r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13129
Expires: Fri, 09 Dec 2022 06:01:33 GMT
Date: Fri, 09 Dec 2022 02:22:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10775
Expires: Fri, 09 Dec 2022 05:22:19 GMT
Date: Fri, 09 Dec 2022 02:22:44 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 02:08:16 GMT
content-type: application/json
age: 868
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10340
Expires: Fri, 09 Dec 2022 05:15:04 GMT
Date: Fri, 09 Dec 2022 02:22:44 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: NxZA9Rp3HflhZQS6r98zZIDapIfo3/dDJYzrC12aI5h7JdAoohezwwFbzbBcNaurrqMXZDvrKcM=
x-amz-request-id: MS7QRSQT4RTV08KS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 01:48:08 GMT
age: 2076
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:22:44 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ritasshoes.tk/sba/login.globalsources.com/
5.8.71.100200 OK 12 kB URL HTTP/1.1 ritasshoes.tk/sba/login.globalsources.com/
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
Hash a139e9ea6ee3894680622e3a5e687fd7
ab450032fd1bd43d7ea69734ca48f3c345ccd924
772e1377bb6103ed5d633a2d6bc4272f748e38e3d5b81a7b00a4d86994eae9b6
Analyzer Verdict Alert openphish Global Sources (HK)
fortinet Phishing
GET /sba/login.globalsources.com/ HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:44 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Last-Modified, ETag, Cache-Control, Alert, Content-Length, Pragma, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 02:07:59 GMT
age: 886
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1b3b04003bd7ebdcef1d2cc69274fff5
42dbfe9189f0032ca7ad3c37ca428786da5912ad
202e1da873da8d5f563eb55b6ec05c3668ab81f2712688fffe721c176fa5eb82
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4296
Cache-Control: max-age=138366
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:45 GMT
Etag: "639204ab-1d7"
Expires: Sat, 10 Dec 2022 16:48:51 GMT
Last-Modified: Thu, 08 Dec 2022 15:37:15 GMT
Server: ECS (amb/6B92)
X-Cache: HIT
Content-Length: 471
tmxapi.globalsources.com/fp/tags.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&pageid=Login
91.235.133.77200 OK 12 kB URL HTTP/1.1 tmxapi.globalsources.com/fp/tags.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&pageid=Login
IP 91.235.133.77:0
File type ASCII text, with very long lines (15506)
Hash b58cdaef914558de9913cc844bf0103d
9bf6c18d4dbff29f57019a67155b1e9fa386d744
eacf63d044646611003cf33fdb34b8b8f79506301cf03b762bbaefeaa10613dc
GET /fp/tags.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&pageid=Login HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:45 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP=IVAa PSAa
Set-Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A; Max-Age=155520000; Version=1; HttpOnly; Path=/; Secure; SameSite=None;
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4823
Cache-Control: max-age=115470
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:45 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:27:15 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
34.223.160.237101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.223.160.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: HwWAK6yVgzvMs8sybMOFfg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 8Gh+7+pk/iSxXKzLbUZ5XFOik10=
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:45 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=Acuwgw7wadURYfqWIe0V0Cy0rZvJRu49wq/zaSX0NxyW7YMo6z6QMDWmetFKjc5V/v10oZH5SM03OiyCteLlAs0HQb8/I4y2L3nbIzbi/t/nYe9jum+3yxJ3u0InFEVXHeD/OHzhMI8E8nV8q/iAsj+KC5GROFSqoFVUKgIrb6il; Expires=Fri, 16 Dec 2022 02:22:45 GMT; Path=/
AWSALBTGCORS=Acuwgw7wadURYfqWIe0V0Cy0rZvJRu49wq/zaSX0NxyW7YMo6z6QMDWmetFKjc5V/v10oZH5SM03OiyCteLlAs0HQb8/I4y2L3nbIzbi/t/nYe9jum+3yxJ3u0InFEVXHeD/OHzhMI8E8nV8q/iAsj+KC5GROFSqoFVUKgIrb6il; Expires=Fri, 16 Dec 2022 02:22:45 GMT; Path=/; SameSite=None; Secure
AWSALB=GtHjRDVl9Y8ZQfGFPYlrDBh3+5ETLR9e3Mv+qJnWaDVDpUnNPDRTF1PZYAFyMI5ZvIuLpUOGztL7o9o5cqkR4DFuE9kPAnb+Iuu3eQKfeo7lh39Wmn7/AobtWQFw; Expires=Fri, 16 Dec 2022 02:22:45 GMT; Path=/
AWSALBCORS=GtHjRDVl9Y8ZQfGFPYlrDBh3+5ETLR9e3Mv+qJnWaDVDpUnNPDRTF1PZYAFyMI5ZvIuLpUOGztL7o9o5cqkR4DFuE9kPAnb+Iuu3eQKfeo7lh39Wmn7/AobtWQFw; Expires=Fri, 16 Dec 2022 02:22:45 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=bquceoKPG3A9zfnNOJREPwAAAAAzmd8f1/qyGrtn44XSBD6G; path=/; Domain=.globalsources.com
visid_incap_2766148=wX2mQIGtQGSXmj1dzSa/ePWbkmMAAAAAQUIPAAAAAAB///CyDyxcLU7jD+3y8IKX; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=qHdWWwVCuzY7JBpfiBrYA/WbkmMAAAAADr0qKRU3/ZfqrdjOUE96vA==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:07 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434697 nNNN RT(1670552564650 44) q(0 1 5 -1) r(8 8) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
107.154.199.39200 OK 4.3 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash 3416d1e30f078febf83bad93f15f7ba6
2997b26ac512fd945f5c1ef64e3bcf178ee47f6b
900774ab9d108ddeee13c38f67680d8b855588ab4b3c37949fa79f4b15c4e3a9
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: image/jpeg
content-length: 4284
set-cookie: AWSALBTG=D1eS0VOSXAFvVYeq6eIVJJZWez6ThY/6GyiE/2ast2/KbNZSTyHwQHWHT07bpJ+OdxKrGWpahdGh5fIBx2cUo1RiivGOmMlGDSSUMNxL+aDjU/Ta9wTaCLr/tph4C5XW2m6ezpdQOoI0lSzn9+scswcJiH1ws1R7szfIjE5PLcVs; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=D1eS0VOSXAFvVYeq6eIVJJZWez6ThY/6GyiE/2ast2/KbNZSTyHwQHWHT07bpJ+OdxKrGWpahdGh5fIBx2cUo1RiivGOmMlGDSSUMNxL+aDjU/Ta9wTaCLr/tph4C5XW2m6ezpdQOoI0lSzn9+scswcJiH1ws1R7szfIjE5PLcVs; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=2iBf0Q7oF1tVRlYyJ88/Odaf0o/5ukG8drwvoeMiDsT2rlK6XeZK48bG/8WbD1U18ZlGylQJ0Nxuc0gCtOQPBoNZ+4/hADb93WEPRSYAMZUvlcC4gQe2nEeyASwV; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=2iBf0Q7oF1tVRlYyJ88/Odaf0o/5ukG8drwvoeMiDsT2rlK6XeZK48bG/8WbD1U18ZlGylQJ0Nxuc0gCtOQPBoNZ+4/hADb93WEPRSYAMZUvlcC4gQe2nEeyASwV; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=JFd9Pbz82zywf42kOJREPwAAAABeP370zZI4zoznVpJITtJ1; path=/; Domain=.globalsources.com
visid_incap_2766148=G/xgfTxMQ16zuj3hU6skDfWbkmMAAAAAQUIPAAAAAABPWKNdLQN9JPPoK0NlemH0; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=yf+fAz96Z1lEJBpfiBrYA/WbkmMAAAAAUeJYQt47taLU7yeuWDu5NA==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434684 2NNN RT(1670552564650 41) q(0 1 1 -1) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
107.154.199.39200 OK 4.7 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash f68d2d065e34993ce6e4b832737c7147
8e799c63bd8292de2f320b8afa23524107773266
b0501c9294231206d2aeb28e8bbd622910de7fc139e02756dc339cb9a68d017f
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: image/jpeg
content-length: 4667
set-cookie: AWSALBTG=tPlnTNpGMTeXTeNLcx9g9WS+m3jUji7cvwHV+Fb/AjofrZcjhphroe2MC5yutP9H0wmp4oRUcBPj0umYz6DZRDOmqihsciK0TxcT9G4cw4lnaK7YHduZCfLdiuFVqS11Zr5KMCFaMWUju6k4bGTzW2BQhe/+V/+E4Ues9uUAbu56; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=tPlnTNpGMTeXTeNLcx9g9WS+m3jUji7cvwHV+Fb/AjofrZcjhphroe2MC5yutP9H0wmp4oRUcBPj0umYz6DZRDOmqihsciK0TxcT9G4cw4lnaK7YHduZCfLdiuFVqS11Zr5KMCFaMWUju6k4bGTzW2BQhe/+V/+E4Ues9uUAbu56; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=PgSE+DwfLOkq8b/R1wrIxpJXP6Crgj3MuOzvun7JPDagGZh6uFCFKlRnncrJEs9k8lSFJnQwabxbLjZl2wa5ylUf5S9PcLSSePhTcjCg8IZw5LhhHmBBOnr34dcP; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=PgSE+DwfLOkq8b/R1wrIxpJXP6Crgj3MuOzvun7JPDagGZh6uFCFKlRnncrJEs9k8lSFJnQwabxbLjZl2wa5ylUf5S9PcLSSePhTcjCg8IZw5LhhHmBBOnr34dcP; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=kefPB1gLUn9xgIqiOJREPwAAAAAEmliZ6KUL/G1/lGiDbR9Z; path=/; Domain=.globalsources.com
visid_incap_2766148=hOWZlsI7SxCoUEoKDdWAOPWbkmMAAAAAQUIPAAAAAABPg4QbYQ/yWKNB7ttfUgxS; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=I88fA8GHIwRGJBpfiBrYA/WbkmMAAAAA2VjuShYwip5wdG6sy08Hzg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:07 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434692 2NNN RT(1670552564650 42) q(0 1 1 -1) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
107.154.199.39200 OK 3.8 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
IP 107.154.199.39:0
File type PNG image data, 210 x 32, 8-bit colormap, non-interlaced\012- data
Hash a8656a61ac922e6b5e297627ae7b078a
fd0a07d76165669d22d9b8c1e930da9fb51aef22
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
GET /sso/gsol/pex/en/balat/images/GSLOGO.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: image/png
content-length: 3788
set-cookie: AWSALBTG=6w+l5BAOB0KMgvyio4ggLCuUmeSF1nP/+dLQYncxG2O/ntbAc5ExkYI6GKbyzSbmnKn5x1E8KZD/usZMtdvVfReSlch1D7BGw5ju45v6Lyig+5pt3vDcOIfd9DOmApAlOZ1r9qw7lPe5vg89/FD3XLJ4Io7pc8GnX1oLVdk/pKNZ; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=6w+l5BAOB0KMgvyio4ggLCuUmeSF1nP/+dLQYncxG2O/ntbAc5ExkYI6GKbyzSbmnKn5x1E8KZD/usZMtdvVfReSlch1D7BGw5ju45v6Lyig+5pt3vDcOIfd9DOmApAlOZ1r9qw7lPe5vg89/FD3XLJ4Io7pc8GnX1oLVdk/pKNZ; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=P59hsZWe4RwiA+IsKKKD19OAoaaiSiGzov/3f9oUSS+Lmyacfv+EaiZH1KUacW9cAZMwCNVp/eSeBATW00GANSHvr5zOs41sWgl4GF684Z0TNrIVrTNC8idd4oBn; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=P59hsZWe4RwiA+IsKKKD19OAoaaiSiGzov/3f9oUSS+Lmyacfv+EaiZH1KUacW9cAZMwCNVp/eSeBATW00GANSHvr5zOs41sWgl4GF684Z0TNrIVrTNC8idd4oBn; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=+QIJPN+OJiFlMKeOOJREPwAAAACdRHOQPq5f7naTrAX+4tZ0; path=/; Domain=.globalsources.com
visid_incap_2766148=ySIPWW1mRD2CugMIL2fHXPWbkmMAAAAAQUIPAAAAAACpw5sd9XRrjhx938LOlRnS; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=E9w0N0x8qBJIJBpfiBrYA/WbkmMAAAAAvIhBi8xPzhddAQw1DhoWJg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434684 2NNN RT(1670552564650 40) q(0 0 0 -1) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
107.154.199.39200 OK 65 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
IP 107.154.199.39:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 456x555, components 3\012- data
Hash f4cfa4fb0267a0184bc6caa933d39633
7871c922ca703ddf022e5cf32d70de76ea42be16
a333d615df16eae983fc674e1e06c445d08bc440cb16eff950ec7570d98c3206
GET /sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: image/jpeg
content-length: 64609
set-cookie: AWSALBTG=F2NJ2c0xfYibw79qX2A6H17v4PMOazM5LTumGhqc8fUlVRMg1u1utba1ArQnKLVN6sLa7i5/oBj8OqmeRs3U98HidYVQEdnW/UFgNhflPaf2KaViC8gKrz08fq3nOnb7NUQdgxz0FJIUqspHuZwG06LltE4NqsaiNX9gKLeQw0io; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=F2NJ2c0xfYibw79qX2A6H17v4PMOazM5LTumGhqc8fUlVRMg1u1utba1ArQnKLVN6sLa7i5/oBj8OqmeRs3U98HidYVQEdnW/UFgNhflPaf2KaViC8gKrz08fq3nOnb7NUQdgxz0FJIUqspHuZwG06LltE4NqsaiNX9gKLeQw0io; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=uzeHuI9geXhwJ4hCIycdSab4Ls3RoEQRPCBwAcrKH//ffwlAkp9KSVHlDwRaERae5+dgZJeXUmZ0khrukCvhIPdJoLxQw84SrkHGyNsDF3xQ96S+pSyzGnd9eTPv; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=uzeHuI9geXhwJ4hCIycdSab4Ls3RoEQRPCBwAcrKH//ffwlAkp9KSVHlDwRaERae5+dgZJeXUmZ0khrukCvhIPdJoLxQw84SrkHGyNsDF3xQ96S+pSyzGnd9eTPv; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=OamrS9/zfTRIMh89OJREPwAAAADc9L0BD3NNpShiGgvcgwBH; path=/; Domain=.globalsources.com
visid_incap_2766148=6Pu/pcPNQ+C/q/A/rxBkfPWbkmMAAAAAQUIPAAAAAAAV/Jl+Ahm8WU3niJU5W3Uo; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=BNpMZADI+gdHJBpfiBrYA/WbkmMAAAAAqT7vaoB4YFgp19apowZunw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434692 2NNN RT(1670552564650 43) q(0 1 1 -1) r(10 10) U2
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 08dc1097c83d6f931819890010215132
651f4c8dec266bc1149c5009aeaff8b850c95cfa
45e607d3d26d0460dc67aded9e4bab3da0e230ad8656bc7cde02db523965d5f0
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 02:22:46 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
107.154.199.39200 OK 9.5 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
IP 107.154.199.39:0
Hash e7ce8d59f1bbbe8be5d59919be137f52
24e5b8fd4c367d5b5ec472148692c80949331c9d
74297f29c76d875e874d1577ab0492c98ed77a4b1b88223fe3fcc602508fee35
GET /sso/gsol/pex/en/balat/includes/SSO.CSS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: text/css
set-cookie: AWSALBTG=ZU8UeuataXVfRxswaj/SqFCgCFwR1p5DGuMbJVDvdiTJg0azT9sRA0MeYwY3gTcrJoJ0r0dg1HHvaqle/gEgrQsFdnq4BPsU/xF7Jdex6SsAZeoIP7LHXaTzcVS9Hn6QCywE7OjLv4Yc9DCYgwJcUg1O5CjOrh/hZWbj88FuB22m; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=ZU8UeuataXVfRxswaj/SqFCgCFwR1p5DGuMbJVDvdiTJg0azT9sRA0MeYwY3gTcrJoJ0r0dg1HHvaqle/gEgrQsFdnq4BPsU/xF7Jdex6SsAZeoIP7LHXaTzcVS9Hn6QCywE7OjLv4Yc9DCYgwJcUg1O5CjOrh/hZWbj88FuB22m; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=1sLUjXp4nwTUtkI8h0M2wpwqm+0Y8DxakOc5kfn9hlxOYwLrqEu9y9kICHGulKVHDjjLIA5Ihmn7N0FaCa8gjHgkmLBuxxtdNYYqXCPJwShKiAjci7bbMbHgKl4u; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=1sLUjXp4nwTUtkI8h0M2wpwqm+0Y8DxakOc5kfn9hlxOYwLrqEu9y9kICHGulKVHDjjLIA5Ihmn7N0FaCa8gjHgkmLBuxxtdNYYqXCPJwShKiAjci7bbMbHgKl4u; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=4Dd9a0leIgBsJkGJOJREPwAAAABVb/jq754z8Cqw9QWkA/Jm; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=w4ujGc4RkDgvIRpfiBrYA/WbkmMAAAAA7X90EU/2czeh0F+xJa3gDQ==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434684 2NNN RT(1670552564650 37) q(0 1 1 0) r(12 12) U2
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.168200 OK 97 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (53281)
Hash 0f262178b20127a240021b75e54455a3
fc950246e9157d3a670dc132218f0c755ed1b4dd
8c0658f1634af155cd4f06a271f0fadad292a95d0e5e9ab0c45d898da5231ca2
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 02:22:46 GMT
expires: Fri, 09 Dec 2022 02:22:46 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 96815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
107.154.199.39200 OK 37 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
IP 107.154.199.39:0
Hash 423698fbb05328ca1d9ac39f498942bf
0024cfeaaf8eccd7451d461bd385a3f5f18f2007
2aa3c539cb39a1bcc0e626d2f890d8bfda7c55aa6645c30f4752cdcbf937542f
GET /sso/gsol/pex/en/balat/includes/jqueryandplugins.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=a9TuaeeCKEqfWUTva05nd18/YXVtxhf5gXGoZD+tBepBhgVtSKHjJVFl2PrYM722c8UsNsEiMrwixylzG8zo0P764kQdBtU9X6lap7xIKR8aaISeHnjI67D9Knl/NxuJ+De7dfUjy8QRHNJ2zzAb2HSbOmfwOW3GZgZ8B110C5QM; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=a9TuaeeCKEqfWUTva05nd18/YXVtxhf5gXGoZD+tBepBhgVtSKHjJVFl2PrYM722c8UsNsEiMrwixylzG8zo0P764kQdBtU9X6lap7xIKR8aaISeHnjI67D9Knl/NxuJ+De7dfUjy8QRHNJ2zzAb2HSbOmfwOW3GZgZ8B110C5QM; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=b4QZtOLoq8wvw2sgE6xsLXmkaChkY7MGSbEddGbaPds+nn6NuHdNtxHsKV7sgi2xc7uO5d5CU9KQU0ABVc1Bzqmd2l+eAxDITMQ4xcXyBtKQmFY+BvaEz6SMFBPV; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=b4QZtOLoq8wvw2sgE6xsLXmkaChkY7MGSbEddGbaPds+nn6NuHdNtxHsKV7sgi2xc7uO5d5CU9KQU0ABVc1Bzqmd2l+eAxDITMQ4xcXyBtKQmFY+BvaEz6SMFBPV; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=WpWbcCwCkAiFGpcsOJREPwAAAABcJ5RhcXg4+XWN9BOgyQJa; path=/; Domain=.globalsources.com
visid_incap_2766148=b9vSH4FxRPOOs8+BD7Ivh/WbkmMAAAAAQUIPAAAAAADmkbTgvw6ywIX7QQ5OrP07; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=ijP/fyrvnExPJBpfiBrYA/WbkmMAAAAAAMInZzVeo1vAD7g/PnCi7Q==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:47:52 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434684 2NNN RT(1670552564650 45) q(0 1 1 -1) r(12 12) U2
X-Firefox-Spdy: h2
login.globalsources.com/rdvoqldvqhjbezvv137257.js
107.154.199.39404 Not Found 12 kB URL HTTP/2 login.globalsources.com/rdvoqldvqhjbezvv137257.js
IP 107.154.199.39:0
Hash 078ad66d8ee1192822a4bcccefd090cb
619203f4b8cacfeea5a0b51629f790a43bca0e1e
5c9390b478c61a643d694c5c20673e44d134256cb3bf151fb2b044eb662f743a
GET /rdvoqldvqhjbezvv137257.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: text/html
set-cookie: AWSALBTG=EaxNDLVr5Rzm8lWphWBk+5JjU1ohzWTuK5A4vyC3YtBhAFasl7jEyi+AIGITlZeN9vGy26KXt4mfQjnU7GdnePvJmlVqb9XssC4c+apqD49jI5QT7zEetS2ENYhbtayhJ1BY74RvpzkQXqdt5RkNsKaVyJBNWeVpve1HdrNDBXGs; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=EaxNDLVr5Rzm8lWphWBk+5JjU1ohzWTuK5A4vyC3YtBhAFasl7jEyi+AIGITlZeN9vGy26KXt4mfQjnU7GdnePvJmlVqb9XssC4c+apqD49jI5QT7zEetS2ENYhbtayhJ1BY74RvpzkQXqdt5RkNsKaVyJBNWeVpve1HdrNDBXGs; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=lZ9U/CZNmaFkROFjiA2li+dGsXgmAt6O2MPMU6qbUsTWnRernf6hPC647x4ZTqsvpw8t1A4nttiGlUUlk70vAU4aDfg0DG6zMiJhJ/rGRhmqsOjnoqfAdOV/BNyo; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=lZ9U/CZNmaFkROFjiA2li+dGsXgmAt6O2MPMU6qbUsTWnRernf6hPC647x4ZTqsvpw8t1A4nttiGlUUlk70vAU4aDfg0DG6zMiJhJ/rGRhmqsOjnoqfAdOV/BNyo; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=duHiP2ZCazYDcfscOJREPwAAAABBYx791OJg4qBko9LuxjjN; path=/; Domain=.globalsources.com
visid_incap_2766148=JNICTFkARaOPSXr0lYGv0vabkmMAAAAAQUIPAAAAAADrj34NOMCLTlRU85I/8iaF; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=ftVEHq+rfzxZJBpfiBrYA/abkmMAAAAA1uxWfjfXWAUojh18RPPqFQ==; path=/; Domain=.globalsources.com
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434692 2NNN RT(1670552564650 48) q(0 1 1 -1) r(15 15) U11
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8883
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 02:22:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8883
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 02:22:46 GMT
Connection: keep-alive
login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
107.154.199.39200 OK 11 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
IP 107.154.199.39:0
File type ASCII text, with very long lines (40516), with no line terminators
Hash a1927ab796545365d74affda5ae5d843
90f322628491a20b99ee68773444c970952e4448
42881e6763cfb90451950c7071a5cfc5cbd14aa807e15a91191c5011a04e0dbb
GET /sso/gsol/pex/en/common/includes/ssoscripts.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=6qBWUhI0naN6kfRtPDxzYQ5A+Jw3w7oQymXB3B4nEKJGH1eKvNoK1nuUxxEp46pQ4CcpG5VLk2qOgWy8dpZnWKcd53u3XDtVgvR10gH08L96JjS1PlXwVDqhNuRP1aJ1ZVyPY+znD9hJ2gkbV74ISVnXOaHL2WowyzeTk3PvPwz+; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=6qBWUhI0naN6kfRtPDxzYQ5A+Jw3w7oQymXB3B4nEKJGH1eKvNoK1nuUxxEp46pQ4CcpG5VLk2qOgWy8dpZnWKcd53u3XDtVgvR10gH08L96JjS1PlXwVDqhNuRP1aJ1ZVyPY+znD9hJ2gkbV74ISVnXOaHL2WowyzeTk3PvPwz+; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=3EHgJ+1hLQYyUP1EiPH/iONfL/Ivbts2QVyqUWXbJ4kRJrlM+OCXKMkCpccFDizXZc5jIQcwyhZ4k/6+n/WbUkRQAzlCJhFEUqfOODBpv4AYor0GXG1llN2xiYEK; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=3EHgJ+1hLQYyUP1EiPH/iONfL/Ivbts2QVyqUWXbJ4kRJrlM+OCXKMkCpccFDizXZc5jIQcwyhZ4k/6+n/WbUkRQAzlCJhFEUqfOODBpv4AYor0GXG1llN2xiYEK; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=e67MGi9K8hzVNQqyOJREPwAAAADI1Wuw6B26uRR3QJqX+wpn; path=/; Domain=.globalsources.com
visid_incap_2766148=CkDYbtBNTGuzHdGH891iYvWbkmMAAAAAQUIPAAAAAAD+meZ2IjbcVqnW8RBfhSSn; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=qF4/Wn2qpmlJJBpfiBrYA/WbkmMAAAAAdUMfToXzwS76LFHfAKYNgQ==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434702 2NNN RT(1670552564650 46) q(0 1 1 -1) r(10 10) U2
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8883
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 02:22:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8882
Expires: Fri, 09 Dec 2022 04:50:49 GMT
Date: Fri, 09 Dec 2022 02:22:47 GMT
Connection: keep-alive
www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4febe4716d93c01917cc718ed52f0d1c
9437b5b65a71ae87dc652a40a0e030a6464991e4
3ff71e43c20bb1c8d9018a800fe877e8e4e46be21f0a051b402297f370eca77a
GET /gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 02:22:47 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
107.154.199.39200 OK 9.7 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
IP 107.154.199.39:0
Hash f18e47e23f5f54147a3e6a4ce544cb11
0d163d9cff143c5e0c1d0f2db5a6bf4a6d5ef523
fc6e4e1eb0c4d35f9c04091c81277273b1a8eed74c78ae2dbf01af5ba7e90ca9
GET /sso/gsol/pex/en/balat/includes/SSO.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=I+VKtDj9r405mywHsU7Z6lpXDxd1egVDpD4domdqyMIHTqIs/X4wT8mWtptsThJ3uuAWf+iXkbtjHiiPqSIknSJ9/gsb6VJ4J+9iIAPNOWrDw5IyQImNBUQdafW5ILqeJ/xfrJZ/oqqYHX0Utaz34pDWOGHaPeLtpfdGcr2RVKlf; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=I+VKtDj9r405mywHsU7Z6lpXDxd1egVDpD4domdqyMIHTqIs/X4wT8mWtptsThJ3uuAWf+iXkbtjHiiPqSIknSJ9/gsb6VJ4J+9iIAPNOWrDw5IyQImNBUQdafW5ILqeJ/xfrJZ/oqqYHX0Utaz34pDWOGHaPeLtpfdGcr2RVKlf; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=6QZJBXAImyHziMvIWzzFZCybJk3FpWPJVxqJ6Vje7tPl6ZQXklQZ7JC/k7IB2OIyk7/MF3w4H4l3L72DpeRpCKoRZEbb5jiibeO9s8McaDYEguubSwqfO+bOJ34y; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=6QZJBXAImyHziMvIWzzFZCybJk3FpWPJVxqJ6Vje7tPl6ZQXklQZ7JC/k7IB2OIyk7/MF3w4H4l3L72DpeRpCKoRZEbb5jiibeO9s8McaDYEguubSwqfO+bOJ34y; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=EnTQYw4zQ2DhKnpJOJREPwAAAAAtfCW9CqWk/4sxaGek4ix5; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=Ue7bGsAhBBovIRpfiBrYA/WbkmMAAAAAlZMcmFcixB4atBs6iE6ZUw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434684 2NNN RT(1670552564650 37) q(0 1 1 1) r(12 12) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
107.154.199.39200 OK 12 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
IP 107.154.199.39:0
Hash edcbfa802dce9894b33e4655e4277a8a
40cdf1265feae0ae842caaa5994346f6cc00dd5f
9a70f743f3cc5c491fe15f67a6385a733dc7fcd2c59dab2046dbe95e4ce2d12c
GET /sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=Fc9ych0CJOy3zHcpLEecT6t/xDewnWISMWOzizVy/t99iZv66Rc48d6c1YSrUVdOkWzEBEzXPkh1FADfwFfPgPZry4QCYMnWu2rDJpxTRxMN+NFa0ltiVDq/xTN4oVLEPzki+JctMsseGm19mIbSLwcge+Pf53gyhV9+2q+AUlil; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=Fc9ych0CJOy3zHcpLEecT6t/xDewnWISMWOzizVy/t99iZv66Rc48d6c1YSrUVdOkWzEBEzXPkh1FADfwFfPgPZry4QCYMnWu2rDJpxTRxMN+NFa0ltiVDq/xTN4oVLEPzki+JctMsseGm19mIbSLwcge+Pf53gyhV9+2q+AUlil; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=cjY7l8LF1ZXIjvJEP4AnLYLx3ZWltSczqZBCkL+F3gcEuPM1J5gRB0zWACZ1ZFsWjI4Ir0KrMjDF4frKUQHkyv5YCNjXX0SMpWtroOhsia2fi8SPYByBNmuWtUKa; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=cjY7l8LF1ZXIjvJEP4AnLYLx3ZWltSczqZBCkL+F3gcEuPM1J5gRB0zWACZ1ZFsWjI4Ir0KrMjDF4frKUQHkyv5YCNjXX0SMpWtroOhsia2fi8SPYByBNmuWtUKa; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=eL8lcOiZIzwR0woyOJREPwAAAADgQOGM2wJq55wBvNxKD2OO; path=/; Domain=.globalsources.com
visid_incap_2766148=xFnUDBRmTaW2hyPNkDwCyPWbkmMAAAAAQUIPAAAAAAD9HpAbZCUmpqS28HLPVo9F; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=UXT1RGQq5nhFJBpfiBrYA/WbkmMAAAAARrkruj4iFvm9nqoo2mSNlQ==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434692 2NNN RT(1670552564650 50) q(0 0 0 -1) r(9 9) U2
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:15:09 GMT
age: 58058
etag: "2506152cdd1056533116feb9350124356e570e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash 8dc722d27824e60548fd25752623cd07
33d66ad1a4a162e2d6c9ed732d6c9af79635fc4d
14ce9119fe06fb2d363ba3c824e9f5b3f212f1f39dfab38c836fa13a20daec1b
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 16:19:20 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QBqEKa2fAy-L1OGzfx350m6Nn9oFDVkgL_jwQrzJatXxpo3i6lw0Mw==
Age: 36208
ritasshoes.tk/sso/GeneralManager?action=captchaApi&language=en
5.8.71.100404 Not Found 315 B URL HTTP/1.1 ritasshoes.tk/sso/GeneralManager?action=captchaApi&language=en
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
POST /sso/GeneralManager?action=captchaApi&language=en HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 20
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/sba/login.globalsources.com/
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 02:22:46 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 18:34:32 GMT
age: 28095
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 16283
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f04d1dc05d36822d7368cdb4d19316c9
5c611ceaf8d4c79edfe37a6201d40917cebeda28
a9336a736295e694564259c4806ed96a00d20844f78f2688ed28251e62a71ceb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: e8dc7a72-f5b3-48cd-a82d-353bace3ed7f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F8GIAMFojw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-4c62a5ea0572081c44fd601c;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HVDmsaBvm-_CVFzeFfp8XZU8rfpsAIqa4DsbAcqoYAiwcR_7NFzc9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 03:58:15 GMT
age: 80672
etag: "5c611ceaf8d4c79edfe37a6201d40917cebeda28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
s.webtrends.com/js/webtrends.hm.js
143.204.55.43200 OK 7.4 kB URL HTTP/1.1 s.webtrends.com/js/webtrends.hm.js
IP 143.204.55.43:0
File type HTML document, ASCII text, with CRLF line terminators
Hash b2ea8b95abb8ab706e7a0cfa9685cd10
8b75b0f6fff26a3a651d9346db02fefe45a67379
fe11671e8ca6d3b5659e5dae0924ecae80c99c0dd72478710eed0886e687f69d
GET /js/webtrends.hm.js HTTP/1.1
Host: s.webtrends.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7382
Connection: keep-alive
Last-Modified: Tue, 25 Feb 2020 23:34:02 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 03 Dec 2022 04:57:41 GMT
ETag: "b2ea8b95abb8ab706e7a0cfa9685cd10"
X-Cache: Hit from cloudfront
Via: 1.1 e49f22f18c16784c0f42291e768d1daa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6xyD5_2owiT10hXUhNPuheRZKC28eoyh8VOHtWAR-axj2ADDxn-zBQ==
Age: 509107
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/csp_report
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/csp_report
IP 107.154.199.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csp_report HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 408
Origin: https://login.globalsources.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: text/plain
x-robots-tag: noindex
content-length: 0
set-cookie: visid_incap_2766148=kv2aguajQRSENNJO11x1T/abkmMAAAAAQUIPAAAAAAAR8rmLjARBlcEoEyRspFif; expires=Fri, 08 Dec 2023 22:29:30 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=kJPGeR5joH5pJBpfiBrYA/abkmMAAAAA4Amr/esOpZK9NKmwkW9HBQ==; path=/; Domain=.globalsources.com
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
X-Firefox-Spdy: h2
12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F?
142.250.74.70200 OK 285 B URL HTTP/2 12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (475), with no line terminators
Hash 894e416b29b208108369c43c0badeee4
e60f9c667e017a817330892c3f83c15d27e2fb0c
e2089319cb80aa3039ecb36a339733d524633df614b887a9d7fc91555cc142f8
GET /activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F? HTTP/1.1
Host: 12419770.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 285
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F?
142.250.74.70200 OK 244 B URL HTTP/2 10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (480), with no line terminators
Hash 1b90ad8c13b5647a425e2fa7b731b32f
5e26e3812373913da4e0692a4f78bf5147a4158a
3f65f08629fe07ea804b896be054d49cbd7247c99b4b3dc45d60cfd3fac78de8
GET /activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F? HTTP/1.1
Host: 10716254.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 244
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:47 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.210200 OK 4.6 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.210:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12961)
Hash c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=19698
date: Fri, 09 Dec 2022 02:22:47 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3398
Cache-Control: max-age=140337
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:21:44 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.158.208.124301 Moved Permanently 244 B URL HTTP/1.1 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.158.208.124:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8fc9865f26fa25a6392c2f6060ae5df3
848c84d5259d274403799d8f07dce9a524662a0f
6fcb4b79975d55a072ba52bfd817cfba24b1a9f4777c706fb0706fd385601caa
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
Date: Fri, 09 Dec 2022 02:22:46 GMT
Connection: close
Content-Length: 244
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23f0fed6cb9af080a75d8b899ae5bd84
2c02a8cb4a6e70d8ba58696fd709838656d443c3
b1102b6924fcffe1f07a07385010a47aa142435d4efc79b338e50f8258a4d5da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: O1TFcKpSZcIs2bBMRwFx/81+hrO1L/r0Pq4IdjH+oFJV96CsHAhsx2Hy3j4S5jmVyqAjPoE3GD2uqOVACkcZ4A==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1904183273
date: Fri, 09 Dec 2022 02:22:47 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/bat.js
204.79.197.200200 OK 12 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39124), with no line terminators
Hash d925a898de26295fdebfc90203ef46fa
77dd3f5893b76530e08058d50e8f9aef017e80c7
8f4a413fec7e48f5ac290f4596fef33b6396e7fb31080ec0203a5ec817d140c8
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11460
content-type: application/javascript
content-encoding: gzip
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ranges: bytes
etag: "027e538cd8d91:0"
vary: Accept-Encoding
set-cookie: MUID=1F0676678B23672D244B64128A746681; domain=.bing.com; expires=Wed, 03-Jan-2024 02:22:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 303AC1FB744A495DAD9498E36C85CC94 Ref B: OSL30EDGE0308 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:46 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1670552566141&cv=11&fst=1670552566141&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&auid=1554309974.1670552566&rfmt=3&fmt=4
142.250.74.34200 OK 873 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1670552566141&cv=11&fst=1670552566141&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&auid=1554309974.1670552566&rfmt=3&fmt=4
IP 142.250.74.34:0
File type ASCII text, with very long lines (1827), with no line terminators
Hash fe93015bb2a15cc76d2aea463347a176
c93afd5afbe5834306398c2e130bd99fc22c6bc8
4aa23ae5a9b661f7d60c48ed256b922fbbe037e9ff6c9deedd558dca40d52770
GET /pagead/viewthroughconversion/1072021429/?random=1670552566141&cv=11&fst=1670552566141&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&auid=1554309974.1670552566&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 873
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:47 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3398
Cache-Control: max-age=140337
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:21:44 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&ct_cookie_present=1
142.250.74.34200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&ct_cookie_present=1
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:47 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
216.58.207.228302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 216.58.207.228:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
142.250.74.66200 OK 245 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (474), with no line terminators
Hash 127483faa3b923175c537b8dc96ea4ad
5b97c5ddaa602850b676f0b39616c51c3af3a25d
257c09c6cf2f546a99435af626f0b34f4c1026dc7a6bd0b5e8959740c096579e
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12419770.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 245
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
142.250.74.66200 OK 245 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (479), with no line terminators
Hash 8a45fc7d8be69a1239e5c7ea1f1c7dde
0e036315abc36fa8d6a2f4fc05c14e7d19c598c8
3bd7dd29c5046ceedc76ff89134e6f9e1124ed85c025c22ce0b2d31dedccb747
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://10716254.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 245
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google-analytics.com/collect?v=1&_v=j98&a=1328166414&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=896243322&gjid=786592009&cid=1724413555.1670552566&tid=UA-179370-18&_gid=629890626.1670552566&cg1=LOGIN_FORM&z=29935556
142.250.74.110200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j98&a=1328166414&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=896243322&gjid=786592009&cid=1724413555.1670552566&tid=UA-179370-18&_gid=629890626.1670552566&cg1=LOGIN_FORM&z=29935556
IP 142.250.74.110:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=1328166414&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=896243322&gjid=786592009&cid=1724413555.1670552566&tid=UA-179370-18&_gid=629890626.1670552566&cg1=LOGIN_FORM&z=29935556 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 08 Dec 2022 08:57:58 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 62689
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
www.google.com/pagead/1p-user-list/1072021429/?random=1670552566141&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&fmt=3&is_vtc=1&random=253920714&rmt_tld=0&ipr=y
216.58.207.228200 OK 42 B URL HTTP/2 www.google.com/pagead/1p-user-list/1072021429/?random=1670552566141&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&fmt=3&is_vtc=1&random=253920714&rmt_tld=0&ipr=y
IP 216.58.207.228:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1670552566141&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&fmt=3&is_vtc=1&random=253920714&rmt_tld=0&ipr=y HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
54.230.111.8200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
IP 54.230.111.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/3267009/domain/ritasshoes.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://ritasshoes.tk/
Origin: http://ritasshoes.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Fri, 09 Dec 2022 00:07:56 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: j9D1pCE_d9Gfl8zbYE7sQBhsPJuLzQWQ9li-wAxSViHwyuWuu2jayA==
age: 8090
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=490a76ad-2d36-4317-acb1-559031a439c9&sid=5e917660776811edac8d3bb669a79cc7&vid=5e916260776811ed833b5f36b424c639&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&r=<=2197&evt=pageLoad&sv=1&rn=849637
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=490a76ad-2d36-4317-acb1-559031a439c9&sid=5e917660776811edac8d3bb669a79cc7&vid=5e916260776811ed833b5f36b424c639&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&r=<=2197&evt=pageLoad&sv=1&rn=849637
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137022501&tm=gtm002&Ver=2&mid=490a76ad-2d36-4317-acb1-559031a439c9&sid=5e917660776811edac8d3bb669a79cc7&vid=5e916260776811ed833b5f36b424c639&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&r=<=2197&evt=pageLoad&sv=1&rn=849637 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0CBD8C76D18F66993ABD9E03D0D867D9; domain=.bing.com; expires=Wed, 03-Jan-2024 02:22:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9B9E6468660E4FE3B7E4A0CC75CCAA37 Ref B: OSL30EDGE0308 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:46 GMT
X-Firefox-Spdy: h2
ritasshoes.tk/favicon.ico
5.8.71.100404 Not Found 315 B URL HTTP/1.1 ritasshoes.tk/favicon.ico
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/sba/login.globalsources.com/
Cookie: _gcl_au=1.1.1554309974.1670552566
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 02:22:47 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/1072021429/?random=1670552566141&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&fmt=3&is_vtc=1&random=253920714&rmt_tld=1&ipr=y
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1072021429/?random=1670552566141&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&fmt=3&is_vtc=1&random=253920714&rmt_tld=1&ipr=y
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1670552566141&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&fmt=3&is_vtc=1&random=253920714&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
142.250.74.66200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=4750388809256;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
expires: Fri, 09 Dec 2022 02:22:47 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.163200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.163:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1670552566163&cv=11&fst=1670552566163&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tiba=Global%20Sources&value=0&bttype=purchase&auid=1554309974.1670552566&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/137022501.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137022501.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137022501.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=15D029266A1E65F2233E3B536B4964E5; domain=.bing.com; expires=Wed, 03-Jan-2024 02:22:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 483F21407192460B9367CF5B07EE721B Ref B: OSL30EDGE0308 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:46 GMT
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1724413555.1670552566&jid=896243322&gjid=786592009&_gid=629890626.1670552566&_u=YCDAgEABAAAAAEAAI~&z=1001030163
108.177.14.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1724413555.1670552566&jid=896243322&gjid=786592009&_gid=629890626.1670552566&_u=YCDAgEABAAAAAEAAI~&z=1001030163
IP 108.177.14.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1724413555.1670552566&jid=896243322&gjid=786592009&_gid=629890626.1670552566&_u=YCDAgEABAAAAAEAAI~&z=1001030163 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://ritasshoes.tk
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552566472%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252F%26tm%3Dgtmv2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLfOw1bVPFaTAAAAYT0sT5bdq4u8Ha66yCrWa5vWnla_Nzi2m7wh8F05kSmW7lmaj32f9ZzL4rL9g; Max-Age=2592000; Expires=Sun, 08 Jan 2023 02:22:47 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJLf7AH8h_CKwAAAYT0sT5bAMKyrF6cbc3492iTq3hUo93L4nPHStBGDM1mbsPbPBGOkao4Q7vIW6jgUqUu7Q; Max-Age=2592000; Expires=Sun, 08 Jan 2023 02:22:47 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&096556d0-4b45-4543-896e-352bbe0f3664"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Dec-2023 02:22:47 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2451:u=1:x=1:i=1670552567:t=1670638967:v=2:sig=AQHmBsJzoqqaXjgU6-sYgL-hrXrFzoUn"; Expires=Sat, 10 Dec 2022 02:22:47 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXvW9Rbdl3njTG1QYbB4A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DE430D382FED49AEA8CAEF0042AB9D1F Ref B: OSL30EDGE0517 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:47 GMT
content-length: 0
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
142.250.74.66200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=329339534558;gtm=2wgbu0;auiddc=1554309974.1670552566;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
expires: Fri, 09 Dec 2022 02:22:47 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.158.208.124200 OK 10 B URL HTTP/2 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.158.208.124:0
File type exported SGML document, ASCII text, with CRLF line terminators
Hash 944ece9d6d59cdf6eaa8ae6c6c205b93
877b1b2addfb2494453305fa4b93f3f03ee064c2
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
strict-transport-security: max-age=31536000
date: Fri, 09 Dec 2022 02:22:46 GMT
content-length: 10
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1724413555.1670552566&jid=896243322&_u=YCDAgEABAAAAAEAAI~&z=277547928
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1724413555.1670552566&jid=896243322&_u=YCDAgEABAAAAAEAAI~&z=277547928
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1724413555.1670552566&jid=896243322&_u=YCDAgEABAAAAAEAAI~&z=277547928 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552566472%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252F%26tm%3Dgtmv2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552566472%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252F%26tm%3Dgtmv2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552566472%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252F%26tm%3Dgtmv2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&ca1dc972-bcaf-4fb4-859b-606358302fb4"; Domain=.linkedin.com; Expires=Sat, 09-Dec-2023 02:22:47 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202212090222477548977b-fc89-4a13-8d7b-1f484c928054AQERzY_Es4nl1Nz56UvFC_z-mfmwDj5y"; Domain=.www.linkedin.com; Expires=Sat, 09-Dec-2023 02:22:47 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzA1NTI1Njc7MjswMjEw1oSz7MdYYkUryvxavjOnv+sc7umius0vCrRRZPXAzw==; Domain=.linkedin.com; Expires=Wed, 07 Jun 2023 02:22:47 GMT; Path=/; Secure; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2394:u=1:x=1:i=1670552567:t=1670638967:v=2:sig=AQEEK-XLDANZmeNJUxU9wCDbGkpBtsj2"; Expires=Sat, 10 Dec 2022 02:22:47 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXvW9Rd+uwq1mAxkp6Mcw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 0197CCD6FBCB4C7A83530C021768AB08 Ref B: OSL30EDGE0517 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:47 GMT
content-length: 0
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&rl=&if=false&ts=1670552566853&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670552566853.509570066&it=1670552566490&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&rl=&if=false&ts=1670552566853&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670552566853.509570066&it=1670552566490&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&rl=&if=false&ts=1670552566853&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670552566853.509570066&it=1670552566490&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 09 Dec 2022 02:22:47 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&rl=&if=false&ts=1670552566855&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670552566853.509570066&it=1670552566490&coo=false&rqm=GET
31.13.72.36200 OK 86 kB URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&rl=&if=false&ts=1670552566855&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670552566853.509570066&it=1670552566490&coo=false&rqm=GET
IP 31.13.72.36:0
File type gzip compressed data, from Unix\012- data
Hash d8409823e3ef5f962445ab834b4900cd
49bf40a70fdabfafc3e2cb4155209274c1d2b767
3e566e478d6e14e163d64f4f17ea8da755d72f05c004f577d0f0b7a917c12feb
GET /tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&rl=&if=false&ts=1670552566855&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670552566853.509570066&it=1670552566490&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 09 Dec 2022 02:22:47 GMT
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2&liSync=true
13.107.42.14200 OK 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2&liSync=true
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1670552566472&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&tm=gtmv2&liSync=true HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript
set-cookie: lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&1c0b7e85-a767-45ee-8c0b-c2c4e2783d0b"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Dec-2023 02:22:47 GMT; SameSite=None
lidc="b=OGST09:s=O:r=O:a=O:p=O:g=2394:u=1:x=1:i=1670552567:t=1670638967:v=2:sig=AQEEK-XLDANZmeNJUxU9wCDbGkpBtsj2"; Expires=Sat, 10 Dec 2022 02:22:47 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAXvW9RhPbcZSpXg7rn4Ig==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: 60E914F3A4BB4B8783F629C465F1F94D Ref B: OSL30EDGE0517 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:47 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash bf8858fa52de668b0013cf9ce66d290c
9c319173ee6a48c6e717e9e8764008564aabe7ba
93df528ead5887cbbcf51f83c9e6ffa451861ae3145296ab3dfc269067080933
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1328166414&cid=1724413555.1670552566&ul=en-us&sr=1280x1024&_s=1&sid=1670552566&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1328166414&cid=1724413555.1670552566&ul=en-us&sr=1280x1024&_s=1&sid=1670552566&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1328166414&cid=1724413555.1670552566&ul=en-us&sr=1280x1024&_s=1&sid=1670552566&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://ritasshoes.tk
date: Fri, 09 Dec 2022 02:22:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=490a76ad-2d36-4317-acb1-559031a439c9&sid=5e917660776811edac8d3bb669a79cc7&vid=5e916260776811ed833b5f36b424c639&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=365071
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=490a76ad-2d36-4317-acb1-559031a439c9&sid=5e917660776811edac8d3bb669a79cc7&vid=5e916260776811ed833b5f36b424c639&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=365071
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137022501&tm=gtm002&Ver=2&mid=490a76ad-2d36-4317-acb1-559031a439c9&sid=5e917660776811edac8d3bb669a79cc7&vid=5e916260776811ed833b5f36b424c639&vids=0&msclkid=N&gc=USD&tpp=1&ea=gtm.scrollDepth&en=Y&sw=1280&sh=1024&sc=24&evt=custom&rn=365071 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0167BDF1ED4F62DB3F30AF84EC1863DF; domain=.bing.com; expires=Wed, 03-Jan-2024 02:22:47 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F0BD2AFE107A435D9D25975A5D9958F9 Ref B: OSL30EDGE0308 Ref C: 2022-12-09T02:22:47Z
date: Fri, 09 Dec 2022 02:22:47 GMT
X-Firefox-Spdy: h2
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ck=0&m=2
91.235.133.77200 OK 81 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ck=0&m=2
IP 91.235.133.77:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ck=0&m=2 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ck=0&m=1
91.235.133.77200 OK 81 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ck=0&m=1
IP 91.235.133.77:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ck=0&m=1 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
tmxapi.globalsources.com/fp/check.js;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jb=373224266a736d7d3d4c6b6e75782668736f3d4c696e757024687162773f446b706d666d7a246873603d446170656e6d782d3030333235
91.235.133.77200 OK 68 kB URL HTTP/1.1 tmxapi.globalsources.com/fp/check.js;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jb=373224266a736d7d3d4c6b6e75782668736f3d4c696e757024687162773f446b706d666d7a246873603d446170656e6d782d3030333235
IP 91.235.133.77:0
File type ASCII text, with very long lines (2274)
Hash 77e8044c115e2db8a1d51373c2150757
be9850fe070f1c09e843afcb903e5df710adde7e
8e0a7b689ac711688bb80bed59db9315da807ccff5923052c9217422dd26b093
GET /fp/check.js;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jb=373224266a736d7d3d4c6b6e75782668736f3d4c696e757024687162773f446b706d666d7a246873603d446170656e6d782d3030333235 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:47 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: d3dd34489ec0ef06
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Transfer-Encoding: chunked
tmxapi.globalsources.com/fp/HP?session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
91.235.133.77200 OK 5.8 kB URL HTTP/1.1 tmxapi.globalsources.com/fp/HP?session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
IP 91.235.133.77:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash c999aa8e8295faf1d44c256fdb90ae59
6fa793ae267631b52719115571df3ae6bcf9b69a
33bb43328b104ae1e3bd80c3e2e20b70d581f5d3f0f386f21913ea6362afd339
GET /fp/HP?session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=Edge
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5826
Keep-Alive: timeout=2, max=99
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jb=3136246c73613f3134363530623736666633663430303869346635363a6630663139313b326467
91.235.133.77204 No Content 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jb=3136246c73613f3134363530623736666633663430303869346635363a6630663139313b326467
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jb=3136246c73613f3134363530623736666633663430303869346635363a6630663139313b326467 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/javascript
tmxapi.globalsources.com/fp/es.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&cb=td_1N
91.235.133.77200 OK 130 B URL HTTP/1.1 tmxapi.globalsources.com/fp/es.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&cb=td_1N
IP 91.235.133.77:0
File type ASCII text, with no line terminators
Hash f922cbfb5a4953f496578000f3383fce
29e60bb9bf5f3c26481f576289c615a7f5fc6f2e
e38a2b3c6a9cbd33f791dc26db2a43281eb3ed066369899075b0c1e7d207ff5c
GET /fp/es.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&cb=td_1N HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked
tmxapi.globalsources.com/fp/ls_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
91.235.133.77200 OK 14 kB URL HTTP/1.1 tmxapi.globalsources.com/fp/ls_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
IP 91.235.133.77:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Hash 4bae58c87f7932863c603e2f5b82eb5d
66c584881b063a08ff2129c0c4c744ca67021b4d
069f1ca86b12eaea3eeffd27f9b37f2e4392d5852343d01ee4cedd3e68a6316a
GET /fp/ls_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=99
Transfer-Encoding: chunked
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jd=373524266a666c3537266866683d3866316234376138653e3234673533606435673f32636333643760383a3b67652e68667c6c3d323837383837
91.235.133.77204 No Content 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jd=373524266a666c3537266866683d3866316234376138653e3234673533606435673f32636333643760383a3b67652e68667c6c3d323837383837
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jd=373524266a666c3537266866683d3866316234376138653e3234673533606435673f32636333643760383a3b67652e68667c6c3d323837383837 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=97
Connection: Keep-Alive
Content-Type: text/javascript
tmxapi.globalsources.com/fp/clear.png
91.235.133.77200 OK 81 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png
IP 91.235.133.77:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*, 5uvbsw0f/d3dd34489ec0ef063d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Fri, 09 Dec 2022 02:22:48 GMT
Expires: Wed, 08 Dec 2027 02:22:48 GMT
Etag: 0b632cbb27bd46ee86627c4f524fb024
Cache-Control: private, must-revalidate, max-age=0
Access-Control-Allow-Origin: http://ritasshoes.tk
Content-Length: 81
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: image/png
tmxapi.globalsources.com/fp/top_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
91.235.133.77200 OK 13 kB URL HTTP/1.1 tmxapi.globalsources.com/fp/top_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
IP 91.235.133.77:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (15506)
Hash 3b26bf19a4a3b9685966864be2ed30be
699a721891190f8760298b8a9d2bc7c8f1600c77
0849b159c564ca7eedd13b7fb2dc31a0de39fc0aa88fb4cc9b06da858e60cf4c
GET /fp/top_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=98
Transfer-Encoding: chunked
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ja=3431352626633f38267a3f3026663d33323830783130323c2463643d33303a327a393032302471787b3d327032266c727235332c333038382e313032362c33323a302e313030302431323a302c39333b2c313238302c313830362e302e322471616c3d3036246e683f68767c72253b43253a442530447261766173736a6f67732c7469253246716a612530466c6f676b6e2e676c6f626164716d77726167712c61676d2730442464703d24606a3d3961343e3a656630373c6738396135373630616537656330353938353a6563372668736f3d4c696e7570246871623f446b70676e6f7a2730323132352462716f7d3f4c616c757a246a7b60753d466b7267666d78246e68633f3936266c6d74703d3226747a643d55544b246f63746a703f303a3136603a3a61303565606936646e63386a6338633439393b643663616130303363373665313a3a6130633964393463613434306433343c34603766363b32247235706e77656b6e5d666e6971682d37456e636c716721786e7567696c5f75696c646d77735f6f6d6469635f706c617b6572253545666164716723706e77656b6c5761666d60675f6363706760617c27354d64616e716529726c75676b6e5d717769616b74696f6d25354766616c736721706c7567696e57716a6d6369756374672d354764636e73672172647767616c5f7a67616e726c697b657225374564616e736721706c776f696e5d766c635f726c6179657225354d64636e736723726e776f696c5d666776636c747a27354d646164716523726c7d65696e5f7176655f746967776572273d4566636c736521726c7567696e5f6a69746327354764636e716d266161663f323430373e37&jb=333131266c713f456f7a6b6c6c61253046352e3025323020556b6c646d75712730384e5627303231322e322d31422d30305f6b6e3436253b402532307a363625314227323072742d33413330352e302b2532304765636b6727304432323332323338312730324469706564677a253a443138372e32
91.235.133.77204 204 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ja=3431352626633f38267a3f3026663d33323830783130323c2463643d33303a327a393032302471787b3d327032266c727235332c333038382e313032362c33323a302e313030302431323a302c39333b2c313238302c313830362e302e322471616c3d3036246e683f68767c72253b43253a442530447261766173736a6f67732c7469253246716a612530466c6f676b6e2e676c6f626164716d77726167712c61676d2730442464703d24606a3d3961343e3a656630373c6738396135373630616537656330353938353a6563372668736f3d4c696e7570246871623f446b70676e6f7a2730323132352462716f7d3f4c616c757a246a7b60753d466b7267666d78246e68633f3936266c6d74703d3226747a643d55544b246f63746a703f303a3136603a3a61303565606936646e63386a6338633439393b643663616130303363373665313a3a6130633964393463613434306433343c34603766363b32247235706e77656b6e5d666e6971682d37456e636c716721786e7567696c5f75696c646d77735f6f6d6469635f706c617b6572253545666164716723706e77656b6c5761666d60675f6363706760617c27354d64616e716529726c75676b6e5d717769616b74696f6d25354766616c736721706c7567696e57716a6d6369756374672d354764636e73672172647767616c5f7a67616e726c697b657225374564616e736721706c776f696e5d766c635f726c6179657225354d64636e736723726e776f696c5d666776636c747a27354d646164716523726c7d65696e5f7176655f746967776572273d4566636c736521726c7567696e5f6a69746327354764636e716d266161663f323430373e37&jb=333131266c713f456f7a6b6c6c61253046352e3025323020556b6c646d75712730384e5627303231322e322d31422d30305f6b6e3436253b402532307a363625314227323072742d33413330352e302b2532304765636b6727304432323332323338312730324469706564677a253a443138372e32
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&ja=3431352626633f38267a3f3026663d33323830783130323c2463643d33303a327a393032302471787b3d327032266c727235332c333038382e313032362c33323a302e313030302431323a302c39333b2c313238302c313830362e302e322471616c3d3036246e683f68767c72253b43253a442530447261766173736a6f67732c7469253246716a612530466c6f676b6e2e676c6f626164716d77726167712c61676d2730442464703d24606a3d3961343e3a656630373c6738396135373630616537656330353938353a6563372668736f3d4c696e7570246871623f446b70676e6f7a2730323132352462716f7d3f4c616c757a246a7b60753d466b7267666d78246e68633f3936266c6d74703d3226747a643d55544b246f63746a703f303a3136603a3a61303565606936646e63386a6338633439393b643663616130303363373665313a3a6130633964393463613434306433343c34603766363b32247235706e77656b6e5d666e6971682d37456e636c716721786e7567696c5f75696c646d77735f6f6d6469635f706c617b6572253545666164716723706e77656b6c5761666d60675f6363706760617c27354d64616e716529726c75676b6e5d717769616b74696f6d25354766616c736721706c7567696e57716a6d6369756374672d354764636e73672172647767616c5f7a67616e726c697b657225374564616e736721706c776f696e5d766c635f726c6179657225354d64636e736723726e776f696c5d666776636c747a27354d646164716523726c7d65696e5f7176655f746967776572273d4566636c736521726c7567696e5f6a69746327354764636e716d266161663f323430373e37&jb=333131266c713f456f7a6b6c6c61253046352e3025323020556b6c646d75712730384e5627303231322e322d31422d30305f6b6e3436253b402532307a363625314227323072742d33413330352e302b2532304765636b6727304432323332323338312730324469706564677a253a443138372e32 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 204
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive
tmxapi.globalsources.com/fp/check.js?&pageid=99998&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06
91.235.133.77200 OK 29 kB URL HTTP/1.1 tmxapi.globalsources.com/fp/check.js?&pageid=99998&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06
IP 91.235.133.77:0
File type ASCII text, with very long lines (15506)
Hash fe02641b72fa1820e94a98da27008791
ce9ee01ad0d791436ce0e3c757dbbbf05bd83bd0
a47af69552c9f645359853eacb6d21b0144861b994857eb96d35149d0bed0fc1
GET /fp/check.js?&pageid=99998&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tmxapi.globalsources.com/fp/HP?session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
tmx-nonce: d3dd34489ec0ef06
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=95
Transfer-Encoding: chunked
ocsp.securetrust.com/
23.36.79.25200 OK 638 B IP 23.36.79.25:0
ASN #20940 Akamai International B.V.
Hash 792e3b7164b66c193d51930faf66d306
84f27afb3428a9c3eab43b7b9db51c4287f9a02c
85c0092e06689d07b39c8d11808d6016bd3c507f8da498451c7cdb24c795bcf7
POST / HTTP/1.1
Host: ocsp.securetrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 638
Date: Fri, 09 Dec 2022 02:22:48 GMT
Connection: keep-alive
5uvbsw0fpoog3adigwforfacp447zexbtbsdaxxyd3dd34489ec0ef06am1.e.aa.online-metrix.net/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&di=yes
91.235.134.131200 OK 81 B URL HTTP/1.1 5uvbsw0fpoog3adigwforfacp447zexbtbsdaxxyd3dd34489ec0ef06am1.e.aa.online-metrix.net/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&di=yes
IP 91.235.134.131:0
File type PNG image data, 2 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b6d2de2867a3e11063ba25aa1cd4209
bd20b0e089f31f35cba4d0fa7277e73aa74d944c
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&di=yes HTTP/1.1
Host: 5uvbsw0fpoog3adigwforfacp447zexbtbsdaxxyd3dd34489ec0ef06am1.e.aa.online-metrix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Content-Length: 81
Content-Type: image/png
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jf=3136246c73623f3e376261633061323030323634343662693763603463326666676a30363b6163
91.235.133.77204 No Content 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jf=3136246c73623f3e376261633061323030323634343662693763603463326666676a30363b6163
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jf=3136246c73623f3e376261633061323030323634343662693763603463326666676a30363b6163 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tmxapi.globalsources.com/fp/ls_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=94
Connection: Keep-Alive
Content-Type: text/javascript
tmxapi.globalsources.com/fp/es.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&cb=td_1N&fr
91.235.133.77200 OK 130 B URL HTTP/1.1 tmxapi.globalsources.com/fp/es.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&cb=td_1N&fr
IP 91.235.133.77:0
File type ASCII text, with no line terminators
Hash 4c25a2b81aed7bf51f69a4ef8b201c86
b75e08bb14f69acd0d321948269adda438790a25
1adc64908d04597de9310bf5adba388a97000de861a0fd0ed9d44b99e2c93b09
GET /fp/es.js?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&cb=td_1N&fr HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tmxapi.globalsources.com/fp/ls_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=97
Transfer-Encoding: chunked
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=3332332626706f356e6f24617564683f64663534623534383a32373561663767603e303b616167646161373e35323e67633d3330346136303736323861653b6432393539363631393430303331646430266578333d64663e3a6764376032353a3a69663660353b666038646a67626d67336e37616361636c3139363432
91.235.133.77204 No Content 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=3332332626706f356e6f24617564683f64663534623534383a32373561663767603e303b616167646161373e35323e67633d3330346136303736323861653b6432393539363631393430303331646430266578333d64663e3a6764376032353a3a69663660353b666038646a67626d67336e37616361636c3139363432
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=3332332626706f356e6f24617564683f64663534623534383a32373561663767603e303b616167646161373e35323e67633d3330346136303736323861653b6432393539363631393430303331646430266578333d64663e3a6764376032353a3a69663660353b666038646a67626d67336e37616361636c3139363432 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=96
Connection: Keep-Alive
Content-Type: text/javascript
tmxapi.globalsources.com/fp/ARF;CIS3SID=28ABF61D4668610BAF8D309A09142EAC?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&pageid=99998&sera_parametere=AkNZVgJWUFoIVVcEVlYEVQACAVZQVQMMWwBaVQBVUVNVAlZdUQMMCAgGWhYWFQ1fCkMREEARB3wcUiEVUiIVBFRZFwFfUVldVxEQFVYiFQEmA0FTdxEGCFEKEEQWQwNyQQQmQQRwElxQWAAIUFFWVQAFUQFWBgcMDFVaCVMEUgBQUVFQBgANW11VBVMDXgAEBgRCClxaV10EAVBUAVUEAlwKAQcDUVIID0MJQ1hWSABRBFxTUFJVC1oGVQlVBAAAAFJdUAoNBgxcAVBWUFQIBFVVUVRSA1IeWAxeAVRVBxANWllJAhJEUQRcWglcXhZeDw5CBg5yXUpcAwxIQwRGC1UDUUJRW0cFdQwNRR1AU1RZRwAebFdVVFUHAlMOQFVCWQpT&count=0&max=0
91.235.133.77200 OK 61 B URL HTTP/1.1 tmxapi.globalsources.com/fp/ARF;CIS3SID=28ABF61D4668610BAF8D309A09142EAC?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&pageid=99998&sera_parametere=AkNZVgJWUFoIVVcEVlYEVQACAVZQVQMMWwBaVQBVUVNVAlZdUQMMCAgGWhYWFQ1fCkMREEARB3wcUiEVUiIVBFRZFwFfUVldVxEQFVYiFQEmA0FTdxEGCFEKEEQWQwNyQQQmQQRwElxQWAAIUFFWVQAFUQFWBgcMDFVaCVMEUgBQUVFQBgANW11VBVMDXgAEBgRCClxaV10EAVBUAVUEAlwKAQcDUVIID0MJQ1hWSABRBFxTUFJVC1oGVQlVBAAAAFJdUAoNBgxcAVBWUFQIBFVVUVRSA1IeWAxeAVRVBxANWllJAhJEUQRcWglcXhZeDw5CBg5yXUpcAwxIQwRGC1UDUUJRW0cFdQwNRR1AU1RZRwAebFdVVFUHAlMOQFVCWQpT&count=0&max=0
IP 91.235.133.77:0
File type ASCII text, with no line terminators
Hash ab9fdeb388c9e286e036f745dc7fa1c5
e2bbbe6c766b8f405959359d274c937d6a125f43
2bf14bc62b8c1df7261392477451a0ff2224b1fcdd564d7e5e17b59d5fbe2b8c
GET /fp/ARF;CIS3SID=28ABF61D4668610BAF8D309A09142EAC?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&pageid=99998&sera_parametere=AkNZVgJWUFoIVVcEVlYEVQACAVZQVQMMWwBaVQBVUVNVAlZdUQMMCAgGWhYWFQ1fCkMREEARB3wcUiEVUiIVBFRZFwFfUVldVxEQFVYiFQEmA0FTdxEGCFEKEEQWQwNyQQQmQQRwElxQWAAIUFFWVQAFUQFWBgcMDFVaCVMEUgBQUVFQBgANW11VBVMDXgAEBgRCClxaV10EAVBUAVUEAlwKAQcDUVIID0MJQ1hWSABRBFxTUFJVC1oGVQlVBAAAAFJdUAoNBgxcAVBWUFQIBFVVUVRSA1IeWAxeAVRVBxANWllJAhJEUQRcWglcXhZeDw5CBg5yXUpcAwxIQwRGC1UDUUJRW0cFdQwNRR1AU1RZRwAebFdVVFUHAlMOQFVCWQpT&count=0&max=0 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tmxapi.globalsources.com/fp/HP?session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&org_id=5uvbsw0f&nonce=d3dd34489ec0ef06&mode=2&hp=.co-operativebank.co.uk/CBIBSWeb/login.do.co-operativebank.co.uk/CBIBSWeb/start.do.de/portal/portal/x.entropay.com/basemenu/prot/x.facebook.comx.nationet.com/x.netbank.commbank.com.au/netbank/bankmainx.npbs.co.uk/netmastergoldbanking/x.nwolb.xlogin.aspx?refereridentx.rbsdigital.xAccountSummaryx.smile.co.uk/SmileWeb/login.do.smile.co.uk/SmileWeb/start.do.yandex.rux/CapitalOne_Consumer/x/easypay.by/x/sbank.ru/x53.com/servlet/efsonlinex://online.wellsfargo.com/x://secure.assist.ru/assistid/protected/main.doxabbeynational.co.uk/EBAN_ENS/BtoChannelDriverxalliance-leicesterxaltergold.com/login.phpxamericanexpress.com/myca/intl/acctsumm/emea/accountSummaryxbancaintesa.it/xbankcardservices.co.ukxbankofamerica.com/xbanquepopulaire.fr/xbnpparibas.net/xcahoot.comxcapitaloneonline.co.uk/CapitalOne_Consumer/Transactionsxcbonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagexcibc.comxPreSignOnxcibc.comxSignOnxcitibank.ru/xclient.uralsibbank.ruxco-operativebank.co.uk/CBIBSWeb/loginSpixcommerceonlinebanking.comxcoventrybuildingsociety.co.ukxdeutsche-bank.dexdiscovercard.com/cardmembersvcs/strongauth/app/sa_mainxebanking.bawag.comxebc_ebc1961xegg.com/customer/movemoneyxegg.com/customer/yourmoneyxfacebook.com/xhalifax-online.co.ukxMyAccountsxhalifax-online.co.uk/x/Mhalifax-online.co.uk/personalxhsbc.co.uk/1/2/personal/internet-banking/xhsbc.comxhttps://banking.postbank.de/app/finanzstatus.init.do;jsessionidxib.fineco.it/FinecoWeb/BonificiServletxib.fineco.it/FinecoWeb/jsp/Main/HBFineco.jspxib.fineco.it/FinecoWeb/jsp/Main/Principale.jspxibank.alfabank.ruxin-biz.it/xipko.plxlibertyreserve.com/x/historylibertyreserve.com/x/loginwww.libertyreserve.com/x/Core.jswww.libertyreserve.com/x/transfer.libertyreserve.com/x/commonscript.jslloydstsb.co.uk/personal/a/account_overview/xmbna.co.ukxmenyala.ruxmoney.yandex.ruxmoneybookers.com/app/login.plxmoneymail.ruxmy.ebay.co.uk/ws/eBayISAPI.dll?MyEbayxmy.ebay.com/ws/eBayISAPI.dll?MyEbayxmy.ebay.fr/ws/eBayISAPI.dll?MyEbayxmybusinessbank.co.ukxnationet.com/AppServices/SignOn/SignOnProcess/RcaSignOnxnpbs.co.ukxnwolb.com/AccountSummaryxnwolb.com/Statementsxnwolb.com/TransfersLandingPagexoltx.fidelity.com/x/x/ofsummary/summaryxonline.lloydstsb.co.ukxonlinebanking.mandtbank.com/summary/AccountSummaryxpassport.yandex.ruxpaypal.com/x/cgi-bin/webscr?cmd=_accountxpaypal.com/x/cgi-bin/webscr?cmd=_login-done&login_access=xpaypal.com/us/cgi-bin/webscr?cmd=_login-done&login_access=xposte.it/xpsk.co.at/xsecure.lloydstsb.co.uk/personal/a/account_overviewxsmile.co.uk/SmileWeb/passcodexusaa.com/xusbank.com/internetBanking/RequestRouter?requestCmdId=Gxwachovia.comxybonline.co.uk/ralu/reglm-web/setupSecurityQuestionPagex.amazon.fr/xhistory/orders/view.htmlx.banquepopulaire.frxShowPortal.dox.bnpparibasfortis.bexHome_Logon.aspx.cdiscount.com/Account/Home.aspxx.cmb.frxaccueil.jspx.credit-agricole.frxentreeBam?sessionSAGx.labanquepostale.fr/xreleveCPP-releve_ccp.eax.secure.bnpparibas.net/NSFR?Actionx.secure.lcl.frxAccueilxcredem.it/OneToOne/ebank/functionsxmijn.ing.nl/xonline.ybs.co.ukxwww.discover.com/xorder.cdiscount.comxCustomer.aspxxsealinfo.verisign.com/splash?form_filexvos-comptes.credit-du-nord.fr/CDC_TableauDeBord_0.asp?xvoscomptesenligne.labanquepostale.frxwww.x.caisse-epargne.fr/Portail.aspxxwww.exabanque.netxonglet.phpxdeutsche-bank.de/xnorisbank.de/xpostbank.de/xtargobank.de/x.x.de/portal/x.bankofamerica.com/x/commonscript.js.bmo.com/OLB?id=x.bmo.com/RMC?id=x.chase.com/x.aspxx.chase.com/js/Reporting.jsx.koodomobile.com/account/selfserve/x/xaccountId=x.payment.ru/x.scotiabank.com/portal/index.jsp?xbancopopular.es/empresasxcreval.it/login2007/loginSiciliano.aspxfirst-direct.com/xipko.plxmybusinessbank.co.ukxsanpaoloimi.com/xulsterbankanytimebanking.x/login.aspxx
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:48 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: Keep-Alive, Keep-Alive
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=2, max=93
Transfer-Encoding: chunked
tmxapi.globalsources.com/fp/clear3.png;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=36372426706767577570666174653d27374225323230253a3027314127354027303a7667702730322733433b27374c27374c
91.235.133.77204 204 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear3.png;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=36372426706767577570666174653d27374225323230253a3027314127354027303a7667702730322733433b27374c27374c
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear3.png;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=36372426706767577570666174653d27374225323230253a3027314127354027303a7667702730322733433b27374c27374c HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 204
Date: Fri, 09 Dec 2022 02:22:52 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/javascript;charset=UTF-8
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=3035242677696f357765607274635f6b6e7465726e616c576f666c73
91.235.133.77204 No Content 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=3035242677696f357765607274635f6b6e7465726e616c576f666c73
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06&jac=1&je=3035242677696f357765607274635f6b6e7465726e616c576f666c73 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 02:22:52 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Content-Type: text/javascript
tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
91.235.133.77204 No Content 0 B URL HTTP/1.1 tmxapi.globalsources.com/fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
IP 91.235.133.77:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /fp/clear.png?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06 HTTP/1.1
Host: tmxapi.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 7
Origin: https://tmxapi.globalsources.com
Connection: keep-alive
Referer: https://tmxapi.globalsources.com/fp/top_fp.html;CIS3SID=E935314CB6F49850CF236FACCEFAC958?org_id=5uvbsw0f&session_id=3d71aeb95dcaed575d044a097c703f3728e2c3f0c138749349657759be44606d&nonce=d3dd34489ec0ef06
Cookie: thx_guid=3181fe27a833d3322e04a0afb774b3b2; tmx_guid=AAzQs55k27eOYbdYcLt5f5IqmhbPt2DXKNilb4s4u5SZIxN89pIV1oMw8EBd8rrrJOycFVDJpOeD7gnbrEY0NPDQDxxF5A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 204 No Content
Date: Fri, 09 Dec 2022 02:22:53 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Connection: close
Access-Control-Allow-Origin: https://tmxapi.globalsources.com
Content-Type: text/javascript
insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&upid=sijvout&upv=1.1.0
3.33.220.150200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&upid=sijvout&upv=1.1.0
IP 3.33.220.150:0
GET /track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2F&upid=sijvout&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:48 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
3.33.220.150200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
IP 3.33.220.150:0
GET /track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event} HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:48 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
IP 107.154.199.39:0
GET /sso/gsol/pex/en/common/includes/egain_docked_chat.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:46 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=PCHLaHulO4pMTUKg1KmiwyFhQ7mO6lRZew6qIV3vUm8ayk83uQ72iny9or2dQfPNYZNPJm60bMdg8lid2iB0I8piQwfGxEmlyI3HeAKkMSyIUXH6Mc0WeahPapITWaQ6rad1L+AoJU5nePmh8IhRGz9hjOy82b569EMrx8U9Lupy; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBTGCORS=PCHLaHulO4pMTUKg1KmiwyFhQ7mO6lRZew6qIV3vUm8ayk83uQ72iny9or2dQfPNYZNPJm60bMdg8lid2iB0I8piQwfGxEmlyI3HeAKkMSyIUXH6Mc0WeahPapITWaQ6rad1L+AoJU5nePmh8IhRGz9hjOy82b569EMrx8U9Lupy; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
AWSALB=osGAAl1v7uTR24c+60YrrB2nFerv0YwW2dkBW+I/kqGAumQi+2yyO2LP8nCz0zk9h6hFZbq0KsC/g3MaC/dWpJYdcUnmTBgHW6nzvoGKTn+hZFNnM9F2BYauf88Y; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/
AWSALBCORS=osGAAl1v7uTR24c+60YrrB2nFerv0YwW2dkBW+I/kqGAumQi+2yyO2LP8nCz0zk9h6hFZbq0KsC/g3MaC/dWpJYdcUnmTBgHW6nzvoGKTn+hZFNnM9F2BYauf88Y; Expires=Fri, 16 Dec 2022 02:22:46 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=2p7MeZd4EQRuGm5nOJREPwAAAACHg5eGGK4Wg+MbXZqTsk2h; path=/; Domain=.globalsources.com
visid_incap_2766148=0J9qBU3ASTSR3y6NC2QfFfWbkmMAAAAAQUIPAAAAAACYp3bzrbteIxc0qjYorMBG; expires=Fri, 08 Dec 2023 22:29:35 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=Kq4tGMUzAwNMJBpfiBrYA/WbkmMAAAAAm/0WPSag7/H+p90OjzjtvQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:09 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 4-21434681-21434702 2NNN RT(1670552564650 47) q(0 1 1 -1) r(11 11) U2
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
54.230.111.8200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
IP 54.230.111.8:0
GET /partner/3267009/domain/ritasshoes.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Fri, 09 Dec 2022 02:22:25 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pCntaeF2NqXUgD9VCvEEI-wYDoYqQ-8Km8rMVCo5Q4c0jmiWR0V68w==
age: 21
X-Firefox-Spdy: h2