r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14262
Expires: Fri, 09 Dec 2022 06:20:04 GMT
Date: Fri, 09 Dec 2022 02:22:22 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash aea93551fa9deb76ae49a3b4019d64fe
e3b8862057ebe839959228e42246d7b1807fc90c
7e210f03b140418085e94ec20c1d27d6ecf7a404cbd323e16476ae5ae95d6dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E210F03B140418085E94EC20C1D27D6ECF7A404CBD323E16476AE5AE95D6DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10748
Expires: Fri, 09 Dec 2022 05:21:30 GMT
Date: Fri, 09 Dec 2022 02:22:22 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 02:08:16 GMT
content-type: application/json
age: 846
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10399
Expires: Fri, 09 Dec 2022 05:15:41 GMT
Date: Fri, 09 Dec 2022 02:22:22 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: NxZA9Rp3HflhZQS6r98zZIDapIfo3/dDJYzrC12aI5h7JdAoohezwwFbzbBcNaurrqMXZDvrKcM=
x-amz-request-id: MS7QRSQT4RTV08KS
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 01:48:08 GMT
age: 2054
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ritasshoes.tk/sba/login.globalsources.com/error.php?email=
5.8.71.100200 OK 12 kB URL HTTP/1.1 ritasshoes.tk/sba/login.globalsources.com/error.php?email=
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
Hash 2a23682e6c344b2d2b01dc13d0e8c2ff
7373290b4cce98841e2e4c72baf57971cc55e68e
f6de24cb3a3a13acc164ec1d88c628c6bbe7280c7082c50f97bce4e4df3578e9
Analyzer Verdict Alert openphish Global Sources (HK)
fortinet Phishing
GET /sba/login.globalsources.com/error.php?email= HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 02:22:22 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 02:22:23 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 02:07:55 GMT
age: 868
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd55f4aaaab6ec40bc7dc10252cd819a
a72523f60be265a391fa9edc43e0a93418ad1fd0
bae354b3db14f4fd115311a0c412c9b5e436dd9e0a151afd8b9c18831dd8c2dd
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4801
Cache-Control: max-age=115470
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:23 GMT
Etag: "6391a92c-1d7"
Expires: Sat, 10 Dec 2022 10:26:53 GMT
Last-Modified: Thu, 08 Dec 2022 09:06:52 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.24.78.9101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.24.78.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: XVPwVFMPorxzdXxAkO5Z4g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 23d+cL89PAIMERgxlcn8nPEguzg=
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
107.154.199.39200 OK 3.8 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGO.PNG
IP 107.154.199.39:0
File type PNG image data, 210 x 32, 8-bit colormap, non-interlaced\012- data
Hash a8656a61ac922e6b5e297627ae7b078a
fd0a07d76165669d22d9b8c1e930da9fb51aef22
465c8b941a45a964b3c73162a3357083c03e807f2eb45a6e0cc03658f686ece6
GET /sso/gsol/pex/en/balat/images/GSLOGO.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: image/png
content-length: 3788
set-cookie: AWSALBTG=W+IpCtsIlZYNswWLJZIwT4RYMhDun3VD+12pxaghBwU8oCGA1hjyb6EC3kMjgNVZ6HkEDdQJ7gGZl9xGcS7XBLQwJQM5Bq8sdYV66iufU8Zx9KZl/wVbhM/iWGXZsDN6EvsFa3D+A7IZ9Umll6H7YAW6bsKaGrtPKTrVAALbrX6W; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=W+IpCtsIlZYNswWLJZIwT4RYMhDun3VD+12pxaghBwU8oCGA1hjyb6EC3kMjgNVZ6HkEDdQJ7gGZl9xGcS7XBLQwJQM5Bq8sdYV66iufU8Zx9KZl/wVbhM/iWGXZsDN6EvsFa3D+A7IZ9Umll6H7YAW6bsKaGrtPKTrVAALbrX6W; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=U8VEBmb74jLL38CA8v344Ze6/rzNdddtonKxvsXMkbgfMoL1pIITFPNNpEldqqAMB5tYENWnaRXPS6rt++yAWnsg6UQ+PkuGGAdz7tFuJq1xIFXBd4MkX7H/tf9u; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=U8VEBmb74jLL38CA8v344Ze6/rzNdddtonKxvsXMkbgfMoL1pIITFPNNpEldqqAMB5tYENWnaRXPS6rt++yAWnsg6UQ+PkuGGAdz7tFuJq1xIFXBd4MkX7H/tf9u; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=7ZcUHQBBfmYaY6SxOJREPwAAAACUjaRm+9G80CKZmuajpDMs; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=Gp+VbBEyPQ8vIRpfiBrYA9+bkmMAAAAA1C772tqn+Ddf45HdzObIaQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 42) q(0 0 5 1) r(8 8) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
107.154.199.39200 OK 4.3 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash 3416d1e30f078febf83bad93f15f7ba6
2997b26ac512fd945f5c1ef64e3bcf178ee47f6b
900774ab9d108ddeee13c38f67680d8b855588ab4b3c37949fa79f4b15c4e3a9
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_APP.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: image/jpeg
content-length: 4284
set-cookie: AWSALBTG=GkKsZkWswkLgYGauHMRTDfvXU9gnTWDIk9y1ViS5shCt+hlaVgHAy5+uc7vhR8ZvXjkA68WehoDa51Y6ltDHCjxeEdTVYyMX6LwQXttLHOLEo8bESATKS51WuCscdRc+7HypwfyOhVT4m5PGiMjfanxsP3hstt/3dTlQUJeX2tiJ; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=GkKsZkWswkLgYGauHMRTDfvXU9gnTWDIk9y1ViS5shCt+hlaVgHAy5+uc7vhR8ZvXjkA68WehoDa51Y6ltDHCjxeEdTVYyMX6LwQXttLHOLEo8bESATKS51WuCscdRc+7HypwfyOhVT4m5PGiMjfanxsP3hstt/3dTlQUJeX2tiJ; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=+5jBZ/I2i5GoihbCHht6jXuvkevdTdAYxFFuz9gV4G0eVBE95beOlo3wFZlqbcK1T2N2KWGYS6WecaRmFlUxFkoVSCmHaVAzVOsxsVP/V/0+z+rAw0CD2CO/xXt2; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=+5jBZ/I2i5GoihbCHht6jXuvkevdTdAYxFFuz9gV4G0eVBE95beOlo3wFZlqbcK1T2N2KWGYS6WecaRmFlUxFkoVSCmHaVAzVOsxsVP/V/0+z+rAw0CD2CO/xXt2; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=7WxBIJ6Z2ghmEbvpOJREPwAAAAC4B20O22zaYuDG6eU/ky8m; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=IeVhcJcl4EYvIRpfiBrYA9+bkmMAAAAA96MRADw0TSgTSegS7R4v0A==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:47:51 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 44) q(0 1 5 2) r(8 8) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
107.154.199.39200 OK 65 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG
IP 107.154.199.39:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 456x555, components 3\012- data
Hash f4cfa4fb0267a0184bc6caa933d39633
7871c922ca703ddf022e5cf32d70de76ea42be16
a333d615df16eae983fc674e1e06c445d08bc440cb16eff950ec7570d98c3206
GET /sso/gsol/pex/en/balat/images/GSLOGIN_PROMO_PIC.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: image/jpeg
content-length: 64609
set-cookie: AWSALBTG=uf3+Om+bzMyS7XqCc/GPbeJN78+wf8zJVam4uAZrPpMLTSUZQtTrpCr6c5Gen4q2x5gKUg+kU+AzFKmWEHXw+9cDBS/Fl3JRj0wpg2Z40hoZmKatiRWa1CUoBHnrqBLvUo5KYNxLDahCIKktNlKO+kOIPmUcsQWkpyEuLcz462nP; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=uf3+Om+bzMyS7XqCc/GPbeJN78+wf8zJVam4uAZrPpMLTSUZQtTrpCr6c5Gen4q2x5gKUg+kU+AzFKmWEHXw+9cDBS/Fl3JRj0wpg2Z40hoZmKatiRWa1CUoBHnrqBLvUo5KYNxLDahCIKktNlKO+kOIPmUcsQWkpyEuLcz462nP; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=0JdW+Zlrq0vTG3rl4UG1JyONUag0xr4LlTfkwElrQrIL/Jh86n6jRm4SfNSf2Bac2N4MgihK2YIFlUxRuGlcZvVQd7hs5lgzyxDs7S6gY0uzXYKceVSay3S+lIRT; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=0JdW+Zlrq0vTG3rl4UG1JyONUag0xr4LlTfkwElrQrIL/Jh86n6jRm4SfNSf2Bac2N4MgihK2YIFlUxRuGlcZvVQd7hs5lgzyxDs7S6gY0uzXYKceVSay3S+lIRT; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=nXajSUUnbASFIbhLOJREPwAAAAC4pp1AJOgGbQXuY/2F23vN; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=0v2lcg+CJ3svIRpfiBrYA9+bkmMAAAAAhnpEyoNU34th/knx9l79ag==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 49) q(0 1 5 0) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
107.154.199.39200 OK 4.7 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG
IP 107.154.199.39:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 142x46, components 3\012- data
Hash f68d2d065e34993ce6e4b832737c7147
8e799c63bd8292de2f320b8afa23524107773266
b0501c9294231206d2aeb28e8bbd622910de7fc139e02756dc339cb9a68d017f
GET /sso/gsol/pex/en/balat/images/APPEDU_LOGO_GOOGLE.JPG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: image/jpeg
content-length: 4667
set-cookie: AWSALBTG=Nl2EN65bejtjCWj5ymDT2KhQg6kdZzaNyot1SNpQuOU9004f1f6huNHGNKS0Oz+C0ZR970QAF1/daTNqv4NaZHGX/epq4i5Dfyxnporbqr5G1jiy7pUYkJnjSP58pr2Uu3xXbjO5f07s3vFHz91QC175lkgDSDZj/RJVGEdAkT/B; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=Nl2EN65bejtjCWj5ymDT2KhQg6kdZzaNyot1SNpQuOU9004f1f6huNHGNKS0Oz+C0ZR970QAF1/daTNqv4NaZHGX/epq4i5Dfyxnporbqr5G1jiy7pUYkJnjSP58pr2Uu3xXbjO5f07s3vFHz91QC175lkgDSDZj/RJVGEdAkT/B; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=7zm/15sF87wc/hmbLmukvxOCQMmMbUqBi9+dpPqg57mcXIq71U4rcUC82Uomk6pPSx7SGcSG8DG3Xg6L/YIGl+6GP34DCLb1r1hjgHUmVv+lEL5mUKoS8NRKb3Dh; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=7zm/15sF87wc/hmbLmukvxOCQMmMbUqBi9+dpPqg57mcXIq71U4rcUC82Uomk6pPSx7SGcSG8DG3Xg6L/YIGl+6GP34DCLb1r1hjgHUmVv+lEL5mUKoS8NRKb3Dh; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=OkUBNi0mNEPUP5+DOJREPwAAAACwwDPnWpJ8iA5+iqDOLCJ/; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=XpFaE32P02gvIRpfiBrYA+CbkmMAAAAAZodWMDsnzARwH9aXIVqFRg==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:47:51 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 47) q(0 1 5 1) r(14 14) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=S5TWw5Pfu0NgWQWRWoGTNkrtYJ5aFRacDOB8uSQ8Gq+cca9arVY0emWS0E3OU7ZkKvfydGrBgF0pfKWYmey5veEVU7hnmkQG2FMppUCFAWiyiONXHJFfM2QhKoClZNbJZZ7RD7g6kHpCyi1W5E3H/zbbNh/cAcpvAKYjEqrq7juh; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=S5TWw5Pfu0NgWQWRWoGTNkrtYJ5aFRacDOB8uSQ8Gq+cca9arVY0emWS0E3OU7ZkKvfydGrBgF0pfKWYmey5veEVU7hnmkQG2FMppUCFAWiyiONXHJFfM2QhKoClZNbJZZ7RD7g6kHpCyi1W5E3H/zbbNh/cAcpvAKYjEqrq7juh; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=/1LoCc3oVLqXmLsb1eWcEm3sBRdjgZsJ5Rt6JOwgR55Ote/petPgELJQcPMME5jsmLw62Q1mSuTmTSXHDJMJ9Z8cMzRZITmJWOxFsz8yrPTBlFtepciaNmHEmOkm; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=/1LoCc3oVLqXmLsb1eWcEm3sBRdjgZsJ5Rt6JOwgR55Ote/petPgELJQcPMME5jsmLw62Q1mSuTmTSXHDJMJ9Z8cMzRZITmJWOxFsz8yrPTBlFtepciaNmHEmOkm; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=G9+4cDkPkjiSOfTqOJREPwAAAAAepQfUdOmxtz6KihBHD1dH; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=4q1jIGexZlgvIRpfiBrYA+CbkmMAAAAAvBKfJPjKOPbmE/5+ezNbKQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 49) q(0 1 5 1) r(14 14) U2
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.168302 Found 250 B URL HTTP/1.1 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 08dc1097c83d6f931819890010215132
651f4c8dec266bc1149c5009aeaff8b850c95cfa
45e607d3d26d0460dc67aded9e4bab3da0e230ad8656bc7cde02db523965d5f0
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 02:22:24 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 250
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.analytics-egain.com/onetag/EG48975170
34.249.19.88400 94 B URL HTTP/1.1 analytics.analytics-egain.com/onetag/EG48975170
IP 34.249.19.88:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 7c2244849ceda3c6e2bb50114f6058fb
d256ae299f5db884f47827d10825f70724506fa3
d1e261174189998690fd10b216468c539fddb4c0beee035d76e29fac38a378a7
GET /onetag/EG48975170 HTTP/1.1
Host: analytics.analytics-egain.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 400
Date: Fri, 09 Dec 2022 02:22:25 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Server:
Cache-Control: no-cache
www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
142.250.74.168200 OK 97 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5CGM9T
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (53281)
Hash c94c3c217f482667b91786201d3c737a
cb96aa262a7951b301b359841206cce9b16da457
e8ad5bc037c112105a95ddc4686afe321ec0f1906d8b698917460138ce68c93c
GET /gtm.js?id=GTM-5CGM9T HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 09 Dec 2022 02:22:25 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 96817
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG
107.154.199.39200 OK 1.6 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG
IP 107.154.199.39:0
File type PNG image data, 146 x 63, 8-bit colormap, non-interlaced\012- data
Hash db7ada75691e9de834f24b8e1ca09a9d
e7dacc636b096ab8e4ed8380475b97b39b356ebb
d0f108ac5521a079f476c836ca9612310bd8da9e75ba91ff412653453939ae51
GET /sso/gsol/pex/en/balat/images/LINKEDIN_BUTTON.PNG HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
Cookie: AWSALBTGCORS=S5TWw5Pfu0NgWQWRWoGTNkrtYJ5aFRacDOB8uSQ8Gq+cca9arVY0emWS0E3OU7ZkKvfydGrBgF0pfKWYmey5veEVU7hnmkQG2FMppUCFAWiyiONXHJFfM2QhKoClZNbJZZ7RD7g6kHpCyi1W5E3H/zbbNh/cAcpvAKYjEqrq7juh; AWSALBCORS=/1LoCc3oVLqXmLsb1eWcEm3sBRdjgZsJ5Rt6JOwgR55Ote/petPgELJQcPMME5jsmLw62Q1mSuTmTSXHDJMJ9Z8cMzRZITmJWOxFsz8yrPTBlFtepciaNmHEmOkm
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:25 GMT
content-type: image/png
content-length: 1634
set-cookie: AWSALBTG=17vHXJB3X3DZLLCgxRc18Pshgz6s4DUlXIvyH1OVcKOnsIzc7ZM1WIzfD9zU1ZYfpSpyqHVUNd53zJPph8arazlw4kLOD8PHSJVtXHYUMuAx0Q/ADWJ8IwLaKXvn1yrBKhxaZ+yhZrxdq9L2eH2DDgVt0h+Iw4tJZlQiwLsq9LrL; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/
AWSALBTGCORS=17vHXJB3X3DZLLCgxRc18Pshgz6s4DUlXIvyH1OVcKOnsIzc7ZM1WIzfD9zU1ZYfpSpyqHVUNd53zJPph8arazlw4kLOD8PHSJVtXHYUMuAx0Q/ADWJ8IwLaKXvn1yrBKhxaZ+yhZrxdq9L2eH2DDgVt0h+Iw4tJZlQiwLsq9LrL; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/; SameSite=None; Secure
AWSALB=2tT3GLtBl0xgJj5NNfSaoN48UiyLE1XgaImV+UocpX1nyDft9CSPbB9IaLuo/osumEpHTX0SnoNK4K/ZEuOH8U/Ks0fbzdgfSo6DbvZFF9pgNgN9j9/1lwmnxp2R; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/
AWSALBCORS=2tT3GLtBl0xgJj5NNfSaoN48UiyLE1XgaImV+UocpX1nyDft9CSPbB9IaLuo/osumEpHTX0SnoNK4K/ZEuOH8U/Ks0fbzdgfSo6DbvZFF9pgNgN9j9/1lwmnxp2R; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=OoUgNDKLgCKk2zWoOJREPwAAAACWdb1EssBkQ9r9uiDmEHwd; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=CRiVTOwExAcvIRpfiBrYA+CbkmMAAAAAgR50Rgh87tRnj3JaCustew==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 1555) q(0 0 0 0) r(2 2) U2
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14353
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 02:22:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14353
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 02:22:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14353
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 02:22:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14353
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 02:22:25 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14353
Expires: Fri, 09 Dec 2022 06:21:38 GMT
Date: Fri, 09 Dec 2022 02:22:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg
34.120.237.76200 OK 7.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f04d1dc05d36822d7368cdb4d19316c9
5c611ceaf8d4c79edfe37a6201d40917cebeda28
a9336a736295e694564259c4806ed96a00d20844f78f2688ed28251e62a71ceb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde6483ed-68c7-4999-8a46-9249a82ae253.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6979
x-amzn-requestid: e8dc7a72-f5b3-48cd-a82d-353bace3ed7f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F8GIAMFojw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-4c62a5ea0572081c44fd601c;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HVDmsaBvm-_CVFzeFfp8XZU8rfpsAIqa4DsbAcqoYAiwcR_7NFzc9Q==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 03:58:15 GMT
age: 80650
etag: "5c611ceaf8d4c79edfe37a6201d40917cebeda28"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8d1605154a552a8c3165c1358ea2e185
2e677da1f57c112d984180ead80481e8797ff2e8
12b075ad3e786dc68ab3fab1e4ce9d6f7810bdebc7bdafd993e19bc5bc7c0abc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5fa81aa5-4138-458e-9bd7-de9d6211763c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11027
x-amzn-requestid: e0d56100-13aa-44e5-ae80-bedfeece87db
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwV19EUOIAMFjcg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900359-5a5402381d61db921a00404d;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:07:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7ET6kgGgWAKa4_CFCgSwnN8m7FnplxP7zOp8lEyodxn5lmlIIHD4vQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 03:38:24 GMT
age: 81841
etag: "2e677da1f57c112d984180ead80481e8797ff2e8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a22fc7807fb3337f0af5e546c7ad366a
0d5969394b370a5c77c53ed58f55e5f8a45da3ab
98b4f4fd27dc036697fb0328083bce6e691b7493428f3a54991087d9d1165d97
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F49a0678c-8bda-434a-a337-63696994d79c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5530
x-amzn-requestid: adecbb8c-cec3-46a0-b32c-0026b8421fe5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4d8Fg6IAMF61g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903abf-4bcb385f27cb438c36a2cd5e;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:27 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHRqiTOztNQMPykKUfiEUFYVlLF4E4y9GVCT2g48MAvOyG-KZQkb8Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 07:58:06 GMT
age: 66259
etag: "0d5969394b370a5c77c53ed58f55e5f8a45da3ab"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
107.154.199.39200 OK 13 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.JS
IP 107.154.199.39:0
Hash e0a454fd72485a9c17e43093a09b8f4a
af05956d259a8c67e72ccae323700c7b2c25f006
18cdff139e57f4acbce2e3fbdcbeb8f551b16368c58d6c4bcc3f262919f57ab8
GET /sso/gsol/pex/en/balat/includes/SSO.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=E0g3TQ9voIitn3eNpSyzDHKYvHmXT1vtRAoqfqjGsZDFT8Kgd0QgZrQDOFuRlUfWjHg1fsB8qOKipuMzku1Pbaq8wrso2TAfLLk/6CNWpF/Kk2WzinLcFPnJb6sly2oK5r6fHdyS3hlcMfWaEuGawS5LywpUy/yAqegod3YxU5XW; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=E0g3TQ9voIitn3eNpSyzDHKYvHmXT1vtRAoqfqjGsZDFT8Kgd0QgZrQDOFuRlUfWjHg1fsB8qOKipuMzku1Pbaq8wrso2TAfLLk/6CNWpF/Kk2WzinLcFPnJb6sly2oK5r6fHdyS3hlcMfWaEuGawS5LywpUy/yAqegod3YxU5XW; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=fFOXPKp592GxdOM36gayopA20xx2u26raO8kiejPWCBJJMhfAWVx5nzPK5IOSCuJFh1knEar+H7dx2fn2NyG3gc7kWC8+dPCJ3auWEXCUV3ml4gp6AOaQDCuhINE; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=fFOXPKp592GxdOM36gayopA20xx2u26raO8kiejPWCBJJMhfAWVx5nzPK5IOSCuJFh1knEar+H7dx2fn2NyG3gc7kWC8+dPCJ3auWEXCUV3ml4gp6AOaQDCuhINE; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=wyaPSJOhPzWpba/IOJREPwAAAABgOCcU+OK0EkjIZ85dONHj; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=8y1Ead1iCFMvIRpfiBrYA+CbkmMAAAAACWW7f8Ddygm4Uf5/388z5g==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 42) q(0 1 5 1) r(15 15) U2
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dGxzuQ6zj6wXQbkBuKBnOKxwKJDHUyGoi7PgcugcpdX4QYruNiFxsQ==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 21:51:24 GMT
age: 16261
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 955c6ac69b89f6cbd497df53fcb2ae1b
2506152cdd1056533116feb9350124356e570e54
fca1b303a554aa9cdd13c4769a1088e1905ef888ed703de17864fe76ff880abe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf3829a8-4b4d-433d-9452-46c3ffc7ea6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7217
x-amzn-requestid: be9196fc-3d43-49db-8522-8781cbf5a247
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUEDEWpIAMFqUQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e66e6-04b24220213872ba378d3538;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4QlJZW4ZiPNVhOJbcRldanR8veym3l0sIBGa1Ym-4FOTT_utMQeZQg==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 08 Dec 2022 10:15:09 GMT
age: 58036
etag: "2506152cdd1056533116feb9350124356e570e54"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
142.250.74.168302 Found 278 B URL HTTP/1.1 www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
IP 142.250.74.168:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 4febe4716d93c01917cc718ed52f0d1c
9437b5b65a71ae87dc652a40a0e030a6464991e4
3ff71e43c20bb1c8d9018a800fe877e8e4e46be21f0a051b402297f370eca77a
GET /gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 302 Found
Location: https://www.googletagmanager.com/gtag/js?id=G-M0GFGLPMZ2&l=dataLayer&cx=c
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Dec 2022 02:22:25 GMT
Content-Type: text/html; charset=UTF-8
Server: Google Tag Manager
Content-Length: 278
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.70200 OK 257 B URL HTTP/2 10716254.fls.doubleclick.net/activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (499), with no line terminators
Hash 9af2a6720f9878f284a71183fb7c2527
abad93d042791c6aefbedbb132d3d4147072fa68
1404898c46a4afbc259d072f424c77890e058837a4a243f0c186b4d36c3ed9a7
GET /activityi;src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 10716254.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 257
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
js.adsrvr.org/up_loader.1.1.0.js
143.204.45.46200 OK 1.9 kB URL HTTP/1.1 js.adsrvr.org/up_loader.1.1.0.js
IP 143.204.45.46:0
File type ASCII text, with very long lines (4593), with no line terminators
Hash 8dc722d27824e60548fd25752623cd07
33d66ad1a4a162e2d6c9ed732d6c9af79635fc4d
14ce9119fe06fb2d363ba3c824e9f5b3f212f1f39dfab38c836fa13a20daec1b
GET /up_loader.1.1.0.js HTTP/1.1
Host: js.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 08 Dec 2022 16:19:20 GMT
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: ro5UUd38gEXzmlJLkyB0u_5W_Bb4s9rXHevhYfds52ieaL0dwiFDFA==
Age: 36186
12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
142.250.74.70200 OK 289 B URL HTTP/2 12419770.fls.doubleclick.net/activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (495), with no line terminators
Hash 5e63343e4a1b9e97ce52d11d488331df
a1f9dee62154c6de7e7181c091c20726517c41f2
ba65508b7fb6a87fcb2c7368f2edb49fad1caa923de2007008eefc02fb8a00ea
GET /activityi;src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D? HTTP/1.1
Host: 12419770.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 289
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash dcb0ed86727c359c48d60000d5ce055b
f7e736e0e1f78ec89eacaa08fd5648e1cf47d4fc
68713a99b06419fcaa5ee2c4b2b1a2772ff6a47df9ca0f5dda78189fefa108a7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.com/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.2200 OK 259 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (498), with no line terminators
Hash 03bcc99c2d6840785ef69444fe667094
9616a92db3643410d7295bb9a1f52b3766b4347a
b2b9f2a1a86052df52ef3f5bd1905750de408f50db0939460a9bbf830d4460d6
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://10716254.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 259
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.2200 OK 259 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.2:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (494), with no line terminators
Hash bfe11f72c86fc84b6f9d60392954850b
c3b6cf6830e04a2d280970b519e7613fa4cf8934
07ad5e18e8587f747222c2c3aa82c2ba9e869f1aacabf8d23093f6ddfc9999f9
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://12419770.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 259
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s.webtrends.com/js/webtrends.hm.js
143.204.55.43200 OK 7.4 kB URL HTTP/1.1 s.webtrends.com/js/webtrends.hm.js
IP 143.204.55.43:0
File type HTML document, ASCII text, with CRLF line terminators
Hash b2ea8b95abb8ab706e7a0cfa9685cd10
8b75b0f6fff26a3a651d9346db02fefe45a67379
fe11671e8ca6d3b5659e5dae0924ecae80c99c0dd72478710eed0886e687f69d
GET /js/webtrends.hm.js HTTP/1.1
Host: s.webtrends.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 7382
Connection: keep-alive
Last-Modified: Tue, 25 Feb 2020 23:34:02 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Sat, 03 Dec 2022 04:57:41 GMT
ETag: "b2ea8b95abb8ab706e7a0cfa9685cd10"
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WV1TeyiWRkUq_7b0py3OFGLIu1HUZAF15f2iEcXaQESXZ73_EP2MqA==
Age: 509085
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a0905812e8498e6c5c0a9b4b584b972f
039b784fd1e0152ec7f49a54ba027f0b2bd1e833
ee3531ef0f334dcd73a86b1e4365a020d5db69ff7b82bad136eaf1a8e9d3b47f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/sso/gsol/pex/en/balat/includes/webtrends.min.js
107.154.199.39200 OK 29 kB URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/webtrends.min.js
IP 107.154.199.39:0
File type ASCII text, with very long lines (1325)
Hash 6e2495c5dd3c042170c06618f90a9fd1
680ad334dfb1229a9c5b46c9078757bf8e2c80ca
44f908b46a1f1ea384c5d6159b8c46d6c6d9295fad2957a56eafc4f3dad029b8
GET /sso/gsol/pex/en/balat/includes/webtrends.min.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=S5TWw5Pfu0NgWQWRWoGTNkrtYJ5aFRacDOB8uSQ8Gq+cca9arVY0emWS0E3OU7ZkKvfydGrBgF0pfKWYmey5veEVU7hnmkQG2FMppUCFAWiyiONXHJFfM2QhKoClZNbJZZ7RD7g6kHpCyi1W5E3H/zbbNh/cAcpvAKYjEqrq7juh; AWSALBCORS=/1LoCc3oVLqXmLsb1eWcEm3sBRdjgZsJ5Rt6JOwgR55Ote/petPgELJQcPMME5jsmLw62Q1mSuTmTSXHDJMJ9Z8cMzRZITmJWOxFsz8yrPTBlFtepciaNmHEmOkm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:25 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=qiZMzoN5AO6e+3Lac1VRq+M+vCyeZbpgPg6F43nbG+SsPBV+iy88CF7bh06k0XT0qW6BwDo8PyUCthaBsHh/qnJi+S0yd2mjrJDCyuDHsQvH7W/XcxOd/r5fdqGBCLa1qqtAnDY6QiEZuFvBTWYxaF7dKF9YdUZwPWddUdNNwO6a; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/
AWSALBTGCORS=qiZMzoN5AO6e+3Lac1VRq+M+vCyeZbpgPg6F43nbG+SsPBV+iy88CF7bh06k0XT0qW6BwDo8PyUCthaBsHh/qnJi+S0yd2mjrJDCyuDHsQvH7W/XcxOd/r5fdqGBCLa1qqtAnDY6QiEZuFvBTWYxaF7dKF9YdUZwPWddUdNNwO6a; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/; SameSite=None; Secure
AWSALB=VxqDnNZoVdxm712G6zrX4GU9LsvJ/BMc+D6seKuA+1o2AyFecBXRbPulQNf0QZP5NKMFLRX863KqYqVRT+BOsiRZrgPlk0cVBeFc2ILmUjFQNDw25e+/nuVWS62A; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/
AWSALBCORS=VxqDnNZoVdxm712G6zrX4GU9LsvJ/BMc+D6seKuA+1o2AyFecBXRbPulQNf0QZP5NKMFLRX863KqYqVRT+BOsiRZrgPlk0cVBeFc2ILmUjFQNDw25e+/nuVWS62A; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=6JxTPf+gLzPK10x4OJREPwAAAADu8+VEWqxI35miM8ujGoG4; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=3tUkaLxRITsvIRpfiBrYA+CbkmMAAAAAt87WnADEldvCSXIug1xfVg==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 1545) q(0 0 0 0) r(3 3) U2
X-Firefox-Spdy: h2
snap.licdn.com/li.lms-analytics/insight.min.js
23.36.76.121200 OK 4.6 kB URL HTTP/2 snap.licdn.com/li.lms-analytics/insight.min.js
IP 23.36.76.121:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (12961)
Hash c1a25b303b61b25e995516f5559bcdea
3c16a6fa3a2a6dc59d57a9ea1588c4f259884688
2063d2d1415ce9437e9331cb9a798714a5b2e106a65d6dc0ef0d426a5a4c30f2
GET /li.lms-analytics/insight.min.js HTTP/1.1
Host: snap.licdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
last-modified: Thu, 17 Nov 2022 18:52:45 GMT
accept-ranges: bytes
content-type: application/x-javascript;charset=utf-8
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=19693
date: Fri, 09 Dec 2022 02:22:25 GMT
content-length: 4581
x-cdn: AKAM
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.158.208.124301 Moved Permanently 244 B URL HTTP/1.1 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.158.208.124:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 8fc9865f26fa25a6392c2f6060ae5df3
848c84d5259d274403799d8f07dce9a524662a0f
6fcb4b79975d55a072ba52bfd817cfba24b1a9f4777c706fb0706fd385601caa
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: https://statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
Date: Fri, 09 Dec 2022 02:22:24 GMT
Connection: close
Content-Length: 244
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8274b291596906eb3779dccb82ec41cb
b2ec554df1fa55e18a4316b76ac617dc626b7598
69129be0a1c2e3d1dfc602aea4ef004ea01b3bfa6c5863bd225843472f1bb7c8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
login.globalsources.com/rdvoqldvqhjbezvv825122.js
107.154.199.39404 Not Found 15 kB URL HTTP/2 login.globalsources.com/rdvoqldvqhjbezvv825122.js
IP 107.154.199.39:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (39124)
Hash 7b5871e8223961a53b2df8bb1b0121de
cc014e9b6d0ae742a87281f855c59a7515885920
c803019a49547976c09b9e992b4cd0f1068e3f31f3e53eaf01d23d76d02ed3c4
GET /rdvoqldvqhjbezvv825122.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=S5TWw5Pfu0NgWQWRWoGTNkrtYJ5aFRacDOB8uSQ8Gq+cca9arVY0emWS0E3OU7ZkKvfydGrBgF0pfKWYmey5veEVU7hnmkQG2FMppUCFAWiyiONXHJFfM2QhKoClZNbJZZ7RD7g6kHpCyi1W5E3H/zbbNh/cAcpvAKYjEqrq7juh; AWSALBCORS=/1LoCc3oVLqXmLsb1eWcEm3sBRdjgZsJ5Rt6JOwgR55Ote/petPgELJQcPMME5jsmLw62Q1mSuTmTSXHDJMJ9Z8cMzRZITmJWOxFsz8yrPTBlFtepciaNmHEmOkm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 02:22:25 GMT
content-type: text/html
set-cookie: AWSALBTG=GTniK7IkT6166fXK2bXV9OsXArlJaCo8yjHXqzjDCmLaH3ktBtZTi80HD8RWiOSpxuFF66PzyrGp0/EV2mCefGPnMlNU/cWRe7zwpwvjDjCw4zACzfwIQ1tuW2MQ0VLyAn+iQMa2fou8MR0jJo19pF91242cQFCVOHUjPPczAekh; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/
AWSALBTGCORS=GTniK7IkT6166fXK2bXV9OsXArlJaCo8yjHXqzjDCmLaH3ktBtZTi80HD8RWiOSpxuFF66PzyrGp0/EV2mCefGPnMlNU/cWRe7zwpwvjDjCw4zACzfwIQ1tuW2MQ0VLyAn+iQMa2fou8MR0jJo19pF91242cQFCVOHUjPPczAekh; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/; SameSite=None; Secure
AWSALB=Bc4y8dE0KVhMv56H1MYtgCKcpGbrmmudHmpX62qjULYmlEIYIsZq1ceoxE3lgolHX1fX1PY5rIJa/t4LvZmSYqZcQAGCRL1u3MwGF1SEpEm5R3I8ubj230EHs22M; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/
AWSALBCORS=Bc4y8dE0KVhMv56H1MYtgCKcpGbrmmudHmpX62qjULYmlEIYIsZq1ceoxE3lgolHX1fX1PY5rIJa/t4LvZmSYqZcQAGCRL1u3MwGF1SEpEm5R3I8ubj230EHs22M; Expires=Fri, 16 Dec 2022 02:22:25 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=NA/0DytQ63c/PXrSOJREPwAAAAAZYP6Ed+inJo1oTMkpstzJ; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=iqWGYRGP5X4vIRpfiBrYA+CbkmMAAAAAzzSPzdKuYPc4I1f/KvG0yw==; path=/; Domain=.globalsources.com
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801452 2NNN RT(1670552542846 1532) q(0 0 0 0) r(4 4) U11
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1670552544408&cv=11&fst=1670552544408&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=358095222.1670552544&rfmt=3&fmt=4
142.250.74.34200 OK 888 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1072021429/?random=1670552544408&cv=11&fst=1670552544408&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=358095222.1670552544&rfmt=3&fmt=4
IP 142.250.74.34:0
File type ASCII text, with very long lines (1867), with no line terminators
Hash 4b8e92a6f0f93118b1605521f9bb1724
82b10aa1681a5c653629e0de420ad0a22ed3c667
780479a3ef29e86becbc3de0eb07af8b851b4bee9f4cd692a005b32e14eca84a
GET /pagead/viewthroughconversion/1072021429/?random=1670552544408&cv=11&fst=1670552544408&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&hn=www.googleadservices.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&auid=358095222.1670552544&rfmt=3&fmt=4 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 888
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3193
Cache-Control: max-age=140154
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:18:19 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/viewthroughconversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&ct_cookie_present=1
142.250.74.34200 OK 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&ct_cookie_present=1
IP 142.250.74.34:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&fmt=3&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&ct_cookie_present=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Dec-2022 02:37:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
216.58.207.228302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 216.58.207.228:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.66200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=12419770;type=f_pag0;cat=f_cm_0;ord=9706184301081;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 09 Dec 2022 02:22:25 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 07a86cf9d9c8389ebd9c52303c83b27f
fd3524d701bdf111c541b6fc9e038bffcc3b5d6c
de08c944b2cb2671078e452d870757622e286f7214d736ab2c1b1d1c2ab8dcfb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
142.250.74.66200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D
IP 142.250.74.66:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=10716254;type=gsol_web;cat=gsol_000;ord=6825837297507;gtm=2wgbu0;auiddc=358095222.1670552544;~oref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
expires: Fri, 09 Dec 2022 02:22:25 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash a938af990a97b9856e1174d11c72cbf7
b57716fd0ea9a1e9e0a0595ff593f939560c0abf
6ab769333b231097d077edfbc1c3fc9560de5ae9bfeb5b8360dea8b7fadbcb44
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 8129d4d0ebab3efc528f57883dfb30ba
be557eee6cd854421ec872673041867c73369fa2
ed95fb60948c81a74657e5964798a07145fe91fee47cb270006f62294a5670b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
157.240.221.16200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.221.16:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: stOWX6XeJxlIPNBxGWIA0oYBAou9N16g7ZDevRl9SFd/6LLh5gDebGwrOc89tfxplzYkHJi4B6G91DHvLkTTdg==
priority: u=3,i
content-length: 27340
x-fb-trip-id: 1679558926
date: Fri, 09 Dec 2022 02:22:25 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3193
Cache-Control: max-age=140154
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Etag: "63920fe2-1d7"
Expires: Sat, 10 Dec 2022 17:18:19 GMT
Last-Modified: Thu, 08 Dec 2022 16:25:06 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/collect?v=1&_v=j98&a=1254726557&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=2087959437&gjid=829696216&cid=1507938027.1670552545&tid=UA-179370-18&_gid=1660777060.1670552545&cg1=LOGIN_FORM_ERR&z=1576927054
216.239.38.178200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j98&a=1254726557&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=2087959437&gjid=829696216&cid=1507938027.1670552545&tid=UA-179370-18&_gid=1660777060.1670552545&cg1=LOGIN_FORM_ERR&z=1576927054
IP 216.239.38.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=1254726557&t=pageview&_s=1&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=YCDAgEABAAAAAAAAI~&jid=2087959437&gjid=829696216&cid=1507938027.1670552545&tid=UA-179370-18&_gid=1660777060.1670552545&cg1=LOGIN_FORM_ERR&z=1576927054 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 08 Dec 2022 04:35:11 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 78434
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=ed7d6da7-b26b-4161-bd4d-e0f570a1cc6b&sid=519bb240776811edad31258e9b2247ac&vid=519ba5d0776811ed8bf6138c1979250d&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&r=<=2898&evt=pageLoad&sv=1&rn=280343
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=137022501&tm=gtm002&Ver=2&mid=ed7d6da7-b26b-4161-bd4d-e0f570a1cc6b&sid=519bb240776811edad31258e9b2247ac&vid=519ba5d0776811ed8bf6138c1979250d&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&r=<=2898&evt=pageLoad&sv=1&rn=280343
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=137022501&tm=gtm002&Ver=2&mid=ed7d6da7-b26b-4161-bd4d-e0f570a1cc6b&sid=519bb240776811edad31258e9b2247ac&vid=519ba5d0776811ed8bf6138c1979250d&vids=1&msclkid=N>m_tag_source=1&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&tl=Global%20Sources&p=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&r=<=2898&evt=pageLoad&sv=1&rn=280343 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1AA2501135486D31087E4264341F6C37; domain=.bing.com; expires=Wed, 03-Jan-2024 02:22:25 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 98F5BE9EFEF94CF99D5772960C4EA6B7 Ref B: OSL30EDGE0410 Ref C: 2022-12-09T02:22:25Z
date: Fri, 09 Dec 2022 02:22:25 GMT
X-Firefox-Spdy: h2
ritasshoes.tk/favicon.ico
5.8.71.100404 Not Found 315 B URL HTTP/1.1 ritasshoes.tk/favicon.ico
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
GET /favicon.ico HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/sba/login.globalsources.com/error.php?email=
Cookie: _gcl_au=1.1.358095222.1670552544; _ga_M0GFGLPMZ2=GS1.1.1670552544.1.0.1670552544.0.0.0; _ga=GA1.1.1507938027.1670552545
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 02:22:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/1072021429/?random=1670552544408&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=684621551&rmt_tld=1&ipr=y
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/1072021429/?random=1670552544408&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=684621551&rmt_tld=1&ipr=y
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/1072021429/?random=1670552544408&cv=11&fst=1670551200000&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&fmt=3&is_vtc=1&random=684621551&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.67200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.67:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/1071695260/?random=1670552544429&cv=11&fst=1670552544429&bg=ffffff&guid=ON&async=1>m=2wgbu0&u_w=1280&u_h=1024&label=EbauCI35y9kDEJyLg_8D&hn=www.google.com&frm=0&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tiba=Global%20Sources&value=0&bttype=purchase&auid=358095222.1670552544&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ritasshoes.tk/sso/GeneralManager?action=captchaApi&language=en
5.8.71.100404 Not Found 315 B URL HTTP/1.1 ritasshoes.tk/sso/GeneralManager?action=captchaApi&language=en
IP 5.8.71.100:0
ASN #202422 G-Core Labs S.A.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
POST /sso/GeneralManager?action=captchaApi&language=en HTTP/1.1
Host: ritasshoes.tk
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 21
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/sba/login.globalsources.com/error.php?email=
Cookie: _gcl_au=1.1.358095222.1670552544; _ga_M0GFGLPMZ2=GS1.1.1670552544.1.0.1670552544.0.0.0; _ga=GA1.1.1507938027.1670552545
HTTP/1.1 404 Not Found
Date: Fri, 09 Dec 2022 02:22:25 GMT
Server: Apache
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1507938027.1670552545&jid=2087959437&gjid=829696216&_gid=1660777060.1670552545&_u=YCDAgEABAAAAAEAAI~&z=1823357094
108.177.14.155200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1507938027.1670552545&jid=2087959437&gjid=829696216&_gid=1660777060.1670552545&_u=YCDAgEABAAAAAEAAI~&z=1823357094
IP 108.177.14.155:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-179370-18&cid=1507938027.1670552545&jid=2087959437&gjid=829696216&_gid=1660777060.1670552545&_u=YCDAgEABAAAAAEAAI~&z=1823357094 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: http://ritasshoes.tk
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
bat.bing.com/p/action/137022501.js
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/p/action/137022501.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/action/137022501.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: private,max-age=1800
set-cookie: MUID=2E4665E4D22A694320A37791D37D687B; domain=.bing.com; expires=Wed, 03-Jan-2024 02:22:25 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0BDC7C432D284683B20DC137D082ED25 Ref B: OSL30EDGE0410 Ref C: 2022-12-09T02:22:25Z
date: Fri, 09 Dec 2022 02:22:25 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1507938027.1670552545&jid=2087959437&_u=YCDAgEABAAAAAEAAI~&z=665319503
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1507938027.1670552545&jid=2087959437&_u=YCDAgEABAAAAAEAAI~&z=665319503
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-179370-18&cid=1507938027.1670552545&jid=2087959437&_u=YCDAgEABAAAAAEAAI~&z=665319503 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 02:22:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
18.158.208.124200 OK 10 B URL HTTP/2 statse.webtrendslive.com/dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback
IP 18.158.208.124:0
File type exported SGML document, ASCII text, with CRLF line terminators
Hash 944ece9d6d59cdf6eaa8ae6c6c205b93
877b1b2addfb2494453305fa4b93f3f03ee064c2
d3f45949797ac9329127b9e128b0e0656aa48d5dbd8d5e8e42c8b451780c34f2
GET /dcs222s995baa3dif3txj4i1d_8y2f/wtid.js?callback=Webtrends.dcss.dcsobj_0.dcsGetIdCallback HTTP/1.1
Host: statse.webtrendslive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
strict-transport-security: max-age=31536000
date: Fri, 09 Dec 2022 02:22:25 GMT
content-length: 10
X-Firefox-Spdy: h2
cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
54.230.111.112200 OK 0 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
IP 54.230.111.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /partner/3267009/domain/ritasshoes.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: http://ritasshoes.tk/
Origin: http://ritasshoes.tk
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 0
date: Fri, 09 Dec 2022 00:07:56 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-allow-headers: content-type
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
x-cache: Hit from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7_cy49n_kJOqFIsUcDffEKQt4VInY-EE3lHosQDcS0rVTwZEP6T2FQ==
age: 8068
X-Firefox-Spdy: h2
px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552544736&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2
13.107.42.14302 Found 0 B URL HTTP/2 px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552544736&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /collect?v=2&fmt=js&pid=3267009&time=1670552544736&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2 HTTP/1.1
Host: px.ads.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
location: https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552544736%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
set-cookie: UserMatchHistory=AQLbfl4gymlfcQAAAYT0sOn5Gwq8CctMcL2CC9ct04MjNazx4WcipKpYMVB7V0NycJcuj_dONIgPFg; Max-Age=2592000; Expires=Sun, 08 Jan 2023 02:22:25 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
AnalyticsSyncHistory=AQJns0UHf54LLQAAAYT0sOn5vH5bPyzEdz32RTudEKsOF12j6c7JQ6aVpcVAreqSYaylxSl3E9TosenXyxDZEQ; Max-Age=2592000; Expires=Sun, 08 Jan 2023 02:22:25 GMT; SameSite=None; Path=/; Domain=.linkedin.com; Secure
lang=v=2&lang=en-us; SameSite=None; Path=/; Domain=ads.linkedin.com; Secure
bcookie="v=2&8786dc74-e21c-4ea8-8f35-cc3e72c796ae"; domain=.linkedin.com; Path=/; Secure; Expires=Sat, 09-Dec-2023 02:22:25 GMT; SameSite=None
lidc="b=VGST09:s=V:r=V:a=V:p=V:g=2451:u=1:x=1:i=1670552545:t=1670638945:v=2:sig=AQHv4onb4ZUi0W61pk1vVlw6bcGgWuFp"; Expires=Sat, 10 Dec 2022 02:22:25 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
x-li-fabric: prod-lva1
x-li-pop: afd-prod-lva1-x
x-li-proto: http/2
x-li-uuid: AAXvW9MR11BOfEKtYVqudw==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: DAE7B3BC283E48E09532D7D84675502F Ref B: OSL30EDGE0412 Ref C: 2022-12-09T02:22:25Z
date: Fri, 09 Dec 2022 02:22:25 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552544736%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
13.107.42.14302 Found 0 B URL HTTP/2 www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552544736%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue
IP 13.107.42.14:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3267009%26time%3D1670552544736%26url%3Dhttp%253A%252F%252Fritasshoes.tk%252Fsba%252Flogin.globalsources.com%252Ferror.php%253Femail%253D%26tm%3Dgtmv2%26liSync%3Dtrue HTTP/1.1
Host: www.linkedin.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ritasshoes.tk/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: no-cache, no-store
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3267009&time=1670552544736&url=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&tm=gtmv2&liSync=true
set-cookie: lang=v=2&lang=en-us; Domain=linkedin.com; Path=/; Secure; SameSite=None
bcookie="v=2&4688a5b5-d0f3-4a2c-81e7-49ba15ac7343"; Domain=.linkedin.com; Expires=Sat, 09-Dec-2023 02:22:25 GMT; Path=/; Secure; SameSite=None
bscookie="v=1&202212090222259606a96c-3070-46eb-8d9e-1ed9144e6707AQH9yLCel4XmI5Rf1omN2tYkEkZz2oPW"; Domain=.www.linkedin.com; Expires=Sat, 09-Dec-2023 02:22:25 GMT; Path=/; HttpOnly; Secure; SameSite=None
li_gc=MTswOzE2NzA1NTI1NDU7MjswMjEPLDaZ2Wpm8l5oeBlr+/25tkkYyx3dmAioVk/mbNjsBg==; Domain=.linkedin.com; Expires=Wed, 07 Jun 2023 02:22:25 GMT; Path=/; Secure; SameSite=None
lidc="b=TGST09:s=T:r=T:a=T:p=T:g=2433:u=1:x=1:i=1670552545:t=1670638945:v=2:sig=AQFnJOgjS6u7qxlnx6CAkfUPTKYKFAu2"; Expires=Sat, 10 Dec 2022 02:22:25 GMT; domain=.linkedin.com; Path=/; SameSite=None; Secure
linkedin-action: 1
content-security-policy: default-src *; connect-src 'self' *.licdn.com *.linkedin.com wss://*.linkedin.com dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/status linkedin.sc.omtrdc.net/b/ss/ *.qualtrics.com *.adyen.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; worker-src blob: 'self'; frame-src blob: lnkd-communities: voyager: *; frame-ancestors 'self' teams.microsoft.com client.learningapp.microsoft.com onyx.www.linkedin.com
x-frame-options: sameorigin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-li-fabric: prod-ltx1
x-li-pop: afd-prod-ltx1-x
x-li-proto: http/2
x-li-uuid: AAXvW9MUFS23XHrsKGCR7A==
x-cache: CONFIG_NOCACHE
x-msedge-ref: Ref A: B203828357744B6A90962BE62439E5E8 Ref B: OSL30EDGE0412 Ref C: 2022-12-09T02:22:25Z
date: Fri, 09 Dec 2022 02:22:25 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1254726557&cid=1507938027.1670552545&ul=en-us&sr=1280x1024&_s=1&sid=1670552544&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1254726557&cid=1507938027.1670552545&ul=en-us&sr=1280x1024&_s=1&sid=1670552544&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-M0GFGLPMZ2>m=2oebu0&_p=1254726557&cid=1507938027.1670552545&ul=en-us&sr=1280x1024&_s=1&sid=1670552544&sct=1&seg=0&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&dt=Global%20Sources&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://ritasshoes.tk
date: Fri, 09 Dec 2022 02:22:26 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0c89743226644fddacbe5d50c110b950
b343ae9eb9047cf764b518083d612ffd3652b209
1bf675bb6e12e913a98cd8849c1af9a0c50b0bb8bfa670c86419b41782e06e47
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 02:22:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
54.230.111.112200 OK 62 B URL HTTP/2 cdn.linkedin.oribi.io/partner/3267009/domain/ritasshoes.tk/token
IP 54.230.111.112:0
File type JSON data\012- , ASCII text, with no line terminators
Hash d39abb34da93ec5faa48669ac4788977
cc2627a86b99e91540251b6fb7e17a9b1faa1ee7
b329d16bd7e06de93beac4a9e4d67b8be6d1c944b7b8e398b929460f73b7c4ce
GET /partner/3267009/domain/ritasshoes.tk/token HTTP/1.1
Host: cdn.linkedin.oribi.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: *
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: http://ritasshoes.tk
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json
date: Fri, 09 Dec 2022 02:22:25 GMT
access-control-allow-origin: *
cache-control: public, max-age=3600
content-encoding: gzip
vary: accept-encoding
x-cache: Miss from cloudfront
via: 1.1 94eee494c19905cb6933ec8a32a577a0.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: RQmm9-5EEQ8uvFW4pV2akqJYYvnUSuJLcCDqfOUDG059bn-jefpe1w==
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670552545408&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670552545407.1450716762&it=1670552544886&coo=false&rqm=GET
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670552545408&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670552545407.1450716762&it=1670552544886&coo=false&rqm=GET
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=PageView&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670552545408&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670552545407.1450716762&it=1670552544886&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 09 Dec 2022 02:22:26 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670552545410&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670552545407.1450716762&it=1670552544886&coo=false&rqm=GET
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670552545410&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670552545407.1450716762&it=1670552544886&coo=false&rqm=GET
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=396613127629341&ev=Subscribe&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&rl=&if=false&ts=1670552545410&cd[subscription_id]=NLI&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.1.1670552545407.1450716762&it=1670552544886&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 09 Dec 2022 02:22:26 GMT
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
107.154.199.39200 OK 43 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/images/BLANK.GIF
IP 107.154.199.39:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 55fade2068e7503eae8d7ddf5eb6bd09
317496a096d6c86486a71d4521994bcd171a6bb3
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
GET /sso/gsol/pex/en/balat/images/BLANK.GIF HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Cookie: AWSALBTGCORS=GTniK7IkT6166fXK2bXV9OsXArlJaCo8yjHXqzjDCmLaH3ktBtZTi80HD8RWiOSpxuFF66PzyrGp0/EV2mCefGPnMlNU/cWRe7zwpwvjDjCw4zACzfwIQ1tuW2MQ0VLyAn+iQMa2fou8MR0jJo19pF91242cQFCVOHUjPPczAekh; AWSALBCORS=Bc4y8dE0KVhMv56H1MYtgCKcpGbrmmudHmpX62qjULYmlEIYIsZq1ceoxE3lgolHX1fX1PY5rIJa/t4LvZmSYqZcQAGCRL1u3MwGF1SEpEm5R3I8ubj230EHs22M
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
If-Modified-Since: Thu, 28 Apr 2022 06:31:57 GMT
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:26 GMT
content-type: image/gif
content-length: 43
set-cookie: AWSALBTG=Smg1UhDuGUdOyy3LrfTtiaXK1hjzUnDMnN9xvTMfE5fyzH6f3I+OIlkUW1TYisn4stXEfeg88x7e54JIXOueDV9hq2X93+GGrDP30UCpHqOsxNr9dbD8WGpt7m+ksUoCiz/I7szaC1HD+iejgHgZ8Bldqiusi5JKxYcfsMNcn9fY; Expires=Fri, 16 Dec 2022 02:22:26 GMT; Path=/
AWSALBTGCORS=Smg1UhDuGUdOyy3LrfTtiaXK1hjzUnDMnN9xvTMfE5fyzH6f3I+OIlkUW1TYisn4stXEfeg88x7e54JIXOueDV9hq2X93+GGrDP30UCpHqOsxNr9dbD8WGpt7m+ksUoCiz/I7szaC1HD+iejgHgZ8Bldqiusi5JKxYcfsMNcn9fY; Expires=Fri, 16 Dec 2022 02:22:26 GMT; Path=/; SameSite=None; Secure
AWSALB=I/jybzL9dTYpN0Y/ITl/RzT+MKNng3G4m4KgXpAZIOb0aVakQkJFxa4j99dFIX6lKh/iIqD5He9wuPsxuXjv5oUlb98sxU2lz8CnWAEP1Y/KhpjBVu0IlUo1teT5; Expires=Fri, 16 Dec 2022 02:22:26 GMT; Path=/
AWSALBCORS=I/jybzL9dTYpN0Y/ITl/RzT+MKNng3G4m4KgXpAZIOb0aVakQkJFxa4j99dFIX6lKh/iIqD5He9wuPsxuXjv5oUlb98sxU2lz8CnWAEP1Y/KhpjBVu0IlUo1teT5; Expires=Fri, 16 Dec 2022 02:22:26 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=nqNGSz5IoEIh3aN5OJREPwAAAADp2ILJbFyXCW2uvPOi/F5B; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=TsqMBBwWUAEvIRpfiBrYA+GbkmMAAAAAnb89dbaYf1FIBXHriSxIxw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
accept-ranges: bytes
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801510 2NNN RT(1670552542846 2136) q(0 0 0 0) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/csp_report
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/csp_report
IP 107.154.199.39:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /csp_report HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 408
Origin: https://login.globalsources.com
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: text/plain
x-robots-tag: noindex
content-length: 0
set-cookie: visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:51 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=MtgLa+lg7D0vIRpfiBrYA+GbkmMAAAAAchV9/wLH/iqJUiqKQ8aA2Q==; path=/; Domain=.globalsources.com
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&_v=j98&a=1254726557&t=timing&_s=2&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&plt=3928&pdt=1&dns=1&srt=284&tcp=249&dit=2354&clt=2896&_gst=2354&_gbt=2957&_u=YCDAgEABAAAAAEAAI~&jid=&gjid=&cid=1507938027.1670552545&tid=UA-179370-18&_gid=1660777060.1670552545&cg1=LOGIN_FORM_ERR&z=1149395390
216.239.38.178200 OK 35 B URL HTTP/1.1 www.google-analytics.com/collect?v=1&_v=j98&a=1254726557&t=timing&_s=2&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&plt=3928&pdt=1&dns=1&srt=284&tcp=249&dit=2354&clt=2896&_gst=2354&_gbt=2957&_u=YCDAgEABAAAAAEAAI~&jid=&gjid=&cid=1507938027.1670552545&tid=UA-179370-18&_gid=1660777060.1670552545&cg1=LOGIN_FORM_ERR&z=1149395390
IP 216.239.38.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=1254726557&t=timing&_s=2&dl=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&ul=en-us&de=UTF-8&dt=Global%20Sources&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&plt=3928&pdt=1&dns=1&srt=284&tcp=249&dit=2354&clt=2896&_gst=2354&_gbt=2957&_u=YCDAgEABAAAAAEAAI~&jid=&gjid=&cid=1507938027.1670552545&tid=UA-179370-18&_gid=1660777060.1670552545&cg1=LOGIN_FORM_ERR&z=1149395390 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ritasshoes.tk/
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Thu, 08 Dec 2022 04:35:11 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Age: 78435
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/SSO.CSS
IP 107.154.199.39:0
GET /sso/gsol/pex/en/balat/includes/SSO.CSS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: text/css
set-cookie: AWSALBTG=g3Mp3tQUeGrvNV1PNY/ImnRQ2mmj2fog1701lprdvoNamRKFpf6FIII0fbqShIaqcb+n1uVXGxZP/Ijzvlr3bYX9Uz88VYpoYlb8FQDH5BMPN4OMqHSCfbFqS/Qw8XJDfvayVQvZ2Nliz6VmLooYKopvt06Icm7Eg/bj+n65xvDI; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=g3Mp3tQUeGrvNV1PNY/ImnRQ2mmj2fog1701lprdvoNamRKFpf6FIII0fbqShIaqcb+n1uVXGxZP/Ijzvlr3bYX9Uz88VYpoYlb8FQDH5BMPN4OMqHSCfbFqS/Qw8XJDfvayVQvZ2Nliz6VmLooYKopvt06Icm7Eg/bj+n65xvDI; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=adKOaR4e/sObo1SIfUI5z58uuM7aPD3lKDJ1gm+cROgsBfQe9bKWDhE1YmDKENogfsNgqg+hxzhdoeRvpuEGE04iiFCayH+VdUDZkKcvYNKdsdRJdmId0KHz0My4; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=adKOaR4e/sObo1SIfUI5z58uuM7aPD3lKDJ1gm+cROgsBfQe9bKWDhE1YmDKENogfsNgqg+hxzhdoeRvpuEGE04iiFCayH+VdUDZkKcvYNKdsdRJdmId0KHz0My4; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=DGMINQR+X0vaVyuJOJREPwAAAAAhGN62FoE5LtZ9x24VyAsm; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=eM2kfWa7A2IvIRpfiBrYA+CbkmMAAAAAYgt6Pcz9IvfTp8GcosY5/w==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:08 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 nNNN RT(1670552542846 39) q(0 0 5 0) r(14 14) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/jqueryandplugins.js
IP 107.154.199.39:0
GET /sso/gsol/pex/en/balat/includes/jqueryandplugins.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=kjubVPzuhzDFqapNozBS+4e584QloIuVC3hM10WqtWkhu+DR9as/6cVcoyPm5RD7dI4hBWQcgCfeCPVfJmCPBZrAKJ8iQdVgCbPN8UZeWkXuY31Ac5r0ZByzVOs6xTfu9vypdaNyRkOHm/ZDtnfsI/OqlTQXos/4qkvq7calQyFs; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=kjubVPzuhzDFqapNozBS+4e584QloIuVC3hM10WqtWkhu+DR9as/6cVcoyPm5RD7dI4hBWQcgCfeCPVfJmCPBZrAKJ8iQdVgCbPN8UZeWkXuY31Ac5r0ZByzVOs6xTfu9vypdaNyRkOHm/ZDtnfsI/OqlTQXos/4qkvq7calQyFs; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=YldsCCLJcWITIykpx3E6ZDInyd2EccLv1wVgKY2RHVIeecP4tqt48b1cl9vZZ1HBbN9jA6AcWCA//lDN2doOKu76QOMbdqB/QrUyfwSyKqKaAfhmtjKtmTRj8PQz; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=YldsCCLJcWITIykpx3E6ZDInyd2EccLv1wVgKY2RHVIeecP4tqt48b1cl9vZZ1HBbN9jA6AcWCA//lDN2doOKu76QOMbdqB/QrUyfwSyKqKaAfhmtjKtmTRj8PQz; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=U+u2HZtlUCbgsDfkOJREPwAAAAAwDY2d32YW12D93xl6ZuAS; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=alxJSh3ifEkvIRpfiBrYA+CbkmMAAAAAkn2g5VPoB1BIeZxa30sZVA==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:47:52 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 51) q(0 1 5 1) r(14 14) U2
X-Firefox-Spdy: h2
insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0
3.33.220.150200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0
IP 3.33.220.150:0
GET /track/up?adv=uo3y5o8&ref=http%3A%2F%2Fritasshoes.tk%2Fsba%2Flogin.globalsources.com%2Ferror.php%3Femail%3D&upid=sijvout&upv=1.1.0 HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:26 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
3.33.220.150200 OK 0 B URL HTTP/2 insight.adsrvr.org/track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event}
IP 3.33.220.150:0
GET /track/pxl/?adv=uo3y5o8&ct=0:8gqij5f&fmt=3&td1={Page%20URL}&td2={Click%20Text}&td3={Click%20Classes}&td4={Event} HTTP/1.1
Host: insight.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:26 GMT
content-type: image/gif
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/egain_docked_chat.js
IP 107.154.199.39:0
GET /sso/gsol/pex/en/common/includes/egain_docked_chat.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=2z9Db9FGIZ11jIzXpcgMbqSLAPaMAY2y7K4vDDI8QQkg3a2B1ekBVNvlqaUrIOTTKeUZZ4hiW0BMvsFJ8MwNXRxQSIepAdCS0cga6NKoNwipxQUXvz8XTKmpEzkdkuyfYPnvK53AfQnjq8iybuehmlalzo2UYZBWdIujq+I5rtL6; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=2z9Db9FGIZ11jIzXpcgMbqSLAPaMAY2y7K4vDDI8QQkg3a2B1ekBVNvlqaUrIOTTKeUZZ4hiW0BMvsFJ8MwNXRxQSIepAdCS0cga6NKoNwipxQUXvz8XTKmpEzkdkuyfYPnvK53AfQnjq8iybuehmlalzo2UYZBWdIujq+I5rtL6; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=cfN7uTwIsxZCVH+sECEUoloKxdbvvS3iEXtE5wx2nmssQCOjUNh77YU4s38Lh/xI/uH9GUAlvFYMCTKM1C8hgBOtlY29FIRkXLqnGKFIOUiuQ5yl+HbgkhNby+YM; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=cfN7uTwIsxZCVH+sECEUoloKxdbvvS3iEXtE5wx2nmssQCOjUNh77YU4s38Lh/xI/uH9GUAlvFYMCTKM1C8hgBOtlY29FIRkXLqnGKFIOUiuQ5yl+HbgkhNby+YM; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=ePrlEN0VUnV7ub91OJREPwAAAAB+DFCFlolcOdhJjZtkz6gV; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=j7qyW4vOFUMvIRpfiBrYA9+bkmMAAAAA5N6RinEYIToQAk/AkTRXIQ==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:28:09 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 53) q(0 1 5 0) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/common/includes/ssoscripts.js
IP 107.154.199.39:0
GET /sso/gsol/pex/en/common/includes/ssoscripts.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=YGAleo4hsW61ht4msPH0r1jiaU77fhS/xFb5oAVQup6adkdh2nNGR9urv8WrKkAv9grawY54AA44JlNkHt1WzQONIZaJXdNxC+1rPkEB10Ei0QHGM2y6L4dHn40yqPijGAvwb2MBZL6s83Dh2pSMYkwU4k2As5JFDlSa6syp5xjP; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=YGAleo4hsW61ht4msPH0r1jiaU77fhS/xFb5oAVQup6adkdh2nNGR9urv8WrKkAv9grawY54AA44JlNkHt1WzQONIZaJXdNxC+1rPkEB10Ei0QHGM2y6L4dHn40yqPijGAvwb2MBZL6s83Dh2pSMYkwU4k2As5JFDlSa6syp5xjP; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=ADt5VPARI2GrBNabUDdwu60P1yAKWOs1Je9bYWDqtIs28ALMCVH7BZ5LNASjm6fMv0EKsHiCVvycH6h+GQlwucWjWYRagJT1JjGXrd0uwIuu2ZsImNCMdbdV4cfP; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=ADt5VPARI2GrBNabUDdwu60P1yAKWOs1Je9bYWDqtIs28ALMCVH7BZ5LNASjm6fMv0EKsHiCVvycH6h+GQlwucWjWYRagJT1JjGXrd0uwIuu2ZsImNCMdbdV4cfP; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=hSzYTZD9hRdX6SWBOJREPwAAAACZm4s2hQBFhSmaujygqhLb; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=Yt77Hm+YYykvIRpfiBrYA9+bkmMAAAAApgQz1A0u5umkcKi57qOGhA==; path=/; Domain=.globalsources.com
last-modified: Sun, 31 Oct 2021 12:58:49 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 51) q(0 1 5 1) r(10 10) U2
X-Firefox-Spdy: h2
login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
107.154.199.39200 OK 0 B URL HTTP/2 login.globalsources.com/sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS
IP 107.154.199.39:0
GET /sso/gsol/pex/en/balat/includes/EGSOL_WEB_UI.JS HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: application/x-javascript
set-cookie: AWSALBTG=66PjP4LLy/JuF+qJeCW5AaPUx7TlvCrn3FHTTkIYK5FhUYvLXVcCdSsLo62b/qbAZZW7ONoAtP9VWPoXdmLD8KpFNo7ZHLhmuqK3UzyUNvIqrjdv+gfVzKNgy+HIuI/jPzA/GE7e3xOPMucr9qY4qObwRYf4l1iCCU08L84nlve7; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=66PjP4LLy/JuF+qJeCW5AaPUx7TlvCrn3FHTTkIYK5FhUYvLXVcCdSsLo62b/qbAZZW7ONoAtP9VWPoXdmLD8KpFNo7ZHLhmuqK3UzyUNvIqrjdv+gfVzKNgy+HIuI/jPzA/GE7e3xOPMucr9qY4qObwRYf4l1iCCU08L84nlve7; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=4zalTjdWS2UtMCPHDvg1jhIVf6F7dun8mOG1hppirW5WI0h9ozXrBIRfw9vlHJKC/O7orT8Az55yO4xCGH6HTUsQO8GUSumUkmO6VHXaBoAYg3KFZcaXVfayag8k; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=4zalTjdWS2UtMCPHDvg1jhIVf6F7dun8mOG1hppirW5WI0h9ozXrBIRfw9vlHJKC/O7orT8Az55yO4xCGH6HTUsQO8GUSumUkmO6VHXaBoAYg3KFZcaXVfayag8k; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=p4Agfb5s9zveN2XpOJREPwAAAADGgcoWSr2J0AG0srOhdfNK; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=qGeBRLj07gAvIRpfiBrYA+CbkmMAAAAA6sg244JlQFqpB8qGtbD+vw==; path=/; Domain=.globalsources.com
last-modified: Thu, 28 Apr 2022 06:31:57 GMT
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801431 pNNN RT(1670552542846 55) q(0 0 4 0) r(13 13) U2
X-Firefox-Spdy: h2
login.globalsources.com/rdvoqldvqhjbezvv825122.js
107.154.199.39404 Not Found 0 B URL HTTP/2 login.globalsources.com/rdvoqldvqhjbezvv825122.js
IP 107.154.199.39:0
GET /rdvoqldvqhjbezvv825122.js HTTP/1.1
Host: login.globalsources.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ritasshoes.tk/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 09 Dec 2022 02:22:24 GMT
content-type: text/html
set-cookie: AWSALBTG=kiiVNb269oT9XME5EKkUKvPw2ZPxPx6uPXwpZdod6RqDsWgu/CzLsiOzPpdlHbMNEp0FIT9UbyiIxF9JqHzVACHlxf0amvrynSGXLCt9oFfwpCpmgaAr6m0bmAftMyxAXx9hB2PqXZ7pJxXkldy/4Pb6Kycy8dlz2kOLZAjDAoGA; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBTGCORS=kiiVNb269oT9XME5EKkUKvPw2ZPxPx6uPXwpZdod6RqDsWgu/CzLsiOzPpdlHbMNEp0FIT9UbyiIxF9JqHzVACHlxf0amvrynSGXLCt9oFfwpCpmgaAr6m0bmAftMyxAXx9hB2PqXZ7pJxXkldy/4Pb6Kycy8dlz2kOLZAjDAoGA; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
AWSALB=RwfWAxuqc9g5n3CQh4ynu8F5jOYGLT3/WN3Q/trTzJXtceRh6YUxInvZu2acxyPwAE+ITT9spTsQ04s8d8PJ6WM7PEDSGQdN+rV87FiBKGM8I+8wN+fKY2KH39Px; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/
AWSALBCORS=RwfWAxuqc9g5n3CQh4ynu8F5jOYGLT3/WN3Q/trTzJXtceRh6YUxInvZu2acxyPwAE+ITT9spTsQ04s8d8PJ6WM7PEDSGQdN+rV87FiBKGM8I+8wN+fKY2KH39Px; Expires=Fri, 16 Dec 2022 02:22:24 GMT; Path=/; SameSite=None; Secure
nlbi_2766148=7cZdAfg8lm2w/opeOJREPwAAAABvlpZC6EnkRHgC28vC1l/X; path=/; Domain=.globalsources.com
visid_incap_2766148=iv7cxxPDQ6uvymG1jn2KpN6bkmMAAAAAQUIPAAAAAACuCYuzgm6sFV6ZZVOmYeJx; expires=Fri, 08 Dec 2023 22:29:29 GMT; HttpOnly; path=/; Domain=.globalsources.com
incap_ses_277_2766148=82GxFLnCWHcvIRpfiBrYA9+bkmMAAAAA4WlEKSHbTYKrcPd3pfJjxw==; path=/; Domain=.globalsources.com
cache-control: no-cache
pragma: no-cache
expires: Mon, 01 Jan 1999 00:00:00 GMT
content-encoding: gzip
x-cdn: Imperva
content-security-policy: frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests;
content-security-policy-report-only: default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.globalsources.com ; form-action 'none' data: blob: ; frame-ancestors 'self' ; report-uri /csp_report
x-iinfo: 14-72801427-72801452 2NNN RT(1670552542846 54) q(0 0 0 0) r(9 9) U11
X-Firefox-Spdy: h2