DLlEl75THY6bSe26jgn/lxS1yKt4GVlmBi4eXMpdLY8GY1I5KAgp80+2neXpnupgCPq2LBGzEGs7WSgVwgX3BC4jCGGvIwmBBM8e; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=aUw0U7bzaxKrZaVotNesBgtS0K9SOKArF5fgcpGFaN3kw1u2ewBTNHzJQKsycDMKCQRM0cuut5D0B1c1HS1S0J5Yq0t5do8KtdPC4Qc8C7PYKqetdQH31CSw7Iiy; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=aUw0U7bzaxKrZaVotNesBgtS0K9SOKArF5fgcpGFaN3kw1u2ewBTNHzJQKsycDMKCQRM0cuut5D0B1c1HS1S0J5Yq0t5do8KtdPC4Qc8C7PYKqetdQH31CSw7Iiy; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=sw7gEGK9kBQokVI4OJREPwAAAAANBToiegKOHVOhwi9tcIWr; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=8xjWLnOBMFHPOQhfiBrYA8oukmMAAAAAed50YsoNxYNeuAoCZLqdhw==; path=/; Domain=.globalsources.com
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912482 2NNN RT(1670524617325 53) q(0 0 0 0) r(10 10) U11
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
216.58.207.228302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 216.58.207.228:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
107.154.199.39200 OK 35 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
IP 107.154.199.39:0
Hash 5aa89a0c49d67d7a59dcace96cad40f2
c943038581f70814341eaa45f081381d50625c28
29b83adcdfa889a2f1290fe2c68d95678df968c05bda3f77b904d0bd46be77f6
GET /sso/gsol/pex/en/balat/includes/jqueryandplugins.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=vSu6swUjuQn4zZsn4b3sFGCNl+8b5t22hTAIvox86iVH416SqbzazNKStNpSmjNkX98CyI+mEUl0lO2198dv6u1TqmpeJc3pBAC/wM1XTsSUos5R2T7TrPLBmDkdRn9nP9233eRxgJEOUbq/uja0tJd4duhiErCKd+DLWIPgCDOB; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=vSu6swUjuQn4zZsn4b3sFGCNl+8b5t22hTAIvox86iVH416SqbzazNKStNpSmjNkX98CyI+mEUl0lO2198dv6u1TqmpeJc3pBAC/wM1XTsSUos5R2T7TrPLBmDkdRn9nP9233eRxgJEOUbq/uja0tJd4duhiErCKd+DLWIPgCDOB; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=jBtGzCEm6l+pwuORHikkoroNA4DhwHnTmh7qnFLcO8VSTE/sndyR9zqqFhk5o+EDw3hmEE4MyibPpXdG9kNkoPdRDoyKbTUKVPdeciffA6wj1Ooz22o/30TF2XfM; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=jBtGzCEm6l+pwuORHikkoroNA4DhwHnTmh7qnFLcO8VSTE/sndyR9zqqFhk5o+EDw3hmEE4MyibPpXdG9kNkoPdRDoyKbTUKVPdeciffA6wj1Ooz22o/30TF2XfM; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=W6REW5/m6R/T2jiZOJREPwAAAABkewMo8pjs2UBehnaiqpDR; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=0IHESCO8nnnPOQhfiBrYA8oukmMAAAAA0w6jpEpY9xw8kfDXdDtz5w==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:47:52 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912464 2NNN RT(1670524617325 35) q(0 0 0 0) r(12 12) U2
X-Firefox-Spdy: h2
www.google.com/pagead/1p-user-list/1072021429/?random=1670524619014&cv=11&fst=1670522400000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=2922395240&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1072021429/?random=1670524619014&cv=11&fst=1670522400000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=2922395240&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1670524619014&cv=11&fst=1670522400000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=2922395240&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
107.154.199.39200 OK 28 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
IP 107.154.199.39:0
File type ASCII text, with very long lines (62758)
Hash b5c79ac5f755171a4bfd1775b2e3aecf
26764a7e756150722e009cd961b063ec5ac8e612
0deee0803a38d1ba31e9c7358d7502a540a102932ff6ba476428ac22739e6cf4
GET /sso/gsol/pex/en/common/includes/egain_docked_chat.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:59 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=ruRyjtAw9XBz81lCT3bDcx2vX052Lj2IEYkNtjyfKXAuX9aB6GG/M6SIdwtAlxYzWJw3Gy5Iyzl3MbfHkEO/Ihe+YHvLsxbTXBZqzOQff2jiqlWXIWojKKr5dkj7uiWIB5MGdbxumCvH/g67bMpgHHm7Ue36se/CrJT8MNssEYQ/; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBTGCORS=ruRyjtAw9XBz81lCT3bDcx2vX052Lj2IEYkNtjyfKXAuX9aB6GG/M6SIdwtAlxYzWJw3Gy5Iyzl3MbfHkEO/Ihe+YHvLsxbTXBZqzOQff2jiqlWXIWojKKr5dkj7uiWIB5MGdbxumCvH/g67bMpgHHm7Ue36se/CrJT8MNssEYQ/; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
AWSALB=gqPoXsvxNW8riws+8UWFSCEGHjKohyZXYbsiw4p5Pk9iCTFBQqLqQR/lRVvaJuM1occ7jidfGHId80wW1WMw+F3hPcnbjC52jTd3ZSxGLCOZw9p8GNjH/btusHDP; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/
AWSALBCORS=gqPoXsvxNW8riws+8UWFSCEGHjKohyZXYbsiw4p5Pk9iCTFBQqLqQR/lRVvaJuM1occ7jidfGHId80wW1WMw+F3hPcnbjC52jTd3ZSxGLCOZw9p8GNjH/btusHDP; Expires=Thu, 15 Dec 2022 18:36:59 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=puktdeRbVwToXTAmOJREPwAAAADU3wTG2OpTM5zSUZ5FxNoz; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=3nznds+fEW3POQhfiBrYA8oukmMAAAAA6VgMDySsjCTxbbOQ4Pk+GQ==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912482 2NNN RT(1670524617325 51) q(0 0 0 0) r(13 13) U2
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 664
Cache-Control: max-age=165550
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 16:36:10 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.130200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=449979902690;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
expires: Thu, 08 Dec 2022 18:37:00 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.130200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=5712327654087;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
expires: Thu, 08 Dec 2022 18:37:00 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.156.98.77200 OK 10 B URL HTTP/2 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.156.98.77:0
File type exported SGML document, ASCII text, with CRLF line terminators
Hash 944ece9d6d59cdf6eaa8ae6c6c205b93
877b1b2addfb2494453305fa4b93f3f03ee064c2
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
strict-transport-security: max-age=31536000
date: Thu, 08 Dec 2022 18:36:59 GMT
content-length: 10
X-Firefox-Spdy: h2
www.google.no/pagead/1p-user-list/1072021429/?random=1670524619014&cv=11&fst=1670522400000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=2922395240&rmt_tld=1&ipr=y
142.250.74.131200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1072021429/?random=1670524619014&cv=11&fst=1670522400000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=2922395240&rmt_tld=1&ipr=y
IP 142.250.74.131:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1670524619014&cv=11&fst=1670522400000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=2922395240&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670524619317%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLEE0nJTPkhUgAAAYTzBs2JzyJ63rWwFfJM7P7nNFKAaoRaLpCIT_oBSeZWv83-Iqhte92sJCggyA; Max-Age=2592000; Expires=Sat, 07 Jan 2023 18:37:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQIvyXIkxR31FQAAAYTzBs2JX0gvjz7fD4zxG9vvztct4BiqoPq5yAd9DUpqPTksgpOUL1uMpw6ya96tmEVbxA; Max-Age=2592000; Expires=Sat, 07 Jan 2023 18:37:00 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&b5330712-00d5-432f-83ec-ea3b180137c7"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Dec-2023 18:37:00 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2451:u=1:x=1:i=1670524620:t=1670611020:v=2:sig=AQFTvdTGysohK2AxSTtAfka1GaWOSefs"; Expires=Fri, 09 Dec 2022 18:37:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXvVVKSnz0LdpavqDqPuw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 16B595F5873E4068A49158983C1CB8DB Ref B: OSL30EDGE0506 Ref C: 2022-12-08T18:37:00Z
date: Thu, 08 Dec 2022 18:37:00 GMT
content-length: 0
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.131200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.131:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1670524619066&cv=11&fst=1670524619066&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=1232549588.1670524619&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c221e4deeb8144b7fc354cce5dc563f8
578e9395e2800e2e19bde2a1d49d9501f6aa3364
258bf83c23b05e8bc9b987e849a194b9f81742ee4268f6453a1e88bfaca959f5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/p/action/137022501.js
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137022501.js
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137022501.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=36CDCFC0E4FE6E7A02E8DDB4E5A96FEE; domain=.bing.com; expires=Tue, 02-Jan-2024 18:37:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0F80DA6FAE914B899A64BEDF617AD5C6 Ref B: OSL30EDGE0312 Ref C: 2022-12-08T18:37:00Z
date: Thu, 08 Dec 2022 18:37:00 GMT
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
54.230.111.78200 OK 104 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
IP 54.230.111.78:0
Hash f300e2a4e2aa8ab2dbe3727e273fe4dd
5aa7e29e67ba7e1c003ea9902d9e407e9ed1de33
aad40f368d389709abeef0de0ac56af4c39ef25c8a5aa91bc851e6088a4366a6
GET /partner/3267009/domain/ritasshoes.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Thu, 08 Dec 2022 18:37:00 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 39qOiXrs5bFnyeXXVQrj-h4ckctAqiFKMqkTyMfWXmJ8aCz-p_ex0g==
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670524619662&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670524619661.2073965178&it=1670524619535&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670524619662&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670524619661.2073965178&it=1670524619535&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670524619662&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670524619661.2073965178&it=1670524619535&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 18:37:00 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670524619664&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670524619661.2073965178&it=1670524619535&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670524619664&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670524619661.2073965178&it=1670524619535&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670524619664&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670524619661.2073965178&it=1670524619535&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 08 Dec 2022 18:37:00 GMT
X-Firefox-Spdy: h2
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670524619317%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670524619317%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670524619317%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&3c7a57cc-163a-4e11-8a98-fc18a2f3b361"; Domain=.linkedin.com; Expires=Fri, 08-Dec-2023 18:37:00 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&2022120818370080bdd3aa-dd64-41f5-81fe-95a1884b5316AQEwudSnpH-rqU_lT8UAgGF6TgAjI2FA"; Domain=.www.linkedin.com; Expires=Fri, 08-Dec-2023 18:37:00 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzA1MjQ2MjA7MjswMjFORZQ3itzNqZ/evPiJF0RDWvavH6FSPbvrcVTXkbe8UQ==; Domain=.linkedin.com; Expires=Tue, 06 Jun 2023 18:37:00 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2432:u=1:x=1:i=1670524620:t=1670611020:v=2:sig=AQFXkmbIr2YWDEuEDcQSDKzU8LIkjuzg"; Expires=Fri, 09 Dec 2022 18:37:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXvVVKVja/gaVVJpE7yhA==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 3CCFCD266F324695B9047F329D626877 Ref B: OSL30EDGE0506 Ref C: 2022-12-08T18:37:00Z
date: Thu, 08 Dec 2022 18:37:00 GMT
content-length: 0
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1670524619317&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&95fff4c9-05a6-47db-84dd-7d112d4be605"; domain=.linkedin.com; Path=/; Secure; Expires=Fri, 08-Dec-2023 18:37:00 GMT; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2432:u=1:x=1:i=1670524620:t=1670611020:v=2:sig=AQFXkmbIr2YWDEuEDcQSDKzU8LIkjuzg"; Expires=Fri, 09 Dec 2022 18:37:00 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXvVVKYSrAbdlf/e8XHSg==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 0E6C38BC134248CCBBFCA925AF6C38CF Ref B: OSL30EDGE0506 Ref C: 2022-12-08T18:37:00Z
date: Thu, 08 Dec 2022 18:37:00 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 08 Dec 2022 18:37:00 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
12419770.fls.doubleclick.net/activityi;src=12419770;type=f_scr0;cat=f_cm_0;ord=2514273669684;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.38200 OK 257 B URL HTTP/2 12419770.fls.doubleclick.net/activityi;src=12419770;type=f_scr0;cat=f_cm_0;ord=2514273669684;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.38:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (496), with no line terminators
Hash 26073e2cadb9c12097e0e310c5011a5b
63f95e6b0c175ed9185c34bb3852c5fd4c80a434
091644c88d38fcdcf59c9b6f2d537692c1fa3359bfdbe87aa40901328d531ce1
GET /activityi;src=12419770;type=f_scr0;cat=f_cm_0;ord=2514273669684;gtm=2wgbu0;auiddc=1232549588.1670524619;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 12419770.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 08 Dec 2022 18:37:00 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 257
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 08-Dec-2022 18:52:00 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1733229434&cid=1786411624.1670524619&ul=en-us&sr=1280x1024&_s=1&sid=1670524619&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1733229434&cid=1786411624.1670524619&ul=en-us&sr=1280x1024&_s=1&sid=1670524619&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1733229434&cid=1786411624.1670524619&ul=en-us&sr=1280x1024&_s=1&sid=1670524619&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://ritasshoes.tk
date: Thu, 08 Dec 2022 18:37:00 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=6ae468af-7025-4228-8a35-5100bd8a1701&sid=4cd29340772711edac846171c183181a&vid=4cd2b280772711edb1c6619e223a8c57&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=778450
13.107.21.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=6ae468af-7025-4228-8a35-5100bd8a1701&sid=4cd29340772711edac846171c183181a&vid=4cd2b280772711edb1c6619e223a8c57&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=778450
IP 13.107.21.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137022501&tm=gtm002&Ver=2&mid=6ae468af-7025-4228-8a35-5100bd8a1701&sid=4cd29340772711edac846171c183181a&vid=4cd2b280772711edb1c6619e223a8c57&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=778450 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0EEA941C1FA76B69210A86681EF06A59; domain=.bing.com; expires=Tue, 02-Jan-2024 18:37:00 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D9962C35BD674ACEBB81F332EE1A88FC Ref B: OSL30EDGE0312 Ref C: 2022-12-08T18:37:00Z
date: Thu, 08 Dec 2022 18:37:00 GMT
X-Firefox-Spdy: h2
insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0
35.71.131.137200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0
IP 35.71.131.137:0
GET /track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:37:00 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
35.71.131.137200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
IP 35.71.131.137:0
GET /track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event} HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:37:00 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
IP 107.154.199.39:0
GET /sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 08 Dec 2022 18:36:58 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=CflD90kKOfJvIdliaCZD4anYFY+pEK4mHuLii+PH8RiKM5nfZzHG3CPXKlKWs7/s+eSXjnK6BbU81Rf8Ulibck//R2cgvVRhvU89O02tQs0hu99xPLJnpX0YEdieY7g2K+8iIuOxlemCTzWKvsjdO67unMP0uTYV3qguiw5wc+vx; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBTGCORS=CflD90kKOfJvIdliaCZD4anYFY+pEK4mHuLii+PH8RiKM5nfZzHG3CPXKlKWs7/s+eSXjnK6BbU81Rf8Ulibck//R2cgvVRhvU89O02tQs0hu99xPLJnpX0YEdieY7g2K+8iIuOxlemCTzWKvsjdO67unMP0uTYV3qguiw5wc+vx; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
AWSALB=Tc8AbeHalJZV1411HYndPysnPFtJ+QKiqua+ccQK3fPHJiyr1TvILLGj3RE7zNrZmPvkSmw3JUKgZocnXBjocoE0Cj3JHEoWJg3ChWir8SoVu6dEAXRsiE5tYNsy; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/
AWSALBCORS=Tc8AbeHalJZV1411HYndPysnPFtJ+QKiqua+ccQK3fPHJiyr1TvILLGj3RE7zNrZmPvkSmw3JUKgZocnXBjocoE0Cj3JHEoWJg3ChWir8SoVu6dEAXRsiE5tYNsy; Expires=Thu, 15 Dec 2022 18:36:58 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=FJS3FPGZniersBLCOJREPwAAAAA5pdCJlMEMNKFU0ILZ6k3b; path=/; Domain=.globalsources.com
visid_incap_2766148=exG5cFrLSZmis0POdF0Hi8kukmMAAAAAQUIPAAAAAADHAUFTrYF6TrvmqgxC5P9n; expires=Thu, 07 Dec 2023 22:29:28 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=yxw7YGHMZR7POQhfiBrYA8oukmMAAAAArJz1VIT5cwJTQ7ZafZlTpw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-71912460-71912471 2NNN RT(1670524617325 50) q(0 0 0 0) r(12 12) U2
X-Firefox-Spdy: h2